嵌入式操作系统安全机制的设计与实现
文献类型:学位论文
| 作者 | 沈松武 |
| 学位类别 | 硕士 |
| 答辩日期 | 2008-06-03 |
| 授予单位 | 中国科学院研究生院 |
| 授予地点 | 中国科学院软件研究所 |
| 导师 | 王新社 |
| 关键词 | 嵌入式操作系统 数字签名 访问控制 网络安全 安全审计 |
| 其他题名 | Design and Implementation of Security Mechanism of Embedded Operating System |
| 学位专业 | 计算机应用技术 |
| 中文摘要 | 当前,智能手机平台上的手机病毒已经对人们日常使用手机产生了不良影响,并且这种影响将日益严重。手机病毒侵犯了手机用户的个人隐私,导致了手机用户的金钱损失,严重损害了手机用户的利益。为了能够有效的抵御以手机病毒为代表的嵌入式病毒,本文特做出了一些探讨。本文主要关注的是未来以智能手机为代表的开放嵌入式系统平台的系统级安全。如何在嵌入式操作系统中加入防护机制,并充分利用嵌入式系统平台的特点,来抵制恶意代码对操作系统产生的破坏,提高系统的网络安全性成为本文研究的重点。本文提出了一系列增强操作系统安全性的措施,包括制定安全策略、设计访问控制机制、增强网络安全、增加审计记录等。这一系列的措施可以使我们有效的进行事前抵御攻击和事后分析攻击。本文还引入了信任机制,即利用现有的PKI体系,来实现对程序来源可靠性、数据完整性的可信度分级,并根据不同可信级别来实行不同的访问控制。在本文所构造的系统上可以有效的防御可执行文件病毒的自我繁殖和传播,比较有效的抵御宏病毒攻击;由于引入了访问控制机制以及程序签名的概念,因此对于其他类型的恶意代码,如木马、蠕虫等,访问控制机制可以很好的限制它们的破坏行为,而审计日志则可以反映出恶意代码破坏的轨迹,从而使我们把责任追溯到程序的开发者。 |
| 索取号 | 暂无 |
| 英文摘要 | Nowadays, mobile phone viruses have made a big influence to people’s life. They do harm to people’s privacy and benefit seriously. In order to resist the embedded viruses effectively, represented by mobile phone viruses, we had made some research. This article mainly focuses on the system level security of the embedded system platform, represented by intelligentized mobile phone. We especially pay our attention on how to utilize the features of the embedded system and how to add some information protection mechanisms to repel the baleful programs or codes, and promote the network security and system stability of the embedded operating system. We proposed a series of methods to enhance the security of the embedded system, such as design of security policies, design of access control mechanism, add of some security criteria to the network and implementation of audit record. These methods can effectively reject the attack of the baleful programs or codes, and by use of the audit record, we can analyse the attack and find out the malefactor eventually. In this article, we had made use of the Public Key Infrastructure to construct a trusted environment. According to this trusted environment, we can identify which program is trusted and which is untrusted by verifying the origin of the programs and integrity of the programs. Different trusted levels of the programs use different access control methods. In the system we designed in this article, we can resist the executable file viruses effectively and make a big constraint to the vicious code of other kinds. Most importantly, according to the audit mechanism and the access control mechanism, we can find out the vicious programs and charged the producers of these programs to be responsible for the loss of the customers. |
| 公开日期 | 2011-03-17 |
| 分类号 | 暂无 |
| 源URL | [http://124.16.136.157/handle/311060/6126]  |
| 专题 | 软件研究所_软件所图书馆_早期 |
| 推荐引用方式 GB/T 7714 | 沈松武. 嵌入式操作系统安全机制的设计与实现[D]. 中国科学院软件研究所. 中国科学院研究生院. 2008. |
入库方式: OAI收割
来源:软件研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。