| With the rapid development and progress of computer technology and Internet,embedded devices are becoming an increasing part of the Internet devices.the security problem between the devices in sharing their resources and information is increasingly serious.Embedded operating system is the foundation of the embedded devices' security,to solve the security problem of the embedded devices,the first thing to do is to solve the security problem of embedded operating system.At present,the research of security embedded operating system in our country is still in the primary stage of it's development,many requirements for the security of embedded operating system in military,commercial,government,and other fields are not met,especially in the field of military has strict security requirements for embedded real-time operating system.So,it is very urgent to develop a general embedded real-time operating system's security mechanism.This thesis starts research the operating system security mechanism from the most commonly used access control mechanism,and deeply studied the principle of mandatory access control mechanism and its classic use case: SELinux,and then analyses the Linux Security Modules and its architecture and implementation principle.This thesis adopts the security system architecture including the service side,embedded terminal and user program.The service side is mainly composed of the security policy configuration tool which provides users with analysis of the security policy documents and custom configuration and other functions.Considering the embedded real-time operation system's single user and limited resources,this thesis adoptes strategy server,access controller,Access Vector Cache(AVC)and other components to build the mandatory access control mechanism in the embedded real-time operating system.Policy server,which is the most important part of the security model,mainly implements the management of system security policy,access to the arbitration,and attributes of the physical security of the system function such as storage and distribution.Access controller,which exists in the security module as to intercept,it is mainly responsible for the isolation of external access request,and using access control according to the security strategies for these requests.The data interaction between Access controller and policy server through the security module components is based on the API implementation.AVC is designed to enhance security module on the performance of the system access request for arbitration and its implementation,which can reduce the number of repeating the arbitration system,thus greatly reduce the strategies used in the arbitration.This thesis implements the RTOS oriented general mandatory access control mechanism on RTEMS and proposed new methods to solve two difficulties.Then tested the MAC function and system performance,thus verifying the feasibility and correctness of the general MAC security model. |
PDF Full Text Request