Building Secure Firmware: Armoring the Foundation of the Platform (Paperback)
暫譯: 構建安全的韌體:加固平台的基礎
Yao, Jiewen, Zimmer, Vincent
- 出版商: Apress
- 出版日期: 2020-10-28
- 售價: $2,170
- 貴賓價: 9.5 折 $2,062
- 語言: 英文
- 頁數: 930
- 裝訂: Quality Paper - also called trade paper
- ISBN: 1484261054
- ISBN-13: 9781484261057
-
相關分類:
ARM、Wireless-networks、資訊安全
立即出貨 (庫存=1)
買這商品的人也買了...
-
啊哈!圖解演算法必學基礎$350$277 -
ARM Cortex-M3 與 Cortex-M4 權威指南, 3/e (The Definitive Guide to ARM Cortex-M3 and Cortex-M4 Processors, 3/e)$774$735 -
Scratch 2 + S2A程式邏輯與Arduino創客訓練課$420$332 -
手機應用程式設計超簡單-App Inventor 2 資料庫專題特訓班, 2/e (附資料庫元件影音教學/範例/架設解說pdf)$450$356 -
Python x Arduino 物聯網整合開發實戰$490$387 -
樂高動起來!MindStorms EV3 機器人互動設計$550$468 -
超圖解 Python 程式設計入門$650$513 -
$2,402Practical Natural Language Processing: A Comprehensive Guide to Building Real-World Nlp Systems (Paperback) -
$673嵌入式 C語言自我修養 — 從芯片、編譯器到操作系統 -
Exploring GPT-3: An unofficial first look at the general-purpose language processing API from OpenAI (Paperback)$2,120$2,014 -
秒懂行動網頁設計 Visual Studio Code + GitHub + Bootstrap5 + CSS3 + HTML5 + Web App 專案實作$550$413 -
最佳能效晶片平台 - ARM64 架構師高度之程式開發$980$774 -
$390RISC-V 體系結構編程與實踐 -
$556移動終端安全架構及關鍵技術 -
Code:隱藏在電腦軟硬體底下的秘密 (第二版) (Code: The Hidden Language of Computer Hardware and Software, 2/e)$680$476 -
左耳聽風:傳奇程序員練級攻略$528$502
商品描述
Use this book to build secure firmware.
As operating systems and hypervisors have become successively more hardened, malware has moved further down the stack and into firmware. Firmware represents the boundary between hardware and software, and given its persistence, mutability, and opaqueness to today's antivirus scanning technology, it represents an interesting target for attackers.
As platforms are universally network-connected and can contain multiple devices with firmware, and a global supply chain feeds into platform firmware, assurance is critical for consumers, IT enterprises, and governments. This importance is highlighted by emergent requirements such as NIST SP800-193 for firmware resilience and NIST SP800-155 for firmware measurement.
This book covers the secure implementation of various aspects of firmware, including standards-based firmware--such as support of the Trusted Computing Group (TCG), Desktop Management Task Force (DMTF), and Unified Extensible Firmware Interface (UEFI) specifications--and also provides code samples and use cases. Beyond the standards, alternate firmware implementations such as ARM Trusted Firmware and other device firmware implementations (such as platform roots of trust), are covered.
What You Will Learn
- Get an overview of proactive security development for firmware, including firmware threat modeling
- Understand the details of architecture, including protection, detection, recovery, integrity measurement, and access control
- Be familiar with best practices for secure firmware development, including trusted execution environments, cryptography, and language-based defenses
- Know the techniques used for security validation and maintenance
Who This Book Is For
Given the complexity of modern platform boot requirements and the threat landscape, this book is relevant for readers spanning from IT decision makers to developers building firmware
商品描述(中文翻譯)
使用本書來構建安全的韌體。隨著作業系統和虛擬機監控器逐漸變得更加堅固,惡意軟體已經向下移動到堆疊中,進入韌體。韌體代表了硬體和軟體之間的邊界,考慮到其持久性、可變性以及對當今防毒掃描技術的不透明性,它成為攻擊者的一個有趣目標。
由於平台普遍連接到網路,並且可以包含多個具有韌體的設備,而全球供應鏈又供應平台韌體,因此對消費者、IT企業和政府來說,保證是至關重要的。這一重要性在於新興的要求,例如NIST SP800-193針對韌體韌性的要求和NIST SP800-155針對韌體測量的要求。
本書涵蓋了韌體各個方面的安全實現,包括基於標準的韌體——例如支持可信計算組(TCG)、桌面管理工作組(DMTF)和統一可擴展韌體介面(UEFI)規範——並提供代碼範例和使用案例。除了標準之外,還涵蓋了替代的韌體實現,例如ARM Trusted Firmware和其他設備韌體實現(如平台信任根)。
您將學到什麼
- 了解韌體的主動安全開發概述,包括韌體威脅建模
- 理解架構的細節,包括保護、檢測、恢復、完整性測量和存取控制
- 熟悉安全韌體開發的最佳實踐,包括可信執行環境、加密技術和基於語言的防禦
- 了解用於安全驗證和維護的技術
本書適合誰閱讀
考慮到現代平台啟動要求的複雜性和威脅環境,本書適合從IT決策者到構建韌體的開發人員的讀者。
作者簡介
Jiewen Yao is a principal engineer in the Intel Architecture, Graphics, and Software Group. He has been engaged as a firmware developer for over 15 years. He is a member of the UEFI Security sub team, and the TCG PC Client sub working group. He has presented at industry events such as the Intel Developer Forum, UEFI Plugfest, and RSA conference. He worked with co-author Vincent Zimmer to publish 30 "A Tour Beyond BIOS" technical papers for tianocore.org and firmware.intel.com. He holds 40 US patents.
Vincent Zimmer is a senior principal engineer in the Intel Architecture, Graphics, and Software Group. He has been engaged as a firmware developer for over 25 years and leads the UEFI Security sub team. He has presented at industry events such as the Open Source Firmware Conference, Linux Fest Northwest, Intel Developer Forum, UEFI Plugfest, Open Compute Project Summit, BlackHat Las Vegas, BSides Seattle, Toorcon, and Cansecwest. In addition to collaborating with Jiewen Yao on many white papers, he has co-authored several books on firmware, papers, and over 400 issued US patents.
作者簡介(中文翻譯)
姚介文是英特爾架構、圖形和軟體組的首席工程師。他從事韌體開發已有超過15年的經驗。他是UEFI安全子團隊和TCG PC客戶端子工作組的成員。他曾在業界活動中發表演講,如英特爾開發者論壇、UEFI Plugfest和RSA大會。他與合著者文森特·齊默合作,為tianocore.org和firmware.intel.com發表了30篇《超越BIOS之旅》的技術論文。他擁有40項美國專利。
文森特·齊默是英特爾架構、圖形和軟體組的高級首席工程師。他從事韌體開發已有超過25年的經驗,並領導UEFI安全子團隊。他曾在業界活動中發表演講,如開源韌體大會、Linux Fest Northwest、英特爾開發者論壇、UEFI Plugfest、開放計算專案峰會、BlackHat Las Vegas、BSides Seattle、Toorcon和Cansecwest。除了與姚介文合作撰寫多篇白皮書外,他還共同撰寫了幾本有關韌體的書籍、論文,以及超過400項已授權的美國專利。
