Abstract:

Based on the research of SMBIOS entry point structure, SMBIOS structure tables and memory-mapped I/O, this paper puts forward a method of universal Basic Input/Output System(BIOS) image file sampling and formatting, and establishes a BIOS image file security detection model. Experiments prove this method can analyze multiple IBV’s(Independent BIOS Vendor) BIOS image files successfully, thus it solves a critical problem in BIOS security risk analysis and detection system.

Key words: Basic Input/Output System(BIOS), security risk, security detection, firmware security, memory mapping

摘要：

通过研究BIOS镜像文件中遵循的SMBIOS规范、EPSON表结构及高端物理内存映射方法，提出一种通用的BIOS镜像文件采样及分析技术手段，建立BIOS镜像文件安全检测模型。实验证明，该方案能对多种厂商的BIOS镜像文件进行采样及格式处理，解决BIOS安全风险分析检测系统中存在的技术难点，为固件层的安全分析提供有效保障。

关键词: 基本输入/输出系统, 安全风险, 安全检测, 固件安全, 内存映射

CLC Number: 

• TP334.4