Abstract:
Based on the research of SMBIOS entry point structure, SMBIOS structure tables and memory-mapped I/O, this paper puts forward a method of universal Basic Input/Output System(BIOS) image file sampling and formatting, and establishes a BIOS image file security detection model. Experiments prove this method can analyze multiple IBV’s(Independent BIOS Vendor) BIOS image files successfully, thus it solves a critical problem in BIOS security risk analysis and detection system.
Key words:
Basic Input/Output System(BIOS),
security risk,
security detection,
firmware security,
memory mapping
摘要:
通过研究BIOS镜像文件中遵循的SMBIOS规范、EPSON表结构及高端物理内存映射方法,提出一种通用的BIOS镜像文件采样及分析技术手段,建立BIOS镜像文件安全检测模型。实验证明,该方案能对多种厂商的BIOS镜像文件进行采样及格式处理,解决BIOS安全风险分析检测系统中存在的技术难点,为固件层的安全分析提供有效保障。
关键词:
基本输入/输出系统,
安全风险,
安全检测,
固件安全,
内存映射
CLC Number:
WANG Xiao-Jian, ZHOU Zhen-Liu, LIU Bao-Xu. Design and Implementation of BIOS Sampling and Analyzing System[J]. Computer Engineering, 2011, 37(11): 7-9.
王晓箴, 周振柳, 刘宝旭. BIOS采样分析系统的设计与实现[J]. 计算机工程, 2011, 37(11): 7-9.