The Design And Implement Of VTOS Secure Kernel

VTOS put security design in a crucial position, the design goal of VTOS is to build a security, reliable, verifiable, practical microkernel operating system with good performance. To order to improve the VTOS security performance, this paper looked into relevant Security Evaluation Criteria, compared security kernel technology domestic and international. Combined with the VTOS architecture features, this paper has designed and implemented an improved microkernel based VTOS security kernel.1) In this paper, we researched the related secure operating system, secure kernel technologies, and proposed an improved secure kernel model based on VTOS. This model designed the reference monitor into kernel, and integrated the outside-kernel security related components within the system into secure server. The microkernel and secure server constituted the VTOS secure kernel. The untrusted drivers、servers and user processes were isolated in user mode, secure server made access control and arbitration upon them when they try to access the resources in system. This paper improved the IPC mechanism in VTOS to ensure that all messages in the system cannot bypass the arbitration of secure server, and it reduced the performance consuming during interaction with secure server, and eliminated potential security risks of the shared memory area in the original IPC mechanism.2) This paper researched the isolation requirements of secure server, and proposed to design an independent file system for secure server to maintain all the secure attributes of subject and object as well as security policy database. This paper Designed a micro-file system in secure server, using a separate disk, which is limited to accessing only by the secure server. In this way, achieved a secure server’s strategies, capabilities, and data independence, and achieved moving the FS and other services process out of the secure kernel, made the secure kernel streamlining. Meanwhile, the secure server was running in user mode as a security process, we used relevant address space isolation mechanism、message mechanism to achieve the isolation of secure server and user mode process.3) This paper researched the access control and access control framework technologies, and implemented a multi-strategy access control model in the secure server. The secure server applied the mandatory access control, domain access control and role-based access control together, and flexibility the integrated in secure server, achieved the rinciple of least privilege and separation of duties. Secure server accessed control all the resources in the system through arbitration, which protected the VTOS system’s integrity, verifiable and controllable. Meanwhile, the security server provided a unified interface for the security administrator, so that they could easily change and test the system’s security mechanisms or strategy for the component.