Research And Implementation Of Separation Kernel Techonology For Secure Applications

The security of operating system is the basis of software security.Secure operating system theory has embraced a great leap since 1980 th,secure operating system standards such as TCSEC,CC,OSEC,AUTOSAR,SKPP and its implementations appeared successively.With the development of cloud computing,cloud storage,smart automobile and internet of things,the security of operating system will catch researcher's attension once again.In the application of cloud computing,cloud storage,smart automobile and internet of things,separation kernel based system is a well suited solution for security as it can provide several independent runtime partitions which is better for priviledge management,faulty isolation,system reboot,resource allocation,and hardware utilization.In abroad,a lot of research achivements like OVERSEE,MUEN projects have been made in the filed of separation kernel based secure operating system.In China,only a few research teams and companies have just started the research in this filed.In this paper,we designed and implemented a secure operating system architecture based on eAUTO separation kernel and finished its test work.The detailed work listed below:1.In the system kernel,combined with related theory of security operating system,ESM module is designed and implemented in reference to the design of LSM which provides mandatory access control(Mac)and composite security model for the kernel.Flexible interface is also implemented in the kernel for security model customization which is convenient for users to define a new security model and policy language.2.Improved the GFAC access control framework,implemented efficient access control cache and multiple security policy server which enhanced the efficience of access control judgemend and the flexibility of security policy.3.At the application level,security service partition is designed in reference to related research achievements abroad which provides security related service for the whole system architecture,such as encryption,secure storage,key management,authorization and so on.4.Secure IO partition is implemented to ensure the IO related security of the whole system.Secure IO partition provides IO service for the system architecture.IO management is confined to secure IO partition which facilitates authorization and themanagement of IO devices.5.Secure boot module and security audit system is implemented for further security enhancement.Secure boot module is based on the principle of trusted chain,ensures that the system is trustable in the whole process of system boot up.Secure audit system can record the security sensitive actions in the system which can be used for security analysis.