摘要
基于UFEI的BOOTKIT攻击能对UFEI固件、操作系统的完整性进行破坏,严重影响计算机安全。基于此,该文提出一种新的基于UEFI固件的BOOTKIT检测方法UDS,来保护固件和操作系统的安全。UDS以UEFI虚拟设备驱动程序的形式实现,在OS之前加载启动;采用了将完整性检测与文件恢复相结合的策略,对固件和操作系统内核进行保护;并通过代码混淆和文件隐藏的方法,防止UDS自身被BOOTKIT攻击。实验表明,UDS能有效保护固件和OS的完整性,防范基于UEFI的BOOTKIT攻击,具有启动时间早、空间开销少及自我保护性好的优点。
UEFI-based BOOTKIT compromise the integrity of both UEFI firmware and OS,posing a fatal threat on the security of computer.In response,a new bootkit defense system based on UEFI,named UDS,is proposed in this paper.The proposed UDS is implemented as a UEFI device driver,which is booted before the OS.By adopting a strategy that combines integrity checking and file restoring,UDS protects firmware and OS kernels.And the methods of code obfuscation and file hiding are introduced to prevent UDS itself from being attacked by BOOTKIT.Finally,several experiments had been conducted to prove that UDS can protect itself from the attack of BOOTKIT,while effectively protecting integrity of both OS and firmware.
作者
刘文祺
范明钰
田伟
王光卫
LIU Wen-qi;FAN Ming-yu;TIAN Wei;WANG Guang-wei(School of Computer Science and Engineering,University of Electronic Science and Technology of China Chengdu 611731;The 95333 troop of People’s Liberation Army of China Changsha 410114)
出处
《电子科技大学学报》
EI
CAS
CSCD
北大核心
2018年第6期901-905,共5页
Journal of University of Electronic Science and Technology of China
基金
国家自然科学基金(60373109
60272091)
