UEFI Bootkit模型与分析

计算机科学 ›› 2012, Vol. 39 ›› Issue (10): 308-312.

UEFI Bootkit模型与分析

唐文彬，陈熹，陈嘉勇，祝跃飞

(解放军信息工程大学信息工程学院　郑州450002) (中国科学院信息安全国家重点实验室　北京100049)

出版日期:2018-11-16 发布日期:2018-11-16

Analysis and Detection of UEFI Bootkit

Online:2018-11-16 Published:2018-11-16

摘要/Abstract

摘要： 分析了UEFI Bootkit的工作原理和关键技术;在Harold木马模型的基础上，给出了UEFI Bootkit的形式化描述;分析了UEFI Boot kit和木马在隐蔽技术方面的差异，建立了UEFI I3ootkit协同隐藏的形式化模型;给出了模型的一个应用实例，理论证明了在操作系统内核启动前检测Bootkit比在操作系统启动完成后检测具有更好的效果;开发了一套在操作系统内核加载前就开始检测的UEFI Bootkit检测系统;使用检测系统进行了实际的测试，结果表明，UEFI Bootki、检测系统具有较好的检测效果，有效地验证了模型的准确性。

关键词: UEFI，形式化，Bootkit,隐蔽技术，可信计算，检测系统

Abstract: This paper analyzed the work mechanism and key technology of UEFI Bootkit, expanded the definition of Trojan according to it,illustrated the differences of hiding technology between UEFI Bootkit and Trojan,built a formal model of UEFI Bootkit cooperative concealment, showed an application of the model, proved the idea that detecting Bootkit before the operating system kernel starting can obtain a better effect than after the operating system starting.We designed and developed UEFI I3ootkit detection system which works before the operating system kernel starts. The detection system was used to do practical test, and the results show UEFI Bootkit detection system obtains a good effect and has the accuracy.

Key words: UEFI, Formal description, Bootkit, Hiding technology, Trusted computing, Detection system

唐文彬，陈熹，陈嘉勇，祝跃飞. UEFI Bootkit模型与分析[J]. 计算机科学, 2012, 39(10): 308-312. https://doi.org/

参考文献

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed