Research On Several Key Technologies Of Multilevel Security Operating System Based On MILS Architecture

In recent decades,the development of computers has undergone continuous updates.With the development of the Internet,computers have undergone several changes,and become ubiquitous in people's lives.However,when we enjoy the convenience brought by the rapid development of computers and the Internet,we have to endure the harms that come with it.For example,the "WannaCry",a bitcoin ransomware virus that exploded in 2017,had threatened different industries in many countries and regions around the world.Drew on the “Eternal Blue”,a Windows system security vulnerability,"WannaCry" virus quickly spread all over the world within a short period of time.There are many other security threats caused by operating system security vulnerabilities.Therefore,in order to fundamentally solve similar security risks,it is necessary to improve the system's security defense capability in the aspect of operating system.In the research of safety critical system,multiple independent levels of security and safety(MILS)architecture has been widely used in the design of highly trusted and secure operating system.Based on the idea of separation,The MILS architecture builds multiple independent partitions that have different security levels on one hardware platform.Data between partitions is completely isolated,and communication between partitions is controlled centrally by the separattion kernel.Based on the MILS architecture and virtualization technology,this thesis focuses on several key technologies of the multi-level security operating system based on MILS architecture,and implements a graphical security policy management tool for this system.Aiming at the multi-level security operating system based on MILS architecture,Considering practicality,real-time performance,security and other aspects,this thesis mainly studies these key technologies: The hierarchical real-time scheduling mechanism which incorporates multiple scheduling algorithms;Multi-level secure communication based on the BLP security model;I/O device reuse technology based on the device para-virtualization technology;System security protection technology using mandatory access control mechanisms.In the realization of the system,real-time operating systems such as RTEMS and VxWorks are used as the real-time partition,and the Linux operating system is used as the ordinary non-real time partition.Finally,the system prototype is implemented on Allwinner A20 board and Lenovo T350 G7 server,and carries on the function test and the performance test for these key technologies of this thesis,which verified the feasibility of the multi-level security operating system based on MILS architecture.In addition,in order to facilitate the management and deployment of the mandatory access control policy on the multi-level security operating system based on MILS architecture,this thesis also designes and implementes a graphical security policy management tool.This tool is responsible for analyzing and configuring the system's policies,and completing the following compilation and installation work.