BIOS Protection Guidelines: Recommendations of the National Institute of Standards and Technology (Special Publication 800-147) (Paperback)

David Cooper, William Polk, Andrew Regenscheid, Murugiah Souppaya

  • 出版商: CreateSpace Independ
  • 出版日期: 2012-07-02
  • 售價: $720
  • 貴賓價: 9.5$684
  • 語言: 英文
  • 頁數: 30
  • 裝訂: Paperback
  • ISBN: 1478179155
  • ISBN-13: 9781478179153
  • 相關分類: Apple Developer
  • 海外代購書籍(需單獨結帳)

買這商品的人也買了...

商品描述

This National Institute of Standards and Technology Special Publication 800-147 “BIOS Protection Guidelines” document provides guidelines for preventing the unauthorized modification of Basic Input/Output System (BIOS) firmware on PC client systems. Unauthorized modification of BIOS firmware by malicious software constitutes a significant threat because of the BIOS’s unique and privileged position within the PC architecture. A malicious BIOS modification could be part of a sophisticated, targeted attack on an organization —either a permanent denial of service (if the BIOS is corrupted) or a persistent malware presence (if the BIOS is implanted with malware). As used in this publication, the term BIOS refers to conventional BIOS, Extensible Firmware Interface (EFI) BIOS, and Unified Extensible Firmware Interface (UEFI) BIOS. This document applies to system BIOS firmware (e.g., conventional BIOS or UEFI BIOS) stored in the system flash memory of computer systems, including portions that may be formatted as Option ROMs. However, it does not apply to Option ROMs, UEFI drivers, and firmware stored elsewhere in a computer system. While this document focuses on current and future x86 and x64 client platforms, the controls and procedures are independent of any particular system design. Likewise, although the guide is oriented toward enterprise-class platforms, the necessary technologies are expected to migrate to consumer-grade systems over time. Future efforts may look at boot firmware security for enterprise server platforms.~

商品描述(中文翻譯)

這份《國家標準與技術特刊 800-147 "BIOS 保護指南"》提供了預防個人電腦系統上基本輸入/輸出系統(BIOS)固件被未經授權修改的指南。惡意軟體對BIOS固件的未經授權修改構成了重大威脅,因為BIOS在個人電腦架構中具有獨特且特權的地位。惡意的BIOS修改可能是對組織進行精心策劃的有針對性攻擊的一部分,可能導致永久的服務拒絕(如果BIOS被損壞)或持續的惡意軟體存在(如果BIOS被植入惡意軟體)。在本文中,BIOS一詞指的是傳統BIOS、可擴展固件介面(EFI)BIOS和統一可擴展固件介面(UEFI)BIOS。本文適用於存儲在計算機系統的系統閃存記憶體中的系統BIOS固件(例如傳統BIOS或UEFI BIOS),包括可能被格式化為選項ROM的部分。然而,它不適用於存儲在計算機系統其他位置的選項ROM、UEFI驅動程序和固件。雖然本文重點關注當前和未來的x86和x64客戶平台,但控制措施和程序獨立於任何特定的系統設計。同樣,儘管本指南面向企業級平台,但預計所需技術將隨著時間遷移到消費級系統。未來的工作可能會關注企業服務器平台的引導固件安全性。