检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]信息工程大学密码工程学院,河南郑州450004
出 处:《计算机工程与设计》2017年第4期928-935,共8页Computer Engineering and Design
摘 要:为应对嵌入式SoC片上资源的非授权访问,需要对片上资源进行访问控制,为此将防火墙概念引入AHB总线的安全性设计。基于BLP模型对总线安全需求进行形式化描述,设计并论证总线安全通信规则,将安全策略扩展至底层硬件。根据总线传输特点,设计传输检测单元进行批量规则审核,降低防火墙对数据传输速率的影响。实验结果表明,防火墙造成的实际性能损耗不足10%,面积增加53.8%,以较小的性能和面积损失获得了安全防护能力的巨大提升。To deal with the problem of unauthorized access to on-chip resources in embedded system, the concept of firewall was introduced in the secure design of AHB bus. Secure demands of bus were depicted formally based on BLP. Secure communication rules were designed and demonstrated, which took secure strategy into low level hardware. Transmission check unit verified bus transfers in batches according to bus characteristics, which reduced negative effects on data transferring rate greatly. Experimen- tal results show that bus firewall leads to less than 10% real performance loss and 53.8% area augmentation, while improves ca- pability of security guarding for system hugely.
关 键 词:总线防火墙 访问控制 BLP模型 规则审核 传输速率
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.222