摘要
基本输入输出系统(BIOS)陷门对计算机系统影响巨大,且现有工具难以有效检测其存在。在逆向分析基础上,研究了BIOS结构及BIOS代码混淆技术。根据实现粒度,将BIOS陷门分为模块级BIOS陷门与指令级BIOS陷门,详细分析了这两类陷门的实现原理与特点。最后提出了基于模块构成分析的模块级陷门检测方法和基于完整性度量的指令级陷门检测方法。实验结果表明,两种方法能有效检测与之对应的BIOS陷门的存在。
Basic Input Output System (BIOS) trapdoor has huge impact on computer system, and it is difficult to detect the existence of BIOS trapdoor effectively with the existing tools. After researching BIOS structure and BIOS code obfuscation technique based on reverse analysis, BIOS trapdoors were divided into module-level BIOS trapdoor and instruction-level BIOS trapdoor according to implementation granularity, followed by analyzing the implementation principle and characteristics of these two BIOS trapdoors in detail. Finally the detection method of module-level trapdoor based on analyzing module structure and the detection method of instruction-level trapdoor based on integrity measurement were presented. The experimental results show that these two methods can detect the existence of their corresponding BIOS trapdoors effectively.
出处
《计算机应用》
CSCD
北大核心
2013年第2期455-459,共5页
journal of Computer Applications
基金
信息工程大学未来发展基金资助项目(1201)
关键词
BIOS陷门
逆向分析
代码混淆
模块级陷门
指令级陷门
陷门检测
BIOS trapdoor
reverse analysis
code obfuscation
module-level trapdoor
instruction-level trapdoor
trapdoor detection
