计算机科学 ›› 2019, Vol. 46 ›› Issue (11A): 460-463.

• 信息安全 • 上一篇    下一篇

基于MILS架构的嵌入式操作系统多级安全域动态管理技术

高沙沙1,2, 王中华1   

  1. (中国航空工业集团公司西安航空计算技术研究所 西安710068)1;
    (西安电子科技大学计算机学院 西安710071)2
  • 出版日期:2019-11-10 发布日期:2019-11-20
  • 通讯作者: 王中华(1983-),男,博士,工程师,主要研究方向为云计算、嵌入式安全,E-mail:mackay.wang@126.com。
  • 作者简介:高沙沙(1994-),女,硕士生,主要研究方向为嵌入式安全。
  • 基金资助:
    本文受装发预研项目(31511020202)资助。

Dynamical Management Technology of Multi-Level Security Domain for Embedded Operating System Based on MILS

GAO Sha-sha1,2, WANG Zhong-hua1   

  1. (Xi’an Aeronautics Computing Technique Research Institute,AVIC,Xi’an 710068,China)1;
    (School of Computer Science and Technology,Xidian University,Xi’an 710071,China)2
  • Online:2019-11-10 Published:2019-11-20

摘要: 基于MILS架构的嵌入式操作系统能够实现不同应用分区之间不同密级数据的安全隔离。然而,现有基于MILS架构的嵌入式操作系统无法满足任务运行出现故障后正确安全迁移的需求,从而无法实现任务功能重构和实时动态加载的目标。因此,在对现有基于MILS架构的嵌入式操作系统的优点和不足进行分析的基础上,提出了面向任务的多级安全域动态管理架构,并详细描述了架构中各个功能模块的工作原理,从而能够保证任务在特定的安全域内进行动态迁移和功能重构。

关键词: MILS, 多级安全域, 功能重构

Abstract: The embedded operating system based on MILS architecture can achieve security isolation of data from different application partitions.However,the existing embedded operating systems based on MILS architecture can not meet the need of secure migration,and cannot complete tasks’ functional reconstruction and real-time dynamic loading after the failure of task.Therefore,on the basis of analyzing the advantages and disadvantages of the existing embedded operating systems based on MILS,a task-oriented multi-level security domain management architecture was proposed.Besides,the working principle of each functional module in the architecture was described in detail,which can ensure the dynamic migration and functional reconstruction within a specific security domain.

Key words: Functional reconstruction, MILS, Multi-level security domains

中图分类号: 

  • TP393.08
[1]RUSHBY J M.Design and verification of secure systems[J].AcmSigops Operating Systems Review,1981,15(5):12-21.
[2]RUSHBY J M.Proof of separability a verification technique for a class of security kernels[C]∥International Symposium on Programming.Springer,Berlin,Heidelberg,1982:352-367.
[3]ALVES-FOSS J,OMAN P W,TAYLOR C,et al.The MILS architecture for high-assurance embedded systems[J].International Journal of Embedded Systems,2006,2(3/4):239-247.
[4]SHIELD J,CHENOWETH S,PRENDERGAST P,et al.Information Associations for Multi-Domain Applications:Addressing Data Utility in Segregated Networks[C]∥Proceedings of the Australasian Computer Science Week Multiconference.ACM,2019:4.
[5]张灯,任晓瑞,胡宁,等.基于MILS架构的安全中间件研究[J].电子技术,2013,42(7):16-19.
[6]张灯.面向多重独立安全等级架构的安全通信机制研究[D].西安:西安电子科技大学,2011.
[7]李健,陈革,叶晓芸,等.基于MILS多级安全架构的远程调试机制[J].计算机工程,2016,42(1):61-65.
[8]杨姗.基于MILS架构多级安全操作系统的若干关键技术研究[D].成都:电子科技大学,2018.
[9]石鹏.基于MILS架构的操作系统安全技术研究与实现[D].成都:电子科技大学,2016.
[10]HOM J.International Journal of Embedded Systems[J].Ismir,2012:95-100.
[11]崔西宁,王聪琳,裴庆祺,等.基于MILS CORBA的多级安全分区通信机制[J].计算机科学,2013,40(5):38-41.
[12]成亚萌.MILS系统中分区间的信息流控制[D].西安:西安电子科技大学,2012.
[13]邢薇薇.面向航空电子的分区内核关键技术研究[D].西安:西安电子科技大学,2011.
[14]TUCHS K D,HALMAI T,VAN SELM M.Multi-security domain management integration architecture for end-to-end service management in military networks[C]∥2011-MILCOM 2011 Military Communications Conference.IEEE,2011:1375-1380.
[15]潘楠,李亚晖,沈玉龙.MILS CORBA中的多级安全访问控制[J].互联网天地,2013(1):50-54.
[16]杨琼,周霆,胡宁,等.一种面向MILS的多级安全文件系统的架构设计[J].科学技术与工程,2011,11(30):7443-7447.
[17]HECKMAN M R,SCHELL R R,REED E E.A multi-level secure file sharing server and its application to a multi-level secure cloud[C]∥MILCOM 2015-2015 IEEE Military Communications Conference.IEEE,2015:1224-1229.
[18]WRONA K,OUDKERK S.Integrated content-based informa-tion security for future military systems[C]∥MILCOM 2015-2015 IEEE Military Communications Conference.IEEE,2015:1230-1235.
[1] 崔西宁,王聪琳,裴庆祺,李亚晖,沈玉龙.
基于MILS CORBA的多级安全分区通信机制
Multiple Security Partition Communication Mechanism Based on MILS CORBA
计算机科学, 2013, 40(5): 38-41.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!