Research on Microkernel-based Power Dedicated Secure Operating System
- 95 Downloads
Industrial security situation is increasingly serious; operating system security is an important basis for the entire information security. In the industrial security systems, industrial control terminal at the operating system level, lack of a comprehensive security system, unable to adapt to the security situation under the new situation. To effectively solve the above problems, self-controlled safety technology operating system research was critical needed. In the industrial operating system security, operating system security kernel integrity is an important guarantee. Based on NARIsecOS, this paper proposed kernel integrity protection program, and part of the work carried out formal verification. Secure operating system can bring the following goodness: 1) Trojan virus immunity, and against hacker attacks; 2) Greatly reduce the zero-day vulnerabilities; 3) Decentralized management, effectively circumvent a dominant right; 4) Enhance industrial endpoint security protection.
KeywordsMicrokernel NARIsecOS Kernel integrity Operating system security
- 1.Shi, E., Perrig A., & Doorn, L.V. (2005). BIND: A fine-grained attestation service for secure distributed systems. Proceedings of the IEEE Symposium on Security and Privacy.Google Scholar
- 2.Rohit Sinha (Univ. of California, Berkeley); Sriram Rajamani (Microsoft Research); Sanjit Seshia (Univ. of California, Berkeley); Kapil Vaswani (Microsoft Research):Moat: Verifying confidentiality of enclave programs. Ccs 2017.Google Scholar
- 3.F-Secure (2015). F-Secure Blacklight. http://www.f-secure.com/blacklight/blacklight.html.
- 4.Sharif, M. I., Lee, W., Cui, W., & Lanzi, A. (2009). Secure in-VM Mon-itoring using hardware virtualization. Proceedings of CCS,Google Scholar
- 5.Xiong, X., Tian, D., Liu, P., & Perrig, A. (2011). Practical protection of kernel integrity for commodity OS from untrusted extensions. San Diego, California: NDSS.Google Scholar
- 6.Evans, I., Long, F., & Otgonbaatar, U. (2017). Control Jujutsu: On the Weaknesses of Fine-Grained Control Flow Integrity, ccs.Google Scholar
- 7.Petroni, N. L., Fraser, T., Walters, A., & Arbaugh, W. A. (2006). An architecture for specification-based detection of se-mantic integrity violations in kernel dynamic data. Proceedings for the 15th USENIX Security Symposium, Vancouver, B.C., Canada.Google Scholar
- 8.Xiao, Q., Reiter, M. K., & Zhang Y. (2016). Mitigating storage side channels using statistical privacy mechanisms. Ccs.Google Scholar
- 9.Qian, Z., Liu, W., Huang, H. (2013). HybridHP:A verified lightweight approach to provide lifetime kernel integrity surveillance. Chinese Journal of Computers.Google Scholar
- 11.Coyotos (2010). Website. http://www.coyotos.org.
- 12.Northup, E., Sridhar, S., Shapiro, J., Doerrie, M. S. & Miller, M. (2004). Towards a verified,general-purpose operating system kernel. 1st NICTA Workshop on Operating System Verification.Google Scholar
- 13.Shapiro, J. S., Smith, J. M., & Farber, D. J. (1999). EROS: A fastcapability system. 17th ACM Symposium on Operating Systems Principles, 170–185.Google Scholar
- 14.Robin Project (2010). Website. http://robin.tudos.org.
- 15.HendrikTews (2007). Micro hypervisor verification: possible approaches and relevant properties. http://robin.tudos.org/publications/hyperveri.pdf.
- 16.Intel Corporation (2018). Intel virtualization technology. website. http://www.intel.com/technology/virtualization/.
- 17.Tuch, H., & Klein, G. (2004). Verifying the L4 virtual memory subsystem. In G. Klein (Ed.), Proceedings of the NICTA formal methods workshop on Operating systems verification (pp. 73–97). Australia: National ICT.Google Scholar
- 18.Yale Flint Project (2018). Website. http://flint.cs.yale.edu/.