【作者】 赵国冬；

【导师】 张国印；

【作者基本信息】 哈尔滨工程大学 ， 检测技术与自动化装置， 2011， 博士

【摘要】 嵌入式系统应用越来越广泛,而且正日益变得庞大和复杂化,造成系统的可靠性与安全性越来越差。如何让嵌入式系统在遭受侵害时保持一定的性能并安全运行,是嵌入式系统一个十分重要的研究领域,嵌入式系统弹性应对机制应运而生。目前的嵌入式系统安全研究往往从静态预防的角度考虑问题,缺乏动态安全策略的设计思想,无法动态掌握系统运行时的安全状况并做出响应,对嵌入式系统硬件配置变化的适应性较差。本文为解决这些问题,提出了弹性应对的解决思路,主要开展了以下几方面的研究工作：分析了嵌入式系统安全领域的研究现状,对嵌入式操作系统安全、进程安全和系统调度等方面进行了说明和评述。探索了实现弹性应对机制的方法,对嵌入式操作系统安全体系结构、检查点机制和嵌入式操作系统调度等提升嵌入式系统安全可靠性的技术进行了介绍。深入研究了弹性应对理论及相关方法,定义了弹性应对机制,介绍了嵌入式操作系统体系结构的安全增强方法、嵌入式系统安全弱点和虚拟文件系统。对Flask安全框架、SELinux安全机制、弱点检测与评估和动态策略配置等实现弹性应对机制的技术进行了详细分析。基于SELinux安全机制,提出了嵌入式操作系统弹性应对体系结构,讨论了动态评价系统安全状况和动态策略配置的方法,在体系结构方面提升了嵌入式系统的弹性应对能力。针对现有嵌入式系统无法动态掌握系统运行时的安全状况并做出响应的问题,提出了基于弱点特征的安全等级评估方法,实现了动态实时的系统安全状况评价,为系统动态配置安全策略和动态设置检查点时间间隔提供了决策支持。详细阐述了组合弱点的危害评估、弱点特征向量分类等实现安全评估的方法,讨论了最少弱点组合问题、弱点特征向量最佳分类数问题和弱点危害估值的更新问题。以安全等级评估为基础,为提高系统的容错性、健壮性、稳定性和可恢复性,提出基于动态检查点时间间隔的进程弹性应对方法,应用检查点机制实现了系统进程的备份与恢复。为实现检查点时间间隔的动态调整,对计算最优静态检查点时间间隔的“J.T.Daly模型”进行了改进,并基于此模型提出了一种动态设置检查点时间间隔的新方法。与静态设置检查点时间间隔相比,动态设置检查点时间间隔的方法降低了检查点的开销率,提升了系统进程的弹性应对能力。针对嵌入式系统运行过程中硬件系统配置变化引起的系统任务调度异常问题,分析了系统调度异常产生的原因,提出了嵌入式系统任务调度异常的弹性应对方法。对调度异常进行了形式化描述,定义了调度的平稳性。基于调度平稳性提出了DX和SAR两种调度规则,使操作系统对硬件配置变化的适应性更强,提升了调度的平稳性,有效的阻止了系统硬件配置变化带来的调度异常。更多还原

【Abstract】 With more and more widely used, Embedded Systems become large and complex, resulting that reliability and security of the system is getting worse. How to maintain a certain performance and continued safe operation when Embedded System is infringed is a very important area of Embedded System research. Therefore, Embedded System Flexibility Response mechanism appears. The current research on Embedded System security often considers from the perspective of static preventing, lack of the design consideration for dynamic security strategies, thus can not dynamically get security situation of running system and respond. Meanwhile, the adaptability to Embedded System hardware configuration changes is weak. To solve these problems, the idea of the Flexibility Response is proposed in this paper. Research is carried out in the following areas:The research situation of Embedded System security is analyzed. The Embedded Operating System security, process safety, system scheduling and other aspects are described and reviewed. Ways of Flexibility Response are explored. The technique that is Embedded Operating System security architecture, checkpoint technique and Embedded Operating System scheduling is introduced, which can enhance security and reliability of Embedded System.The Flexibility Response theory and related methods are in-depth studied, and the Flexibility Response mechanism is defined. The security enhancement method of the Embedded Operating System architecture, Embedded System security vulnerabilities and virtual file system are introduced. It is detailedly analyzed that technology to achieve Flexibility Response mechanism which includes security framework of the Flask, SELinux security mechanism, vulnerabilities detecting and evaluation and dynamic strategies configuration. Based on SELinux security mechanism, the Embedded Operating System Flexibility Response architecture is proposed, and the methods of security situation dynamic evaluation and dynamic strategies configuration are discussed, so as to enhance the Flexibility Response capability of Embedded System in terms of system architecture.To deal with the problem that Embedded System can not dynamically get security situation and respond when system is running, the assessment methods of security level based on vulnerability feature is proposed, which achieve dynamic real-time evaluation of system security and provide a decision support for the system dynamic configuration of security strategies and dynamic setting checkpoint interval. Methods of the risk assessment of the combination of vulnerabilities and the vulnerabilities feature vector classification that achieve security assessment are expounded. Issues which include the problem of the least vulnerabilities combination, the problem of best number of classification for vulnerabilities feature vectors and the problem of vulnerabilities harm assessment updating are discussed.Based on assessment of the security level, to improve the system fault-tolerant capability, robustness, stability and recoverability, Flexibility Response method for process based on the dynamic checkpoint intervals is proposed. Backup and recovery of the system process is realized by the application of checkpoint mechanism. In order to realize the dynamic adjustment of checkpoint interval, the "J.T. Daly model" that calculate the optimal static checkpoint interval is improved. Based on this model, a new approach for dynamically setting the checkpoint interval is proposed. Compared with static checkpoint interval setting, the dynamic checkpoint interval setting approach reduced the checkpoint overhead rates and improved Flexibility Response capacity of the system.To cope with problems of system task scheduling exception in the running Embedded System caused by system hardware configuration changes, the causes of system scheduling exception are analyzed, and the Flexibility Response method to deal with system task scheduling exception of Embedded System is proposed. The formal description on scheduling exception and definition of the scheduling stability are given. Based on scheduling stability, two scheduling rules SAR and DX are proposed, which enhance the adaptability of the Embedded Operating System to the hardware configuration changes and improve the scheduling stability, effectively preventing scheduling exception brought by the system hardware configuration changes.更多还原