隨著衛星數量的顯著增加,在衛星上實現政策執行變得越來越 重要。為了在衛星上執行政策,我們提出了衛星政策執行機制Sat- Policy。在SatPolicy 中,根據合法的行程間通訊(Inter-Process Commmunication( IPC)) 來指定強制性的策略。SatPolicy 的策略執行機制包 括IPC 流驗證器和政策解析器,我們將這兩個模組實作在可信執行 環境(Trusted Execution Environment(TEE)) 中,以避免來自豐富執行 環境(Rich Execution Environment(REE)) 的攻擊並防止政策洩漏給攻 擊者。此外,為了避免政策更新的風險,SatPolicy 將基於(Public Key Infrastructure(PKI)) 的安全軟體更新機制與TEE 軟體驗證機制結合。 SatPolicy 僅允許具有合法身份(即具合法證書的開發者)的軟體開發 者將軟體佈署到衛星上。最後,我們在ARM 開發板上測量了我們實 作的部分,我們也證明它的低開銷和有效性。;With the significant increase in the number of satellites, satellite policy enforcement is becoming more and more important. In order to enforce policies on satellite, we present SatPolicy, a policy enforcement mechanism on satellites. In SatPolicy, mandatory policies are specified in terms of permitted inter-process communication. The policy enforcement mechanism of SatPolicy includes IPC flow verifier and policy parser, which are implemented in Trusted Execution Environment (TEE) to avoid attacks from the Rich Execution Environment (REE) and prevent policies leak to attackers. In addition, to avoid the risk of policy update, SatPolicy integrates PKI-based security software update mechanism with TEE software verification mechanism. Sat- Policy only allows software developers with legal identities (i.e. certificates) to deploy software to satellites. Finally we evaluate our implementation on ARM development board illustrating its low overhead and effectiveness.
