计算机科学 ›› 2013, Vol. 40 ›› Issue (Z6): 320-322.
牛文生,李亚晖,张亚棣
NIU Wen-sheng,LI Ya-hui and ZHANG Ya-di
摘要: 针对嵌入式领域安全关键系统的信息安全问题,提出了基于安全域隔离的访问控制模型,采用分区间信息流隔离控制机制,结合分区间消息路由和消息权限鉴别机制,实现了分区操作系统中安全关键类应用任务的多级安全访问控制,并依据该模型设计了多级安全操作系统的访问控制机制。通过安全性分析证明,该机制使基于微内核的嵌入式操作系统能够防止非法的资源访问、身份伪装、信息泄露和隐秘通道等安全威胁;经过系统的性能测试表明,安全访问控制机制的引入使嵌入式操作系统的综合性能消耗约为10%左右。
[1] Alves-Foss J,Taylor C,Oman P.A Multi-layered Approach to Security in High Assurance Systems[C]∥Proceedings of the Hawaii International Conference on System Sciences.January 2004 [2] Rushby J M.The Design and Verification of Secure Systems[J].ACM Operating Systems Review,1981,15(5):12-21 [3] Rushby J M.Proof of Separability:A Verification Technique for a Class of Security Kernels[J].Computer Science,1982,137:352-367 [4] Boettcher C,Rushby J.The MILS component integration ap-proach to secure information sharing[C]∥the 27th Digital A-vionics Systems Conference.October 2008:26-30 [5] 黄玉琪,张建平,马利.基于三权分立原则的安全操作系统结构设计[J].计算机应用与软件,2010,27(8):159-162 [6] 韩立毛,赵跃华,马祥顺.嵌入式操作系统的内核安全研究与设计[J].计算机工程与设计,2010,31(14):3233-3236 [7] Bell D,LaPadula L.Secure Computer Systems:a Mathematical Model[R].Technical Report MTR-2547(Vol.II).MITRE Corp.,Bedford,MA,May 1973 [8] Brien R O,Rogers C.Developing application on LOCK[C]∥Proceedings of Symposium Research in Security and Privacy.Oct 1991:206-214 |
No related articles found! |
|