摘要: 可扩展固件接口(EFI)规范为启动操作系统之前的程序提供了一个标准环境。该文提出一个基于双核EFI的安全框架(DESA),EFI在物理结构和逻辑概念上作为一个独立的安全域,为操作系统提供实时监控、协处理和审计等安全组件服务。实现一个虚拟磁盘安全访问与实时监控的DESA应用实例。实验结果表明,DESA可以提高系统性能和安全性,它以较小的性能代价为系统提供安全服务。
关键词:
双核,
可扩展固件接口,
安全框架,
虚拟磁盘,
安全访问
Abstract: The Extensible Firmware Interface(EFI) specification provides a standard environment for the program before booting an OS. This paper proposes a Dual-core EFI-based Security Architecture(DESA). EFI is a secure domain that is physically and logically separate, and performs several security components services such as real-time monitoring, co-processing and auditing. A prototype for virtual disk’s secure access and real-time monitor is designed and implemented. Experimental results show that DESA can enhance performance and security improvements, and provide security services for OS with low performance cost.
Key words:
dual-core,
extensible firmware interface,
security architecture,
virtual disk,
secure access
中图分类号:
谢 勇;来学嘉;张熙哲. 基于双核EFI的安全框架[J]. 计算机工程, 2008, 34(22): 177-178.
XIE Yong; LAI Xue-jia; ZHANG Xi-zhe. Dual-core EFI-based Security Architecture[J]. Computer Engineering, 2008, 34(22): 177-178.