摘要
为解决安全关键嵌入式系统的信息安全问题,针对多级安全架构特点,本文提出了安全可信的嵌入式系统架构技术。通过实现嵌入式操作系统的隔离内核,在资源分配、信息流和故障等方面的完全隔离,实施严格的数据访问与通信限制。通过构建系统可信度量链,提供用户身份授权和应用完整性验证,使安全关键嵌入式系统具有多级安全策略、故障隔离、安全通信、可信度量、身份认证等能力。
To resolve the information security of the security-critical embedded systems,aiming at the features of multi-level security architecture,this paper proposes a safe and reliable embedded system architecture.By implementing the separable kernel of the embedded operation system,strict data access and communication are achieved in the aspects of resource allocation,information flow and failure separation.By building a system reliability chain,user identity authorization and application integrity verification are provided.The security key embedded system has the ability of multilevel security strategy,fault isolation,secure communication,trusted measurement,identity authentication and so on.
作者
游夏
马云
胡明星
YOU Xia;MA Yun;HU Ming-xing(The 32nd Research Institute of China Electronics Technology Corporation,Shanghai 201808)
出处
《数字技术与应用》
2018年第2期186-188,190,共4页
Digital Technology & Application
关键词
多重独立安全等级
隔离内核
可信驱动
安全服务
Multiple Independent Levels of Security(MILS)
separable kernel
trustiness driver
security service