Research On Security Techniques Of Embedded Operating System

Due to the development of computer technology and nework, more and more embedded devices can communicate through internet. Computing resource can be shared beyond the limit of time and space. Information security becomes a critical problem. As the core facility of embedded system,operating system is the security base of the applications and other security systems. The embedded applications for diverse fields (government, defence,finance, consumer product,etc.) require different security mechanism,and want to get a high trusted embedded operating system to meet functional and performance requirments.This dissertation is devoted to show the research and practice on this subject, and has achieved several useful results, in addition to some breakthroughs in this field.This paper first analyzes causations compromising embedded operating system, and summarizes the research results of several decades, points out the trends in the future, then explores the popular security mechanism and development methods.These works motivate ideas for following research.From the perspective of security requirments and design principles, this paper delves into the core of secure embedded operating system-security kernel. Furthermore, it focuses the view on the research of supporting multi-policies and dynamical policies. The main contributions of the paper are shown below:1. The integrating of multi-policies. Supporting multi-policies and dynamical policies is the research trends of secure operating system. This paper explores access control policies and access support policies, formally analyzes state transition model resulted by diverse policies and relation between security service and access control requirments. As a result, it presents a multi-policies integration model and a multi-policies language.2. Security kernel architecture. Based on the analysis of the limitations in the traditional security kernel and reference monitor, this paper presents a security kernel architecture supporting dynamical policies. The architecture separates decision from enforcement, and optimizes performance by decision cache.At the same time,this paper explores expansibility and online upgrade model of the architecture.A prototype of security kernel is implemented to prove the architecture at the end of the paper. 3. Authorization revocation. By analysing the shortcomings of revoking mechanism in current secure operating systems, This paper presents a revoking mechanism, which supports cascade and noncascade revocation. It further discusses the destructive problem resulted from revocation in critical task and presents solution The mechanism can satisfy most of requirments in secure embedded operating system.4. Based on the works above, a prototype of security kernel for embedded OS is implemented at the end of the paper. Test results of the prototype proofs that the security kernel architecture is feasible, reasonable and utility.Besides those works, this paper has done some works in exploring the other security mechanism of embedded operating system:1. By combining reflection and reference monitor technology, this paper presents a reference monitor based on security metaobject of application layer in embedded OS, and demonstrates the function by practice. The reflection-based seurity enhancement reduces the amount of code and the overhead of access control system ,at the same time,it improves the flexibility and extensibility of security policies.2. Presenting a secure OS based domain access control mechanism, which extends access control from secure OS to network.The mechanism verifies the validation of network links by secure host,and filters the packets that transfered between hosts by secure router.It constitutes a strong seurity model for ad hoc network.