Commonly known as the Basic Input/Output System (BIOS), this fundamental system firmware—computer code built into hardware—initializes the hardware when you switch on the computer before starting the operating system. BIOS security is a new area of focus for NIST computer security scientists.
"By building security into the firmware, you establish the foundation for a secure system," said Andrew Regenscheid, one of the authors of BIOS Protection Guidelines (NIST Special Publication 800-147). Without appropriate protections, attackers could disable systems or hide malicious software by modifying the BIOS. This guide is focused on reducing the risk of unauthorized changes to the BIOS.
Designed to assist computer manufacturers writing BIOS code, SP 800-147 provides guidelines for building features into the BIOS that help protect it from being modified or corrupted by attackers. Manufacturers routinely update system firmware to fix bugs, patch vulnerabilities and support new hardware. SP 800-147 calls for using cryptographic "digital signatures" to authenticate the BIOS updates before installation based on NIST's current cryptographic guidelines.* The publication is available just as computer manufacturers are beginning to deploy a new generation of BIOS firmware. "We believe computer manufacturers are ready to implement these guidelines and we hope to see them in products soon," said Regenscheid.
The publication also suggests management best practices that are tightly coupled with the security guidelines for manufacturers. These practices will help computer administrators take advantage of the BIOS protection features as they become available.
BIOS Protection Guidelines, NIST SP 800-147, is available at http://csrc.nist.gov/publications/nistpubs/800-147/NIST-SP800-147-April2011.pdf.
* See Digital Signature Standard (FIPS 186-3, June 2009) at http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf,
Recommendation for Key Management – Part 1: General (NIST SP 800-57, March 2008) at http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf, and
Recommendation for Obtaining Assurances for Digital Signature Applications (NIST SP 800-89, November 2006) at http://csrc.nist.gov/publications/nistpubs/800-89/SP-800-89_November2006.pdf
Evelyn Brown | EurekAlert!
Single-photon detector can count to 4
18.12.2017 | Duke University
New epidemic management system combats monkeypox outbreak in Nigeria
15.12.2017 | Helmholtz-Zentrum für Infektionsforschung
A study carried out by an international team of researchers and published in the journal Physical Review X shows that ion-trap technologies available today are suitable for building large-scale quantum computers. The scientists introduce trapped-ion quantum error correction protocols that detect and correct processing errors.
In order to reach their full potential, today’s quantum computer prototypes have to meet specific criteria: First, they have to be made bigger, which means...
Since 2016, German and Spanish researchers, among them scientists from the University of Göttingen, have been hunting for exoplanets with the “Carmenes”...
DNA molecules that follow specific instructions could offer more precise molecular control of synthetic chemical systems, a discovery that opens the door for engineers to create molecular machines with new and complex behaviors.
Researchers have created chemical amplifiers and a chemical oscillator using a systematic method that has the potential to embed sophisticated circuit...
MPQ scientists achieve long storage times for photonic quantum bits which break the lower bound for direct teleportation in a global quantum network.
Concerning the development of quantum memories for the realization of global quantum networks, scientists of the Quantum Dynamics Division led by Professor...
Researchers have developed a water cloaking concept based on electromagnetic forces that could eliminate an object's wake, greatly reducing its drag while...
11.12.2017 | Event News
08.12.2017 | Event News
07.12.2017 | Event News
18.12.2017 | Life Sciences
18.12.2017 | Materials Sciences
18.12.2017 | Life Sciences