| The research of malicious code protection is an important direction in security area in the world. With the rapid development of malicious code technology, such as kernel rootkit, boot virus and firmware rootkit, the traditional information security mechanism which based on the level of operating system can't be able to meet the requirements of information security development. These malware could invade the underlying of operating system and get control of the computer before the security software started, which make them very difficultly to be detected and removed.UEFI (Unified Extensible Firmware Interface) is an international standard which describes an interface between the operating system and the platform firmware. It's going to take the place of legacy BIOS and become the next generation firmware framework. UEFI has great extensible capability, it is able to be loaded from any storage device such as Harddisk, U-disk, even the network device. Therefore, it's also faced the great challenge of malicious code attack.According to the analysis and research of anti-malware technology with UEFI firmware, this paper proposes the concept and model of malicious code protection system base on UEFI. By using the malicious code scanning and integrity checking algorithms, this paper also implements a signature detecting engine under EDK II development platform, which provides functions of malicious code detect, boot option analysis and firmware & OS Kernel backup. The final test procedures has validated that this system can effectively resist malicious code with small code size and low cost before the operating system started, and proved it's a reasonable and correct way to set up malicious code protection system in UEFI pre-boot environment. |
PDF Full Text Request