摘要： 在研究分析传统安全操作系统的安全理论和技术的基础上，结合嵌入式操作系统的特点，提出一种适合于嵌入式操作系统的安全核框架：ESK(embedded security kernel)。它有如下特点：自主配置安全属性，强制访问控制机制和多策略判定。通过对Win CE4.2嵌入式操作系统的改造，验证了该安全核框架的有效性。

关键词: 嵌入式系统, 安全操作系统, 安全核框架, 强制访问控制, 多策略判定

Abstract: Based on research and analysis of traditional embedded operating system security theories and technologies, combining with characteristics of embedded operating system, this paper puts forward a security kernel frame fit for embedded operating system: ESK(embedded security kernel). It has the characteristics as follows: self-determination configuring security attributions, mandatory access control, security signs and multi-strategy determinant. Through the reconstruction of Win CE operating system, the validity of the security kernel frame is validated.

Key words: Embedded system, Security operating system, Security kernel frame, Mandatory access control, Multi-strategy determinant