| With the development of computer and Internet technology, the computer and Internet security have become more and more important. In face of constant struggles between attacker and defender, a consensus on enhancing the computer security physical layer to ensure the computer safety has successively formed in the computer security industry. As an important part of computer physical layer, BIOS is mainly responsible for self-inspection and initialization of hardware and system boot, thus its security is essential for the computer security system. Nowadays, BIOS chip has extended functions and enlarged volume, accompanied by increasing potential safety hazards which are different from normal security vulnerabilities with its uneasiness for detection & removal and strong destructive power.BIOS code was designed with partial security mechanism at the beginning, but the mechanism cannot absolutely protect the BIOS anymore due to the rapid development of security attacking and anti-attacking technology. There were even some attacks against firmware in recent years. Unfortunately, the mainstream security software is not provided with effective measures to cope with the attacks. In order to solve this problem, domestic and foreign researchers have put forward several theories and mechanisms. However, those mechanisms all have certain limitaiton because they are just relying on static detection technology.To remedy the above deficiency, in accordance with the features of computer system application layer and firmware layer, a firmware security detection and protection system(FDPS) based on BIOS security hazard model is designed in this thesis. The system conducts firmware safety detection in application layer and firmware safety protection in firmware layer, making the two actions complement to each other. The main research contents are:1. Application of Wu-manber multiple pattern matching algorithm in FDPS security detection.2. BIOS Rootkit principle, pointing out that tampering address of INT 13 h int IVT is critical for all BIOS Rootkit mechanisms.3. Firmware protection principle, scanning the address of INT 13 h by adding protection module and conducting repair once the attacks are found. The method for detection and repair is studied focally in the thesis to guarantee the normal startup of computer.This thesis presents key units of FDPS, measurement of system & protection effect, and the comparison of the measurement to typical firmware protection mechanism and legacy protection software. The result shows that FDPS overcomes the shortcomings of typical firmware protection mechanism and legacy protection software by providing detection in application layer and protection in firmware layer, achieving the design purpose as it can safeguard the firmware and ensure the security of computer system. |
PDF Full Text Request