Design And Implementation Of Microkernel System Service For Control-oriented Field

With the development of intelligence,interconnection and integration in the field of embedded control system,higher requirements are put forward for the security,reliability,extensibility,standardization and distribution of embedded operating system.With its good scalability,reliability and security isolation,the microkernel-based operating system has gradually become the development direction of embedded operating systems.The DeHyp microkernel has the characteristics of the third-generation of microkernel with Capability-based access control mechanism and efficient IPC mechanism.Based on the analysis of the development trend of microkernel-based operating systems at home and abroad,and the research of DeHyp microkernel,embedded network protocol stack,trusted boot and partition isolation,this thesis proposes a construction scheme to build microkernel system services for control-oriented field.The focus of the theis is on how to build a system service oriented to the control field based on the DeHyp microkernel.There are mainly the following aspects:(1)The thesis designs a microkernel system service architecture for control-oriented field,and realizes the security and reliability of system service from four aspects according to the key requirement of system security and reliability in control-oriented field:(i)A component-based modular structure is used to build system services.Each component has a separate address space,using the memory protection mechanism to achieve address space isolation.(ii)Capability access control mechanism is used to implement resource access control between components to enhance component isolation.(iii)A multi-level secure communication mechanism based on the BLP model is adopted to limit the transmission of information flow between components,making communication between components secure and controllable;(iv)A static trusted boot mechanism based on integrity metrics is used to implement secure loading of system service components.(2)The thesis implements component management services.The component management service is the component with the highest authority in user space.It is responsible for the management of all system resources available in the user space,including the allocation and recycling of memory pages,the creation and control of service components,and the processing and delivery of interrupts.In addition,it implements the above-mentioned multi-level secure communication mechanism and component static trusted boot mechanism.The component management service provides services for the application layer components by providing a call interface to the outside.(3)In order to meet the needs of network environment and cross-platform,the thesis proposes and implements an event-driven and cross-platform binary compatible service access mechanism–Event Service Bus for inter-component communication.On this basis,the shared memory-based IPC mechanism is implemented to achieve high efficiency of mass data transmission.(4)The thesis implements application layer service components,including file system services,network communication services,and device services.Taking the SD memory card device as an example,the design and implementation process of the device service component are described in detail.