Cyber-Physical-Social Systems are frequently prescribed for providing valuable information on personalized services. The foundation of these services is big data which must be trustily collected and efficiently processed. Though High Performance Computing and Communication technique makes great contributions to addressing the issue of data processing, its effectiveness still relies on the veracity of data generated from Internet of Things (IoT) devices. Nevertheless, IoT devices, as basic production facilities to ensure data’s security, are unable to deploy expensive security extensions. Consequently, it causes the implementation of the task sandboxing, the fundamental security mechanism in Real-Time Operating Systems (RTOS), much simpler and more vulnerable. In this paper, we take ARM Mbed uVisor as an example system, utilizing hypervisor-based task sandboxing mechanisms, and presents three new findings: First, we discover vulnerabilities against Mbed task sandboxing, which can be exploited to compromise system-maintained data structure to manipulate any tasks’ data. Second, we present LIPS (Lightweight Intra-Mode Privilege Separation), building a special protection domain to isolate particular system-maintained data structures. Finally, thorough evaluation and experimental tests show the efficiency of LIPS to defeat these attacks, with small runtime overheads and good portability.

经常规定使用网络物理社会系统来提供有关个性化服务的有价值的信息。这些服务的基础是必须可靠地收集和有效处理的大数据。尽管高性能计算和通信技术为解决数据处理问题做出了巨大贡献，但其有效性仍然取决于从物联网（IoT）设备生成的数据的准确性。然而，作为确保数据安全性的基本生产设备，物联网设备无法部署昂贵的安全性扩展。因此，它导致任务沙箱（实时操作系统（RTOS）中的基本安全机制）的实现变得更加简单和易受攻击。在本文中，我们以ARM Mbed uVisor为例。利用基于管理程序的任务沙箱机制，并提出了三个新发现：首先，我们发现了针对Mbed任务沙箱的漏洞，可以利用这些漏洞来破坏系统维护的数据结构来处理任何任务的数据。其次，我们介绍了LIPS（轻量级模式内特权分离），它建立了一个特殊的保护域来隔离特定的系统维护数据结构。最后，全面的评估和实验测试表明LIPS可以有效地克服这些攻击，并具有较小的运行时开销和良好的可移植性。我们提出了LIPS（轻量级模式内特权分离），它建立了一个特殊的保护域来隔离特定的系统维护数据结构。最后，全面的评估和实验测试表明LIPS可以有效地克服这些攻击，并具有较小的运行时开销和良好的可移植性。我们提出了LIPS（轻量级模式内特权分离），它建立了一个特殊的保护域来隔离特定的系统维护数据结构。最后，全面的评估和实验测试表明LIPS可以有效地克服这些攻击，并具有较小的运行时开销和良好的可移植性。