The Network Structure Of The High-security Operating System - The Design And Realization Of The Local Network Subsystem Security Switch Mechanism

Network security problems are becoming so serious that present ways are no longer satisfied with its need. sCPU-dBUS security computer architecture is designed to protect system's security from the angle of changing computers' architecture. It has one CPU and two fast sub-buses called local-bus and network-bus. CPU is connected to main-bus and bus-bridge controls the connections between main-bus and two sub-buses. NetOS-I is developed independently by our research group based on sCPU-dBUS architecture. It has two independent OS sub-kernels running separately in two sub-areas.To make sure two sub-systems could share CPU reasonably and time slices of CPU could be distributed effectively, there should be a system-switching mechanism to realize real-time switch. Besides, a security scheme should be realized for safe system-switching. The system-switching mechanism designed in this thesis implements the safe system-switching between sub-systems.In this thesis, firstly overall design of system-switching mechanism is given:(1) network management processes are designed as the control hub of system-switching mechanism. It takes system-switching applications from two sub-systems. (2) Trigger of system-switching is designed as hardware trigger and instruction trigger for the two situations:switch under users' control and switch during data transfer. When users trigger, corresponding switching occurs. (3) Entrance and exit of system-switching are designed as the clock interrupt processor in order to realize real-time switching.Then, a security insurance scheme is designed and implemented. We adopted double safeguard mechanism called instruction encryption and instruction with password to ensure security of system-switching. In the scheme, two public-key encryption algorithms called RSA and MD5 are adopted. And signal and pipe are adopted as the communication method between network management process and system-switching application process. Besides, initialization of network management process is designed and implemented. At last, system-switching mechnism is tested on the mother board of a network computer adopting the sCPU-dBUS architecture. The results show that system can be switched safely.