Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

Build safety into the very beginning of the computer system

12.05.2011
A new publication from the National Institute of Standards and Technology (NIST) provides guidelines to secure the earliest stages of the computer boot process.

Commonly known as the Basic Input/Output System (BIOS), this fundamental system firmware—computer code built into hardware—initializes the hardware when you switch on the computer before starting the operating system. BIOS security is a new area of focus for NIST computer security scientists.

"By building security into the firmware, you establish the foundation for a secure system," said Andrew Regenscheid, one of the authors of BIOS Protection Guidelines (NIST Special Publication 800-147). Without appropriate protections, attackers could disable systems or hide malicious software by modifying the BIOS. This guide is focused on reducing the risk of unauthorized changes to the BIOS.

Designed to assist computer manufacturers writing BIOS code, SP 800-147 provides guidelines for building features into the BIOS that help protect it from being modified or corrupted by attackers. Manufacturers routinely update system firmware to fix bugs, patch vulnerabilities and support new hardware. SP 800-147 calls for using cryptographic "digital signatures" to authenticate the BIOS updates before installation based on NIST's current cryptographic guidelines.* The publication is available just as computer manufacturers are beginning to deploy a new generation of BIOS firmware. "We believe computer manufacturers are ready to implement these guidelines and we hope to see them in products soon," said Regenscheid.

The publication also suggests management best practices that are tightly coupled with the security guidelines for manufacturers. These practices will help computer administrators take advantage of the BIOS protection features as they become available.

BIOS Protection Guidelines, NIST SP 800-147, is available at http://csrc.nist.gov/publications/nistpubs/800-147/NIST-SP800-147-April2011.pdf.

* See Digital Signature Standard (FIPS 186-3, June 2009) at http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf,

Recommendation for Key Management – Part 1: General (NIST SP 800-57, March 2008) at http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf, and

Recommendation for Obtaining Assurances for Digital Signature Applications (NIST SP 800-89, November 2006) at http://csrc.nist.gov/publications/nistpubs/800-89/SP-800-89_November2006.pdf

Evelyn Brown | EurekAlert!
Further information:
http://www.nist.gov

More articles from Information Technology:

nachricht Single-photon detector can count to 4
18.12.2017 | Duke University

nachricht New epidemic management system combats monkeypox outbreak in Nigeria
15.12.2017 | Helmholtz-Zentrum für Infektionsforschung

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Error-free into the Quantum Computer Age

A study carried out by an international team of researchers and published in the journal Physical Review X shows that ion-trap technologies available today are suitable for building large-scale quantum computers. The scientists introduce trapped-ion quantum error correction protocols that detect and correct processing errors.

In order to reach their full potential, today’s quantum computer prototypes have to meet specific criteria: First, they have to be made bigger, which means...

Im Focus: Search for planets with Carmenes successful

German and Spanish researchers plan, build and use modern spectrograph

Since 2016, German and Spanish researchers, among them scientists from the University of Göttingen, have been hunting for exoplanets with the “Carmenes”...

Im Focus: First-of-its-kind chemical oscillator offers new level of molecular control

DNA molecules that follow specific instructions could offer more precise molecular control of synthetic chemical systems, a discovery that opens the door for engineers to create molecular machines with new and complex behaviors.

Researchers have created chemical amplifiers and a chemical oscillator using a systematic method that has the potential to embed sophisticated circuit...

Im Focus: Long-lived storage of a photonic qubit for worldwide teleportation

MPQ scientists achieve long storage times for photonic quantum bits which break the lower bound for direct teleportation in a global quantum network.

Concerning the development of quantum memories for the realization of global quantum networks, scientists of the Quantum Dynamics Division led by Professor...

Im Focus: Electromagnetic water cloak eliminates drag and wake

Detailed calculations show water cloaks are feasible with today's technology

Researchers have developed a water cloaking concept based on electromagnetic forces that could eliminate an object's wake, greatly reducing its drag while...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

Event News

See, understand and experience the work of the future

11.12.2017 | Event News

Innovative strategies to tackle parasitic worms

08.12.2017 | Event News

AKL’18: The opportunities and challenges of digitalization in the laser industry

07.12.2017 | Event News

 
Latest News

The body's street sweepers

18.12.2017 | Life Sciences

Fast flowing heat in layered material heterostructures

18.12.2017 | Materials Sciences

Life on the edge prepares plants for climate change

18.12.2017 | Life Sciences

VideoLinks
B2B-VideoLinks
More VideoLinks >>>