LIU Wen-qi, FAN Ming-yu, TIAN Wei, WANG Guang-wei. BOOTKIT Detection Based on UEFI[J]. Journal of University of Electronic Science and Technology of China, 2018, 47(6): 901-905. DOI: 10.3969/j.issn.1001-0548.2018.06.016
Citation: LIU Wen-qi, FAN Ming-yu, TIAN Wei, WANG Guang-wei. BOOTKIT Detection Based on UEFI[J]. Journal of University of Electronic Science and Technology of China, 2018, 47(6): 901-905. DOI: 10.3969/j.issn.1001-0548.2018.06.016
shu

BOOTKIT Detection Based on UEFI

    Graphical Abstract
    • Abstract
  • UEFI-based BOOTKIT compromise the integrity of both UEFI firmware and OS, posing a fatal threat on the security of computer. In response, a new bootkit defense system based on UEFI, named UDS, is proposed in this paper. The proposed UDS is implemented as a UEFI device driver, which is booted before the OS. By adopting a strategy that combines integrity checking and file restoring, UDS protects firmware and OS kernels. And the methods of code obfuscation and file hiding are introduced to prevent UDS itself from being attacked by BOOTKIT. Finally, several experiments had been conducted to prove that UDS can protect itself from the attack of BOOTKIT, while effectively protecting integrity of both OS and firmware.
    • FullText(HTML)
  • loading
    • References (14)
    • Related Articles

Catalog

    Journal Online

    Author's Notes

      Links

        /

        DownLoad:  Full-Size Img  PowerPoint
        Return
        Return