Advertisement

Journal of Signal Processing Systems

, Volume 91, Issue 10, pp 1127–1136 | Cite as

Research on Microkernel-based Power Dedicated Secure Operating System

  • Jun Chen
  • Wei Liu
  • Xiaoliang Lv
  • Deliang Ji
  • Jia Shi
  • Bo LiEmail author
Article
  • 95 Downloads

Abstract

Industrial security situation is increasingly serious; operating system security is an important basis for the entire information security. In the industrial security systems, industrial control terminal at the operating system level, lack of a comprehensive security system, unable to adapt to the security situation under the new situation. To effectively solve the above problems, self-controlled safety technology operating system research was critical needed. In the industrial operating system security, operating system security kernel integrity is an important guarantee. Based on NARIsecOS, this paper proposed kernel integrity protection program, and part of the work carried out formal verification. Secure operating system can bring the following goodness: 1) Trojan virus immunity, and against hacker attacks; 2) Greatly reduce the zero-day vulnerabilities; 3) Decentralized management, effectively circumvent a dominant right; 4) Enhance industrial endpoint security protection.

Keywords

Microkernel NARIsecOS Kernel integrity Operating system security 

Notes

References

  1. 1.
    Shi, E., Perrig A., & Doorn, L.V. (2005). BIND: A fine-grained attestation service for secure distributed systems. Proceedings of the IEEE Symposium on Security and Privacy.Google Scholar
  2. 2.
    Rohit Sinha (Univ. of California, Berkeley); Sriram Rajamani (Microsoft Research); Sanjit Seshia (Univ. of California, Berkeley); Kapil Vaswani (Microsoft Research):Moat: Verifying confidentiality of enclave programs. Ccs 2017.Google Scholar
  3. 3.
    F-Secure (2015). F-Secure Blacklight. http://www.f-secure.com/blacklight/blacklight.html.
  4. 4.
    Sharif, M. I., Lee, W., Cui, W., & Lanzi, A. (2009). Secure in-VM Mon-itoring using hardware virtualization. Proceedings of CCS,Google Scholar
  5. 5.
    Xiong, X., Tian, D., Liu, P., & Perrig, A. (2011). Practical protection of kernel integrity for commodity OS from untrusted extensions. San Diego, California: NDSS.Google Scholar
  6. 6.
    Evans, I., Long, F., & Otgonbaatar, U. (2017). Control Jujutsu: On the Weaknesses of Fine-Grained Control Flow Integrity, ccs.Google Scholar
  7. 7.
    Petroni, N. L., Fraser, T., Walters, A., & Arbaugh, W. A. (2006). An architecture for specification-based detection of se-mantic integrity violations in kernel dynamic data. Proceedings for the 15th USENIX Security Symposium, Vancouver, B.C., Canada.Google Scholar
  8. 8.
    Xiao, Q., Reiter, M. K., & Zhang Y. (2016). Mitigating storage side channels using statistical privacy mechanisms. Ccs.Google Scholar
  9. 9.
    Qian, Z., Liu, W., Huang, H. (2013). HybridHP:A verified lightweight approach to provide lifetime kernel integrity surveillance. Chinese Journal of Computers.Google Scholar
  10. 10.
    S. Owre, J. M. Rushby, and N. Shankar. PVS: A prototype verification system. In Deepak Kapur, editor, 11th International Conference on Automated Deduction(CADE), volume 607 of Lecture Notes in Artificial Intelligence, pp. 748–752, Saratoga, NY, Jun 1992. Springer-Verlag.CrossRefGoogle Scholar
  11. 11.
    Coyotos (2010). Website. http://www.coyotos.org.
  12. 12.
    Northup, E., Sridhar, S., Shapiro, J., Doerrie, M. S. & Miller, M. (2004). Towards a verified,general-purpose operating system kernel. 1st NICTA Workshop on Operating System Verification.Google Scholar
  13. 13.
    Shapiro, J. S., Smith, J. M., & Farber, D. J. (1999). EROS: A fastcapability system. 17th ACM Symposium on Operating Systems Principles, 170–185.Google Scholar
  14. 14.
    Robin Project (2010). Website. http://robin.tudos.org.
  15. 15.
    HendrikTews (2007). Micro hypervisor verification: possible approaches and relevant properties. http://robin.tudos.org/publications/hyperveri.pdf.
  16. 16.
    Intel Corporation (2018). Intel virtualization technology. website. http://www.intel.com/technology/virtualization/.
  17. 17.
    Tuch, H., & Klein, G. (2004). Verifying the L4 virtual memory subsystem. In G. Klein (Ed.), Proceedings of the NICTA formal methods workshop on Operating systems verification (pp. 73–97). Australia: National ICT.Google Scholar
  18. 18.
    Yale Flint Project (2018). Website. http://flint.cs.yale.edu/.

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  • Jun Chen
    • 1
  • Wei Liu
    • 2
  • Xiaoliang Lv
    • 2
  • Deliang Ji
    • 1
  • Jia Shi
    • 1
  • Bo Li
    • 3
    Email author
  1. 1.Zhejiang Huayun Information Technology Co. Ltd.ZhejiangChina
  2. 2.NARI Group CorporationState Grid Electric Power Research InstituteNanjingChina
  3. 3.School of Computer Science and EngineeringBeihang UniversityBeijingChina

Personalised recommendations