Skip to main content
SpringerLink
Log in
Book cover

Secure Smart Embedded Devices, Platforms and Applications pp 369–381Cite as

The BIOS and Rootkits

  • Chapter
  • First Online:

  • 3104 Accesses

Abstract

There exist many documents, guidelines and application-level programs attempting to secure various operating systems (OS), but there is much less documentation and software for protecting lower levels subsystems such as the Basic Input Output System (BIOS). Security professionals are well aware that the security on any system is as strong as its weakest link as an attacker will seek to break into a system with the least amount of effort. In this chapter we will focus on the BIOS, and describe its main functions as well as the potential for attacks and countermeasures. After discussing the BIOS and analysing how it might be compromised, we will go on to consider rootkits. Installing a rootkit is often the next stage of an attack once the BIOS has been compromised, allowing the attack to take full control of the target system. We will discuss what rootkits actually are, how to identify that a system has been infected with a rootkit, and how to try and prevent such attacks in the first place. It should be note that the issues raised in this chapter have also provided justification for specialist hardware security measures such as the Trusted Platform Module (TPM) [13] described in Chap. 4.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   189.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   249.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   249.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Mitchell, Chris, ed. "Trusted computing." Institution of Electrical Engineers, 2005.

    Google Scholar 

  2. Pearson, Siani, and Boris Balacheff. Trusted computing platforms: TCPA technology in context. Prentice Hall PTR, 2003.

    Google Scholar 

  3. Grawrock, David. "The Intel safer, computing initiative." ISBN-10976483262 (2005).

    Google Scholar 

  4. An Inside Look at MS-DOS, Tim Paterson, http://www.patersontech.com/Dos/Byte/InsideDos.htm.

  5. Intel Web Site, Defining the interface between the operating system and platform firmware, http://www.intel.com/technology/efi/.

  6. Hu, Yin, and Haoyong Lv. "Design of Trusted BIOS in UEFI Base on USBKEY." Intelligence Science and Information Engineering (ISIE), 2011 International Conference on. IEEE, 2011.

    Google Scholar 

  7. ZHOU, Zhen-liu, et al. "Research and Implementation of Trusted BIOS Based on UEFI." Computer Engineering 8 (2008): 062.

    Google Scholar 

  8. CmosPwd Website, http://www.cgsecurity.org/wiki/CmosPwd.

  9. Bios320 download site, http://www.technibble.com/downloads/misc/BIOS320.exe.

  10. Ghaleh, Hossein Rezaei, and Shahin Norouzi. "A new approach to protect the OS from off-line attacks using the smart card." Emerging Security Information, Systems and Technologies, 2009. SECURWARE’09. Third International Conference on. IEEE, 2009.

    Google Scholar 

  11. Hendricks, James, and Leendert Van Doorn. "Secure bootstrap is not enough: Shoring up the trusted computing base." Proceedings of the 11th workshop on ACM SIGOPS European workshop. ACM, 2004.

    Google Scholar 

  12. System Administration, Networking, and Security Institute, http://www.sans.org/.

  13. MPac Article, By Robert Lemos, SecurityFocus, http://www.theregister.co.uk/2007/07/23/mpack_developer_interview/.

  14. System Administration, Networking, and Security Institute, What is t0rn rootkit?, Paolo Craviero, http://www.sans.org/security-resources/malwarefaq/t0rn_rootkit.php.

  15. What Is Linux: Overview of the Linux Operating System, http://www.linux.com/learn/new-user-guides/376-linux-is-everywhere-an-overview-of-the-linux-operating-system.

  16. Rutkowska, Joanna, and Rafa Wojtczuk. "Preventing and detecting Xen hypervisor subversions." Blackhat Briefings USA (2008).

    Google Scholar 

  17. Gavrilovska, Ada, et al. "High-performance hypervisor architectures: Virtualization in hpc systems." Workshop on System-level Virtualization for HPC (HPCVirt). 2007.

    Google Scholar 

  18. Leinenbach, Dirk, and Thomas Santen. "Verifying the microsoft hyper-v hypervisor with vcc." FM 2009: Formal Methods (2009): 806–809.

    Google Scholar 

  19. Microsoft, Introduction to the Hypervisor in Windows Server 2008, http://www.microsoft.com/en-us/server-cloud/hyper-v-server/overview.aspx.

  20. Stone-Gross, Brett, et al. "Your botnet is my botnet: analysis of a botnet takeover." Proceedings of the 16th ACM conference on Computer and communications security. ACM, 2009.

    Google Scholar 

  21. Mavrommatis, Niels Provos Panayiotis, and Moheeb Abu Rajab Fabian Monrose. "All your iframes point to us." (2008).

    Google Scholar 

  22. Adobe Systems, Adobe Security Bulletin, http://www.adobe.com/support/security/advisories/apsa09-01.html.

  23. Levine, John, Julian Grizzard, and Henry Owen. "A methodology to detect and characterize kernel level rootkit exploits involving redirection of the system call table." Information Assurance Workshop, 2004. Proceedings. Second IEEE International. IEEE, 2004.

    Google Scholar 

  24. Kruegel, Christopher, William Robertson, and Giovanni Vigna. "Detecting kernel-level rootkits through binary analysis." Computer Security Applications Conference, 2004. 20th Annual. IEEE, 2004.

    Google Scholar 

  25. System Administration, Networking, and Security Institute, RootKit Investigation Procedures, Sans Reading Room, http://www.sans.org/score/checklists/rootkits_investigation_procedures.pdf.

  26. BackTrack, Linux Security Distribution, Offensive Security, http://www.backtrack-linux.org/.

  27. Sophos Ltd official website, http://www.sophos.com/.

  28. A study of MD5 Attacks: Insight and Improvements, J. Black, M. Cochran, T. Highland, http://www.cs.colorado.edu/~jrblack/papers/md5e-full.pdf.

  29. TripWire (Community Version) official website: http://www.tripwire.org/.

  30. AIDE official website: http://aide.sourceforge.net/.

  31. Microsoft, Debug Diagnostic Tools version 1.1, http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=24370.

  32. OllyDbg Debugger, Official Website http://www.ollydbg.de/.

  33. Sophos Anti root kit personal edition, http://www.sophos.com/en-us/products/free-tools/sophos-anti-rootkit.aspx.

Download references

Author information

Authors and Affiliations

  1. Information Security Group, Smart Card Centre, Royal Holloway, University of London, London, United Kingdom

    Graham Hili, Keith Mayes & Konstantinos Markantonakis

Authors
  1. Graham Hili
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Keith Mayes
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Konstantinos Markantonakis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Graham Hili .

Editor information

Editors and Affiliations

  1. Information Security Group Smart Card Centre, Royal Holloway, University of London, Egham, Surrey, United Kingdom

    Konstantinos Markantonakis

  2. Information Security Group Smart Card Centre, Royal Holloway, University of London, Egham, Surrey, United Kingdom

    Keith Mayes

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer Science+Business Media New York

About this chapter

Cite this chapter

Hili, G., Mayes, K., Markantonakis, K. (2014). The BIOS and Rootkits. In: Markantonakis, K., Mayes, K. (eds) Secure Smart Embedded Devices, Platforms and Applications. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-7915-4_16

Download citation

  • DOI: https://doi.org/10.1007/978-1-4614-7915-4_16

  • Published:

  • Publisher Name: Springer, New York, NY

  • Print ISBN: 978-1-4614-7914-7

  • Online ISBN: 978-1-4614-7915-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation