计算机科学 ›› 2018, Vol. 45 ›› Issue (3): 138-143.doi: 10.11896/j.issn.1002-137X.2018.03.022
杨霞,杨姗,郭文生,孙海泳,赵晓燕,张杨
YANG Xia, YANG Shan, GUO Wen-sheng, SUN Hai-yong, ZHAO Xiao-yan and ZHANG Yang
摘要: 强制访问控制技术可以控制系统中所有主体对客体的访问操作,是系统安全增强的有效措施之一。在实时操作系统中,增加强制访问控制机制可以有效地提高系统的安全性,使其通过较高安全等级的认证。针对实时操作系统资源少、开销小、实时性要求严格等特点,首先提出了一种针对RTOS的轻量级强制访问控制模型;然后提供了可配置的访问监控器,并提出了基于DTE的任务权限集安全模型,设计了轻量级安全策略;最后基于RTEMS系统实现了一个原型系统,并实现了安全策略配置工具。通过功能测试和性能测试验证了该轻量级强制访问控制模型的有效性和可行性。
[1] SUN R,WANG Y B,WU C W.Study on Security Technology based on Embedded Internet[J].Information Security and Communication Security,2012(9):102-104.(in Chinese) 孙瑞,王运兵,吴传伟.基于嵌入式网络安全技术的研究[J].信息安全与通信保密,2012(9):102-104. [2] 国家质量技术监督局.计算机信息系统安全保护等级划分准则:GB 17859-1999[S].北京:中国标准出版社,2001. [3] BRIFFAUT J,LALANDE J F,TOINARD C.Formalization of security properties:Enforcement for MAC operating systems and verification of dynamic MAC policies[J].International Journal on Advances in Security,2010,2(4):325-343. [4] CHEN Z P.Research and Implementation of Security Technology Based on WinCE Operating System[D].Chengdu:University of Electronic Science and Technology of China,2003.(in Chinese) 陈志平.基于WinCE操作系统安全技术的研究与实现[D].成都:电子科技大学,2003. [5] LI H.Research on Access Control Technology of EmbeddedReal-time Operating System[D].Chengdu:University of Electronic Science and Technology of China,2006.(in Chinese) 李欢.嵌入式实时操作系统访问控制技术研究[D].成都:电子科技大学,2006. [6] XUE P J.Research on File Access Control Technology of VxWorks System[D].Nanjing:Jiangsu University of Science and Technology,2015.(in Chinese) 薛朋骏.VxWorks系统的文件访问控制技术研究[D].南京:江苏科技大学,2015. [7] TIAN L.Research and Realization on Security Mechanism ofEmbedded RTOS VxWorks[D].Nanjing:Nanjing University of Aeronautics and Astronautics,2009.(in Chinese) 田力.实时嵌入式系统VxWorks安全机制的研究与实现[D].南京:南京航空航天大学,2009. [8] ZHAI G,LI Y.Analysis and Study of Security Mechanisms inside Linux Kernel[C]∥International Conference on Security Technology.IEEE Xplore,2009:58-61. [9] XIAO Y K,JI C L,XIE B X,et al.Security mechanism and security model of SELinux[J].Journal of Computer Applications,2009,29(S1):66-68.(in Chinese) 肖永康,纪翠玲,谢宝恂,等.SELinux的安全机制和安全模型[J].计算机应用,2009,29(S1):66-68. [10] YANG X,SHI P,YANG S,et al.Research on the Separation of Privilege Based on SELinux[J].Journal of University of Electronic Science and Technology of China,2016,45(6):958-963.(in Chinese) 杨霞,石鹏,杨姗,等.基于SELinux的三权分离技术的研究[J].电子科技大学学报,2016,45(6):958-963. [11] OAR Corporation.RTEMS C User’s Guide Edition 4.10.99[M/OL].http://www.rtems.com. [12] YUICHI N,YOSHIKI S,TOSHIHIRO Y.SELinux SecurityPolicy Configuration System with Higher Level Language [J].Journal of Information Processing,2010,18:201-212. [13] FAN C,GUI X Z.Development of board support packageforRTEMS[J].Microcontrollers & Embedded Systems,2005(6):35-38.(in Chinese) 樊超,桂先洲.开发RTEMS实时系统的板级支持包[J].单片机与嵌入式系统应用,2005(6):35-38. |
No related articles found! |
|