| With the deepening informationization process of our army, more and more weapon platforms with embedded systems have been equipped to the army, which greatly enhances our army's battle effectiveness. Of all the embedded systems, VxWorks operating system is widely applied in information-based arms owing to its advantages of compaction, real time and high efficiency. However, the lack of security defense mechanisms leads many security leaks to VxWorks-based systems, and also leads serious threats to the holistic security of military information systems or weapon platforms relied on VxWorks. So it possesses great military significance to research on security mechanisms of VxWorks system and to enhance its security.The access control mechanism of VxWorks system is thoroughly researched in this paper.Centered in security requirements of VxWorks weapon systems, based on the analysis of BLP, Clark-Wilson and DTE models, aiming at the characteristics and demands of embedded systems'access control mechanisms, the Multi-level Security Model Based on Well-formed Transformation (WT_MLSM) is designed. The operating range of subjects– Domain and the attribute set of objects– Type are both defined in this Model, in which system integrity is ensured by the Domain– Type relationship, system security is ensured by multi-level security rules in the domain, user privilege management is enhanced by the definition of roles and the legal users'illegal operation on data is prevented by the definition of well-formed transformation.Based on the characteristics of VxWorks'task scheduler and I/O system, the Embedded Framework of Access Control (EFAC) is designed as a material scheme for realizing the access control policies in the WT_MLSM model. In order to improve the system efficiency, the Access Request Filter is designed and added to the framework, which lightens the burden of the Access control Decision Facility. Combined with the subjects'behavioral characteristics and applying environments of the VxWorks system, the accessorial Policy Load Engine is designed in the Access control Decision Facility which realizes the dynamic load of policy.According to the characteristics of VxWorks architecture, the spot to embed the access control mechanism is fixed and the access control assistant modules are designed, thus the access control mechanism based on WT_MLSM is realized and applied.The access control mechanism proposed in this paper realizes the task-level access control in embedded systems and provides an important technical method for enhancing VxWorks system security, which is a beneficial exploration to satisfy the high security requirements of embedded platform weapon systems. |
PDF Full Text Request