节点文献

网络结构化高安全操作系统——本地与网络子系统间安全切换机制的设计与实现

【作者】 宋小宁

【导师】 邵峰晶;

【作者基本信息】 青岛大学 , 计算机软件与理论, 2010, 硕士

【摘要】 网络安全问题日益严峻,已有的传统方法已经不再能够满足日益增长的网络安全问题的需要,单CPU双总线安全计算机体系结构(简称sCPU-dBUS)从改变计算机体系结构的角度来保障计算机系统的安全性。它包含唯一的CPU资源以及本地总线和网络总线两条独立的高速系统总线;CPU连接到主总线,而总线桥接器控制CPU与本地总线和网络总线的接通与断开。本课题组自主研发了基于sCPU-dBUS体系结构的网络结构化安全操作系统NetOS-I,它具有两个独立的操作系统子内核,分别运行于本地子系统和网络子系统。为了使两个操作系统子内核能够合理的共享CPU,实现CPU时间片的有效分配及管理,必须有一套系统切换机制来保证系统的实时切换。为了保障系统的安全性,还需要有一套有效的安全保障机制来保障系统切换的安全性。本文设计的子系统间安全切换机制即实现了系统的安全切换。本文首先对子系统间安全切换机制进行了总体设计:(1)设计了将两个子系统中的网络管理进程作为系统切换机制的控制枢纽,负责接收来自两个子系统的系统切换请求;(2)设计系统切换的触发模式为硬切换模式和软切换模式两种,分别用于用户控制下的系统切换和数据传输中的系统切换两种。用户按键或者输入命令后,便可以实现相应情况下的系统切换;(3)设计将时钟中断处理程序作为系统切换的出入口,以便实现系统的实时切换。其次,本文对系统切换的安全保障机制进行了设计及实现。设计采用命令加密和命令附加密码的双重保障机制来保障系统切换的安全性。本文采用了公钥加密体制中的RSA作为命令加密的加密算法;采用了MD5作为命令附加密码方法的加密算法;采用了信号和管道的通信方式作为系统切换请求进程和网络管理进程间通信和传输数据的方式。此外,本文对网络管理进程的初始化进行了设计和实现。最后,基于本课题组研发的安全结构智能网络终端主板对实现的子系统间安全切换机制进行了测试,并对测试结果进行了分析。结果证明可以平稳的实现系统的安全切换。

【Abstract】 Network security problems are becoming so serious that present ways are no longer satisfied with its need. sCPU-dBUS security computer architecture is designed to protect system’s security from the angle of changing computers’ architecture. It has one CPU and two fast sub-buses called local-bus and network-bus. CPU is connected to main-bus and bus-bridge controls the connections between main-bus and two sub-buses. NetOS-I is developed independently by our research group based on sCPU-dBUS architecture. It has two independent OS sub-kernels running separately in two sub-areas.To make sure two sub-systems could share CPU reasonably and time slices of CPU could be distributed effectively, there should be a system-switching mechanism to realize real-time switch. Besides, a security scheme should be realized for safe system-switching. The system-switching mechanism designed in this thesis implements the safe system-switching between sub-systems.In this thesis, firstly overall design of system-switching mechanism is given:(1) network management processes are designed as the control hub of system-switching mechanism. It takes system-switching applications from two sub-systems. (2) Trigger of system-switching is designed as hardware trigger and instruction trigger for the two situations:switch under users’ control and switch during data transfer. When users trigger, corresponding switching occurs. (3) Entrance and exit of system-switching are designed as the clock interrupt processor in order to realize real-time switching.Then, a security insurance scheme is designed and implemented. We adopted double safeguard mechanism called instruction encryption and instruction with password to ensure security of system-switching. In the scheme, two public-key encryption algorithms called RSA and MD5 are adopted. And signal and pipe are adopted as the communication method between network management process and system-switching application process. Besides, initialization of network management process is designed and implemented. At last, system-switching mechnism is tested on the mother board of a network computer adopting the sCPU-dBUS architecture. The results show that system can be switched safely.

  • 【网络出版投稿人】 青岛大学
  • 【网络出版年期】2011年 03期
节点文献中: