江苏科技大学学报(自然科学版)
江囌科技大學學報(自然科學版)
강소과기대학학보(자연과학판)
Journal of Jiangsu University of Science and Technology(Natural Science Edition)
2015年
5期
462-466
,共5页
VxWorks%dosFs文件系统%访问控制%块设备
VxWorks%dosFs文件繫統%訪問控製%塊設備
VxWorks%dosFs문건계통%방문공제%괴설비
VxWorks%dosFs file system%access control%block device
针对VxWorks系统缺少文件层保护的问题,设计并实现了一种基于VxWorks文件层的访问控制系统.该系统包括访问监控器、访问决策器和权限库3部分.首先,在dosFs文件系统层嵌入访问监控器,拦截任务对块设备中文件的访问,同时获取由访问主体、客体以及访问方式所构成的三元组访问任务信息;其次,访问决策器将获取的访问任务信息与权限库的规则作匹配,给出决策方案;最后,访问监控器根据决策方案进行相应的访问控制.文中实验部分对使用文中方法设计的VxWorks系统进行了性能评估,结果表明该控制方法不仅有效提高了VxWorks系统的安全性,而且对VxWorks系统的实时性影响较小.
針對VxWorks繫統缺少文件層保護的問題,設計併實現瞭一種基于VxWorks文件層的訪問控製繫統.該繫統包括訪問鑑控器、訪問決策器和權限庫3部分.首先,在dosFs文件繫統層嵌入訪問鑑控器,攔截任務對塊設備中文件的訪問,同時穫取由訪問主體、客體以及訪問方式所構成的三元組訪問任務信息;其次,訪問決策器將穫取的訪問任務信息與權限庫的規則作匹配,給齣決策方案;最後,訪問鑑控器根據決策方案進行相應的訪問控製.文中實驗部分對使用文中方法設計的VxWorks繫統進行瞭性能評估,結果錶明該控製方法不僅有效提高瞭VxWorks繫統的安全性,而且對VxWorks繫統的實時性影響較小.
침대VxWorks계통결소문건층보호적문제,설계병실현료일충기우VxWorks문건층적방문공제계통.해계통포괄방문감공기、방문결책기화권한고3부분.수선,재dosFs문건계통층감입방문감공기,란절임무대괴설비중문건적방문,동시획취유방문주체、객체이급방문방식소구성적삼원조방문임무신식;기차,방문결책기장획취적방문임무신식여권한고적규칙작필배,급출결책방안;최후,방문감공기근거결책방안진행상응적방문공제.문중실험부분대사용문중방법설계적VxWorks계통진행료성능평고,결과표명해공제방법불부유효제고료VxWorks계통적안전성,이차대VxWorks계통적실시성영향교소.
An access control system based on file layer of VxWorks is designed and implemented to solve the problem of lack of protection in file layer of VxWorks.This system is composed of three parts which are access monitor, access decider and authority library.Firstly, access monitor which is used to intercept the access of tasks to files in the block device and to acquire the access information of tasks is embedded into the dosFs file system layer, and the access information is also made up of three parts which are access subject, access object and access mode.Secondly, a decision scheme is given by access decider when the acquired access information of tasks is compared by the rules in authority library.Finally, the corresponding access control is carried out by access monitor according to the decision above.The performance of VxWorks embedded with the designed access control system is evaluated by experiments, and it turns out that the security of VxWorks is improved by the con-trol method whose effect on the instantaneity of VxWorks is acceptable.