计算机工程

• 安全技术 • 上一篇    下一篇

嵌入式实时操作系统可信计算技术研究

徐明迪,杨连嘉   

  1. (武汉数字工程研究所,武汉 430074)
  • 收稿日期:2012-12-07 出版日期:2014-01-15 发布日期:2014-01-13
  • 作者简介:徐明迪(1980-),男,高级工程师、博士,主研方向:嵌入式系统安全,可信计算,服务计算;杨连嘉,高级工程师、硕士
  • 基金项目:
    国家自然科学基金资助项目(61003268)

Research on Trusted Computing Technology in Embedded Real-time Operation System

XU Ming-di, YANG Lian-jia   

  1. (Wuhan Digital Engineering Institute, Wuhan 430074, China)
  • Received:2012-12-07 Online:2014-01-15 Published:2014-01-13

摘要: 可信计算能有效提高嵌入式实时操作系统的安全性,但现有的可信计算技术较难满足该系统实时性和低功耗的要求。为此,提出一种基于VxWorks内核的可信计算解决方案。设计嵌入式实时可信平台模块和可信软件栈,实现基于完整性度量证书的信任链传递结构和轻量级访问控制框架。实验结果证明,可信平台模块相比SW-TPM模块平均命令执行时间节省了65.81%,轻量级访问控制框架对系统内核的性能影响也较小,可满足嵌入式实时操作系统的应用要求。

关键词: 嵌入式实时操作系统, 可信计算, 完整性度量证书, 访问控制, 实时调度

Abstract: The Trusted Computing Technology(TCT) is an effective way to solve Embedded Real-time Operation System(ERTOS) security. However, the existing TCT is hard to satisfy the properties of real-time and low power consumption directly. Based on VxWorks kernel, this paper puts forward a solution of trusted computing by designing embedded real-time trusted computing module and trusted software stack, which can realize the chain of trust by using integrity measurement certificate and establish the lightweight access control architecture. Experimental results show that the average execution time of commands on trusted platform module saves 65.81% execution time compared with SW-TPM module. Lightweight access control affects the kernel by increasing few execution overhead, which can meet the ERTOS requirements of real-time and low power consumption as a whole.

Key words: Embedded Real-time Operation System(ERTOS), trusted computing, integrity measurement certificate, access control, real-time schedule

中图分类号: