| 基于UEFI固件的恶意代码防范技术研究 |
| |
| 引用本文: | 付思源,刘功申,李建华.基于UEFI固件的恶意代码防范技术研究[J].计算机工程,2012,38(9):117-120. |
| |
| 作者姓名: | 付思源 刘功申 李建华 |
| |
| 作者单位: | 1. 上海交通大学电子工程系,上海,200240
2. 上海交通大学信息安全工程学院,上海,200240 |
| |
| 基金项目: | 公安部第三研究所信息网络安全公安部重点实验室开放基金资助项目 |
| |
| 摘 要: | 统一可扩展固件接口(UEFI)缺乏相应的安全保障机制,易受恶意代码的攻击,而传统的计算机安全系统无法为固件启动过程和操作系统引导过程提供安全保护。针对上述问题,设计基于UEFI的恶意代码防范系统。该系统利用多模式匹配算法实现特征码检测引擎,用于在计算机启动过程中检测与清除恶意代码,并提供恶意启动项处理及系统内核文件备份等功能。实验结果证明,该系统能为固件及上层操作系统提供完善的安全保护,且代码尺寸小、检测速度快,恶意代码识别率高。
|
| 关 键 词: | 基本输入输出系统 统一可扩展固件接口 固件 恶意代码 特征码匹配 多模式匹配 |
| 收稿时间: | 2011-07-08 |
Research of Malicious Code Defense Technology Based on UEFI Firmware |
| |
| FU Si-yuan
,
LIU Gong-shen
,
LI Jian-hua.Research of Malicious Code Defense Technology Based on UEFI Firmware[J].Computer Engineering,2012,38(9):117-120. |
| |
| Authors: | FU Si-yuan LIU Gong-shen LI Jian-hua |
| |
| Affiliation: | a(a.Department of Electronic Engineering;b.School of Information Security Engineering,Shanghai Jiaotong University,Shanghai 200240,China) |
| |
| Abstract: | Unified Extensible Firmware Interface(UEFI) faces a grim challenges of malicious code attack.The traditional computer security software can not provide security for the firmware and operating system boot process.In order to solve the problem,this paper designs a malicious code defense system based on UEFI firmware.By using the multi-pattern matching algorithm,a signature detecting engine under UEFI environment is implemented,which provides functionally of malicious code detect,boot option analysis and firmware and operating system kernel backup.Experimental results prove that the system can effectively resist malicious code with small code size and low costs to meet the firmware’s need of flash size and fast boot. |
| |
| Keywords: | Basic Input Output System(BIOS) Unified Extensible Firmware Interface(UEFI) firmware malicious code signature matching multi-pattern matching |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
