CN102479097B - Safe embedded operating system capable of supporting multi-stage loading - Google Patents
Safe embedded operating system capable of supporting multi-stage loading Download PDFInfo
- Publication number
- CN102479097B CN102479097B CN201110135087.XA CN201110135087A CN102479097B CN 102479097 B CN102479097 B CN 102479097B CN 201110135087 A CN201110135087 A CN 201110135087A CN 102479097 B CN102479097 B CN 102479097B
- Authority
- CN
- China
- Prior art keywords
- application
- module
- management
- submodule
- framework
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Stored Programmes (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention provides a safe embedded operating system capable of supporting multi-stage loading. The safe embedded operating system supports the dynamic loading operation of an application program of an embedded terminal, realizes the isolation of the application program and an embedded terminal platform and comprises a system management module, a safety management module, a resource management module, a functional unit module, a GUI (Graphical User Interface) module, an application execution engine module, an application program interface (API) module and the like. Meanwhile, the safe embedded operating system is at least divided into a basic stage and an expansion stage by adopting stage treatment on the basis of the traditional Linux inner core, a basic stage module is fixedly loaded, each module and each functional module in the expansion stage are selectively and dynamically loaded according to application requirements under the scheduling of a system management framework, and thus, loading the system by stage is realized. By using the safe embedded operating system, a function of safety management and control for the application program through a safe framework module is achieved, mechanisms such as end-to-end safe issuing and loading of an application, safe operation protection based on an application process isolation and trust mechanism, application operation monitoring and the like are applied, and safe management and control on the whole life cycle of the application from issuing, downloading, loading to operating is realized.
Description
Technical field
The present invention relates to embedded system field, particularly a kind of secure embedded operating systems of supporting multi-stage loading.
Background technology
Along with the develop rapidly of the communication technology, telecommunications network, computer internet, Cable Network present multi-level fusion characteristics increasingly, each operator is also to full-service comprehensive operation future development, and can the core of operator's competition be provide diversified, abundant application service product to user.Built-in terminal is as direct user oriented business manipulation and display device, it is the final operation carrier of service application, operator wishes can be by attracting the continuous fast Development of more third party's application developers and disposing new valued added applications, this just need to realize fast Development, deployment, the operation of terminal traffic technically, reduces the threshold of service design and access operation.
Current traditional built-in terminal service application developing operation adopts the integrated mode of client more, after business application has been developed by application developer, transfer to terminal development personnel to carry out software transplanting with the form in client software storehouse, by integrated application program in the overall software systems of built-in terminal platform, by the software upgrading of large-scale terminal entirety, realize the terminal of this business and dispose operation again., for the abundant and business development business's of service application introducing, there is many limiting factors in this kind of application and development mode:
1, applicating developing technology threshold is high, and the construction cycle is long.
Built-in terminal is varied at present, there are differences in each side such as master chip type, resource distribution, OS Type, software architectures, application and development is because taking the mode of transplanting to be integrated in terminal software system, need the software architecture familiar with understanding of application developer to terminal, this has proposed higher technical need to application and development.And in migration process, the technology between terminal development personnel and application developer is linked up break-in, certainly will cause the lengthening in application and development cycle, cannot realize the fast Development of business and dispose.
2, application adopts built-in mode, and to built-in terminal, resource distribution brings challenges.
Application program is embedded in built-in terminal entirety software systems with client software storehouse form, when application and development fast development, when number of applications is greatly enriched, certainly will produce the huge challenge to terminal resource configuration, cause the continuous upgrading of terminal hardware platform, make operator's overlapping investment repeatedly, the overlapping investment of terminal development business technology, and the investment of disperseing new business application and development.
3, more new technological process complexity of service application, maintenance cost is high.
The development deployment of new application, needs the participation of the each links of industrial chain such as application developer, terminal development personnel, terminal manufacturer, operator, and flow process is numerous and diverse, certainly will cause maintenance cost high.And the renewal of certain application, needs large-scale consumer terminal software upgrading, bring operations risks to improve.
For greatly abundant demand of service application, and the problem of existing application and development, be badly in need of building a kind of by application development and the isolation of built-in terminal platform, and support application program dynamic load, operation have a perfect life cycle management, and the built-in terminal basic software-embedded OS of security guarantee, to realize the good isolation of application and development and terminal platform, for fast Development, deployment, download, the operation of service application provide technical support.Simultaneously, embedded OS is as the kernel software system on operation and terminal platform, except functions such as enter/thread management, memory management, the system service of legacy operating system provide, also need to possess the configuration of application layer system resource Optimized Operation, platform capabilities abstract package, apply the new function such as security mechanism of introducing for third party.
Summary of the invention
The object of the invention is to, exist applicating developing technology threshold high for overcoming current traditional built-in terminal service application exploitation, the construction cycle is long; Many limiting factors: application adopts built-in mode, and resource distribution brings challenges and more new technological process complexity of service application to built-in terminal, and maintenance cost is high, thereby a kind of secure embedded operating systems of supporting multi-stage loading are provided.
For achieving the above object, the present invention proposes a kind of secure embedded operating systems of supporting multi-stage loading, and this operating system is grasped the linux system kernel based on traditional, adopts the layering componentization architectural framework that comprises inner nuclear layer, supporting layer, middleware layer and application layer, it is characterized in that
Described inner nuclear layer comprises:
Standard Linux basic core content and driver module, this part will be compiled in kernel reflection by static state, move and load along with the startup of Linux;
Standard Linux expansion kernel and driver module, this part is configured to kernel with the form of module, in the time that application needs, loads;
Described supporting layer comprises:
Platform transplantation layer module, this layer is for the interface of a set of platform independence of encapsulation, for realizing the isolation of the above software section of graft layers and terminal platform;
Resource management framework module, for the software and hardware resources of system is carried out to unified management, implements MRP, resource distribution and monitoring resource;
Functional component module, the ability abstract package of terminal platform, is used to various application that required function is provided;
System management frame module, the core cell of being responsible for terminal applies management and dispatching, implements the management to terminal software and hardware resources, is responsible for the management to carrying out engine and functional module;
Security framework module, the responsible safety that guarantees application Life cycle, comprises that safe issue, safety load and safe operation;
GUI module, is responsible for the unified reception of multi-window managing, incoming event and distributes, provides graphic operation interface;
Described middleware layer, comprises:
Engine modules is carried out in application, for the interpretation process of application program, dispatches by system management framework, realizes the dynamic explanation operation of application program;
API module, offers the routine interface that application developer programmes, and is arranged at application and carries out on engine, can be performed the operation of engine dynamic analysis.
The secure embedded operating systems of described support multi-stage loading, is characterized in that, described supporting layer also comprises java standard library module.
The secure embedded operating systems of described support multi-stage loading, is characterized in that, described application is carried out engine modules and comprised: JAVA carries out engine submodule, Web Widget carries out engine submodule.
The secure embedded operating systems of described support multi-stage loading, is characterized in that, described system management frame module specifically comprises:
Submodule is found in application, for realizing discovery and the download function of new issue application;
Application management submodule, is in charge of the application program that downloads to terminal platform, realizes loading, the deletion of application program, at local list of application of terminal maintenance;
Application schedules submodule, for realizing load and execution scheduling and the ALM function of application program, this submodule is safeguarded a task scheduling request list and a task scheduling managing listings;
Assembly management submodule, for being responsible for loading, unloading or the renewal of the each functional module of operating system;
Carry out engine management submodule, carry out the management of engine for being responsible for operating system, and
System monitoring submodule, for being responsible for monitoring management state of a process;
Wherein: described application finds to adopt the Web based on B/S framework to dispose discover method or the message announcement based on C/S framework is disposed discover method; Described local list of application comprises all local application records information, and this information specifically comprises: application ID, and application version number, application type, Apply Names, is applied in local store path and application is described.
The secure embedded operating systems of described support multi-stage loading, is characterized in that, described security framework specifically comprises:
Submodule is issued in application, uploads the safety detection of application program, the issue mandate of authentication and application program for registration and the program of completing user;
Trusted application loads submodule, for completing the end-to-end Trusted Loading from issuing service end to terminal; And
Safe operation submodule, prevents exotic invasive and code variation for the program loading while operation, guarantee the consistance of program dynamic operation.
The secure embedded operating systems of described support multi-stage loading, is characterized in that, described functional component module comprises:
Browser submodule: for supporting standard HTML, JS webpage to resolve, support for B/S framework bidirectional applications provides function;
Media player submodule: play for the decoding of supporting multi-format audio-video frequency media file, stream data, for application provides media processing function; With
Network application protocol stack submodule: for for application demand, the extended network protocol stack of developing based on the built-in TCP/UDP/IP computer network with standard network protocol stack of operating system.
The secure embedded operating systems of described support multi-stage loading, is characterized in that, described GUI module can be supported by input equipment plug-in unit system the expansion of input equipment, and this module specifically comprises:
Window management submodule, for realizing, multiwindow coexists and quick handover management, comprises the establishment of window, destroys, and draws;
Task manager submodule, for collection system message, conversion and dissemination system message and user message are given each window object; And
GDI submodule, this submodule comprises G context equipment control, contextual devices Object Management group, graphics system is drawn and is transmitted interface, and various graphical control.
Wherein, each composition module combines with the form of loose coupling by standard interface; Adopt classification processing, main level module is fixing to be loaded, and in expansion level, each module and each functional component module, under described system management framework scheduling, are carried out selectivity dynamic load according to application demand.
In view of above business fast Development deployment requirements and the new functional requirement of embedded OS that brings, the invention provides a kind of secure embedded operating systems of supporting multi-stage loading, support application program dynamic load operating, this operating system is the open terminal-based software platform of an Embedded terminal applies exploitation and dynamic load operating.This operating system can provide for application developers the development environment of hardware independent, possess Dynamic Discovery, loading and the management function of application, and software and hardware resources that can integrated terminal system provides running environment for application, and provide task management and resource management function for the operation of third party's application.
This operating system features is: 1) on traditional linux kernel basis, adopt classification processing, at least be divided into main level and expansion level, main level module is fixing to be loaded, in expansion level, each module and each functional component module are under the scheduling of system management framework, carry out selectivity dynamic load according to application demand, realize system level and load.2) system management framework is as the hard core control unit of this operating system, except possessing application management, scheduling feature, there is execution engine, the assembly management function of operating system self simultaneously, support the dynamic load management and running that many engines coexist, support the distributed management of engine, assembly; 3) security framework module realizes the safety management control function of application programs; have application End-to-End Security issue load, the mechanism such as safe operation protection, application operation monitoring based on application process isolation and faith mechanism, realize application from issuing, download, be loaded into the Life cycle security management and control of operation.
The invention has the advantages that, the operating system providing is applicable to have the various embedded type terminal equipments of application program execution processing power, the each composition module of operating system is by the bottom software and hardware isolation of open graft layers interface and terminal platform, and portable is integrated into different built-in terminal platforms.Operating system major advantage provided by the present invention comprises: 1, the lifecycle management of engine and application program is carried out in, application abstract by platform capabilities, has realized the isolation of application program and terminal platform, and dynamic load operating.2,, by kernel classification, the management and dispatching of coupling system Governance framework, realizes kernel main level, expansion level, functional component module hierarchical loading.In wherein expansion level, functional module, each module is carried out selectivity dynamic load according to application demand.3, there is the security framework of application Life cycle security management and control by employing, guarantee the safe and reliable of system.
Accompanying drawing explanation
The overall architecture schematic diagram of the secure embedded operating systems of Fig. 1 support multi-stage loading of the present invention;
The assembly management submodule that the secure embedded operating systems of Fig. 2 support multi-stage loading of the present invention comprise forms and interface relationship;
The GUI module composition schematic diagram that the secure embedded operating systems of Fig. 3 support multi-stage loading of the present invention comprise.
Embodiment
Below in conjunction with drawings and Examples, the present invention is further described.
For making technical scheme of the present invention more clear, below in conjunction with accompanying drawing, the present invention is done further and elaborated.The present invention proposes a kind of secure embedded operating systems with multistage optimization, this operating system is in the various embedded type terminal equipments with application program execution processing power, by graft layers interface, the platform such as driving, BSP related software isolation with terminal bottom, can be integrated in different built-in terminal platforms.
As shown in Figure 1, Fig. 1 is operating system one-piece construction schematic diagram, has adopted layering componentization architectural framework, and each composition module combines with the form of loose coupling by open standard interface.Operating system layer architecture and each composition module can be achieved as follows as shown in the figure:
(1) inner nuclear layer
(a) standard Linux basic core content and driving, this part kernel will be compiled in kernel reflection by static state, move and load along with the startup of Linux.
(b) standard Linux expansion kernel and driving, the form with module is configured to kernel by the driving here, in the time that application needs, loads; The system service is here also to start when application needs.
(2) supporting layer
(a) platform transplantation layer is the difference of shielding different hardware platforms, the interface of a set of platform independence of encapsulation; Realize the isolation of the above software section of graft layers and terminal platform;
(b) java standard library, mainly comprises the Linux storehouses such as libc, pthread.Operating system can be made an amendment some java standard library, to support resource management framework etc.;
(c) resource management module, carries out unified management to the software and hardware resources of system, implements MRP, resource distribution and monitoring resource;
(d) functional module, the ability abstract package of terminal platform, the actual supplier who applies required various functions.
(e) system management module, system management framework is the core cell of being responsible for terminal applies management and scheduling, implements the management to terminal software and hardware resources, is responsible for the management to carrying out engine and functional module.
(f) security module, the responsible safety that guarantees application Life cycle, comprises that safe issue, safety load and safe operation.
(g) GUI module, is responsible for the unified reception of multi-window managing, incoming event and distributes, provides graphic operation interface.
(3) middleware layer
(a) engine is carried out in application, and the interpretation process unit of application program, dispatches by system management framework, realizes the dynamic explanation operation of application program.Operating system provided by the present invention, can comprise multiple application and carry out engine, includes but not limited to: JAVA carries out engine, Web Widget carries out engine etc.
(b) API module, offers the routine interface that application developer programmes, and framework is carried out on engine in application, can be performed the operation of engine dynamic analysis.
(4) application layer
For the various application programs of carrying out on engine that run on of writing based on api interface.
API module provides DLL (dynamic link library) for application developer, and API module construction is carried out on engine in application, can be employed and carry out engine dissection process; The application program that adopts opening API interface to generate, be published on the addressable application server of terminal with certain mechanism, and carried out by the discovery of terminal operating system application management module and dynamic load, and do not need application program to be integrated into transplanting mode in the software systems of built-in terminal; API module combines with explaining execution engine, utilizes application to carry out the local method call mechanism of engine, carries out Interface Expanding by expansion API assembly and corresponding basic function assembly; API module adopts explains effective language, thereby provides the development approach of hardware independent for application developer.
Each composition module above, by the scheduling controlling of system management framework, and mutual interface interchange, has coordinated download, loading and the reliability service of application.And by the application Life cycle security management and control of security framework, guarantee operating system security and reliability.
Wherein above-described modules composition, function and specific implementation as detailed below.
System management module is the hard core control unit of operating system of the present invention, has the lifecycle management function to institute's loading application programs, realizes the process management scheduling such as discovery, download, loading, operation, unloading of application.Have simultaneously framework self composition module is carried out to the management function of engine as: functional module, application, can realize but be not limited to the life cycle managements such as functional module, the registration of carrying out engine, loading, renewal, unloading.Execution engine, functional module that other developers develop, meeting under the prerequisite of the requirements such as interface, function, the method for operation, can be by the registration of administration module, loading, receive in software frame of the present invention.
System management module is found the function sub-modules such as download, application management, application schedules, assembly management, execution engine management and system monitoring including but not limited to application.Wherein:
(1) application is found to download submodule and is realized new discovery and the download function of issuing application.The deployment of application is found to adopt following methods: the Web based on B/S framework disposes discover method and the message announcement based on C/S framework is disposed discover method, but is not limited to this two kinds of methods.Adopt the application deployment discover method based on Web, application server is presented to terminal user by the application program that will issue with the form of webpage, application is found to download submodule by the browser component access application publishing web page of termination function Component Gallery and is presented to user, selects the application start of wishing download to download by user.And application deployment discover method based on message announcement, between application server and built-in terminal, keep a network linking, new application is registered to after application server, server sends by information to current online built-in terminal by this link, and terminal is downloaded according to the application with user's operation start that releases news after receiving information.Application is downloaded can adopt general download protocol, as FTP, and HTTP, TFTP etc., also can adopt privately owned download protocol.If adopt general download protocol, terminal is applied after download protocol and download path and directly calls corresponding downloader down load application; If employing proprietary protocol, first terminal downloads proprietary protocol downloader according to prompting download, then starts proprietary protocol downloader down load application; Application program after download is stored in assigned catalogue.
The application program of issuing not only comprises application code, but packs in the mode of " application program+application is described ", and complete application package can have but be not limited to following information:
1) application program and the needed all kinds of auxiliary data file of program operation;
2) application is described, and can adopt but be not limited to XML document form, the wherein integrated detailed description information about application.
3) apply the picture resources such as placard, attractive in appearance to guarantee that application is shown
(2) application management submodule is in charge of the application program that downloads to terminal platform, realizes loading, the deletion of application program.Application downloads to behind this locality, in connection with the application safety verification scheme of security framework, application is carried out to security verification; Only have by the application of security verification, just can be installed to this locality.Record and download to local application essential information by local application records (LocalApplication Record).Local application records includes but not limited to: application ID, and application version number, application type, Apply Names, is applied in local store path and application description etc.In terminal this locality, safeguard a local list of application (Local Application List), record is stored in the essential information of local all application.By the management maintenance to list of application, realize the management of application programs.
(3) application schedules submodule is realized load and execution scheduling and the ALM function of application program, application schedules submodule is safeguarded a task scheduling request list (TRL) and a task scheduling managing listings (TML), in the time that user operates the request of triggering application start, application request is to a list item of TRL registration; Application schedules submodule is monitored TRL state in real time, once TRL is not empty, take out the list item in TRL, start corresponding application process according to contents in table, when application start, can be mutual with resource management framework, confirm whether the resource situation of application operation meets, start application and application process information is added to TML if meet; This submodule has ALM function simultaneously, and the functional interfaces such as loading, startup, time-out and the destruction of application program are provided, and supervisory routine and other modules all can be passed through the run time behaviour of these interface control related applications; Application schedules submodule also can be added up user's access characteristics of each application, and accessing attention rate according to user is each application Dynamic Establishing priority; Application schedules submodule is the state of the each application process of monitoring in real time, occurs abnormal or exits once find that there is application process, and the abnormal process that termination is not exited by force, and from TML, delete corresponding list item.
(4) assembly management submodule is responsible for the management functions such as the loading, unloading, renewal of each functional module in operating system.
As shown in Figure 2, this figure is that a typical case of assembly management submodule forms signal, and wherein main functional modules is as follows:
Prestrain.Determine which functional module need to load in the time that program operation starts.The prestrain of assembly needs and the prestrain of application combines, the common quick startup of supporting application;
Life cycle management.Each functional module is managed in the life cycle of program run duration;
Online upgrading.If assembly has new version, download and upgrade local assembly;
Find and upgrade.The high-level assembly of dynamic lookup, increases high-level assembly, deletes low level assembly;
Obtain as required.Application operational process in, if needed assembly not in this locality, can be from component server Dynamic Acquisition;
Loading record safeguards.Safeguard the loading service condition of assembly, for prestrain and life cycle management provide foundation.
Carry out engine management submodule and be responsible for carrying out in operating system the management of engine, it forms can be similar with assembly management submodule.
(5) system monitoring submodule is responsible for monitoring management state of a process, this module starts a monitoring process in the time that system starts, between monitoring process and managing process, set up one-period and be the heartbeat message of 1 second, message can adopt message queue to realize, also can adopt TCP to connect sets up, thereby monitoring management running state of a process, and be to carry out Recovery processing extremely in managing process generation.
The working mechanism of resource management module and flow process are " 201010144555.5 " by applicant of the present invention at application number, and name is called in the patent application document of " a kind of home network Qos support method based on interlayer coordination " and elaborates.This resource management framework is the unified planning of terminal system software and hardware resources, allocation units, under the limited resources supplIes of embedded system, according to reasonably planning and Resources allocation of application characteristic, and application, assembly is carried out to effective management and dispatching.
Security framework module is the security management and control core of secure operating system provided by the present invention, guarantees the safe and reliable operation of application.It is characterized in that having application End-to-End Security and issue load mechanism, safe operation mechanism, application operation monitoring and consistency detection mechanism based on application process isolation and faith mechanism, realize application from issuing, download, be loaded into the Life cycle security management and control of operation.This security framework module further comprises: safety is issued submodule, uploads the safety detection of application program, the issue mandate of authentication and application program for registration and the program of completing user; Safety loads submodule, for completing the end-to-end Trusted Loading from issuing service end to terminal; Safe operation submodule is used for preventing exotic invasive and code variation in the time that program is moved, and guarantees the consistance of program dynamic operation; With safety management submodule, be used to the Life cycle of program that Security Techniques is provided, according to different users and different application, set up corresponding faith mechanism, and authorization identifying is provided and adds shell protection for program to be released.
This operating system security frame module has been realized application from issuing, download, be loaded into the Life cycle security management and control of operation, safeguard protection and security manager when major function comprises application issue, trusted application loading, operation.Wherein registration and the program of the main completing user of safety issue are uploaded, the safety detection of application program, the issue mandate of authentication and application program; Safety has loaded the end-to-end Trusted Loading from issuing service end to terminal; Safeguard protection when safe operation completes operation mainly prevents exotic invasive and code variation in the time that program is moved, and guarantees the consistance of program dynamic operation; The Life cycle that security manager is program provides Security Techniques, according to different users and different application, sets up corresponding faith mechanism, and authorization identifying is provided and adds shell protection for program to be released.
Safety management module externally provides the operation access control policy of program for carrying out engine, and distributes foundation is provided for resource; Security framework receives the abnormal information from monitoring resource and system monitoring feedback in real time simultaneously, and carries out corresponding abnormality processing for abnormal information, the operating mistake of correcting system in time, and there is collapse in anti-locking system.
GUI module is screen outgoing management and the manipulation input response processing unit of operating system, and the user interface that completes application program presents, graphic plotting is exported and the response of user's incoming event is processed, and realizes the graphical manipulation of operating system, promotes user and experiences.
As shown in Figure 3, this figure is GUI module including but not limited to following functional module:
Window management system, realizes multiwindow and coexists and quick handover management, comprises the establishment of window, destroys, and draws.The switching of window focus, is related to processing etc. between window.Support task manager and various input equipment plug-in extension simultaneously.
Task manager, is responsible for collection system message as a part for window management system, and conversion and dissemination system message and user message are given each window object.Because it is very important that task manager is unified in distribution input equipment event, will set forth separately.
GDI, comprises G context equipment control, contextual devices Object Management group (font etc.), and good graphics system is drawn and is transmitted interface, and various graphical control.Design good GDI, should upwards provide convenience, complete, the user interface of superior performance, being convenient to User Exploitation uses, the difference of the various graphic resources of shielding downwards, comes compatible and the support of expansion to various graphic resources and the support to its function of hardware acceleration by realizing graphics driver plug-in unit system.
Support the expansion, particularly novel input equipment of input equipment by input equipment plug-in unit system, as based on novel devices such as body sense, voice.
Functional component module is the abstract package of terminal resource ability, and for application demand, each assembly has relatively independent function; In this operating system, can also realize combination function assembly by nation method, combination function assembly, by standalone feature component interface is called, is integrated together multiple functions with standard interface form execution engine calling is provided; Basic function assembly supports for terminal applies exploitation provides required function, improves code reuse efficiency, reduces application and development difficulty; Functional component module also provides nation method support for third party's development interface, and the local method call mechanism of carrying out engine by application improves application execution efficiency; Functional module provides the general-purpose accessing interface that function is relevant, for other assemblies or execution engine calling.
Termination function assembly module of the present invention is on built-in terminal platform resource, ability abstraction basis, and what specific aim was combined to form meets application and development demand and possess the assembly set of dynamic expansion ability.The exploitation of functional module adopts the Complied executing language such as C/C++, guarantees the execution efficiency in storehouse.Be integrated in basic software framework with the form of static library or dynamic link library, provide and explain execution engine calling with standard interface form.For built-in terminal application demand, typical functional module is exemplified below:
Browser: support standard HTML, JS webpage to resolve, support for B/S framework bidirectional applications provides function;
Media player: support the decoding of multi-format audio-video frequency media file, stream data etc. to play, for application provides media processing function;
Network application protocol stack: for application demand, the extended network protocol stack of developing based on the built-in TCP/UDP/IP computer network with standard network protocol stack of operating system, as: RTP, SIP, FTP etc.
It is the interpretation process unit of application program that engine modules is carried out in application, for application program provides dynamic operation environment, realizing the dynamic explanation of application program carries out, it is between application program and functional module, under framework management module schedules, application programs is carried out code analysis and is realized application function by standard interface calling function assembly, carries out engine and has determined application type and the application program operational efficiency that operating system is supported.
It is the interpretation process unit of application program that engine is carried out in explanation of the present invention, and typical explanation is carried out engine and is exemplified as JAVA virtual machine (JVM), and corresponding application program adopts explains that effective language JAVA develops.JAVA is a kind of standard open program language of being issued by SUN company, its source program is compiled as bytecode (Bytecode), the machine instruction that is interpreted as platform specific by JVM is carried out, thereby make application program and concrete terminal platform isolation, and can be in the time of terminal operating, by JVM dynamic load operating JAVA application program.Application program-oriented method exploitation, JAVA class libraries bag and the open api interface of standard are provided, simultaneously for the distinctive functional module base resource of terminal platform, software frame expansion JAVA class libraries bag, and provide the api interface of expansion for application development, by calling of expansion interface, the addressable functional module base resource of application program.
In a word, operating system proposed by the invention adopts layering componentization architectural framework, and each composition module combines with the form of loose coupling by standard interface.On traditional linux system kernel basis, there is the modules such as system management framework, security framework, resource management framework, functional module, GUI module, application execution engine, application programming interfaces (API): the hard core control unit that wherein system management framework is this operating system simultaneously, be responsible for the management of functional module in operating system, application execution engine, GUI module, and the management of the application program loading; Security framework module realizes the safety management control function of application programs, realizes the Life cycle safeguard protection of application issued, loading, operation, prevents operation or the attack of illegal or rogue program; Resource management framework is realized the unified management scheduling to built-in terminal software and hardware resources and is distributed; Functional module is realized the program encapsulation to various abilities such as terminal platform decoding, demultiplexing, network receptions, and provides application to carry out engine calling by routine access interface, supports for application operation provides platform capabilities; The user interface that GUI module realizes application program presents, the response of graphic plotting and user's incoming event, and leading subscriber input and screen are exported; Application is carried out engine for application program provides dynamic operation environment, is the interpretation process unit of the application program of the interpretative code exploitations such as JAVA, dispatches by system management framework, realizes the dynamic explanation operation of application program; API module: offer the routine interface that application developer programmes, interface architecture is carried out on engine in application, and the application program based on API exploitation can be performed the operation of engine dynamic analysis.
Each functional module is by function realization and mutual interface coordinate separately above, form a kind of secure operating system with multistage optimizations such as kernel, assembly, engines provided by the present invention, the lifecycle management of engine and application program is carried out in, application abstract by platform capabilities, realize the isolation of application program and terminal platform, and dynamic load operating; By kernel classification, the management and dispatching of coupling system Governance framework, realizes kernel main level, expansion level, functional component module hierarchical loading; There is the security framework of application Life cycle security management and control by employing, guarantee the safe and reliable of system.
It should be noted that, embodiment of the present invention of above introduction and and unrestricted.It will be understood by those of skill in the art that any modification to technical solution of the present invention or be equal to substitute the spirit and scope that do not depart from technical solution of the present invention, it all should be encompassed within the scope of claim of the present invention.
Claims (4)
1. support the secure embedded operating systems of multi-stage loading for one kind, this operating system is based on linux system kernel, adopt layering componentization architectural framework, and this embedded OS comprises: engine modules, application interface module are carried out in resource management module, functional component module, GUI module, application, it is characterized in that, described secure embedded operating systems comprise: the layering componentization architectural framework of inner nuclear layer, supporting layer, middleware layer and application layer
Described linux kernel adopts classification processing policy, and described classification processing policy is:
Standard Linux basic core content and driver module, this part will be compiled in kernel reflection by static state, move and load along with the startup of Linux;
Standard Linux expansion kernel and driver module, this part, with the form of module, is carried out selectivity dynamic load according to application demand;
Supporting layer described in described supporting layer comprises:
Platform transplantation layer module, this layer is for the interface of a set of platform independence of encapsulation, for realizing the isolation of the above software section of graft layers and terminal platform;
Resource management framework module, for the software and hardware resources of system is carried out to unified management, implements MRP, resource distribution and monitoring resource;
Functional component module, the ability abstract package of terminal platform, is used to various application that required function is provided;
System management frame module, the core cell of being responsible for terminal applies management and dispatching, implements the management to terminal software and hardware resources, is responsible for the management to carrying out engine and functional module;
Security framework module, the responsible safety that guarantees application Life cycle, comprises that safe issue, safety load and safe operation;
GUI module, is responsible for the unified reception of multi-window managing, incoming event and distributes, provides graphic operation interface;
Wherein, described security framework module further comprises:
Safety is issued submodule, uploads the safety detection of application program, the issue mandate of authentication and application program for registration and the program of completing user;
Safety loads submodule, for completing the end-to-end Trusted Loading from issuing service end to terminal;
Safe operation submodule is used for preventing exotic invasive and code variation in the time that program is moved, and guarantees the consistance of program dynamic operation; With
Safety management submodule, is used to the Life cycle of program that Security Techniques is provided, and according to different users and different application, sets up corresponding faith mechanism, and authorization identifying is provided and adds shell protection for program to be released;
Described middleware layer, comprises:
Engine modules is carried out in application, for the interpretation process of application program, dispatches by system management framework, realizes the dynamic explanation operation of application program;
API module, offers the routine interface that application developer programmes, and is arranged at application and carries out on engine, can be performed the operation of engine dynamic analysis;
Wherein, described each module combines with the form of loose coupling by standard interface; Each composition module adopts classification processing, and main level module is fixing to be loaded, and in expansion level, each module and each functional component module, under described system management framework scheduling, are carried out selectivity dynamic load according to application demand.
2. the secure embedded operating systems of support multi-stage loading according to claim 1, is characterized in that, described resource management module carries out unified management to the software and hardware resources of system, implement MRP, resource distribution and monitoring resource.
3. the secure embedded operating systems of support multi-stage loading according to claim 1, it is characterized in that, engine modules is carried out in described application can support multiple execution engine submodule, comprising: JAVA carries out engine submodule, Web Widget carries out engine submodule.
4. the secure embedded operating systems of support multi-stage loading according to claim 1, is characterized in that, described system management frame module further comprises:
Submodule is found in application, for realizing discovery and the download function of new issue application;
Application management submodule, is in charge of the application program that downloads to terminal platform, realizes loading, the deletion of application program, at local list of application of terminal maintenance;
Application schedules submodule, for realizing load and execution scheduling and the ALM function of application program, this submodule is safeguarded a task scheduling request list and a task scheduling managing listings;
Assembly management submodule, for being responsible for loading, unloading or the renewal of the each functional module of operating system;
Carry out engine management submodule, carry out the management of engine for being responsible for operating system, and
System monitoring submodule, for being responsible for monitoring management state of a process;
Wherein: described application finds to adopt the Web based on B/S framework to dispose discover method or the message announcement based on C/S framework is disposed discover method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110135087.XA CN102479097B (en) | 2010-11-26 | 2011-05-24 | Safe embedded operating system capable of supporting multi-stage loading |
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010568054.X | 2010-11-26 | ||
| CN201010568054 | 2010-11-26 | ||
| CN201110135087.XA CN102479097B (en) | 2010-11-26 | 2011-05-24 | Safe embedded operating system capable of supporting multi-stage loading |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102479097A CN102479097A (en) | 2012-05-30 |
| CN102479097B true CN102479097B (en) | 2014-06-11 |
Family
ID=46091751
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110135087.XA Active CN102479097B (en) | 2010-11-26 | 2011-05-24 | Safe embedded operating system capable of supporting multi-stage loading |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102479097B (en) |
Families Citing this family (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103136025B (en) * | 2013-02-04 | 2016-08-03 | 深圳市硅格半导体有限公司 | The method and apparatus of multi-stage loading program |
| CN104063279B (en) * | 2013-03-20 | 2018-12-28 | 腾讯科技(深圳)有限公司 | Method for scheduling task, device and terminal |
| CN103902397A (en) * | 2014-03-03 | 2014-07-02 | 中山大学 | Home-based care health service system and method based on digital home middleware |
| CN104104691B (en) * | 2014-08-01 | 2018-07-17 | 山东中创软件商用中间件股份有限公司 | A kind of application server startup method and system |
| CN105590056B (en) * | 2014-10-22 | 2019-01-18 | 中国银联股份有限公司 | Dynamic application function control method based on environment measuring |
| CN104375874B (en) * | 2014-12-11 | 2017-05-17 | 北京奇虎科技有限公司 | Method and device for loading Linux kernel driver |
| CN105787353A (en) * | 2014-12-17 | 2016-07-20 | 联芯科技有限公司 | Credible application management system and loading method for credible applications |
| CN104503794A (en) * | 2014-12-24 | 2015-04-08 | 天脉聚源(北京)科技有限公司 | Method for operating program function module |
| CN105653263A (en) * | 2015-12-25 | 2016-06-08 | 中国银联股份有限公司 | Development and operation system of application program |
| CN106250113A (en) * | 2016-07-18 | 2016-12-21 | 百富计算机技术(深圳)有限公司 | A kind of application development platform |
| EP3444719B1 (en) * | 2017-08-14 | 2021-07-21 | Unify Patente GmbH & Co. KG | Method and system for a client to server deployment via an online distribution platform |
| CN107659516B (en) * | 2017-10-25 | 2020-09-25 | 新华三技术有限公司 | Function control method and device for broadband remote access server BRAS |
| CN108154463B (en) * | 2017-12-06 | 2021-12-24 | 中国航空工业集团公司西安航空计算技术研究所 | Method for managing modeled GPU (graphics processing Unit) video memory system |
| CN109376557B (en) * | 2018-10-16 | 2022-03-25 | 万达信息股份有限公司 | Information security management system |
| CN110262374B (en) * | 2019-06-18 | 2021-06-08 | 北京金自天正智能控制股份有限公司 | Development platform of steel rolling process control system |
| CN111240816A (en) * | 2020-01-03 | 2020-06-05 | 上海瀚之友信息技术服务有限公司 | Program interruptible operation system and method |
| CN111258679B (en) * | 2020-01-20 | 2023-09-26 | 杭州海兴电力科技股份有限公司 | APP life cycle management method applied to intelligent electric meter |
| CN112114781A (en) * | 2020-09-03 | 2020-12-22 | 佛山市俊德政海机械科技有限公司 | Embedded software system |
| CN114816582A (en) * | 2022-05-24 | 2022-07-29 | 中移(杭州)信息技术有限公司 | Lightweight embedded middleware and system thereof |
| CN115140130A (en) * | 2022-06-29 | 2022-10-04 | 卡斯柯信号有限公司 | Urban rail transit signal system maintenance terminal integration method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1882942A (en) * | 2003-11-20 | 2006-12-20 | 国际商业机器公司 | Computerized system, method and program product for managing an enterprise storage system |
| CN101727545A (en) * | 2008-10-10 | 2010-06-09 | 中国科学院研究生院 | Method for implementing mandatory access control mechanism of security operating system |
| CN101833465A (en) * | 2010-04-23 | 2010-09-15 | 中国科学院声学研究所 | Embedded system supporting dynamic loading operation of application programs |
-
2011
- 2011-05-24 CN CN201110135087.XA patent/CN102479097B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1882942A (en) * | 2003-11-20 | 2006-12-20 | 国际商业机器公司 | Computerized system, method and program product for managing an enterprise storage system |
| CN101727545A (en) * | 2008-10-10 | 2010-06-09 | 中国科学院研究生院 | Method for implementing mandatory access control mechanism of security operating system |
| CN101833465A (en) * | 2010-04-23 | 2010-09-15 | 中国科学院声学研究所 | Embedded system supporting dynamic loading operation of application programs |
Non-Patent Citations (2)
| Title |
|---|
| 基于可信状态的多级安全模型及其应用研究;张晓菲等;《电子学报》;20070831;第35卷(第8期);第1511-1515页 * |
| 张晓菲等.基于可信状态的多级安全模型及其应用研究.《电子学报》.2007,第35卷(第8期), |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102479097A (en) | 2012-05-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102479097B (en) | Safe embedded operating system capable of supporting multi-stage loading | |
| CN101833465B (en) | Embedded system supporting dynamic loading operation of application programs | |
| US10831987B2 (en) | Computer program product provisioned to non-transitory computer storage of a wireless mobile device | |
| CN104427388A (en) | Operating system of intelligent television | |
| CN110058863A (en) | Construction method, device, equipment and the storage medium of Docker container | |
| Rellermeyer et al. | AlfredO: an architecture for flexible interaction with electronic devices | |
| US8418169B2 (en) | Management method for managing software module and information processor | |
| CN104699537B (en) | Control method and movable component dispatching method and its corresponding device | |
| CN101382889B (en) | System and method for executing wireless applications using common UI components from a UI repository | |
| JP2005518015A (en) | Middleware service layer for platform systems for mobile terminals | |
| WO2003003688A2 (en) | Application framework for mobile devices | |
| CN102323879A (en) | Complete network middleware operation support platform and integration method of heterogeneous middleware | |
| CN114327688B (en) | Data processing method, frame, storage medium and terminal equipment based on micro front end | |
| US20110083067A1 (en) | Web browsing environment provider system for multiple users and control method thereof | |
| CN103729425A (en) | Operation response method, client, browser and operation response system | |
| CN102902911A (en) | Method for running third-party codes safely in Java virtual computer | |
| CN103729176B (en) | Application program integration method and device | |
| EP2216962B1 (en) | A method for deploying and managing the sip servlet application and the osgi service platform thereof | |
| CN102831494A (en) | Scheduling method, scheduling device and scheduling system | |
| CN104598309A (en) | Multi-mode OS (operating system) based on OS virtualization and creating and switching method thereof | |
| CN101179414A (en) | Method of integrating lower network management function in higher network management | |
| CN104717249B (en) | Method, proxy server and the system of remote operation application issue | |
| CN103888828A (en) | Digital TV multi-hardware interface compatible driving system based on 3C fusion | |
| Avouac et al. | Service-oriented autonomic multimodal interaction in a pervasive environment | |
| CN106506197A (en) | A kind of method and apparatus of higher management business platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210802 Address after: Room 1601, 16th floor, East Tower, Ximei building, No. 6, Changchun Road, high tech Industrial Development Zone, Zhengzhou, Henan 450001 Patentee after: Zhengzhou xinrand Network Technology Co.,Ltd. Address before: 100190, No. 21 West Fourth Ring Road, Beijing, Haidian District Patentee before: INSTITUTE OF ACOUSTICS, CHINESE ACADEMY OF SCIENCES |