Research And Implementation Of Operation System Security Technology Based On MILS Architecture

In recent years, with the "prism door" and other threats to China’s information security incidents, to the country in the field of information security issues sounded the alarm. Also the safety-critical embedded systems of aviation, military information and other areas in our country are facing the security threat that bring by the security vulnerabilities of operating system. In order to solve a series of safety problems, and enhance the dependable ability of safety-critical embedded systems, it is necessary to design and implement a dependable embedded operating system for military embedded device.In order to enhance the ability of high reliable embedded safety critical system in safety, reliability and survivability etc, this thesis on the basis of analysis the current situation and development trend of operating system security in domestic and foreign, and by the research of related theory and technology of multi-level independent security architecture(MILS), seL4 microkernel and para-virtualization of embedded systems and so on, and proposed a high credible multi-level security embedded operating syste m architecture that have feasibility and based on MILS architecture. Different from the traditional operating system security enhancement technology, the architecture provides a whole credible solution from the system architecture.The work of this dissertation focuses on how to design and implement a multi-level security embedded operating system architecture. In the design of system architecture, first, according to the requirements of characteristics and security of embedded operating system, analysis design objectives of the entire system architecture and design the whole system architecture. And then, design the key modules of system architecture in details. Those key modules include partition management, partition communication, "client" operating system para-virtualization, and device service. In the design process, for the key issues that multi-level security embedded operating syste m architecture involved, such as: partition management, inter-partition communication, real-time operating system(RTOS) running in a separate partition, and a plurality of parti tions multiplexing device service, gives the feasible solution respectively.In the realization of system architecture, we use the multi-level security embedded operating system architecture design as standard, mainly from the partition management service module, partition communication service module, device service module and "client" operating system para-virtualization based on uC/OS, to achieve this architecture prototype system based on seL4 micro-kernel and in the way of source code and examples. For example, in the device service module,we use the timer service as an example to describe the process of timer service running and service call in details. Finally, with the demonstration and testing of the realize of multi-key modules in multi-level security embedded operating system prototype on OK6410 development board, thus,we use the experimental model way verified the feasibility of multi-level security embedded operating system architecture and it’s the related technologies and solutions that brings in this design.