Design And Implementation On Security Mechanism For Real-time Embedded Operating System EAUTO

With the development of information technology, embedded devices have a lot of affect to people’s lives, such as smartphones, tablets and smart watches.These devices can easily connect to the network,giving people a variety of convenient, such as surfing the Internet, games, maps, and shopping, etc.Although they bring some convenient to people, but they also have a lot of safety problems. If someone illegally invaded to the embedded devices, there is a big risk in people’s property losses.The embedded operating system is the core of embedded system. It also directly determines the safety of the whole safety of embedded device.Since the 1960 s, after birth of the operating system, the safety of the operating system also have been studied by scholars both at home and abroad.In contrast, domestic study of the operating system is still in its infancy. Based on the research of embedded operating system security mechanism, proposed security architecture of partition operating system and security policy model of embedded operating system, completed the implementation and testing. specific as follows:1.In view of the partition operating system, security architecture separates into security agent module and security service module, each user partition should has a security agent module, this module will block all user’s operation of the system core, and then ask security server to give decisions.The security server is in a separating system partition, in whole system, there is only one security service partition.2.In the security service module, the article designs the internal communication module, security authentication module, encryption module, key management module, safety storage module, those modules is closely related to hardware security module(HSM). Internal communication module mainly realizes the security service module and the secure agent module’s internal communication; Safety certification module mainly realizes the access control and security verification; Encryption module realizes the data encryption; Key management is mainly responsible for encryption decryption key generation; Safe storage is mainly realized the privacy data storage work.3.In view of the access control, this paper adopted the mandatory access control.According to the characteristics of embedded devices, in this paper, on the basis of study of domestic and foreign security policy model, put forward the strategy integration model.4.In order to enhance is suitable for the real-time embedded devices, in each of the security agent module, a strategy cache is added for security agent module, security agent can firstly check the cache, only strategy cache is invalid, asksecurity service module for decisions.This design can greatly reduce the system overhead.In this thesis, with the support of these theories, finally completed the internal communication module, security authentication module, encryption module, key management module, safety storage module development and on the basis of domestic operating system eAUTO, completed the development of security agent module.