本文已被:浏览 1452次 下载 3128次
Received:November 23, 2014 Revised:January 19, 2015
Received:November 23, 2014 Revised:January 19, 2015
中文摘要: 为了满足面向访问验证保护级的要求, 研发新一代高等级安全操作系统, 我们采用微内核的架构设计和实现了面向访问验证保护级的安全操作系统原型系统(VSOS), 并通过设计和实现新的访问监控器来满足安全内核设计原则中的不可旁过和总是被调用两项要求, 但访问监控器的引入导致VSOS的性能产生较大的损耗. 提出了一种基于代码路径优化的方法, 用于改进访问监控器的实现和调用方式, 以及可信路径机制的实现方式. 实验表明, 通过此方法VSOS的性能和可信路径过程的用户体验都得到了提升.
Abstract:To satisfy the requirement of access verification protection level for secure operating system and development the next generation secure operating system with high security levels, we design and implement the Verification-oriented Secure Operating System prototype (VSOS) in microkernel architecture. VSOS meets the two of the principles of designing security kernel, which suggest that reference monitor must be tamper proof and always be involved, by designing and implementing the new reference monitor. However, the introducing of reference monitor causes great performance penalty on VSOS. In order to improve the performance of the VSOS, a code path-based optimization method is used to improve the way of implementing and calling reference monitor as well as implementation of the security mechanism such as trusted path. Experiment results demonstrate that both the performance and the user experience of VSOS are refined by using this method.
文章编号: 中图分类号: 文献标志码:
基金项目:中国科学院重大方向性项目(KGCX2-YW-125);国家自然科学基金(91218302,61432001)
引用文本:
王硕,杨秋松,吴涛.基于代码路径的安全操作系统性能优化方法.计算机系统应用,2015,24(8):18-24
WANG Shuo,YANG Qiu-Song,WU Tao.Code Path-Based Optimization Method of Secure Operaing System.COMPUTER SYSTEMS APPLICATIONS,2015,24(8):18-24
王硕,杨秋松,吴涛.基于代码路径的安全操作系统性能优化方法.计算机系统应用,2015,24(8):18-24
WANG Shuo,YANG Qiu-Song,WU Tao.Code Path-Based Optimization Method of Secure Operaing System.COMPUTER SYSTEMS APPLICATIONS,2015,24(8):18-24
