操作系统的发展必须具备自主可控能力，这样才能杜绝安全隐患，避免自主保障和升级受制于人，满足我国关键领域信息系统不断发展变化的需求。具备自主可控能力的操作系统必须把安全性作为主要的设计目标之一，这从几个方面对操作系统研究提出了要求：一方面，操作系统结构研究作为操作系统安全的基础，需要能够结合当前软硬件技术的发展重新审视操作系统结构的设计；另一方面，面向应用领域多样化的安全与保密需求，需要系统地采用灵活、一体化的安全防护机制；最后，操作系统由于规模大，代码常常有不同来源，是典型的混源开发模式，所以很难保证质量，需要研究代码质量提升的方法。本文研究的操作系统关键技术包括以下几方面：第一，提出了三态操作系统结构，将操作系统分为内核态、系统态和用户态，实现了资源权限的再分解。三态操作系统的设计充分结合了硬件的最新特性和发展成果，它利用国产飞腾平台提供的TrustZone安全扩展机制，实现了操作系统安全可靠与高效的平衡。第二，自主设计了支持多安全策略扩展的内核安全框架，基于三态操作系统架构设计并实现了密码应用与密码服务分离的可扩展密码服务框架，提出了内核实体、核外实体和网络实体的策略统一访问控制模型，实现了内核、应用和网络的安全一体设计。第三，设计并实现了操作系统混源代码质量提升工具链，通过广泛分析操作系统中日志及配置相关的代码特征，从海量代码当中挖掘潜在的知识和关联，指导实现了系统日志增强、错误处理检测、配置约束提取和配置故障检测等工具，并应用于麒麟操作系统的6个软件，验证了方法和工具的有效性，显著提升了操作系统代码质量。作为以上技术的实践对象，麒麟操作系统具有安全高效的特点，达到了B2级安全标准，具备了安全可控的能力。总的来说，麒麟操作系统“总体技术达到同领域国际先进水平，是我国在信息领域取得的一项重大成果，对于支撑我军军事信息系统的自主可控发展具有重要意义”。

As one of the core techniques in the IT area, Operating Systems (OSs) play critical roles in both national and military information security. The development of OSs must be independent and under the control of the country in case of security threat, and it is very important to possess the capability to maintain our information systems freely. Only in this way can the changing requirements of national information systems be satisfied.To achieve the goal of independence and controllability, we must keep security as one of major targets in the development of OSs. OSs research has to follow some principles. Firstly, we should take the OS architecture as the foundation ofits security, and we should also absorb the state of art technologies of software/hardware in the OS research. Secondly, integrative and systematic mechanisms should be adopted to guard OS and to meet various requirements in security and confidentiality. Thirdly, improving the quality of OSs by software engineering methods is in high demand,since OSs usually absorb codes from different sources and developed by some mixed-source method (open source and close source), which leads to inferior quality. Therefore, the research on how to improve the quality of codes from mixed-source is necessary.This thesis proposes three main techniques to guard the security of OSs:1. A newtriple-mode OS architecture is proposed. The new architecture classifies the body of OS into three modes: kernel mode, system mode and user mode. The design of triple-mode OS will fully utilizenew features of hardware, such as virtualization and isolation. In one of our implementations for the Phytium CPU platform, the triple-modeOS is built on the base of trustzone mechanism and get a good trade-off between security and efficiency.2.We design a security framework of mandatory access control in a kernel, which supports an extension of multiple policies. A framework of cryptographic service is also proposed to separate cryptographic applications from the cryptographic modules. We build an access control model that enforces the unified policies onthe entities in the kernel, outside the kerneland from network, which implements the integrated design of access control all over the system.3.We design and implement tools for improving code quality of mixed-source OSs. Based on studies on real-world software projects, we mine knowledge from big code and implement tools aiming at system logs enhancement, error-handling defects detection, configuration constraints extraction and misconfigurations detection. We evaluate these tools on six software projects in Kylin OS, and the results prove the effectiveness of our tools.By implementing above techniques, Kylin OS has obtained high security and high efficiency. It has reached B2-class security standard, and has a capability of independence and controllability. The overall technology of Kylin OS reaches the international advanced level in the field. It is a major achievement in the national IT area, which has great significance to support the independent and self-controllable development of our military information systems.