摘要: 基于单一安全内核构建的嵌入式安全体系实时性差、复杂度高,难以对其进行全面的安全性评估,无法杜绝系统漏洞的出现。针对基于分区内核的安全嵌入式体系进行研究,提出一种分区内核的形式化定义,根据该形式化定义对分区内核的隔离安全性进行证明。为解决分区内核中分区间通信存在的信息流控制问题,提出一种兼顾通信效率和安全性的模型。
关键词:
分区内核,
安全嵌入式系统,
信息流控制
Abstract: Embedded security architecture based on the single security kernel is poor in the real-time aspects and is of much complexity, which can’t be evaluated on the system-wide security policy, so it can not prevent the appearance of the system flaw. This paper focuses on the research of the security embedded architecture for the Partition Kernel(PK). A formalization definition for the PK is put forward, based on the definition, the isolation security of the subarea is proved, and a model for the efficiency and the security of the communication is put forward to solve the problem of information flow control for the communication during the subarea kerenels.
Key words:
Partition Kernel(PK),
security embedded system,
information flow control
中图分类号:
欧庆于. 基于分区内核的安全嵌入式系统[J]. 计算机工程, 2009, 35(23): 158-160.
OU Qing-yu. Security Embedded System Based on Partition Kernel[J]. Computer Engineering, 2009, 35(23): 158-160.