Design And Implementation Of Virus Scanning Engine Based On UEFI

Anti-virus software can effectively protect the operating systems against the computer viruse damage, so almost every computer uses them as security tools. However, due to the instability of the operating system itself and the restriction of the phase when the operating system boots on, some computer viruses may run and hide before the operating systems boot. It is difficult to detect the viruses after running the operating system in time. Some computer viruses may attach to the core processes of the operating system directly, even if the viruses are found out by antivirus software, it is still hard to remove them totally. And some computer viruses may paralyze the operating system, which causes the anti-virus softwares can not work. The traditional "PC/AT" type of automatic boot mode can not fundamentally solve the problem, which is caused by the operating system's bugs and restrictions.UEFI is a new interface between operating system and hardware platform firmware, which is considered to be the next generation of BIOS standard. The appearance of the UEFI not only changes the traditional boot way but also provides the users more convenient environments for underly development.The aim of this thesis is to explore the feasibility of virus scanning under UEFI,and try to design and achieve a virus scanning engine based on UEFI specification. The engine runs on the operating system pre-boot phase. It uses the feature code method as the main virus detection method to achieve the functions of scanning and processing the disc files. The engine is independent of the operating system, so it can fundamentally solve the series of security issues caused by the operating system'limitation. At the meantime, the engine is also conveniently ported to other system plateforms, as it is not limited by the operating system. The engine obtains all boot option information by reading the value of the BootOrder global variable of the UEFI system firmware. Then it analyzes potential security threats of the boot option through the obtained information and shows the boot threat warning to guarantee the integrity of the security system.