Commonly known as the Basic Input/Output System (BIOS), this fundamental system firmware—computer code built into hardware—initializes the hardware when you switch on the computer before starting the operating system. BIOS security is a new area of focus for NIST computer security scientists.
"By building security into the firmware, you establish the foundation for a secure system," said Andrew Regenscheid, one of the authors of BIOS Protection Guidelines (NIST Special Publication 800-147). Without appropriate protections, attackers could disable systems or hide malicious software by modifying the BIOS. This guide is focused on reducing the risk of unauthorized changes to the BIOS.
Designed to assist computer manufacturers writing BIOS code, SP 800-147 provides guidelines for building features into the BIOS that help protect it from being modified or corrupted by attackers. Manufacturers routinely update system firmware to fix bugs, patch vulnerabilities and support new hardware. SP 800-147 calls for using cryptographic "digital signatures" to authenticate the BIOS updates before installation based on NIST's current cryptographic guidelines.* The publication is available just as computer manufacturers are beginning to deploy a new generation of BIOS firmware. "We believe computer manufacturers are ready to implement these guidelines and we hope to see them in products soon," said Regenscheid.
The publication also suggests management best practices that are tightly coupled with the security guidelines for manufacturers. These practices will help computer administrators take advantage of the BIOS protection features as they become available.
BIOS Protection Guidelines, NIST SP 800-147, is available at http://csrc.nist.gov/publications/nistpubs/800-147/NIST-SP800-147-April2011.pdf.
* See Digital Signature Standard (FIPS 186-3, June 2009) at http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf,
Recommendation for Key Management – Part 1: General (NIST SP 800-57, March 2008) at http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf, and
Recommendation for Obtaining Assurances for Digital Signature Applications (NIST SP 800-89, November 2006) at http://csrc.nist.gov/publications/nistpubs/800-89/SP-800-89_November2006.pdf
Evelyn Brown | EurekAlert!
Terahertz spectroscopy goes nano
20.10.2017 | Brown University
New software speeds origami structure designs
12.10.2017 | Georgia Institute of Technology
University of Maryland researchers contribute to historic detection of gravitational waves and light created by event
On August 17, 2017, at 12:41:04 UTC, scientists made the first direct observation of a merger between two neutron stars--the dense, collapsed cores that remain...
Seven new papers describe the first-ever detection of light from a gravitational wave source. The event, caused by two neutron stars colliding and merging together, was dubbed GW170817 because it sent ripples through space-time that reached Earth on 2017 August 17. Around the world, hundreds of excited astronomers mobilized quickly and were able to observe the event using numerous telescopes, providing a wealth of new data.
Previous detections of gravitational waves have all involved the merger of two black holes, a feat that won the 2017 Nobel Prize in Physics earlier this month....
Material defects in end products can quickly result in failures in many areas of industry, and have a massive impact on the safe use of their products. This is why, in the field of quality assurance, intelligent, nondestructive sensor systems play a key role. They allow testing components and parts in a rapid and cost-efficient manner without destroying the actual product or changing its surface. Experts from the Fraunhofer IZFP in Saarbrücken will be presenting two exhibits at the Blechexpo in Stuttgart from 7–10 November 2017 that allow fast, reliable, and automated characterization of materials and detection of defects (Hall 5, Booth 5306).
When quality testing uses time-consuming destructive test methods, it can result in enormous costs due to damaging or destroying the products. And given that...
Using a new cooling technique MPQ scientists succeed at observing collisions in a dense beam of cold and slow dipolar molecules.
How do chemical reactions proceed at extremely low temperatures? The answer requires the investigation of molecular samples that are cold, dense, and slow at...
Scientists from the Max Planck Institute of Quantum Optics, using high precision laser spectroscopy of atomic hydrogen, confirm the surprisingly small value of the proton radius determined from muonic hydrogen.
It was one of the breakthroughs of the year 2010: Laser spectroscopy of muonic hydrogen resulted in a value for the proton charge radius that was significantly...
17.10.2017 | Event News
10.10.2017 | Event News
10.10.2017 | Event News
20.10.2017 | Information Technology
20.10.2017 | Materials Sciences
20.10.2017 | Interdisciplinary Research