CN101079003A - System and method for carrying out safety risk check to computer BIOS firmware - Google Patents
System and method for carrying out safety risk check to computer BIOS firmware Download PDFInfo
- Publication number
- CN101079003A CN101079003A CN 200610081081 CN200610081081A CN101079003A CN 101079003 A CN101079003 A CN 101079003A CN 200610081081 CN200610081081 CN 200610081081 CN 200610081081 A CN200610081081 A CN 200610081081A CN 101079003 A CN101079003 A CN 101079003A
- Authority
- CN
- China
- Prior art keywords
- bios
- module
- subsystem
- code
- computer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 238000005070 sampling Methods 0.000 claims abstract description 41
- 230000008439 repair process Effects 0.000 claims abstract description 20
- 238000012360 testing method Methods 0.000 claims abstract description 8
- 238000001514 detection method Methods 0.000 claims description 55
- 238000004458 analytical method Methods 0.000 claims description 45
- 238000003860 storage Methods 0.000 claims description 26
- 230000006870 function Effects 0.000 claims description 10
- 230000008569 process Effects 0.000 claims description 8
- 238000004891 communication Methods 0.000 claims description 6
- 238000012502 risk assessment Methods 0.000 claims description 6
- 230000004064 dysfunction Effects 0.000 claims description 5
- 230000005540 biological transmission Effects 0.000 claims description 4
- 230000003287 optical effect Effects 0.000 claims description 3
- 238000007639 printing Methods 0.000 claims description 3
- 238000012546 transfer Methods 0.000 claims description 3
- 230000000295 complement effect Effects 0.000 claims description 2
- 230000002265 prevention Effects 0.000 abstract 1
- 238000007906 compression Methods 0.000 description 6
- 230000006835 compression Effects 0.000 description 6
- 238000010276 construction Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 6
- 230000008878 coupling Effects 0.000 description 5
- 238000010168 coupling process Methods 0.000 description 5
- 238000005859 coupling reaction Methods 0.000 description 5
- 230000006378 damage Effects 0.000 description 5
- 238000005259 measurement Methods 0.000 description 5
- 238000013461 design Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000008859 change Effects 0.000 description 3
- 238000005094 computer simulation Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000009467 reduction Effects 0.000 description 2
- 241001269238 Data Species 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 238000000354 decomposition reaction Methods 0.000 description 1
- 230000002950 deficient Effects 0.000 description 1
- 238000013100 final test Methods 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a system proceed safe test for computer BIOS firmware and method, which comprises the following steps: initializing; proceeding BIOS sampling; analyzing BIOS image file; scanning various hidden dangers of BIOS; measuring completeness integrity of BIOS code; outputting the testing effect; proceeding safe repair for BIOS. This invention can decrease, reduce and remove safety loophole and hidden danger of computer BIOS, which provides reliable terminal safety prevention and overall protection for computer and network.
Description
Technical field
The present invention relates to computer security risk detection technique, particularly relate to a kind of system and method for security risk detection of computer BIOS firmware.Detection principle according to the present invention can detect the potential safety hazard that current computer BIOS exists, by bios code is carried out integrity measurement, draw testing result, and in view of the above computer BIOS is carried out safe repairing, make it can prevent network attack and information-leakage effectively at computer BIOS.
Background technology
Computer BIOS (Basic Input/Output System) is the software systems that are solidificated in the computer motherboard chip, also claims firmware (firmware).After computer booting powers on, at first carry out the BIOS instruction, finish the detection and the initialization of underlying hardware and peripherals, the service that provides when being loaded as system's operation, last pilot operationp system.
Generally speaking, the conventional information security threat is more to be concentrated on the software systems, and has ignored the security risk of computer BIOS firmware.Along with BIOS increased functionality and technical development, the security risk problem of firmware BIOS just becomes increasingly conspicuous.The appearance of BIOS security risk and threat is the coefficient result of multiple factor.
Early stage BIOS function is simple, and BIOS binary code volume is little, and burning is in the PROM or EPROM chip of 32KB.Follow the expansion of BIOS function, the chip capacity that holds BIOS also constantly increases, and expands 512KB gradually to, or even 1024KB.
Standard-required BIOS such as PNP, DMI, ESCD, SMBIOS and operating system are mutual, motherboard BIOS wants to write down peripherals situation of change and resource distribution change conditions, and with the operating system swap data, and in service also increasing to upgrading demand of BIOS in system.Change for adapting to these, motherboard BIOS chip is progressively rewritten the FLASH chip that upgrades by available software and is replaced.And OPROM such as video card, network interface card also use the FLASH chip-stored instead.Design has FLASH chip read-write hardware circuit on the motherboard, use software approach, the voltage of writing of FLASH chip is drawn high certain specific voltage, or the erase signal of input appointment, just can realize the memory contents of the whole chips of FLASH is wiped rewriting, or wipe and rewrite part piece (block) and subregion (sector).
The development of these new technologies, the security threat that BIOS is faced progressively shows especially out.The BIOS security risk is embodied in two aspects, and the one, to the destruction of BIOS chip and memory contents, cause computer main frame panel hardware layer and firmware layer are attacked, be exactly a known example of this BIOS security threat as virus CIH; Another aspect of BIOS security risk is to utilize BIOS self design hidden danger, or utilizes the remaining space of BIOS chip to embed illegal program, to realize the Long-distance Control to computer system.
Because computer BIOS is a kind of fixer system, is the software systems of burning in solid FLASH chip.The security risk of BIOS detects with the vulnerability scanning of general software systems, looks into and kill the malicious bigger difference that has.With traditional comparing based on the information of software security risk, the BIOS security risk is present in the hardware chip, have more hidden, be difficult for to detect, not easy-clear, characteristics such as not upgraded by operating system and disk to influence.
Summary of the invention
The present invention is directed to the security risk of BIOS fixer system, a kind of new system and method that can carry out the security risk detection to the BIOS firmware is provided, repair by safety detection and safety, solve potential safety hazard scanning and code integrity metric question at computer BIOS to computer BIOS.Improve the security of computer system, reduce or the computing machine avoiding causing owing to the BIOS security threat is attacked, the harm of information-leakage.
What the present invention proposed can carry out the system that security risk detects to the BIOS firmware, comprises sampled subsystem, safety analysis subsystem, security management subsystem and safety repairing subsystem;
Described sampled subsystem is used to finish this locality sampling or long-range sampling to the FLASH chip of storage BIOS on the computer motherboard, reads the FLASH chip content and is stored as the scale-of-two image file;
Described safety analysis subsystem by the sampled data of described security management subsystem reception from sampled subsystem, carries out safety analysis to sampled data, generates analysis result information and gives described security management subsystem;
Described security management subsystem develops and manages the safety detection task, presents analysis result information, and reports to described safety repairing subsystem;
Described safety is repaired the potential safety hazard of subsystem according to the security management subsystem report, the BIOS image file is implemented safety repair, and the BIOS image file after will repairing writes back in the FLASH chip.
In the above-mentioned system that computer BIOS firmware is carried out the security risk detection, sample for this locality, described sampled subsystem comprises: sampling module under operating system environment and local memory module, be used for the computing machine of this locality is carried out the security risk detection of BIOS fixer system, sample by described sampling module, and sampled data is stored in the local memory module.
Above-mentioned computer BIOS firmware is carried out the system that security risk detects, comprise that also one adopts ICP/IP protocol to communicate by letter long-range reception from the secure memory subsystem of the sampled data of described sampled subsystem, be used for centralized remote detection.For long-range sampling, described sampled subsystem also comprises: be used for the sampling module and the remote storage modules of optical disk start-up, by remote storage modules the sampled data of sampling module collection be transferred on the long-range specific store server in the secure memory subsystem and store.
Computer BIOS firmware is carried out in the system that security risk detects described, described security management subsystem comprises: task management module, analysis result present module and communicate by letter and memory module;
Described task management module is used to set up the safety detection task, reads the BIOS image file in the sampled data that sampled subsystem gathers, and transfers to the safety analysis subsystem and carries out security risk analysis and detect;
Described analysis result presents the safety detection result of module demonstration to BIOS, and generates final safety detection report in conjunction with sample record and task daily record, allows user's demonstration, printing or storage security examining report;
Described communication and memory module are used for data transmission and the storage between described security management subsystem and other subsystems.
In the described safety analysis subsystem, comprising: safety analysis engine, BIOS potential safety hazard storehouse and/or BIOS standard code sample storehouse in the system that security risk detects described computer BIOS firmware is carried out;
Described safety analysis engine is used for the BIOS image file of sampled data is resolved, and obtains being used for the BIOS module of comparison BIOS potential safety hazard, determines the integrality of BIOS potential safety hazard and/or tolerance BIOS block code;
Described BIOS potential safety hazard storehouse stores various BIOS potential safety hazards, is used to provide to described safety analysis engine and carries out the comparison of BIOS module, to determine the BIOS potential safety hazard;
Described BIOS standard code sample storehouse stores various BIOS standard code samples, is used to provide to described safety analysis engine to carry out the tolerance of integrality of BIOS block code to judge whether bios code was modified.
Computer BIOS firmware is carried out in the system that security risk detects described, described safety is repaired subsystem, comprises BIOS patching code module and BIOS safety repair outfit; By described BIOS safety repair outfit, BIOS patching code module is embedded in the BIOS image file, to repair the current configuration leak that exists of BIOS; From the BIOS image file, delete the module that there are the back door in BIOS wooden horse module or other suspection or/and utilize described BIOS safety repair outfit.
The present invention also provides a kind of computer BIOS firmware has been carried out the method that security risk detects, and comprises the steps:
After step 1, the initialization, carry out the BIOS sampling;
The integrality of step 3, scanning various hidden dangers of BIOS and/or tolerance bios code;
In the described step 4 of said method, BIOS is carried out after safety repairs, also comprise amended BIOS image file is write step in the FLASH chip again.
In above-mentioned, described step 2 is resolved the BIOS image file, promptly by reading the BIOS image file, judge BIOS type, according to BIOS type, according to module head feature word and structure, each BIOS module and be stored as independently binary file of from the BIOS image file, resolving and decompress.
In said method, the scanning various hidden dangers of BIOS of described step 3, promptly, in all BIOS modules that generate, search the hidden danger condition code that is complementary with it, determine whether BIOS exists potential safety hazard according to each the potential safety hazard record in the BIOS potential safety hazard storehouse.
In said method, the integrality of the tolerance bios code of described step 3, i.e. executable code module to generating, the MD5 eap-message digest of computing module, and compare, thereby the integrality of tolerance bios code module with the eap-message digest of respective modules in the BIOS standard code sample storehouse.
In described BIOS potential safety hazard storehouse, to each BIOS potential safety hazard of being stored, adopt at least two tuples to describe, establish:
V={n,k}
V represents a kind of potential safety hazard in the formula, and n represents the potential safety hazard title, and k represents one or more groups condition code of potential safety hazard.
In addition, also can adopt more polynary description usually, as adopt hexa-atomic group of description, establish:
V={t,n,k,m,p,d}
V represents a kind of potential safety hazard in the formula, t represents the potential safety hazard type, n represents the potential safety hazard title, k represents one or more groups condition code of potential safety hazard, m represents one or more BIOS modules that potential safety hazard relates to, the p representative is to the suggestion of this potential safety hazard mending option, and d represents the harm of this potential safety hazard and utilizes situation to describe.
Each standard code module in the described BIOS standard code sample storehouse adopts four-tuple description at least, establishes:
S={bt,ct,mt,fn}
S represents a standard code module in the formula, and bt represents the BIOS type under this module, and ct represents the computer type under this module, and mt represents the classification of this module, the disk file of this module of fn representative storage.
In addition, also can adopt more polynary description usually, describe, establish as adopting five-tuple:
S={bt,ct,mt,fn,md}
S represents a standard code module in the formula, and bt represents the BIOS type under this module, and ct represents the computer type under this module, and mt represents the classification of this module, the disk file of this module of fn representative storage, and md represents the eap-message digest of this module contents.
In said method, in the described step 5 BIOS is carried out safe repairing, comprise the following safety of BIOS targetedly repairing technique measure:
(1) the BIOS dysfunction need not to repair, and only needs prompting contingent situation of user function obstacle and application notice, avoids the system crash and the loss of data that cause thus;
(2) at BIOS configuration leak, system of the present invention provides special-purpose BIOS security patch code module, after the instrument that provides with system embeds the BIOS image file with this BIOS security patch code module, after BIOS self check process, automatically perform this section code, thereby set safe and rational correct configuration;
(3) physical attacks at BIOS threatens, and prompting and suggestion user in time adopt the relevant hardware safeguard measure;
(4) at wooden horse module implanted among the BIOS, this module will be deleted by system from the BIOS image file.
In sum; the present invention detects by the security risk to computer BIOS firmware; can reduce effectively; reduce; eliminate security breaches and potential safety hazard that computer BIOS exists; prevent that code is by malicious modification in the computer BIOS; or implanted trojan horse program; strengthen computer information system safety jointly from hardware layer and firmware layer two aspects; the computer physics that defence takes place at computer BIOS is attacked; information leakage; loss of data; security incidents such as network attack are the information security of high secured computing environment and network environment; information privacy provides reliable terminal security to take precautions against and comprehensively protection.
Description of drawings
Fig. 1 is the one-piece construction block diagram of computer BIOS safety detecting system of the present invention;
Fig. 2 is the computer BIOS safety detection mode synoptic diagram of system of the present invention;
Fig. 3 is a computer BIOS safety detection method process flow diagram of the present invention;
Fig. 4 is a computer BIOS sampling process of the present invention;
Fig. 5 is a computer BIOS security risk analysis principle schematic of the present invention.
Embodiment
At first introduce the structure of safety detecting system of the present invention below.
System of the present invention adopts modular construction, adopts modular design method, both conveniently is used for the safety detection of single computer during detection, also can set up BIOS safety detection center, detects by the large-scale computer BIOS security risk of network implementation.
Fig. 1 is the one-piece construction block diagram of system of the present invention.System of the present invention mainly comprises sampled subsystem 1, safety analysis subsystem 2, security management subsystem 3, safety repairing subsystem 4.Also show secure memory subsystem 5 among Fig. 1, it belongs to optional subsystem.
Described sampled subsystem is finished the sampling work to the FLASH chip of storage BIOS on the computer motherboard, reads FLASH chip content (as the whole file of BIOS) and is stored as the scale-of-two image file.Described sampled subsystem comprises: sampling module 11 under operating system environment and local memory module 12 are used for the computing machine of this locality is carried out the security risk detection of BIOS fixer system.Detect for this locality, then 11 pairs of sampled datas of sampling module are stored in the local memory module 12, in the local computer disk.If centralized remote detection, then need secure memory subsystem 5, at this moment, described sampled subsystem also comprises: be used for the sampling module 15 and the remote storage modules 16 of optical disk start-up, by remote storage modules 16 with communicate by letter and sampled data that memory module 51 is gathered sampling module 15 is transferred to storage on the long-range specific store server 52 in the secure memory subsystem 5; Wherein, transmission mode can be Network Transmission, adopts ICP/IP protocol communication.
In the described safety analysis subsystem 2, comprising: safety analysis engine 21, BIOS potential safety hazard storehouse 22, BIOS standard code sample storehouse 23; Described safety analysis engine 21 is used to finish decomposition module to the BIOS image file, each module after decomposing is carried out the integrity measurement of hidden danger scanning and code, wherein, BIOS potential safety hazard storehouse 22, BIOS standard code sample storehouse 23 are stored various BIOS potential safety hazards and BIOS standard code sample respectively, in the present invention, these two databases are dynamic databases, can constantly add newfound potential safety hazard and BIOS standard code sample.
Utilize 21 pairs of BIOS image files of safety analysis engine to decompose, can obtain the BIOS module of a plurality of composition image files, according to the condition code that is stored in the BIOS potential safety hazard storehouse, in these BIOS modules, carry out condition code scanning and coupling then, thereby determine the potential safety hazard that BIOS exists; For the BIOS module that comprises executable code, described safety analysis engine generates the MD5 eap-message digest of this BIOS module, by with described BIOS standard code sample storehouse 23 in the eap-message digest of corresponding module compare, judge whether bios code was modified; The safety detection report of last generation technique is used for described security management subsystem.
Described security management subsystem 3 comprises: task management module 31, analysis result present module 32 and communicate by letter and memory module 33;
Described task management module 31 is used to set up the safety detection task, reads the BIOS image file on local disk or the server, transfers to safety analysis subsystem 2 and carries out the security risk analysis detection;
Described analysis result presents the safety detection result that module 32 shows BIOS, and generates final safety detection report in conjunction with sample record and task daily record, allows user's demonstration, printing or storage security examining report.
The safety detection report can be stored in local disk by described communication and memory module 33, or remote storage is to specific store server 52.
Described safety is repaired subsystem 4, comprises BIOS patching code module 41 and BIOS safety repair outfit 42.Utilize BIOS safety repair outfit 42 BIOS patching code module 41 can be embedded in the BIOS image file, to repair the current configuration leak that exists of BIOS; Also can utilize this BIOS safety repair outfit 42 from the BIOS image file, to delete the module that there are the back door in BIOS wooden horse module or other suspection; Safety is repaired subsystem 4 tool software that the BIOS image file after repairing is write back the FLASH chip also is provided simultaneously.The safety of BIOS is repaired and is implemented according to testing result by BIOS safety assistant director personnel, rather than is implemented automatically by system.
Fig. 2 is the computer BIOS safety detection mode synoptic diagram of system of the present invention, as mentioned above, system of the present invention adopts modular design, both be suitable on single computer, finishing the BIOS security risk and detected (see among Fig. 2 shown in the A), also be suitable for large-scale centralized BIOS safety detection (see among Fig. 2 shown in the B).Therefore, Fig. 2 has provided the working method of local detection and long-distance on-line detection.
Detect for this locality, sampled subsystem, security management subsystem, safety analysis subsystem, safety are repaired subsystem and is installed on same the computing machine wanting detected, just can on this computing machine, finish all detections and present report in this locality.This detection mode need not specific store server and network support.
Carry out the detection of computer BIOS security risk if carry out large-scale long-distance on-line, can realize remote detection by setting up BIOS safety detection center.The BIOS secure memory subsystem is set up, the configure dedicated storage server in described BIOS safety detection center.Be equipped with one or more safety detection terminal computer.Security management subsystem and safety analysis subsystem are installed on every station terminal computing machine.The BIOS sampled subsystem can download to this locality of detected computing machine and carry out, and also can directly carry out by WEB mode network remote, but need obtain detected computer user's affirmation permission.Connect by the TCP/IP network between detected computing machine, specific store server, the safety detection terminal computer.
Concrete detection principle will be launched to introduce below step by step.
Fig. 3 is the method flow diagram of computer BIOS safety detection of the present invention.
At first, carry out the BIOS sampling, selectively carry out this locality sampling or long-range sampling;
Then, resolve the BIOS file, promptly by reading the BIOS image file, judge BIOS type, according to BIOS type,, from the BIOS image file, resolve and decompress that each is formed BIOS module and is stored as independently binary file according to module head feature word and structure;
The potential safety hazard that scanning BIOS exists promptly according to each the potential safety hazard record in the potential safety hazard storehouse, is searched coupling hidden danger condition code in all BIOS modules that generate, determine whether BIOS exists potential safety hazard;
The integrality of tolerance BIOS block code: to the executable code module that generates, the MD5 eap-message digest of computing module, and compare the integrality of tolerance BIOS block code with the eap-message digest of respective modules in the standard code sample storehouse;
According to The above results, generate BIOS security risk examining report, for security management subsystem generates the content that final testing result provides technical analysis;
This security risk examining report can be used for detected computing machine is carried out security risk assessment, safety is repaired then to be needed according to the dissimilar hidden danger of being found, in the BIOS image file, add corresponding safe patching code module, perhaps from the BIOS image file, delete the module that threat is arranged;
After the BIOS image file repaired processing, the BIOS image file after repairing can be write back in the FLASH chip, but need to obtain detected computer user's agreement before writing.
Referring to Fig. 4, on 1,2,3 basis in conjunction with the accompanying drawings, the sampling principle that further specifically describes system and method for the present invention and adopted.
As shown in Figure 4, system of the present invention is provided at the sampling software that moves in the operating system environment.Sampling software is realized the BIOS sampling by the read operation to storage BIOS chip on the mainboard.Result after the sampling is stored in local disk, or by ICP/IP protocol communication sampled data is transferred to long-range specific store server in the secure memory subsystem.
Particularly, system of the present invention can also provide BIOS sampling CD.Use this sampling CD, do not have installing operating system also can realize sampling even be sampled computing machine.From on one's body LINUX system start-up computing machine, operation sampling software is realized sampling to the sampling CD automatically then, and by ICP/IP protocol communication sampled data is transferred to long-range specific store server with CD.
System of the present invention will write down and preserve the information that is sampled computing machine in sampling process.Information project includes but not limited to: organization, section office's title, computer model, computing machine end user, computing machine responsible official, sampling time, sampling position, sampling people.
Fig. 5 is a BIOS security risk analysis principle schematic of the present invention, the analysis that focuses on the computer BIOS security risk of the present invention.From Fig. 5 and in conjunction with Fig. 3 as can be seen, BIOS safety analysis engine can carry out the analysis of three aspects.
(1) the BIOS image file is resolved
The BIOS image file is combined to form according to certain structure by a plurality of BIOS function code modules or data module.Each function code module or data module are all according to the fixing head construction packages.Information in the head construction comprises: head feature word, module type, module reduction length, module physical length, module compression algorithm.
System of the present invention is to the resolving of BIOS image file, be exactly these head feature words of sequential search in the BIOS image file, according to information such as the block length in the head construction, compression algorithms, module contents is read and is stored as independently binary file then.
Except that the minority module, most of BIOS module all is compressed storage.Want BIOS is carried out potential safety hazard scanning, just can carry out the scanning coupling of hidden danger condition code after must decompressing the module of these compression storages.The public compression algorithm of the general employing of BIOS module compression mainly is LZSS and LZINT algorithm.
(2) BIOS potential safety hazard scanning
In the BIOS potential safety hazard storehouse, storing all BIOS potential safety hazards of having found.System of the present invention is summed up as 4 types with all BIOS potential safety hazards, that is: (1) BIOS dysfunction hidden danger, (2) BIOS configuration leak hidden danger, (3) BIOS physical attacks hidden danger, (4) BIOS wooden horse hidden danger.
About (1) type, there is the defective of some hardware or software compatibility aspect in the BIOS dysfunction when being meant by the integrated BIOS functional module of mainboard manufacturer, uses obstacle such as can cause that system start-up failure, hard disc data are lost under situation at some.
About (2) type, BIOS configuration leak hidden danger is meant owing to some option among the BIOS SETUP is provided with unreasonable causing can be carried out remote access or Long-distance Control by malicious person's utilization.
About (3) type, the BIOS physical attacks is meant that the FLASH chip owing to storage BIOS lacks write-protect and causes chip content to be wiped free of or cause the motherboard component physical to damage.
About (4) type, the BIOS wooden horse is meant owing to implanted wooden horse in the FLASH chip of storage BIOS causes computing machine to be controlled or information leakage by long-range attack person.
For the dissimilar potential safety hazard of the BIOS that detects, need take BIOS safety repairing technique measure targetedly accordingly.
Each BIOS potential safety hazard of being stored in the BIOS potential safety hazard storehouse in the system of the present invention, adopt hexa-atomic group of description (can include but not limited to that the simplest is to include only hidden danger title and condition code):
V={t,n,k,m,p,d}
V represents a kind of potential safety hazard in the formula, t represents the potential safety hazard type, n represents the potential safety hazard title, k represents one or more groups condition code of potential safety hazard, m represents one or more BIOS modules that potential safety hazard relates to, the p representative is to the suggestion of this potential safety hazard mending option, and d represents the harm of this potential safety hazard and utilizes situation to describe.
The present invention is to realize by the condition code coupling that compares potential safety hazard to the potential safety hazard scanning of BIOS.
(3) integrality of tolerance BIOS block code
The corresponding relation of detected BIOS module and corresponding standard code module thereof in the system of the present invention is by BIOS type, computer type, the common decision of 3 groups of data of module type.By compiling the BIOS sample of different B IOS type and various computing machine type in advance, the sample module is studied classification, set up BIOS standard code sample storehouse.
The integrity measurement of BIOS block code will detect exactly whether code in the BIOS module is modified and the function that changed or increased module.The integrity measurement of BIOS block code in the system of the present invention, the MD5 eap-message digest by more detected BIOS module and corresponding standard code module realizes.If the MD5 eap-message digest that the module in the MD5 eap-message digest of the detected module standard code sample storehouse corresponding with it generates is in full accord, prove that then detected module is not modified.The MD5 Message Digest 5 is disclosed known algorithm.
Each standard code module in the system of the present invention in the BIOS standard code sample storehouse, adopt five-tuple to describe (wherein, also can not comprise md, and be calculated according to module file when detecting by analysis engine temporarily):
S={bt,ct,mt,fn,md}
S represents a standard code module in the formula, and bt represents the BIOS type under this module, and ct represents the computer type under this module, and mt represents the classification of this module, the disk file of this module of fn representative storage, and md represents the eap-message digest of this module contents.
After the analytic process of safety analysis subsystem is finished, generate BIOS security risk examining report, and the output testing result.
Sum up said process, the execution in step of safety analysis engine is:
The report of above-mentioned BIOS safety detection comprises two parts content, i.e. (1) task record message part, and (2) technology for detection is part as a result.In addition, the implementer also can carry out suitable increase and decrease to the particular content of report.
The content of described task record message part comprises:
BIOS sample record information: put down in writing the BIOS sample information of detected computing machine, as comprise following item of information: organization, section office's title, computer model, computing machine end user, computing machine responsible official, sampling time, sampling position, sampling people;
BIOS detects mission bit stream: put down in writing this BIOS analyzing and testing mission bit stream, as comprising following item of information: task creation date, task creation time, task creation people.
The content of described technology for detection result's part comprises:
BIOS essential information: put down in writing the essential information of detected BIOS, as comprise following item of information: BIOS manufacturer, BIOS file size, BIOS sequence number, BIOS issuing time, bios version number, BIOS copyright information;
BIOS structural information: put down in writing the module parses result of detected BIOS, list the module information that all parse.Each module comprises following item of information: module type code, module type title, module stores file, module physical length, module reduction length, module compression ratio, functions of modules are described;
BIOS potential safety hazard: put down in writing the potential safety hazard that detected BIOS exists.Each potential safety hazard of being reported includes but not limited to following item of information: potential safety hazard title, potential safety hazard type, hidden danger respective modules, suggested solution, potential safety hazard are described;
BIOS integrality:, report its integrity measurement result to each executable module of detected BIOS.
According to the result who is detected, BIOS is carried out safe repairing:
System of the present invention provides different targetedly BIOS safety repairing technique measures at four kinds of different BIOS potential safety hazard types:
(1) the BIOS dysfunction need not to repair, and only needs prompting contingent situation of user function obstacle and application notice, avoids the system crash and the loss of data that cause thus;
(2) at BIOS configuration leak, system of the present invention provides special-purpose BIOS security patch code module, after the instrument that provides with system embeds the BIOS image file with this BIOS security patch code module, after BIOS self check process, automatically perform this section code, thereby set safe and rational correct configuration;
(3) physical attacks at BIOS threatens, and prompting and suggestion user in time adopt the relevant hardware safeguard measure;
(4) at wooden horse module implanted among the BIOS, this module will be deleted by system from the BIOS image file.
Certainly, if the module of detected other unknown function or type among the BIOS is then further analyzed by the professional, and analysis result data is enriched in BIOS potential safety hazard storehouse or standard code sample storehouse.
Though the present invention embodiment shown in the basis has done foregoing description, those of ordinary skill in the art can be readily appreciated that the variation of embodiment and the variation in the spirit and scope of the present invention.Therefore, those of ordinary skill in the art can carry out many modification not deviating under the spirit and scope of the present invention.
Claims (10)
1, a kind of system that computer BIOS firmware is carried out the security risk detection is characterized in that, comprises sampled subsystem, safety analysis subsystem, security management subsystem and safety repairing subsystem;
Described sampled subsystem is used to finish this locality sampling or long-range sampling to the FLASH chip of storage BIOS on the computer motherboard, reads the FLASH chip content and is stored as the scale-of-two image file;
Described safety analysis subsystem by the sampled data of described security management subsystem reception from sampled subsystem, carries out safety analysis to sampled data, generates analysis result information and gives described security management subsystem;
Described security management subsystem develops and manages the safety detection task, presents analysis result information, and reports to described safety repairing subsystem;
Described safety is repaired the potential safety hazard of subsystem according to the security management subsystem report, the BIOS image file is implemented safety repair, and the BIOS image file after will repairing writes back in the FLASH chip.
2, the system that computer BIOS firmware is carried out the security risk detection according to claim 1, it is characterized in that, sample for this locality, described sampled subsystem comprises: sampling module under operating system environment and local memory module, be used for the computing machine of this locality is carried out the security risk detection of BIOS fixer system, sample by described sampling module, and sampled data is stored in the local memory module; Perhaps, described system comprises that also one adopts the ICP/IP protocol secure memory subsystem of long-range reception from the sampled data of described sampled subsystem of communicating by letter, be used for centralized remote detection, for long-range sampling, described sampled subsystem also comprises: be used for the sampling module and the remote storage modules of optical disk start-up, by remote storage modules the sampled data of sampling module collection be transferred on the long-range specific store server in the secure memory subsystem and store.
3, the system that computer BIOS firmware is carried out the security risk detection according to claim 1, it is characterized in that described security management subsystem comprises: task management module, analysis result present module and communicate by letter and memory module;
Described task management module is used to set up the safety detection task, reads the BIOS image file in the sampled data that sampled subsystem gathers, and transfers to the safety analysis subsystem and carries out security risk analysis and detect;
Described analysis result presents the safety detection result of module demonstration to BIOS, and generates final safety detection report in conjunction with sample record and task daily record, allows user's demonstration, printing or storage security examining report;
Described communication and memory module are used for data transmission and the storage between described security management subsystem and other subsystems.
4, the system that computer BIOS firmware is carried out the security risk detection according to claim 1 is characterized in that, in the described safety analysis subsystem, comprising: safety analysis engine, BIOS potential safety hazard storehouse and/or BIOS standard code sample storehouse;
Described safety analysis engine is used for the BIOS image file of sampled data is resolved, and obtains being used for the BIOS module of comparison BIOS potential safety hazard, determines the integrality of BIOS potential safety hazard and/or tolerance BIOS block code;
Described BIOS potential safety hazard storehouse stores various BIOS potential safety hazards, is used to provide to described safety analysis engine and carries out the comparison of BIOS module, to determine the BIOS potential safety hazard;
Described BIOS standard code sample storehouse stores various BIOS standard code samples, is used to provide the tolerance of carrying out the integrality of BIOS block code to described safety analysis engine, to judge whether bios code was modified.
5, the system that computer BIOS firmware is carried out the security risk detection according to claim 1 is characterized in that, described safety is repaired subsystem, comprises BIOS patching code module and BIOS safety repair outfit; By described BIOS safety repair outfit, BIOS patching code module is embedded in the BIOS image file, to repair the current configuration leak that exists of BIOS; From the BIOS image file, delete the module that there are the back door in BIOS wooden horse module or other suspection or/and utilize described BIOS safety repair outfit.
6, a kind of method that computer BIOS firmware is carried out the security risk detection is characterized in that, comprises the steps:
After step 1, the initialization, carry out the BIOS sampling;
Step 2, parsing BIOS image file;
The integrality of step 3, scanning various hidden dangers of BIOS and/or tolerance bios code;
Step 4, output testing result are carried out safe repairing to BIOS in view of the above.
7, method of computer BIOS firmware being carried out the security risk detection according to claim 6, it is characterized in that, the parsing BIOS image file of described step 2, promptly by reading the BIOS image file, judge BIOS type, according to BIOS type, according to module head feature word and structure, each BIOS module and be stored as independently binary file of from the BIOS image file, resolving and decompress.
8, method of computer BIOS firmware being carried out the security risk detection according to claim 6, it is characterized in that, the scanning various hidden dangers of BIOS of described step 3, promptly according to each the potential safety hazard record in the BIOS potential safety hazard storehouse, in all BIOS modules that generate, search the hidden danger condition code that is complementary with it, determine whether BIOS exists potential safety hazard; Wherein, in the described BIOS potential safety hazard storehouse,, adopt at least two tuples to describe, establish each BIOS potential safety hazard of being stored:
V={n,k}
V represents a kind of potential safety hazard in the formula, and n represents the potential safety hazard title, and k represents one or more groups condition code of potential safety hazard.
9, method of computer BIOS firmware being carried out the security risk detection according to claim 6, it is characterized in that, the integrality of the tolerance bios code of described step 3, i.e. executable code module to generating, the MD5 eap-message digest of computing module, and compare, thereby the integrality of tolerance bios code module with the eap-message digest of respective modules in the BIOS standard code sample storehouse; Each standard code module in the described BIOS standard code sample storehouse adopts four-tuple description at least, establishes:
S={bt,ct,mt,fn}
S represents a standard code module in the formula, and bt represents the BIOS type under this module, and ct represents the computer type under this module, and mt represents the classification of this module, the disk file of this module of fn representative storage.
10, according to claim 6 computer BIOS firmware is carried out the method that security risk detects, it is characterized in that, in the described step 5 BIOS is carried out safe repairing, comprise the following safety of BIOS targetedly repairing technique measure:
(1) the BIOS dysfunction need not to repair, and only needs prompting contingent situation of user function obstacle and application notice, avoids the system crash and the loss of data that cause thus;
(2) at BIOS configuration leak, system of the present invention provides special-purpose BIOS security patch code module, after the instrument that provides with system embeds the BIOS image file with this BIOS security patch code module, after BIOS self check process, automatically perform this section code, thereby set safe and rational correct configuration;
(3) physical attacks at BIOS threatens, and prompting and suggestion user in time adopt the relevant hardware safeguard measure;
(4) at wooden horse module implanted among the BIOS, this module will be deleted by system from the BIOS image file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100810818A CN100451987C (en) | 2006-05-23 | 2006-05-23 | System and method for carrying out safety risk check to computer BIOS firmware |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100810818A CN100451987C (en) | 2006-05-23 | 2006-05-23 | System and method for carrying out safety risk check to computer BIOS firmware |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101079003A true CN101079003A (en) | 2007-11-28 |
| CN100451987C CN100451987C (en) | 2009-01-14 |
Family
ID=38906488
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006100810818A Expired - Fee Related CN100451987C (en) | 2006-05-23 | 2006-05-23 | System and method for carrying out safety risk check to computer BIOS firmware |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100451987C (en) |
Cited By (31)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101976319A (en) * | 2010-11-22 | 2011-02-16 | 张平 | BIOS firmware Rootkit detection method based on behaviour characteristic |
| CN101551773B (en) * | 2009-03-12 | 2012-04-25 | 南京大学 | Binary vulnerability detection location device for symbol error and assignment truncation |
| CN103632086A (en) * | 2013-11-15 | 2014-03-12 | 北京奇虎科技有限公司 | Method and device for repairing BIOS rogue programs |
| CN104899524A (en) * | 2015-05-25 | 2015-09-09 | 上海兆芯集成电路有限公司 | Central processing unit and method for verifying data of main board |
| CN105162620A (en) * | 2015-08-04 | 2015-12-16 | 南京百敖软件有限公司 | Method for realizing system monitoring under heterogeneous system architecture |
| CN105740710A (en) * | 2016-02-01 | 2016-07-06 | 浪潮电子信息产业股份有限公司 | Method for realizing BIOS dynamic measurement based on BMC |
| CN105893833A (en) * | 2016-03-31 | 2016-08-24 | 山东超越数控电子有限公司 | Hardware interface used for firmware safety management |
| CN106662994A (en) * | 2014-09-23 | 2017-05-10 | 惠普发展公司有限责任合伙企业 | Detecting a change to system management mode bios code |
| CN106997441A (en) * | 2016-01-22 | 2017-08-01 | 吴有亮 | Method and apparatus for automatically detecting and eliminating functional trojans in integrated circuit design |
| CN107944279A (en) * | 2017-12-19 | 2018-04-20 | 郑州云海信息技术有限公司 | BIOS vulnerability scanners and scan method based on UEFI |
| US10007606B2 (en) | 2016-03-30 | 2018-06-26 | Intel Corporation | Implementation of reserved cache slots in computing system having inclusive/non inclusive tracking and two level system memory |
| US10042562B2 (en) | 2015-12-23 | 2018-08-07 | Intel Corporation | Apparatus and method for a non-power-of-2 size cache in a first level memory device to cache data present in a second level memory device |
| US10055353B2 (en) | 2011-09-30 | 2018-08-21 | Intel Corporation | Apparatus, method and system that stores bios in non-volatile random access memory |
| US10120806B2 (en) | 2016-06-27 | 2018-11-06 | Intel Corporation | Multi-level system memory with near memory scrubbing based on predicted far memory idle time |
| CN108959099A (en) * | 2018-07-20 | 2018-12-07 | 北京神州绿盟信息安全科技股份有限公司 | A kind of method and device obtaining firmware |
| US10185619B2 (en) | 2016-03-31 | 2019-01-22 | Intel Corporation | Handling of error prone cache line slots of memory side cache of multi-level system memory |
| US10304814B2 (en) | 2017-06-30 | 2019-05-28 | Intel Corporation | I/O layout footprint for multiple 1LM/2LM configurations |
| CN109992973A (en) * | 2019-04-10 | 2019-07-09 | 北京可信华泰信息技术有限公司 | A kind of starting measure and device using OPROM mechanism |
| CN109992971A (en) * | 2019-04-03 | 2019-07-09 | 中电科技(北京)有限公司 | Computer batch firmware safety detection method and system in local area network |
| CN110164501A (en) * | 2018-06-29 | 2019-08-23 | 腾讯科技(深圳)有限公司 | A kind of hard disk detection method, device, storage medium and equipment |
| US10445261B2 (en) | 2016-12-30 | 2019-10-15 | Intel Corporation | System memory having point-to-point link that transports compressed traffic |
| CN111030981A (en) * | 2019-08-13 | 2020-04-17 | 北京安天网络安全技术有限公司 | Method, system and storage device for blocking continuous attack of malicious file |
| US10691626B2 (en) | 2011-09-30 | 2020-06-23 | Intel Corporation | Memory channel that supports near memory and far memory access |
| US10860244B2 (en) | 2017-12-26 | 2020-12-08 | Intel Corporation | Method and apparatus for multi-level memory early page demotion |
| US10915453B2 (en) | 2016-12-29 | 2021-02-09 | Intel Corporation | Multi level system memory having different caching structures and memory controller that supports concurrent look-up into the different caching structures |
| US11055228B2 (en) | 2019-01-31 | 2021-07-06 | Intel Corporation | Caching bypass mechanism for a multi-level memory |
| CN113360914A (en) * | 2021-05-14 | 2021-09-07 | 山东英信计算机技术有限公司 | BIOS updating method, system, equipment and medium |
| US11188467B2 (en) | 2017-09-28 | 2021-11-30 | Intel Corporation | Multi-level system memory with near memory capable of storing compressed cache lines |
| US11256589B2 (en) | 2017-01-27 | 2022-02-22 | Hewlett-Packard Development Company, L.P. | Detecting a change to system management mode bios code |
| CN114510276A (en) * | 2021-12-31 | 2022-05-17 | 中电科技(北京)股份有限公司 | System and method for obtaining BIOS audit log by operating system |
| CN115080130A (en) * | 2022-06-14 | 2022-09-20 | 联想长风科技(北京)有限公司 | Microphone information security protection method and system |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH10214183A (en) * | 1997-01-30 | 1998-08-11 | Nec Corp | Computer bios updating system |
| CN1180346C (en) * | 2001-02-20 | 2004-12-15 | 技嘉科技股份有限公司 | Automatic safety recovery method for BIOS storage device in computer system |
| US6862695B2 (en) * | 2001-03-30 | 2005-03-01 | Giga-Byte Technology Co., Ltd. | Method and device for identifying failed devices in computer |
| CN2563637Y (en) * | 2002-01-10 | 2003-07-30 | 创惟科技股份有限公司 | Host computer boot operating system device |
-
2006
- 2006-05-23 CN CNB2006100810818A patent/CN100451987C/en not_active Expired - Fee Related
Cited By (42)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101551773B (en) * | 2009-03-12 | 2012-04-25 | 南京大学 | Binary vulnerability detection location device for symbol error and assignment truncation |
| CN101976319B (en) * | 2010-11-22 | 2012-07-04 | 张平 | BIOS firmware Rootkit detection method based on behaviour characteristic |
| CN101976319A (en) * | 2010-11-22 | 2011-02-16 | 张平 | BIOS firmware Rootkit detection method based on behaviour characteristic |
| US10055353B2 (en) | 2011-09-30 | 2018-08-21 | Intel Corporation | Apparatus, method and system that stores bios in non-volatile random access memory |
| US10691626B2 (en) | 2011-09-30 | 2020-06-23 | Intel Corporation | Memory channel that supports near memory and far memory access |
| CN103632086A (en) * | 2013-11-15 | 2014-03-12 | 北京奇虎科技有限公司 | Method and device for repairing BIOS rogue programs |
| CN103632086B (en) * | 2013-11-15 | 2017-04-05 | 北京奇虎科技有限公司 | The method and apparatus for repairing basic input-output system BIOS rogue program |
| CN106662994B (en) * | 2014-09-23 | 2020-01-03 | 惠普发展公司有限责任合伙企业 | Detecting changes to system management mode BIOS code |
| US10387651B2 (en) | 2014-09-23 | 2019-08-20 | Hewlett-Packard Development Company, L.P. | Detecting a change to system management mode bios code |
| CN106662994A (en) * | 2014-09-23 | 2017-05-10 | 惠普发展公司有限责任合伙企业 | Detecting a change to system management mode bios code |
| CN104899524A (en) * | 2015-05-25 | 2015-09-09 | 上海兆芯集成电路有限公司 | Central processing unit and method for verifying data of main board |
| CN105162620B (en) * | 2015-08-04 | 2018-11-27 | 南京百敖软件有限公司 | A method of realizing system monitoring under different framework |
| CN105162620A (en) * | 2015-08-04 | 2015-12-16 | 南京百敖软件有限公司 | Method for realizing system monitoring under heterogeneous system architecture |
| US10042562B2 (en) | 2015-12-23 | 2018-08-07 | Intel Corporation | Apparatus and method for a non-power-of-2 size cache in a first level memory device to cache data present in a second level memory device |
| CN106997441A (en) * | 2016-01-22 | 2017-08-01 | 吴有亮 | Method and apparatus for automatically detecting and eliminating functional trojans in integrated circuit design |
| CN106997441B (en) * | 2016-01-22 | 2019-09-10 | 吴有亮 | Method and apparatus for automatically detecting and eliminating functional trojans in integrated circuit design |
| CN105740710A (en) * | 2016-02-01 | 2016-07-06 | 浪潮电子信息产业股份有限公司 | Method for realizing BIOS dynamic measurement based on BMC |
| US10007606B2 (en) | 2016-03-30 | 2018-06-26 | Intel Corporation | Implementation of reserved cache slots in computing system having inclusive/non inclusive tracking and two level system memory |
| CN105893833B (en) * | 2016-03-31 | 2019-07-05 | 山东超越数控电子有限公司 | A kind of hardware interface for firmware security management |
| CN105893833A (en) * | 2016-03-31 | 2016-08-24 | 山东超越数控电子有限公司 | Hardware interface used for firmware safety management |
| US10185619B2 (en) | 2016-03-31 | 2019-01-22 | Intel Corporation | Handling of error prone cache line slots of memory side cache of multi-level system memory |
| US10120806B2 (en) | 2016-06-27 | 2018-11-06 | Intel Corporation | Multi-level system memory with near memory scrubbing based on predicted far memory idle time |
| US10915453B2 (en) | 2016-12-29 | 2021-02-09 | Intel Corporation | Multi level system memory having different caching structures and memory controller that supports concurrent look-up into the different caching structures |
| US10445261B2 (en) | 2016-12-30 | 2019-10-15 | Intel Corporation | System memory having point-to-point link that transports compressed traffic |
| US11256589B2 (en) | 2017-01-27 | 2022-02-22 | Hewlett-Packard Development Company, L.P. | Detecting a change to system management mode bios code |
| US10304814B2 (en) | 2017-06-30 | 2019-05-28 | Intel Corporation | I/O layout footprint for multiple 1LM/2LM configurations |
| US11188467B2 (en) | 2017-09-28 | 2021-11-30 | Intel Corporation | Multi-level system memory with near memory capable of storing compressed cache lines |
| CN107944279A (en) * | 2017-12-19 | 2018-04-20 | 郑州云海信息技术有限公司 | BIOS vulnerability scanners and scan method based on UEFI |
| US10860244B2 (en) | 2017-12-26 | 2020-12-08 | Intel Corporation | Method and apparatus for multi-level memory early page demotion |
| CN110164501A (en) * | 2018-06-29 | 2019-08-23 | 腾讯科技(深圳)有限公司 | A kind of hard disk detection method, device, storage medium and equipment |
| CN110164501B (en) * | 2018-06-29 | 2022-05-20 | 腾讯科技(深圳)有限公司 | Hard disk detection method, device, storage medium and equipment |
| CN108959099A (en) * | 2018-07-20 | 2018-12-07 | 北京神州绿盟信息安全科技股份有限公司 | A kind of method and device obtaining firmware |
| US11055228B2 (en) | 2019-01-31 | 2021-07-06 | Intel Corporation | Caching bypass mechanism for a multi-level memory |
| CN109992971A (en) * | 2019-04-03 | 2019-07-09 | 中电科技(北京)有限公司 | Computer batch firmware safety detection method and system in local area network |
| CN109992971B (en) * | 2019-04-03 | 2023-05-02 | 昆仑太科(北京)技术股份有限公司 | Method and system for detecting batch firmware security of computer in local area network |
| CN109992973B (en) * | 2019-04-10 | 2021-04-20 | 北京可信华泰信息技术有限公司 | Starting measurement method and device by using OPROM mechanism |
| CN109992973A (en) * | 2019-04-10 | 2019-07-09 | 北京可信华泰信息技术有限公司 | A kind of starting measure and device using OPROM mechanism |
| CN111030981A (en) * | 2019-08-13 | 2020-04-17 | 北京安天网络安全技术有限公司 | Method, system and storage device for blocking continuous attack of malicious file |
| CN111030981B (en) * | 2019-08-13 | 2023-04-28 | 北京安天网络安全技术有限公司 | Method, system and storage device for blocking continuous attack of malicious file |
| CN113360914A (en) * | 2021-05-14 | 2021-09-07 | 山东英信计算机技术有限公司 | BIOS updating method, system, equipment and medium |
| CN114510276A (en) * | 2021-12-31 | 2022-05-17 | 中电科技(北京)股份有限公司 | System and method for obtaining BIOS audit log by operating system |
| CN115080130A (en) * | 2022-06-14 | 2022-09-20 | 联想长风科技(北京)有限公司 | Microphone information security protection method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100451987C (en) | 2009-01-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101079003A (en) | System and method for carrying out safety risk check to computer BIOS firmware | |
| CN104573525B (en) | A kind of specific information service software leak repair system based on white list | |
| US9081960B2 (en) | Architecture for removable media USB-ARM | |
| US8424093B2 (en) | System and method for updating antivirus cache | |
| JP4903879B2 (en) | System analysis and management | |
| US9471780B2 (en) | System, method, and computer program product for mounting an image of a computer system in a pre-boot environment for validating the computer system | |
| US8745743B2 (en) | Anti-virus trusted files database | |
| US9158605B2 (en) | Method, system and device for validating repair files and repairing corrupt software | |
| US7877801B2 (en) | Method and system to detect malicious software | |
| US8146162B1 (en) | System and method for acceleration of malware detection using antivirus cache | |
| US20090070598A1 (en) | System and Method for Secure Data Disposal | |
| US7490267B2 (en) | System and method for testing computer | |
| CN101295262A (en) | System and method for securely updating firmware in devices by using a hypervisor | |
| CN104573515A (en) | Virus processing method, device and system | |
| US9684518B2 (en) | Option read-only memory use | |
| CN1900940A (en) | Method for computer safety start | |
| JP2016197399A (en) | System and method for machine language native image access control to operating system resources | |
| CN113761482A (en) | Program code protection method and device | |
| CN102024114A (en) | Malicious code prevention method based on unified extensible fixed interface | |
| CN102012990A (en) | Method and device for repairing bugs of third-party software | |
| US9330260B1 (en) | Detecting auto-start malware by checking its aggressive load point behaviors | |
| CN100339830C (en) | Method for updating software | |
| JP2021111384A (en) | System and method for protecting against unauthorized memory dump modification | |
| CN1834913A (en) | Method of managing software installation and unloading | |
| CN103632086B (en) | The method and apparatus for repairing basic input-output system BIOS rogue program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090114 Termination date: 20160523 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |