Abstract
There exist many documents, guidelines and application-level programs attempting to secure various operating systems (OS), but there is much less documentation and software for protecting lower levels subsystems such as the Basic Input Output System (BIOS). Security professionals are well aware that the security on any system is as strong as its weakest link as an attacker will seek to break into a system with the least amount of effort. In this chapter we will focus on the BIOS, and describe its main functions as well as the potential for attacks and countermeasures. After discussing the BIOS and analysing how it might be compromised, we will go on to consider rootkits. Installing a rootkit is often the next stage of an attack once the BIOS has been compromised, allowing the attack to take full control of the target system. We will discuss what rootkits actually are, how to identify that a system has been infected with a rootkit, and how to try and prevent such attacks in the first place. It should be note that the issues raised in this chapter have also provided justification for specialist hardware security measures such as the Trusted Platform Module (TPM) [1–3] described in Chap. 4.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Mitchell, Chris, ed. "Trusted computing." Institution of Electrical Engineers, 2005.
Pearson, Siani, and Boris Balacheff. Trusted computing platforms: TCPA technology in context. Prentice Hall PTR, 2003.
Grawrock, David. "The Intel safer, computing initiative." ISBN-10976483262 (2005).
An Inside Look at MS-DOS, Tim Paterson, http://www.patersontech.com/Dos/Byte/InsideDos.htm.
Intel Web Site, Defining the interface between the operating system and platform firmware, http://www.intel.com/technology/efi/.
Hu, Yin, and Haoyong Lv. "Design of Trusted BIOS in UEFI Base on USBKEY." Intelligence Science and Information Engineering (ISIE), 2011 International Conference on. IEEE, 2011.
ZHOU, Zhen-liu, et al. "Research and Implementation of Trusted BIOS Based on UEFI." Computer Engineering 8 (2008): 062.
CmosPwd Website, http://www.cgsecurity.org/wiki/CmosPwd.
Bios320 download site, http://www.technibble.com/downloads/misc/BIOS320.exe.
Ghaleh, Hossein Rezaei, and Shahin Norouzi. "A new approach to protect the OS from off-line attacks using the smart card." Emerging Security Information, Systems and Technologies, 2009. SECURWARE’09. Third International Conference on. IEEE, 2009.
Hendricks, James, and Leendert Van Doorn. "Secure bootstrap is not enough: Shoring up the trusted computing base." Proceedings of the 11th workshop on ACM SIGOPS European workshop. ACM, 2004.
System Administration, Networking, and Security Institute, http://www.sans.org/.
MPac Article, By Robert Lemos, SecurityFocus, http://www.theregister.co.uk/2007/07/23/mpack_developer_interview/.
System Administration, Networking, and Security Institute, What is t0rn rootkit?, Paolo Craviero, http://www.sans.org/security-resources/malwarefaq/t0rn_rootkit.php.
What Is Linux: Overview of the Linux Operating System, http://www.linux.com/learn/new-user-guides/376-linux-is-everywhere-an-overview-of-the-linux-operating-system.
Rutkowska, Joanna, and Rafa Wojtczuk. "Preventing and detecting Xen hypervisor subversions." Blackhat Briefings USA (2008).
Gavrilovska, Ada, et al. "High-performance hypervisor architectures: Virtualization in hpc systems." Workshop on System-level Virtualization for HPC (HPCVirt). 2007.
Leinenbach, Dirk, and Thomas Santen. "Verifying the microsoft hyper-v hypervisor with vcc." FM 2009: Formal Methods (2009): 806–809.
Microsoft, Introduction to the Hypervisor in Windows Server 2008, http://www.microsoft.com/en-us/server-cloud/hyper-v-server/overview.aspx.
Stone-Gross, Brett, et al. "Your botnet is my botnet: analysis of a botnet takeover." Proceedings of the 16th ACM conference on Computer and communications security. ACM, 2009.
Mavrommatis, Niels Provos Panayiotis, and Moheeb Abu Rajab Fabian Monrose. "All your iframes point to us." (2008).
Adobe Systems, Adobe Security Bulletin, http://www.adobe.com/support/security/advisories/apsa09-01.html.
Levine, John, Julian Grizzard, and Henry Owen. "A methodology to detect and characterize kernel level rootkit exploits involving redirection of the system call table." Information Assurance Workshop, 2004. Proceedings. Second IEEE International. IEEE, 2004.
Kruegel, Christopher, William Robertson, and Giovanni Vigna. "Detecting kernel-level rootkits through binary analysis." Computer Security Applications Conference, 2004. 20th Annual. IEEE, 2004.
System Administration, Networking, and Security Institute, RootKit Investigation Procedures, Sans Reading Room, http://www.sans.org/score/checklists/rootkits_investigation_procedures.pdf.
BackTrack, Linux Security Distribution, Offensive Security, http://www.backtrack-linux.org/.
Sophos Ltd official website, http://www.sophos.com/.
A study of MD5 Attacks: Insight and Improvements, J. Black, M. Cochran, T. Highland, http://www.cs.colorado.edu/~jrblack/papers/md5e-full.pdf.
TripWire (Community Version) official website: http://www.tripwire.org/.
AIDE official website: http://aide.sourceforge.net/.
Microsoft, Debug Diagnostic Tools version 1.1, http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=24370.
OllyDbg Debugger, Official Website http://www.ollydbg.de/.
Sophos Anti root kit personal edition, http://www.sophos.com/en-us/products/free-tools/sophos-anti-rootkit.aspx.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer Science+Business Media New York
About this chapter
Cite this chapter
Hili, G., Mayes, K., Markantonakis, K. (2014). The BIOS and Rootkits. In: Markantonakis, K., Mayes, K. (eds) Secure Smart Embedded Devices, Platforms and Applications. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-7915-4_16
Download citation
DOI: https://doi.org/10.1007/978-1-4614-7915-4_16
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-7914-7
Online ISBN: 978-1-4614-7915-4
eBook Packages: Computer ScienceComputer Science (R0)