A survey on the evolution of bootkits attack and defense techniques

Yilin Zhou, Guojun Peng, Zichuan Li, Side Liu
{"title":"A survey on the evolution of bootkits attack and defense techniques","authors":"Yilin Zhou, Guojun Peng, Zichuan Li, Side Liu","doi":"10.23919/JCC.ja.2022-0409","DOIUrl":null,"url":null,"abstract":"According to the boot process of modern computer systems, whoever boots first will gain control first. Taking advantage of this feature, a malicious code called bootkit can hijack the control before the OS bootloader and bypass security mechanisms in boot process. That makes bootkits difficult to detect or clean up thoroughly. With the improvement of security mechanisms and the emergence of UEFI, the attack and defense techniques for bootkits have constantly been evolving. We first introduce two boot modes of modern computer systems and present an attack model of bootkits by some sophistical samples. Then we discuss some classic attack techniques used by bootkits from their initial appearance to the present on two axes, including boot mode axis and attack phase axis. Next, we evaluate the race to the bottom of the system and the evolution process between bootkits and security mechanisms. At last, we present the possible future direction for bootkits in the context of continuous improvement of OS and firmware security mechanisms.","PeriodicalId":504777,"journal":{"name":"China Communications","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"China Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/JCC.ja.2022-0409","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

According to the boot process of modern computer systems, whoever boots first will gain control first. Taking advantage of this feature, a malicious code called bootkit can hijack the control before the OS bootloader and bypass security mechanisms in boot process. That makes bootkits difficult to detect or clean up thoroughly. With the improvement of security mechanisms and the emergence of UEFI, the attack and defense techniques for bootkits have constantly been evolving. We first introduce two boot modes of modern computer systems and present an attack model of bootkits by some sophistical samples. Then we discuss some classic attack techniques used by bootkits from their initial appearance to the present on two axes, including boot mode axis and attack phase axis. Next, we evaluate the race to the bottom of the system and the evolution process between bootkits and security mechanisms. At last, we present the possible future direction for bootkits in the context of continuous improvement of OS and firmware security mechanisms.
Bootkits 攻击和防御技术演变概览
根据现代计算机系统的启动过程,谁先启动,谁就先获得控制权。利用这一特点,名为 bootkit 的恶意代码可以在操作系统启动加载程序之前劫持控制权,并绕过启动过程中的安全机制。这使得 Bootkit 难以被发现或彻底清除。随着安全机制的完善和 UEFI 的出现,针对 Bootkit 的攻击和防御技术也在不断发展。我们首先介绍了现代计算机系统的两种启动模式,并通过一些复杂的示例介绍了 Bootkit 的攻击模型。然后,我们从引导模式轴和攻击阶段轴两个方面讨论了引导程序从最初出现到现在所使用的一些经典攻击技术。接着,我们评估了系统底层的竞赛以及 Bootkit 和安全机制之间的演变过程。最后,在操作系统和固件安全机制不断改进的背景下,我们提出了 Bootkit 未来可能的发展方向。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信