计算机科学

计算机科学 ›› 2018, Vol. 45 ›› Issue (3): 138-143.doi: 10.11896/j.issn.1002-137X.2018.03.022

• 信息安全 • 上一篇    下一篇

针对RTOS的轻量级强制访问控制技术的研究与实现

杨霞,杨姗,郭文生,孙海泳,赵晓燕,张杨   

  1. 电子科技大学信息与软件工程学院 成都610054,电子科技大学信息与软件工程学院 成都610054,电子科技大学信息与软件工程学院 成都610054,电子科技大学信息与软件工程学院 成都610054,中国航天科工集团第二研究院706所 北京100854,中国航天科工集团第二研究院706所 北京100854
  • 出版日期:2018-03-15 发布日期:2018-11-13
  • 基金资助:
    本文受国家科技支撑计划(2012BAH44F00),电子科技大学-中国航天科工二院706所联合实验室项目:嵌入式安全操作系统相关技术研究(2016000228),中央高校基金(ZYGX2016J094)资助

Research and Implementation of Light-weight Mandatory Access Control Technology for RTOS

YANG Xia, YANG Shan, GUO Wen-sheng, SUN Hai-yong, ZHAO Xiao-yan and ZHANG Yang   

  • Online:2018-03-15 Published:2018-11-13

PDF (PC)

730

摘要: 强制访问控制技术可以控制系统中所有主体对客体的访问操作,是系统安全增强的有效措施之一。在实时操作系统中,增加强制访问控制机制可以有效地提高系统的安全性,使其通过较高安全等级的认证。针对实时操作系统资源少、开销小、实时性要求严格等特点,首先提出了一种针对RTOS的轻量级强制访问控制模型;然后提供了可配置的访问监控器,并提出了基于DTE的任务权限集安全模型,设计了轻量级安全策略;最后基于RTEMS系统实现了一个原型系统,并实现了安全策略配置工具。通过功能测试和性能测试验证了该轻量级强制访问控制模型的有效性和可行性。

关键词: 实时操作系统,轻量级强制访问控制,任务权限集,RTEMS

Abstract: Mandatory access control(MAC) technology can control the accesses of all subjects to objects in the system,which is an effective method to enhance the system security.Implementing the mandatory access control mechanism in a real-time operating system(RTOS) can effectively improve the system security,and make the RTOS pass the high-level certification. Aiming at the problem that the real-time operating system has the characteristics of less resources,low overhead and hard real-time,this paper presented a light-weight mandatory access control (L-MAC) mechanism.The L-MAC technology consists of an L-MAC model,a configurable access monitor and a light-weight security policy model with task permission set based on DTE.Finally,this paper implemented a prototype system based on RTEMS system and a security policy tool that can conveniently add,modify or delete a security policy according to user’s requirements.The results of multiple tests about function and time overload show that L-MAC mechanism is effective and feasible.

Key words: Real-time operating system,Light-weight mandatory access control,Task permission set,RTEMS

[1] SUN R,WANG Y B,WU C W.Study on Security Technology based on Embedded Internet[J].Information Security and Communication Security,2012(9):102-104.(in Chinese) 孙瑞,王运兵,吴传伟.基于嵌入式网络安全技术的研究[J].信息安全与通信保密,2012(9):102-104.
[2] 国家质量技术监督局.计算机信息系统安全保护等级划分准则:GB 17859-1999[S].北京:中国标准出版社,2001.
[3] BRIFFAUT J,LALANDE J F,TOINARD C.Formalization of security properties:Enforcement for MAC operating systems and verification of dynamic MAC policies[J].International Journal on Advances in Security,2010,2(4):325-343.
[4] CHEN Z P.Research and Implementation of Security Technology Based on WinCE Operating System[D].Chengdu:University of Electronic Science and Technology of China,2003.(in Chinese) 陈志平.基于WinCE操作系统安全技术的研究与实现[D].成都:电子科技大学,2003.
[5] LI H.Research on Access Control Technology of EmbeddedReal-time Operating System[D].Chengdu:University of Electronic Science and Technology of China,2006.(in Chinese) 李欢.嵌入式实时操作系统访问控制技术研究[D].成都:电子科技大学,2006.
[6] XUE P J.Research on File Access Control Technology of VxWorks System[D].Nanjing:Jiangsu University of Science and Technology,2015.(in Chinese) 薛朋骏.VxWorks系统的文件访问控制技术研究[D].南京:江苏科技大学,2015.
[7] TIAN L.Research and Realization on Security Mechanism ofEmbedded RTOS VxWorks[D].Nanjing:Nanjing University of Aeronautics and Astronautics,2009.(in Chinese) 田力.实时嵌入式系统VxWorks安全机制的研究与实现[D].南京:南京航空航天大学,2009.
[8] ZHAI G,LI Y.Analysis and Study of Security Mechanisms inside Linux Kernel[C]∥International Conference on Security Technology.IEEE Xplore,2009:58-61.
[9] XIAO Y K,JI C L,XIE B X,et al.Security mechanism and security model of SELinux[J].Journal of Computer Applications,2009,29(S1):66-68.(in Chinese) 肖永康,纪翠玲,谢宝恂,等.SELinux的安全机制和安全模型[J].计算机应用,2009,29(S1):66-68.
[10] YANG X,SHI P,YANG S,et al.Research on the Separation of Privilege Based on SELinux[J].Journal of University of Electronic Science and Technology of China,2016,45(6):958-963.(in Chinese) 杨霞,石鹏,杨姗,等.基于SELinux的三权分离技术的研究[J].电子科技大学学报,2016,45(6):958-963.
[11] OAR Corporation.RTEMS C User’s Guide Edition 4.10.99[M/OL].http://www.rtems.com.
[12] YUICHI N,YOSHIKI S,TOSHIHIRO Y.SELinux SecurityPolicy Configuration System with Higher Level Language [J].Journal of Information Processing,2010,18:201-212.
[13] FAN C,GUI X Z.Development of board support packageforRTEMS[J].Microcontrollers & Embedded Systems,2005(6):35-38.(in Chinese) 樊超,桂先洲.开发RTEMS实时系统的板级支持包[J].单片机与嵌入式系统应用,2005(6):35-38.
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发