摘要： 介绍了计算机BIOS安全风险的形成及特点，总结了BIOS安全风险的分类，提出了BIOS安全威胁模型和基于BIOS安全隐患扫描和代码完整性度量的BIOS安全检测模型。实现了一个基于BIOS安全隐患库与BIOS标准代码样本库的BIOS安全检测系统。指出BIOS在信息安全基础解决方案中的进一步安全增强和安全扩展的研究方向。

关键词: BIOS, 安全风险, 安全隐患, 安全检测

Abstract: This article introduces the progress and characteristics of BIOS security threat, summarizes the BIOS security risk classification, advances a model of BIOS security threat and a model of BIOS security detection which based on scanning of BIOS vulnerabilities and measuring of BIOS code integrity. A BIOS security detection system, based on the libraries of BIOS vulnerabilities and BIOS standard code samples, is implemented. Further study directions about enhancing and extending BIOS security role in information security fundamental solution are also presented.

Key words: BIOS, security risk, security vulnerability, security detection

中图分类号: 

• TP309