中文摘要：

针对分布式卫星的运行环境和任务特点，综合考虑分布式卫星嵌入式计算机系统在可靠性、安全性和实时性方面的要求，提出了一种基于三级容错的主辅式双系统体系结构设计方法。论文分析了分布式卫星的特点和星上嵌入式计算机系统的设计要求，对三级容错设计、主辅式双系统安全设计以及基于可信平台模块（TPM）的辅系统设计进行了详细的阐述。该设计方法已成功应用于地面原理验证系统中，结果表明其可以很好地解决分布式卫星嵌入式计算机系统的可靠性、安全性和实时性问题。

英文摘要：

Being an advanced technique of spacecraft system, the distributed satellite has become one of the research hotpots. According to the running environment and the tasks of distributed satellite, and considering its reliability, security, and real-time requirements, a design method of master-assistant dual-system architecture based on three-level fault-tolerance was presented. The properties and design requirements of distributed satellite were discussed. And the designs of three-level fault-tolerance, security mechanism of master-assistant dual-system, and assistant system based on trusted platform module （TPM） were introduced. The design method has been tested in a prototype system. It showed that the system effectively resolved the reliability, security, and real-time problems of the distributed satellite.