| With the widespread application of real-time computing, embedded real-time operating system is more widely used and its safety and availability are becoming increasingly important especially in the aerospace which has a high security and availability requirements. In the traditional embedded real-time operating system, kernel and application are running on the same privilege level, so that the illegal operation of the application may affect other applications and the kernel running and even cause system crashes, it can not meet the high security and availability requirements of the avionic systems. This paper presents a security partition mechanism, it provides isolation and protection for the application and the kernel of the embedded real-time operating system, which enhance system security and availability.First, the theory and the technology concerned with secure operating system, including secure policy, secure model, secure control technology and isolation technology of safety critical operating system are deeply and systematically discussed and analyzed. Because the ARINC653 standard brought by U.S. Air Power Committee is one of the base of this thesis research, the standard and the commercial real-time operating system supporting the standard are deeply analyzed and the shortcomings of the existing partition mechanism is pointed out. Based on ARINC653 partition mechanism this paper proposes space partition model with access control, safe space partition mechanism, partition scheduling model with the spare time and spare time share partition scheduling mechanism. Finally, the safe partition mechanism (safe space partition mechanism and spare time share partition scheduling mechanism) is carried out in RTEMS and reliability and performance of the RTEMS supporting safe partition mechanism are evaluated and tested. The result shows that safe partition mechanism provides isolation and protection for the application and the kernel and enhances system security and availability. |
PDF Full Text Request