Security Research And Implementation Based On Embedded Operating System μC/OS-Ⅱ

With the development of the embedded network technology and the broad application of the embedded systems about our life, the current information security has become a serious problem. If these systems once have some security problems, it may cause a huge economic loss on our country and the people. Therefore, it has become an important research subject for us that to construct the embedded secure operating system with independent copyright about high reliability and high security. This paper started as a target for embedded operating system study of the safety and has made useful progresses.First, the paper introduced by stages of the embedded operating system and secures operating system's research and development process. Next, it showed the secure operating system's development technology, and then is the related software and hardware security mechanisms. It also conducted a number of relevant security model improvements. These are the theoretical basis of which the secure operating system design must have.Afterward, the paper transformed some kinds of concrete improvement with detailed explanation about the embedded operating systemμC/OS-II. Followed by it are the evaluation criteria of information security, the encryption technique algorithm principle and the security architecture system analysis. These are the frame basis of which the secure operating system design must have.On the basis, the paper revolves the realization process about the secure operating system to make them specifically. It is just with the following several aspects to study and perform:(1) Based on the compulsion visit technology's foundation, all resources about the embedded operating systemμC/OS-II is divided into three main types and four object types. And it created three specific type roles that accorded to the management roles of RBAC (Role Based Access Control) model. Then the paper makes the different system-related functions with different accessing operation.(2) For the defects which the BLP (Bell&LaPadula) model already exists, after imported the rules of BIBA model. For guarantee the new safety rules on completeness and flexibility, the paper also increase the attributes of trust level and the object domain to the task control block.(3) The concrete security frame has used the distributional security access control decision-making structure. Nine different security decision-making sub-centers not only reduced the independence of the decision-making process, but also increase their own decision-making mechanism of the system to protect the integrity of the capacity.(4) With the study of the tradition authentication mechanism and the audit mechanism's premise, the paper choose the Famous RSA encryption algorithm to ID authentication mechanism. With the design also gave full consideration on the optimize allocation about size and system efficiency.(5) The new security kernel retained the original user interface completely. The original application procedures in the transplant process only needs to consider the priority corresponds to specifically related security disposition, but does not need to carry on any aspect about the code revision.