摘要
以开发具有自主知识产权的军用安全OS为背景,基于最新版本L inux内核,分析并设计安全内存管理子系统。依据可信计算机系统评估标准,将安全OS的功能需求依次映射到内存管理子系统,初步提出安全内存管理子系统的四个功能:进程隔离、防止内存信息泄露、内存访问控制,虚拟内存保护;在分析L inux内存管理机制的基础上,采用安全增强法,从安全相关和硬件相关出发分解核心程序,提出安全增强型内存管理子系统的设计方案,并对各部分进行了分析和实现。
A latest Linux kernel based secure Memory Management Subsystems (MMS) is analyzed and designed in the context of developing military OS with independent intellectual property rights. The functional requirements of a secure OS are mapped into a secure MMS in accordance with Trusted Computer System Evaluation Criteria. Process isolation, prevention of memory information leak, memory access control and virtual memory protection as four function requirements of secure MMS are first presented. Then, kernel source code is divided into two parts on secure - relative and hardware-dependent after analyzing MMS mechanism by utilizing the techniques for enhancing security, and the scheme of improving the security of MMS is proposed. Finally, each part of the scheme are analyzed and implemented.
出处
《航空计算技术》
2006年第6期94-97,共4页
Aeronautical Computing Technique
