作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2008, Vol. 34 ›› Issue (22): 177-178. doi: 10.3969/j.issn.1000-3428.2008.22.061

• 安全技术 • 上一篇    下一篇

基于双核EFI的安全框架

谢 勇,来学嘉,张熙哲   

  1. (上海交通大学计算机科学与工程系,上海 200240)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2008-11-20 发布日期:2008-11-20

Dual-core EFI-based Security Architecture

XIE Yong, LAI Xue-jia, ZHANG Xi-zhe   

  1. (Department of Computer Science and Engineering, Shanghai Jiaotong University, Shanghai 200240)
  • Received:1900-01-01 Revised:1900-01-01 Online:2008-11-20 Published:2008-11-20

摘要: 可扩展固件接口(EFI)规范为启动操作系统之前的程序提供了一个标准环境。该文提出一个基于双核EFI的安全框架(DESA),EFI在物理结构和逻辑概念上作为一个独立的安全域,为操作系统提供实时监控、协处理和审计等安全组件服务。实现一个虚拟磁盘安全访问与实时监控的DESA应用实例。实验结果表明,DESA可以提高系统性能和安全性,它以较小的性能代价为系统提供安全服务。

关键词: 双核, 可扩展固件接口, 安全框架, 虚拟磁盘, 安全访问

Abstract: The Extensible Firmware Interface(EFI) specification provides a standard environment for the program before booting an OS. This paper proposes a Dual-core EFI-based Security Architecture(DESA). EFI is a secure domain that is physically and logically separate, and performs several security components services such as real-time monitoring, co-processing and auditing. A prototype for virtual disk’s secure access and real-time monitor is designed and implemented. Experimental results show that DESA can enhance performance and security improvements, and provide security services for OS with low performance cost.


Key words: dual-core, extensible firmware interface, security architecture, virtual disk, secure access

中图分类号: