How to Bypass Verified Boot Security in Chromium OS

Details How to Bypass Verified Boot Security in Chromium OS How to Bypass Verified Boot Security in Chromium OS

2012-02-23

arxiv.org/abs/1202.5282v1

Computer Science

Cryptography and Security

Scientific paper

Verified boot is an interesting feature of Chromium OS that should detect any modification in the firmware, kernel or the root file system (rootfs) by a dedicated adversary. However, by exploiting a design flaw in verified boot, we show that an adversary can replace the original rootfs by a malicious rootfs containing exploits such as a spyware and still pass the verified boot process. The exploit is based on the fact that although a kernel partition is paired with a rootfs, verification of kernel partition and rootfs are independent of each other. We experimentally demonstrate an attack using both the base and developer version of Chromium OS in which the adversary installs a spyware in the target system to send cached user data to the attacker machine in plain text which are otherwise inaccessible in encrypted form. We also discuss possible directions to mitigate the vulnerability.

Affiliated with

Also associated with

No associations

Rating

How to Bypass Verified Boot Security in Chromium OS does not yet have a rating. At this time, there are no reviews or comments for this scientific paper.

If you have personal experience with How to Bypass Verified Boot Security in Chromium OS, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and How to Bypass Verified Boot Security in Chromium OS will most certainly appreciate the feedback.

Rate now

Comments { 0 }

Profile ID: LFWR-SCP-O-77439