CAJ | 학술논문

固件作为一种固化在芯片内部,不可随意更改的特殊软件,与底层硬件紧密相连.同一般软件一样,固件同样存在漏洞、木马、后门等各种恶意行为.但是针对固件中可能存在的恶意行为,传统的程序恶意行为描述方法并不适用.以ARM为研究对象,结合ARM指令体系的结构和特点,本文提出基于底层硬件模块访问检测的异常行为判定方法,并以U-Boot为实例,对该方法进行了实验验证.
고건작위일충고화재심편내부,불가수의경개적특수연건,여저층경건긴밀상련.동일반연건일양,고건동양존재루동、목마、후문등각충악의행위.단시침대고건중가능존재적악의행위,전통적정서악의행위묘술방법병불괄용.이ARM위연구대상,결합ARM지령체계적결구화특점,본문제출기우저층경건모괴방문검측적이상행위판정방법,병이U-Boot위실례,대해방법진행료실험험증.
Firmware, as a kind of curing inside the chip, not randomly changed special software, closely connected with the underlying hardware. Like general software, firmware may include al kinds of malicious behavior, such as Trojans, backdoors and etc. In view of the firmware for the malicious behavior, the traditional application of malicious behavior description method does not apply. Based on ARM as the research object, this paper combined with the structure and characteristics of ARM instruction system, is put forward based on the underlying hardware module method to detect abnormal behavior of access, and U-Boot as an example, experimental verification of the method.