CAJ | 학술논문

针对VxWorks系统缺少文件层保护的问题,设计并实现了一种基于VxWorks文件层的访问控制系统.该系统包括访问监控器、访问决策器和权限库3部分.首先,在dosFs文件系统层嵌入访问监控器,拦截任务对块设备中文件的访问,同时获取由访问主体、客体以及访问方式所构成的三元组访问任务信息;其次,访问决策器将获取的访问任务信息与权限库的规则作匹配,给出决策方案;最后,访问监控器根据决策方案进行相应的访问控制.文中实验部分对使用文中方法设计的VxWorks系统进行了性能评估,结果表明该控制方法不仅有效提高了VxWorks系统的安全性,而且对VxWorks系统的实时性影响较小.
침대VxWorks계통결소문건층보호적문제,설계병실현료일충기우VxWorks문건층적방문공제계통.해계통포괄방문감공기、방문결책기화권한고3부분.수선,재dosFs문건계통층감입방문감공기,란절임무대괴설비중문건적방문,동시획취유방문주체、객체이급방문방식소구성적삼원조방문임무신식;기차,방문결책기장획취적방문임무신식여권한고적규칙작필배,급출결책방안;최후,방문감공기근거결책방안진행상응적방문공제.문중실험부분대사용문중방법설계적VxWorks계통진행료성능평고,결과표명해공제방법불부유효제고료VxWorks계통적안전성,이차대VxWorks계통적실시성영향교소.
An access control system based on file layer of VxWorks is designed and implemented to solve the problem of lack of protection in file layer of VxWorks.This system is composed of three parts which are access monitor, access decider and authority library.Firstly, access monitor which is used to intercept the access of tasks to files in the block device and to acquire the access information of tasks is embedded into the dosFs file system layer, and the access information is also made up of three parts which are access subject, access object and access mode.Secondly, a decision scheme is given by access decider when the acquired access information of tasks is compared by the rules in authority library.Finally, the corresponding access control is carried out by access monitor according to the decision above.The performance of VxWorks embedded with the designed access control system is evaluated by experiments, and it turns out that the security of VxWorks is improved by the con-trol method whose effect on the instantaneity of VxWorks is acceptable.