作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2009, Vol. 35 ›› Issue (23): 158-160. doi: 10.3969/j.issn.1000-3428.2009.23.055

• 安全技术 • 上一篇    下一篇

基于分区内核的安全嵌入式系统

欧庆于   

  1. (海军工程大学信息安全系,武汉 430033)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2009-12-05 发布日期:2009-12-05

Security Embedded System Based on Partition Kernel

OU Qing-yu   

  1. (Dept. of Information Secuity, Naval University of Engineering, Wuhan 430033)
  • Received:1900-01-01 Revised:1900-01-01 Online:2009-12-05 Published:2009-12-05

摘要: 基于单一安全内核构建的嵌入式安全体系实时性差、复杂度高,难以对其进行全面的安全性评估,无法杜绝系统漏洞的出现。针对基于分区内核的安全嵌入式体系进行研究,提出一种分区内核的形式化定义,根据该形式化定义对分区内核的隔离安全性进行证明。为解决分区内核中分区间通信存在的信息流控制问题,提出一种兼顾通信效率和安全性的模型。

关键词: 分区内核, 安全嵌入式系统, 信息流控制

Abstract: Embedded security architecture based on the single security kernel is poor in the real-time aspects and is of much complexity, which can’t be evaluated on the system-wide security policy, so it can not prevent the appearance of the system flaw. This paper focuses on the research of the security embedded architecture for the Partition Kernel(PK). A formalization definition for the PK is put forward, based on the definition, the isolation security of the subarea is proved, and a model for the efficiency and the security of the communication is put forward to solve the problem of information flow control for the communication during the subarea kerenels.

Key words: Partition Kernel(PK), security embedded system, information flow control

中图分类号: