Build safety into the very beginning of the computer system

Apr 29, 2011

A new publication from the National Institute of Standards and Technology (NIST) provides guidelines to secure the earliest stages of the computer boot process. Commonly known as the Basic Input/Output System (BIOS), this fundamental system firmware—computer code built into hardware—initializes the hardware when you switch on the computer before starting the operating system. BIOS security is a new area of focus for NIST computer security scientists.

"By building security into the firmware, you establish the foundation for a secure system," said Andrew Regenscheid, one of the authors of BIOS Protection Guidelines (NIST Special Publication 800-147). Without appropriate protections, attackers could disable systems or hide malicious software by modifying the . This guide is focused on reducing the risk of unauthorized changes to the BIOS.

Designed to assist writing BIOS code, SP 800-147 provides for building features into the BIOS that help protect it from being modified or corrupted by attackers. Manufacturers routinely update system firmware to fix bugs, patch vulnerabilities and support new hardware. SP 800-147 calls for using cryptographic "digital signatures" to authenticate the BIOS updates before installation based on NIST's current cryptographic guidelines.* The publication is available just as computer manufacturers are beginning to deploy a new generation of BIOS firmware. "We believe computer manufacturers are ready to implement these guidelines and we hope to see them in products soon," said Regenscheid.

The publication also suggests management best practices that are tightly coupled with the security guidelines for manufacturers. These practices will help computer administrators take advantage of the BIOS protection features as they become available.

BIOS Protection Guidelines, NIST SP 800-147, is available at csrc.nist.gov/publications/nis… 00-147-April2011.pdf .

* See Digital Signature Standard (FIPS 186-3, June 2009) at csrc.nist.gov/publications/fip… 186-3/fips_186-3.pdf ,

Recommendation for Key Management – Part 1: General (NIST SP 800-57, March 2008) at csrc.nist.gov/publications/nis… ised2_Mar08-2007.pdf , and

Recommendation for Obtaining Assurances for Digital Signature Applications (NIST SP 800-89, November 2006) at csrc.nist.gov/publications/nis… -89_November2006.pdf

Explore further: Professor analyzes online data to predict future fashion trends

Related Stories

Wake-up call: Draft security pub looks at cell phones, PDAs

Jul 10, 2008

In recent years cell phones and PDAs—"Personal Digital Assistants"—have exploded in power, performance and features. They now often boast expanded memory, cameras, Global Positioning System receivers and the ability to ...

New publication offers security tips for WiMAX networks

Oct 07, 2009

Government agencies and other organizations planning to use WiMAX -- Worldwide Interoperability for Microwave Access—networks can get technical advice on improving the security of their systems from a draft computer security ...

How to Protect Your Web Server from Attacks

Oct 11, 2007

The National Institute of Standards and Technology has released a new publication that provides detailed tips on how to make web servers more resistant to potential attacks. Called “Guidelines on Securing Public Web Servers,” ...

NIST Issues Guidelines for Ensuring RFID Security

Apr 27, 2007

Retailers, manufacturers, hospitals, federal agencies and other organizations planning to use radio frequency identification (RFID) technology to improve their operations should also systematically evaluate the possible security ...

PC BIOS soon to be replaced by UEFI

Oct 02, 2010

(PhysOrg.com) -- The 25 year old PC BIOS will soon be replaced by UEFI (unified extensible firmware interface) that will enable PC's to boot up in a matter of seconds. In 2011 we will start seeing UEFI dominate ...

Recommended for you

Plastic parts for internal combustion engines

7 minutes ago

Efforts to produce lighter vehicles necessarily include engine parts, such as the cylinder casing, which could shed up to 20 percent of its weight if it were made of fiber-reinforced plastic rather than aluminum ...

Dailymotion should stay in European hands, France says

24 minutes ago

France opposes exclusive talks between Orange and Hong Kong's PCCW group for a 49 percent stake in Dailymotion, preferring a European partner for the French video-sharing platform, the finance ministry indicated ...

Saving energy with smart facades

26 minutes ago

Glass-fronted office buildings are some of the biggest energy consumers, and regulating their temperature is a big job. Now a façade element developed by Fraunhofer researchers and designers for glass fronts ...

Latin America divided between oil and green energy

2 hours ago

Latin America spends billions of dollars subsidizing fossil fuels each year, but also has some of the world's largest renewable power programs, highlighting the energy-hungry region's divisions as it charts ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.