计算机应用 ›› 2013, Vol. 33 ›› Issue (02): 455-459.DOI: 10.3724/SP.J.1087.2013.00455

• 信息安全 • 上一篇    下一篇

BIOS陷门实现机理及检测技术研究

姜子峰,曾光裕,王炜,高洪博   

  1. 信息工程大学,郑州 450002
  • 收稿日期:2012-08-20 修回日期:2012-10-04 出版日期:2013-02-01 发布日期:2013-02-25
  • 通讯作者: 姜子峰
  • 作者简介: 姜子峰(1988-),男,河北石家庄人,硕士研究生,主要研究方向:信息安全; 曾光裕(1966-),女,重庆人,副教授,硕士,主要研究方向:信息安全; 王炜(1975-),男,湖北武汉人,讲师,博士,主要研究方向:信息安全、计算机体系结构; 高洪博(1984-),男,河北景县人,博士研究生,主要研究方向:信息安全。
  • 基金资助:
    信息工程大学未来发展基金资助项目

Research on implementation mechanism and detection technique of BIOS trapdoor

JIANG Zifeng,ZENG Guangyu,WANG Wei,GAO Hongbo   

  1. Information Engineering University, Zhengzhou Henan 450002, China
  • Received:2012-08-20 Revised:2012-10-04 Online:2013-02-01 Published:2013-02-25
  • Contact: JIANG Zifeng

摘要: 基本输入输出系统(BIOS)陷门对计算机系统影响巨大,且现有工具难以有效检测其存在。在逆向分析基础上,研究了BIOS结构及BIOS代码混淆技术。根据实现粒度,将BIOS陷门分为模块级BIOS陷门与指令级BIOS陷门,详细分析了这两类陷门的实现原理与特点。最后提出了基于模块构成分析的模块级陷门检测方法和基于完整性度量的指令级陷门检测方法。实验结果表明,两种方法能有效检测与之对应的BIOS陷门的存在。

关键词: BIOS陷门, 逆向分析, 代码混淆, 模块级陷门, 指令级陷门, 陷门检测

Abstract: Basic Input Output System (BIOS) trapdoor has huge impact on computer system, and it is difficult to detect the existence of BIOS trapdoor effectively with the existing tools. After researching BIOS structure and BIOS code obfuscation technique based on reverse analysis, BIOS trapdoors were divided into module-level BIOS trapdoor and instruction-level BIOS trapdoor according to implementation granularity, followed by analyzing the implementation principle and characteristics of these two BIOS trapdoors in detail. Finally the detection method of module-level trapdoor based on analyzing module structure and the detection method of instruction-level trapdoor based on integrity measurement were presented. The experimental results show that these two methods can detect the existence of their corresponding BIOS trapdoors effectively.

Key words: BIOS trapdoor, reverse analysis, code obfuscation, module-level trapdoor, instruction-level trapdoor, trapdoor detection

中图分类号: