Sciweavers

ACSAC
2002
IEEE

Malicious Code Detection for Open Firmware

14 years 5 months ago
Malicious Code Detection for Open Firmware
Malicious boot firmware is a largely unrecognized but significant security risk to our global information infrastructure. Since boot firmware executes before the operating system is loaded, it can easily circumvent any operating system-based security mechanism. Boot firmware programs are typically written by third-party device manufacturers and may come from various suppliers of unknown origin. In this paper we describe an approach to this problem based on load-time verification of onboard device drivers against a standard security policy designed to limit access to system resources. We also describe our ongoing effort to construct a prototype of this technique for Open Firmware boot platforms.
Frank Adelstein, Matthew Stillerman, Dexter Kozen
Added 14 Jul 2010
Updated 14 Jul 2010
Type Conference
Year 2002
Where ACSAC
Authors Frank Adelstein, Matthew Stillerman, Dexter Kozen
Comments (0)