面向电力领域安全嵌入式操作系统的研究与设计
|
摘要
嵌入式系统在电力领域有着广泛的应用基础。随着电力系统规模的扩大和自动化水平的提高,电力系统对底层设备的可靠性、安全性要求越来越高。但是由于嵌入式系统本身条件的限制,嵌入式操作系统的安全防护能力有限,系统的信息安全面临极大的挑战。在嵌入式操作系统领域,安全开发正处于一个起步阶段,国内外目前的嵌入式操作系统主要考虑的是它的实时性和稳定性,没有对安全性做出太多的考虑,这显然不能满足电力领域越来越紧迫的安全性需求。
论文以电力系统中的子站系统为设计对象,设计一个适用于电力领域的安全嵌入式操作系统,以保证系统的信息安全。设计采用微内核模型和分层模型相结合的体系结构,使目标系统同时具有了模块化和可靠的特点,尽量做到对原内核改动的最小化,以满足电力控制领域对实时性和稳定性的要求。
在对系统访问控制的形式化设计中,研究分析了各类安全策略模型,着重考虑了安全模型在嵌入式应用的特殊性,最终基于BLP(Bell-La-Padula),全新设计了应用于嵌入式领域的安全访问控制模型μBLP,并采用了Z语言对新模型进行了规范化的描述,旨在今后的工作中能对模型的正确性作进一步的证明,以符合高安全级别的标准。
论文采用μC/OS-Ⅱ作为内核开发原型。在提出了系统框架的基础上,完成了整体设计。作为操作系统的核心,内核成为设计的重点,在其实现方案中,考虑到应用安全访问控制对稳定性以及实时性的影响,论文结合电力系统的需求引入了决策缓冲机制。具体设计将安全内核划分为访问监视器,策略缓存,仲裁服务器,以及审计系统各个子模块,并对它们予以详细地实现。在实现了安全内核的基础上,本文在最后对系统的各个子系统进行了分析与设计,特别地给出了内核扩展层与内存管理模块的关系。
在测试环节,根据预先设计的安全策略,搭建测试平台,制定测试方案进行了具体测试,根据测试结果,对内核系统的性能指标做出量化分析。测试结果表明,在所设计的系统中,对内核客体的访问控制符合所制定的安全策略,并且整个内核运行稳定,实时性的负面影响不超过原有系统性能指标的10%。
Embedded systems have a broad application base in field of power,as the expansion of the scale and the improvement of automation,power system has increasing demands for reliability,security of substation monitoring and protection system.However,due to the conditions of embedded systems own,their security capacities are limited,and information security systems face enormous challenges. Security operating system development is at a preliminary stage in embedded operating system area.Embedded operating systems at home and abroad presently pay major attantions to their real-time and stability,and don't make many considerations to security,which can not meet the more pressing security requriment of system obviously.
Paper chooses sub-station system of power as the design object.Construct a secure embedded system applied to power field,which assure safety of the system information.System design use the architecture combing micro-core model and hierarchical model,brought the target system with modular and reliable characteristics,it make the smallest changes to the original core as possible to meet the electricity system requirements of real-time control and stability.
In formal design of access control,paper research and analysis various security strategy models,focus on the particularity of secure models applications on the embedded system.Finally based on the BLP,redesign a new secure model namedμBLP,which is suitable to embedded system,and use Z language to standardize the description of the model,to proof it's correctness in further work.The formal design is to meet the higher level of security standards.
Paper choosesμC/OS-Ⅱas development prototype.Based on the framework of system,accomplish design of the system overall.As the core of operating system,is the focus of whole design,in its implementation of access control,taking into account the impact of real-time and stability when apply secure strategy,paper introduce a buffer decision-making mechanism.Concrete implement divide secure kernel into some parts,security monitors,strategy cache,arbitration server,and audit module,these sub-modules are coded detailedly.Based on the secure kernel,finally analysis and design the subsystems,including file system and network system,give module relations of the expansion level and memory management specially.
In the test phrase,build the test platform,according to the pre-designed security strategy,develop test solutions,and get the target system performance indicators to make quantitative analysis according test results.Test results show that the access to objects in kernel is according with the security policies pre-developed,secure kernel run stable,and the negative effect on real-time system performance does not exceed the original target of 10%.
论文以电力系统中的子站系统为设计对象,设计一个适用于电力领域的安全嵌入式操作系统,以保证系统的信息安全。设计采用微内核模型和分层模型相结合的体系结构,使目标系统同时具有了模块化和可靠的特点,尽量做到对原内核改动的最小化,以满足电力控制领域对实时性和稳定性的要求。
在对系统访问控制的形式化设计中,研究分析了各类安全策略模型,着重考虑了安全模型在嵌入式应用的特殊性,最终基于BLP(Bell-La-Padula),全新设计了应用于嵌入式领域的安全访问控制模型μBLP,并采用了Z语言对新模型进行了规范化的描述,旨在今后的工作中能对模型的正确性作进一步的证明,以符合高安全级别的标准。
论文采用μC/OS-Ⅱ作为内核开发原型。在提出了系统框架的基础上,完成了整体设计。作为操作系统的核心,内核成为设计的重点,在其实现方案中,考虑到应用安全访问控制对稳定性以及实时性的影响,论文结合电力系统的需求引入了决策缓冲机制。具体设计将安全内核划分为访问监视器,策略缓存,仲裁服务器,以及审计系统各个子模块,并对它们予以详细地实现。在实现了安全内核的基础上,本文在最后对系统的各个子系统进行了分析与设计,特别地给出了内核扩展层与内存管理模块的关系。
在测试环节,根据预先设计的安全策略,搭建测试平台,制定测试方案进行了具体测试,根据测试结果,对内核系统的性能指标做出量化分析。测试结果表明,在所设计的系统中,对内核客体的访问控制符合所制定的安全策略,并且整个内核运行稳定,实时性的负面影响不超过原有系统性能指标的10%。
Embedded systems have a broad application base in field of power,as the expansion of the scale and the improvement of automation,power system has increasing demands for reliability,security of substation monitoring and protection system.However,due to the conditions of embedded systems own,their security capacities are limited,and information security systems face enormous challenges. Security operating system development is at a preliminary stage in embedded operating system area.Embedded operating systems at home and abroad presently pay major attantions to their real-time and stability,and don't make many considerations to security,which can not meet the more pressing security requriment of system obviously.
Paper chooses sub-station system of power as the design object.Construct a secure embedded system applied to power field,which assure safety of the system information.System design use the architecture combing micro-core model and hierarchical model,brought the target system with modular and reliable characteristics,it make the smallest changes to the original core as possible to meet the electricity system requirements of real-time control and stability.
In formal design of access control,paper research and analysis various security strategy models,focus on the particularity of secure models applications on the embedded system.Finally based on the BLP,redesign a new secure model namedμBLP,which is suitable to embedded system,and use Z language to standardize the description of the model,to proof it's correctness in further work.The formal design is to meet the higher level of security standards.
Paper choosesμC/OS-Ⅱas development prototype.Based on the framework of system,accomplish design of the system overall.As the core of operating system,is the focus of whole design,in its implementation of access control,taking into account the impact of real-time and stability when apply secure strategy,paper introduce a buffer decision-making mechanism.Concrete implement divide secure kernel into some parts,security monitors,strategy cache,arbitration server,and audit module,these sub-modules are coded detailedly.Based on the secure kernel,finally analysis and design the subsystems,including file system and network system,give module relations of the expansion level and memory management specially.
In the test phrase,build the test platform,according to the pre-designed security strategy,develop test solutions,and get the target system performance indicators to make quantitative analysis according test results.Test results show that the access to objects in kernel is according with the security policies pre-developed,secure kernel run stable,and the negative effect on real-time system performance does not exceed the original target of 10%.
引文
[1]郑文波,魏庆福.嵌入式系统的技术发展和我们的机遇.自动化博览,2002,Vol.19,NO.4:10-13
[2]魏忠,蔡勇,雷红卫.嵌入式开发详解.北京:电子工业出版社,2003:3-5
[3]何立民.嵌入式系统的定义与发展历史.单片机与嵌入式系统应用,2004,NO.1:6-8
[4]李江,常葆林.嵌入式操作系统设计中的若干问题.计算机工程,2000,6(Vol.26NO.2):88-89
[5]彭玉灵.嵌入式实时系统及中国RTOS的发展.四川大学学报(自然科学版),2004,10(第41卷增刊)
[6]何魏,宋俊海,高文生.嵌入式操作系统VxWorks中的网络通信.计算机与网络,2003,3:53-55
[7]熊江.三种嵌入式操作系统的分析与比较.单片机与嵌入式系统应用,2003,NO.1:15-18
[8]涂钢,阳富民,胡贯荣.嵌入式操作系统综述.计算机应用研究,2000,11:4-5
[9]Jean J.Labrosse[美]著,邵贝贝等译.嵌入式实时操作系统μC/OS-Ⅱ(第2版).北京:北京航空航天大学出版社,2003,5
[10]httP://www.hopen.com.cn/
[11]高伟华,扬子军.嵌入式操作系统的研究现状及发展趋势.黑龙江电力,2002,10(第24卷第5期):383-386
[12]张国怀.近乎本土化的Windows:中软Linux3.1桌面版.电子测试,2002,9 34-35
[13]钟锡昌.嵌入式操作系统在中国的发展现状与前景.信息技术与标准化,2002,6:6-9
[14]http://www.redflag-linux.com/
[15]张洁.应用RTOS进行变电站综合自动化系统开发的研究.华中科技大学硕士学位论文,2004
[16]王苏,林风,张长银.一种网络化保护故障信息管理子站系统的设计思想.电力系统自动化.Vol.26 No.22
[17]涂钢,阳富民,胡贯荣.嵌入式操作系统综述.计算机应用研究,2000,11:4-5
[18]刘绍南,嵌入式操作系统研究.装备指挥技术学院学报,2003,4(Vol.14 NO.2)
[19]Warren Webb.Secure Embedded System.http://www.edu.com/article/CA434871.html
[20]Burt Kaliski.New Challenges in Embedded Security(2001),http://www.Rasasecurity/rsalabs/staff/bios/bkaliski/publications/other/kaliski-embedded-security-cees-201.ppt
[21]Paul Kocher,Ruby Lee,Gary McGraw,Anand Raghunathan and Srivaths Ravi.Security as a New Dimension in Embedded System Design.,http://videos.dac.com/41st/papers/46-1.pdf
[22]谭毓安等.Windows汇编语言程序设计教程.北京:电子工业出版社,2005,4
[23]高翔.电网故障信息系统应用技术.北京:中国电力出版社,2006,6
[24]胡国新,周炎.变电站信息管理系统子站系统的设计方案.高电压技术,2004,(Vol.30,NO.12)
[25]远动规约说明书,电力内部资料
[26]胡小新,朱清新.一种关于DDoS攻击的包过滤方案.2003中国计算机大会 会议论文
[27]熊泳,张爱民,张杭.在电力系统中提高SCADA系统实时性的方法研究.High Voltage Apparatus,June 2002(Vol.38 No.3)
[28]毛玉翠.安全操作系统中的存取控制.大连大学学报,2004,8(Vol.25 NO.4):60-63
[29]Qinng Huang,Changxiang Shen.A NEW MLS MANDATORY POLICY COMBINING SECRECY ANDINTEGRITY IMPLEMENTED IN HIGHLY CLASSIFIED SECURE LEVEL OS.ICSP'O4 Proceedings
[30]石文昌.安全操作系统开发方法的研究与实施.中科院软件研究所博士论文,20011201
[31]DoD5200,28-STD,Department of Defense Stand.Department of Defense Trusted Computer System Evaluation Criteria.National Computer Security Center,USA,Dec.1985
[32]钟诚,赵跃华.信息安全概论.湖北武汉:武汉理工大学出版社,2003,8
[33]黄皓,谢钧.一个分层隔离的操作系统内核.计算机应用,June 2005(VOL.25 NO.6)
[34]卿斯汉,刘文清,温红子.操作系统安全.北京:清华大学出版社,2004,8
[35]常亮,古天龙.安全协议及其形式化分析研究.桂林电子工业学院学报,2006,NO.4
[36]李瑞轩,赵战西,王治纲,卢正鼎.A BLP Model Based on Access History.Computer Science,2006,N0.7
[37]刘斌,李瑞芳,刘东苏.信息系统中的访问控制模型研究.情报杂志,2003,NO.11
[38]John McLean.Center for High Assurance Computer Systems.Naval Research Laboratory.Washington,DC 20375.A Comment on the "Basic Security Theorem" of Bell and LaPadula 1984
[39]D.E.Bell and L.J.LaPadula.Secure computer system:unified exposition and Multics interpretation.MITRE MTR-2997,March 1976.
[40]梁洪亮,孙玉芳,石文昌,梁洪亮,孙玉芳,石文昌.经典BLP安全公理的一种适应性标记实施方法及其正确性.计算机研究与发展,2001,NO.11
[41]林宏刚,戴宗坤,李焕洲.BLP模型的时域安全研究.计算机应用,2005,NO.12
[42]何建波,卿斯汉,王超.对两个改进的BLP模型的分析.软件学报,2007,NO.6
[43]Ian Toyn.Z语言标准草案.ISO Panel JTC1/SC22/WG19(Rapporteur Group for Z)
[44]马发俊,缪淮扣,刘玲.上海大学学报:自然科学版,2003(Vol.9 NO.6)
[45]李丽萍,卿斯汉,周洲仪,何建波,温红子.安全策略模型规范及其形式分析技术研究.通信学报,2006,NO.6
[46]石文昌,孙玉芳.多级安全性政策的历史敏感性.软件学报,2003,NO.1
[47]傅朝阳,翟玉庆.数字权限管理安全审计系统的设计与实现.苏州科技学院学报(工程技术版),2005,NO.1
[48]王晗.嵌入式操作系统内存泄漏检测.大众科技,2005,NO.8
[49]陈惠滨,陈仅星.嵌入式文件系统在移动数据采集器中的实现.电子器件,2005,NO.3
[50]鲍国彬,吴景东.嵌入式工业控制终端文件系统的研究与设计.福州大学硕士论文,2006
[51]Adam Dunkels.Design and Implementation of the LwIP TCP/IP Stack.Swedish Institute of Computer Science,February 20,2001
[52]江维.嵌入式操作系统安全机制研究与扩展实现.电子科技大学硕士学位论文,2006
[53]尤盈盈,孟利民.构建嵌入式linux交叉编译环境.计算机与数字工程,2006,NO.6
[54]李驹光,聂雪媛,汪泽明,王兆卫.ARM应用系统开发详解.北京:清华大学出版社,2003.12
[55]杜春雷.ARM体系结构与编程.北京:清华大学出版社,2003,2
[56]Embedded Systems Design.http://www.embedded.com/mag.htm
[57]16Mbit(×16)Multi-Purpose Flash SST39LF160/SST39VF160 Data Sheet
[58]SUMSANG公司的S3C4510B用户手册.http://www.sumsang.com
[59]http://www.arm.com
[60]http://www.sumsang.com
[61]HY57V641620HG 4Banks×1M×16Bit Synchronous DRAM Datasheet
[62]ARM Developer Suite Debug Target Guide.ARM DUI 0058D
[63]坂村健.源码开放的嵌入式实时操作系统T-Kernel.北京航空航天大学出版社,2005
[64]http://www.ucos-ii.com
[65]http://www.linux.org/
[66]http://www.embedded.com.cn
[67]Embedded Systems Design.http://www.embedded.com/mag.htm
[68]http://www.arm.linux.org.uk/
[69]http://www.linux-embedded.com
[70]http://www.redhat.com/
[2]魏忠,蔡勇,雷红卫.嵌入式开发详解.北京:电子工业出版社,2003:3-5
[3]何立民.嵌入式系统的定义与发展历史.单片机与嵌入式系统应用,2004,NO.1:6-8
[4]李江,常葆林.嵌入式操作系统设计中的若干问题.计算机工程,2000,6(Vol.26NO.2):88-89
[5]彭玉灵.嵌入式实时系统及中国RTOS的发展.四川大学学报(自然科学版),2004,10(第41卷增刊)
[6]何魏,宋俊海,高文生.嵌入式操作系统VxWorks中的网络通信.计算机与网络,2003,3:53-55
[7]熊江.三种嵌入式操作系统的分析与比较.单片机与嵌入式系统应用,2003,NO.1:15-18
[8]涂钢,阳富民,胡贯荣.嵌入式操作系统综述.计算机应用研究,2000,11:4-5
[9]Jean J.Labrosse[美]著,邵贝贝等译.嵌入式实时操作系统μC/OS-Ⅱ(第2版).北京:北京航空航天大学出版社,2003,5
[10]httP://www.hopen.com.cn/
[11]高伟华,扬子军.嵌入式操作系统的研究现状及发展趋势.黑龙江电力,2002,10(第24卷第5期):383-386
[12]张国怀.近乎本土化的Windows:中软Linux3.1桌面版.电子测试,2002,9 34-35
[13]钟锡昌.嵌入式操作系统在中国的发展现状与前景.信息技术与标准化,2002,6:6-9
[14]http://www.redflag-linux.com/
[15]张洁.应用RTOS进行变电站综合自动化系统开发的研究.华中科技大学硕士学位论文,2004
[16]王苏,林风,张长银.一种网络化保护故障信息管理子站系统的设计思想.电力系统自动化.Vol.26 No.22
[17]涂钢,阳富民,胡贯荣.嵌入式操作系统综述.计算机应用研究,2000,11:4-5
[18]刘绍南,嵌入式操作系统研究.装备指挥技术学院学报,2003,4(Vol.14 NO.2)
[19]Warren Webb.Secure Embedded System.http://www.edu.com/article/CA434871.html
[20]Burt Kaliski.New Challenges in Embedded Security(2001),http://www.Rasasecurity/rsalabs/staff/bios/bkaliski/publications/other/kaliski-embedded-security-cees-201.ppt
[21]Paul Kocher,Ruby Lee,Gary McGraw,Anand Raghunathan and Srivaths Ravi.Security as a New Dimension in Embedded System Design.,http://videos.dac.com/41st/papers/46-1.pdf
[22]谭毓安等.Windows汇编语言程序设计教程.北京:电子工业出版社,2005,4
[23]高翔.电网故障信息系统应用技术.北京:中国电力出版社,2006,6
[24]胡国新,周炎.变电站信息管理系统子站系统的设计方案.高电压技术,2004,(Vol.30,NO.12)
[25]远动规约说明书,电力内部资料
[26]胡小新,朱清新.一种关于DDoS攻击的包过滤方案.2003中国计算机大会 会议论文
[27]熊泳,张爱民,张杭.在电力系统中提高SCADA系统实时性的方法研究.High Voltage Apparatus,June 2002(Vol.38 No.3)
[28]毛玉翠.安全操作系统中的存取控制.大连大学学报,2004,8(Vol.25 NO.4):60-63
[29]Qinng Huang,Changxiang Shen.A NEW MLS MANDATORY POLICY COMBINING SECRECY ANDINTEGRITY IMPLEMENTED IN HIGHLY CLASSIFIED SECURE LEVEL OS.ICSP'O4 Proceedings
[30]石文昌.安全操作系统开发方法的研究与实施.中科院软件研究所博士论文,20011201
[31]DoD5200,28-STD,Department of Defense Stand.Department of Defense Trusted Computer System Evaluation Criteria.National Computer Security Center,USA,Dec.1985
[32]钟诚,赵跃华.信息安全概论.湖北武汉:武汉理工大学出版社,2003,8
[33]黄皓,谢钧.一个分层隔离的操作系统内核.计算机应用,June 2005(VOL.25 NO.6)
[34]卿斯汉,刘文清,温红子.操作系统安全.北京:清华大学出版社,2004,8
[35]常亮,古天龙.安全协议及其形式化分析研究.桂林电子工业学院学报,2006,NO.4
[36]李瑞轩,赵战西,王治纲,卢正鼎.A BLP Model Based on Access History.Computer Science,2006,N0.7
[37]刘斌,李瑞芳,刘东苏.信息系统中的访问控制模型研究.情报杂志,2003,NO.11
[38]John McLean.Center for High Assurance Computer Systems.Naval Research Laboratory.Washington,DC 20375.A Comment on the "Basic Security Theorem" of Bell and LaPadula 1984
[39]D.E.Bell and L.J.LaPadula.Secure computer system:unified exposition and Multics interpretation.MITRE MTR-2997,March 1976.
[40]梁洪亮,孙玉芳,石文昌,梁洪亮,孙玉芳,石文昌.经典BLP安全公理的一种适应性标记实施方法及其正确性.计算机研究与发展,2001,NO.11
[41]林宏刚,戴宗坤,李焕洲.BLP模型的时域安全研究.计算机应用,2005,NO.12
[42]何建波,卿斯汉,王超.对两个改进的BLP模型的分析.软件学报,2007,NO.6
[43]Ian Toyn.Z语言标准草案.ISO Panel JTC1/SC22/WG19(Rapporteur Group for Z)
[44]马发俊,缪淮扣,刘玲.上海大学学报:自然科学版,2003(Vol.9 NO.6)
[45]李丽萍,卿斯汉,周洲仪,何建波,温红子.安全策略模型规范及其形式分析技术研究.通信学报,2006,NO.6
[46]石文昌,孙玉芳.多级安全性政策的历史敏感性.软件学报,2003,NO.1
[47]傅朝阳,翟玉庆.数字权限管理安全审计系统的设计与实现.苏州科技学院学报(工程技术版),2005,NO.1
[48]王晗.嵌入式操作系统内存泄漏检测.大众科技,2005,NO.8
[49]陈惠滨,陈仅星.嵌入式文件系统在移动数据采集器中的实现.电子器件,2005,NO.3
[50]鲍国彬,吴景东.嵌入式工业控制终端文件系统的研究与设计.福州大学硕士论文,2006
[51]Adam Dunkels.Design and Implementation of the LwIP TCP/IP Stack.Swedish Institute of Computer Science,February 20,2001
[52]江维.嵌入式操作系统安全机制研究与扩展实现.电子科技大学硕士学位论文,2006
[53]尤盈盈,孟利民.构建嵌入式linux交叉编译环境.计算机与数字工程,2006,NO.6
[54]李驹光,聂雪媛,汪泽明,王兆卫.ARM应用系统开发详解.北京:清华大学出版社,2003.12
[55]杜春雷.ARM体系结构与编程.北京:清华大学出版社,2003,2
[56]Embedded Systems Design.http://www.embedded.com/mag.htm
[57]16Mbit(×16)Multi-Purpose Flash SST39LF160/SST39VF160 Data Sheet
[58]SUMSANG公司的S3C4510B用户手册.http://www.sumsang.com
[59]http://www.arm.com
[60]http://www.sumsang.com
[61]HY57V641620HG 4Banks×1M×16Bit Synchronous DRAM Datasheet
[62]ARM Developer Suite Debug Target Guide.ARM DUI 0058D
[63]坂村健.源码开放的嵌入式实时操作系统T-Kernel.北京航空航天大学出版社,2005
[64]http://www.ucos-ii.com
[65]http://www.linux.org/
[66]http://www.embedded.com.cn
[67]Embedded Systems Design.http://www.embedded.com/mag.htm
[68]http://www.arm.linux.org.uk/
[69]http://www.linux-embedded.com
[70]http://www.redhat.com/