Computer Science ›› 2018, Vol. 45 ›› Issue (3): 138-143.doi: 10.11896/j.issn.1002-137X.2018.03.022

Previous Articles     Next Articles

Research and Implementation of Light-weight Mandatory Access Control Technology for RTOS

YANG Xia, YANG Shan, GUO Wen-sheng, SUN Hai-yong, ZHAO Xiao-yan and ZHANG Yang   

  • Online:2018-03-15 Published:2018-11-13

Abstract: Mandatory access control(MAC) technology can control the accesses of all subjects to objects in the system,which is an effective method to enhance the system security.Implementing the mandatory access control mechanism in a real-time operating system(RTOS) can effectively improve the system security,and make the RTOS pass the high-level certification. Aiming at the problem that the real-time operating system has the characteristics of less resources,low overhead and hard real-time,this paper presented a light-weight mandatory access control (L-MAC) mechanism.The L-MAC technology consists of an L-MAC model,a configurable access monitor and a light-weight security policy model with task permission set based on DTE.Finally,this paper implemented a prototype system based on RTEMS system and a security policy tool that can conveniently add,modify or delete a security policy according to user’s requirements.The results of multiple tests about function and time overload show that L-MAC mechanism is effective and feasible.

Key words: Real-time operating system,Light-weight mandatory access control,Task permission set,RTEMS

[1] SUN R,WANG Y B,WU C W.Study on Security Technology based on Embedded Internet[J].Information Security and Communication Security,2012(9):102-104.(in Chinese) 孙瑞,王运兵,吴传伟.基于嵌入式网络安全技术的研究[J].信息安全与通信保密,2012(9):102-104.
[2] 国家质量技术监督局.计算机信息系统安全保护等级划分准则:GB 17859-1999[S].北京:中国标准出版社,2001.
[3] BRIFFAUT J,LALANDE J F,TOINARD C.Formalization of security properties:Enforcement for MAC operating systems and verification of dynamic MAC policies[J].International Journal on Advances in Security,2010,2(4):325-343.
[4] CHEN Z P.Research and Implementation of Security Technology Based on WinCE Operating System[D].Chengdu:University of Electronic Science and Technology of China,2003.(in Chinese) 陈志平.基于WinCE操作系统安全技术的研究与实现[D].成都:电子科技大学,2003.
[5] LI H.Research on Access Control Technology of EmbeddedReal-time Operating System[D].Chengdu:University of Electronic Science and Technology of China,2006.(in Chinese) 李欢.嵌入式实时操作系统访问控制技术研究[D].成都:电子科技大学,2006.
[6] XUE P J.Research on File Access Control Technology of VxWorks System[D].Nanjing:Jiangsu University of Science and Technology,2015.(in Chinese) 薛朋骏.VxWorks系统的文件访问控制技术研究[D].南京:江苏科技大学,2015.
[7] TIAN L.Research and Realization on Security Mechanism ofEmbedded RTOS VxWorks[D].Nanjing:Nanjing University of Aeronautics and Astronautics,2009.(in Chinese) 田力.实时嵌入式系统VxWorks安全机制的研究与实现[D].南京:南京航空航天大学,2009.
[8] ZHAI G,LI Y.Analysis and Study of Security Mechanisms inside Linux Kernel[C]∥International Conference on Security Technology.IEEE Xplore,2009:58-61.
[9] XIAO Y K,JI C L,XIE B X,et al.Security mechanism and security model of SELinux[J].Journal of Computer Applications,2009,29(S1):66-68.(in Chinese) 肖永康,纪翠玲,谢宝恂,等.SELinux的安全机制和安全模型[J].计算机应用,2009,29(S1):66-68.
[10] YANG X,SHI P,YANG S,et al.Research on the Separation of Privilege Based on SELinux[J].Journal of University of Electronic Science and Technology of China,2016,45(6):958-963.(in Chinese) 杨霞,石鹏,杨姗,等.基于SELinux的三权分离技术的研究[J].电子科技大学学报,2016,45(6):958-963.
[11] OAR Corporation.RTEMS C User’s Guide Edition 4.10.99[M/OL].http://www.rtems.com.
[12] YUICHI N,YOSHIKI S,TOSHIHIRO Y.SELinux SecurityPolicy Configuration System with Higher Level Language [J].Journal of Information Processing,2010,18:201-212.
[13] FAN C,GUI X Z.Development of board support packageforRTEMS[J].Microcontrollers & Embedded Systems,2005(6):35-38.(in Chinese) 樊超,桂先洲.开发RTEMS实时系统的板级支持包[J].单片机与嵌入式系统应用,2005(6):35-38.

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!