基于安全域隔离的嵌入式系统的访问控制机制研究

计算机科学 ›› 2013, Vol. 40 ›› Issue (Z6): 320-322.

基于安全域隔离的嵌入式系统的访问控制机制研究

牛文生,李亚晖,张亚棣

中国航空工业计算技术研究所西安710068;中国航空工业计算技术研究所西安710068;中国航空工业计算技术研究所西安710068

出版日期:2018-11-16 发布日期:2018-11-16
基金资助:
本文受航空科学基金项目(2010ZC31002)资助

Research on Secure Access Control Mechanism Based on Secure Domain Separation for Embedded Systems

NIU Wen-sheng,LI Ya-hui and ZHANG Ya-di

Online:2018-11-16 Published:2018-11-16

摘要/Abstract

摘要： 针对嵌入式领域安全关键系统的信息安全问题,提出了基于安全域隔离的访问控制模型,采用分区间信息流隔离控制机制,结合分区间消息路由和消息权限鉴别机制,实现了分区操作系统中安全关键类应用任务的多级安全访问控制,并依据该模型设计了多级安全操作系统的访问控制机制。通过安全性分析证明,该机制使基于微内核的嵌入式操作系统能够防止非法的资源访问、身份伪装、信息泄露和隐秘通道等安全威胁；经过系统的性能测试表明,安全访问控制机制的引入使嵌入式操作系统的综合性能消耗约为10%左右。

关键词: 多级安全,强制访问控制,时空隔离,安全监控器

Abstract: Based on secure domain separation model,the research in secure architectures of embedded systems proposed a method of the secure access control,which supports multi-level secure separation of information stream with the message router between partions and messages authority based on the secure partition kernels．In order to implement the multi-level security embedded operating system,the structure of the secure access control mechanism was presented according to the secure domain separation model．The security analysis results prove that the proposed method can keep from security threats includeing illegal resource accessing,identity personation,information revealing and cover channel etc.The perfangmance analysis results show that the synthetical comsuming is about 10% with importing the security access control mechannism.

Key words: Multi-level security,Mandatory access control,Space separation,Security monitor

牛文生,李亚晖,张亚棣. 基于安全域隔离的嵌入式系统的访问控制机制研究[J]. 计算机科学, 2013, 40(Z6): 320-322. https://doi.org/

NIU Wen-sheng,LI Ya-hui and ZHANG Ya-di. Research on Secure Access Control Mechanism Based on Secure Domain Separation for Embedded Systems[J]. Computer Science, 2013, 40(Z6): 320-322. https://doi.org/

参考文献

[1] Alves-Foss J,Taylor C,Oman P．A Multi-layered Approach to Security in High Assurance Systems[C]∥Proceedings of the Hawaii International Conference on System Sciences．January 2004
[2] Rushby J M．The Design and Verification of Secure Systems[J]．ACM Operating Systems Review,1981,15(5):12-21
[3] Rushby J M．Proof of Separability:A Verification Technique for a Class of Security Kernels[J]．Computer Science,1982,137:352-367
[4] Boettcher C,Rushby J．The MILS component integration ap-proach to secure information sharing[C]∥the 27th Digital A-vionics Systems Conference．October 2008:26-30
[5] 黄玉琪,张建平,马利．基于三权分立原则的安全操作系统结构设计[J]．计算机应用与软件,2010,27(8):159-162
[6] 韩立毛,赵跃华,马祥顺．嵌入式操作系统的内核安全研究与设计[J]．计算机工程与设计,2010,31(14):3233-3236
[7] Bell D,LaPadula L．Secure Computer Systems:a Mathematical Model[R]．Technical Report MTR-2547(Vol．II)．MITRE Corp.,Bedford,MA,May 1973
[8] Brien R O,Rogers C．Developing application on LOCK[C]∥Proceedings of Symposium Research in Security and Privacy．Oct 1991:206-214

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed