UEFI-based Research on the Inner Operation Mechanism and Characteristics of Firmware Vulnerabilities in Key Devices of Electric Power Monitoring Systems-Reference-Cited by-同舟云学术

UEFI-based Research on the Inner Operation Mechanism and Characteristics of Firmware Vulnerabilities in Key Devices of Electric Power Monitoring Systems

Published:2024-01-01 Issue:1 Volume:9 Page:
ISSN:2444-8656
Container-title:Applied Mathematics and Nonlinear Sciences
language:en
Short-container-title:

Author:

Chen Mingliang¹²,Yu Yingting¹,Xie Guoqiang¹,Zeng Chuanhan¹,Xu Zaide¹

Affiliation:

1. State Grid Jiangxi Electric Power Co., Ltd ., Nanchang , Jiangxi , , China .

2. Xi’an Jiaotong University , Xi’an , Shaanxi , , China .

Abstract

Abstract With the large number of computer technology and modern communication technology used in power monitoring systems, its security protection is constantly facing new challenges. The UEFI firmware is used to construct the physical connection structure of key devices in the power monitoring system in this paper. Using fuzzy testing methods to mine the vulnerabilities existing in the power monitoring system by generating a large number of variant test cases as the monitoring object, based on the collection of information of the basic blocks covered during the test run of the vulnerability seed to determine the target point to which the seed belongs. The coverage weight of the seed is determined with the help of the simulated annealing algorithm in order to accomplish task division of the target point. The fuzzy test method is used to analyze the operation mechanism and characteristics of the vulnerabilities in the power monitoring system, and the firmware attack mechanism of different HOOKs under UEFI is explored to summarize the characteristics of the scenarios in which the vulnerabilities appear in the power system as well as their impacts. The results show that the impact caused by vulnerabilities in the power monitoring system on the generation side and transmission side is mainly to damage the integrity and availability of information, the integrity and availability of the vulnerabilities in the generation side of the production side of the device with a risk rating of 63.74, 71.73, respectively, and the vulnerabilities in the transmission side of the SCADA with a risk rating of 79.04, 69.36, respectively. The vulnerabilities detected 608 security vulnerabilities were implanted in the UEF module, and 653 possible security problems were reported by the detection, of which the statistical underreporting rate was 1.48% and the false alarm rate was 9.05%.

Publisher

Walter de Gruyter GmbH

Link

https://www.sciendo.com/pdf/10.2478/amns-2024-0136

Reference17 articles.

1. Oleksy, M. P. A. (2019). Industry 4.0 part ii. conditions in the area of production technology and architecture of it system in processing of polymer materials. Polimery, 64(5).

2. Terciyanli, E., Demirci, T., Kucuk, D., Sarac, M., & Ermis, M. (2014). Enhanced nationwide wind-electric power monitoring and forecast system. IEEE Transactions on Industrial Informatics, 10(2), 1171-1184.

3. Nakai, A, Kajihara, Y, Nishimoto, & K, et al. (2017). Information-sharing system supporting onsite work for chemical plants. J Loss Prevent Proc.

4. Mandal, P., & Bagchi, K. (2016). Strategic role of information, knowledge and technology in manufacturing industry performance. Industrial Management & Data Systems, 116(6), 1259-1278.

5. Zhou, X., & Peng, T. (2020). Application of multi-sensor fuzzy information fusion algorithm in industrial safety monitoring system. Safety Science, 122, 104531-.