In order to building the MILS embedded operating system, a secure mechanism built in the micro - kernel is presented which supports secure partitioning. In order to keep from tampering and bypassing the access control mechanism of secure operating system,the presented method adopts time-space separation structure to support the integrity of the secure kernel. Each application process can individually run and interact by the exchange of messages based on the process separation and the message delivery mechanism of the micro - kernel, which supports protecting individual security of each module. The present method of the micro- kernel can be verified by the formalization means,and enhance the security and dependability of system due to the simplified system structures.%针对构建MILS安全嵌入式操作系统需求,提出一种基于微内核的安全机制.通过微内核的安全监控机制和时空隔离结构,为系统提供安全性和可靠性的基础支撑,避免操作系统中访问控制机制被篡改、绕过,采用任务间时空隔离和消息传递机制使得各个安全关键任务独立运行,通过受控的消息机制进行交互,有效保证了各个模块的独立安全性.采用微内核架构能够进一步形式化验证,从而在安全的系统结构的下提高任务的安全性和可靠性.
展开▼
