Research And Implementation Of Embedded Secure File System

Nowadays, with the development of widely used embedded devices, more and more information is stored in them. Thus, the security of the information in these devices becomes a serious issue. If the data is stored in the device without any secure mechanism and the device is lost, stolen or attacked by illegal operations, the information in the device may be gotten by malicious hackers, which may lead numerous losses to the owner and even make damage to the security of nation. This dissertation is devoted to conduct research and practice on secure embedded system, aiming at implement a secure embedded file system, with the consideration of access control mechanism and memory reliability.Regarding the access control mechanism, the researches mainly include the followings: doing research on and designing the framework of access control, conducting access control according to the system security policy; designing multi-security policy set for access control, identifying and authenticating users. Access control technology is the kernel of secure file system, which provides the access to system resources via password verifier, mandatory access control policy and multi-security policy set. Meanwhile, the following researches are done on per memory reliability: invalid block management, anti-tearing mechanism, garbage collection mechanism, and wear-leveling mechanism. Through the research and improvement on memory management mechanism, each memory unit will be used efficiently, which will make the life cycle of physical memory longer.The following achievements are made in this dissertation: (1) With the consideration of the characteristics of embedded system, GFAC is researched and the implementation framework of the access control model is designed, which is suitable for embedded system. (2) A multi-policy access control model is presented and implemented formally based on the analysis on RBAC, MLS and access control matrix. (3) FAT file system is carefully researched and improved, and the user privilege is appended in the secure file system on the principle of least privilege and RBAC model. (4) Anti-tearing mechanism for file system is researched and the restoring mechanism is implemented for FLASH file system. (5) The management of memory unit is implemented, and the FIFO policy is used to realize garbage collection mechanism and wear-leveling mechanism.