CN117749489B - Network transmission privacy protection method and system of distributed system - Google Patents
Network transmission privacy protection method and system of distributed system Download PDFInfo
- Publication number
- CN117749489B CN117749489B CN202311764252.7A CN202311764252A CN117749489B CN 117749489 B CN117749489 B CN 117749489B CN 202311764252 A CN202311764252 A CN 202311764252A CN 117749489 B CN117749489 B CN 117749489B
- Authority
- CN
- China
- Prior art keywords
- change information
- list
- node
- security domain
- kernel
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 125
- 230000005540 biological transmission Effects 0.000 title claims abstract description 24
- 230000008569 process Effects 0.000 claims abstract description 93
- 230000008859 change Effects 0.000 claims description 100
- 230000006870 function Effects 0.000 description 4
- 230000004044 response Effects 0.000 description 4
- 238000001514 detection method Methods 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 230000006399 behavior Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a network transmission privacy protection method and a system of a distributed system, wherein the method comprises the following steps: the method comprises the steps that a local node list is created by a kernel of each node; the node list comprises a security domain set read by all processes in the distributed system; after receiving the data packet, the kernel acquires a process corresponding to the data packet to obtain a counterpart process, queries a local node list according to the counterpart process to obtain a security domain set read by the counterpart process, and allows or refuses the counterpart process to receive the data packet according to the security domain set. The method has all information for judging whether the data packet is received by the local process at any time, shortens the delay caused by the kernel judging process, and can meet the requirement of no delay of the kernel. And when the node receives the data packet, the kernel needs to judge whether the local process can receive the data packet or not, so that the device can be prevented from transmitting or revealing the content of the security domain through the network.
Description
Technical Field
The invention belongs to the technical field of computer networks, and particularly relates to a network transmission privacy protection method and system of a distributed system.
Background
Application No. 202311241074.X "a data controllable use method" provides a new paradigm of privacy computation, that is, a storage logical partition in a storage/computation node of a data consumer is divided into security domains controlled by a data provider, so that private data can be processed only in the security domains and cannot flow out of the security domains. This ensures that the data provider's private data, while visible to the data consumer, prevents the data consumer from copying the private data out of the security domain in various ways for secondary vending. The scheme can be properly operated under the condition of a single machine, ensures that any process can violate the limitation of illegally copying data, and is not suitable for distributed clusters such as federal learning.
The distributed cluster comprises a plurality of nodes, bandwidth among the nodes is a precious resource, cores of different nodes cannot tolerate any delay, so that the applicant considers how to design a network transmission privacy protection method and system of a distributed system, and the network transmission privacy protection method and system can avoid devices from transmitting or revealing security domain content through the network while meeting the condition that the cores have no delay.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a network transmission privacy protection method and system of a distributed system, which can prevent equipment from transmitting or revealing security domain content through a network while meeting the condition that cores have no delay.
In a first aspect, a network transmission privacy protection method of a distributed system includes:
the method comprises the steps that a local node list is created by a kernel of each node; the node list comprises a security domain set read by all processes in the distributed system;
After receiving the data packet, the kernel acquires a process corresponding to the data packet to obtain a counterpart process, queries a local node list according to the counterpart process to obtain a security domain set read by the counterpart process, and allows or refuses the counterpart process to receive the data packet according to the security domain set.
Further, the method further comprises the following steps:
when the kernel detects that a local node list changes, list change information is acquired, and the upper layer application of the node where the list change information is located is notified through a Netlink;
the upper layer application broadcasts list change information to other nodes in the distributed system;
When receiving list change information broadcast by other nodes, the upper layer application informs the kernel of the node where the list change information is located through a Netlink;
And when receiving the list change information of the upper application from the node where the kernel is located, updating the local node list according to the list change information.
Further, the node list identifies the process by the node IP address and the port number called by the process;
The security domain set comprises security domain IDs corresponding to the security domains read by the process.
Further, the broadcasting list change information to other nodes by the upper layer application specifically includes:
after receiving the list change information, the upper layer application analyzes the security domain ID in the list change information, converts the security domain ID into a corresponding public key, and broadcasts the converted list change information to other nodes; wherein the public key is used to uniquely identify the security domain.
Further, when receiving list change information broadcast by other nodes, the upper layer application informs the kernel of the node of the list change information through Netlink specifically includes:
When receiving list change information broadcast by other nodes, the upper layer application analyzes a public key in the list change information, converts the public key into a corresponding security domain ID, and notifies the kernel of the node of the converted list change information through a Netlink.
Further, the change of the node list comprises creating, updating and deleting the entries in the security domain set read by the process.
In a second aspect, a network transmission privacy protection system of a distributed system includes a plurality of nodes, each node including a core;
The kernel is used for creating a local node list; the node list comprises a security domain set read by all processes in the distributed system; the kernel is also used for acquiring a process corresponding to the data packet after receiving the data packet so as to obtain a counterpart process, inquiring a local node list according to the counterpart process so as to obtain a security domain set read by the counterpart process, and allowing or refusing the process to receive the data packet according to the security domain set.
Further, each node also includes an upper layer application;
The kernel is also used for acquiring list change information when detecting that a local node list changes, and notifying the upper layer application of the node where the list change information is located through a Netlink; the kernel is further used for updating a local node list according to the list change information when the list change information of an upper application of the node is received;
The upper layer application is used for broadcasting list change information to other nodes in the distributed system; and when receiving list change information broadcast by other nodes, notifying the kernel of the node where the list change information is located through the Netlink.
Further, the node list identifies the process by the node IP address and the port number called by the process;
The security domain set comprises security domain IDs corresponding to the security domains read by the process.
Further, the upper layer application is specifically for: after receiving the list change information, analyzing a security domain ID in the list change information, converting the security domain ID into a corresponding public key, and broadcasting the converted list change information to other nodes; wherein the public key is used to uniquely identify the security domain;
The upper layer application is specifically for: when list change information broadcast by other nodes is received, a public key in the list change information is analyzed, the public key is converted into a corresponding security domain ID, and the converted list change information is notified to the kernel of the node through a Netlink.
According to the network transmission privacy protection method and system of the distributed system, provided by the technical scheme, the kernel has all information for judging whether the data packet is received by the local process at any time, so that the delay caused by the kernel judging process is shortened, and the requirement of no delay of the kernel can be met. And when the node receives the data packet, the kernel needs to judge whether the local process can receive the data packet or not, so that the device can be prevented from transmitting or revealing the content of the security domain through the network.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. Like elements or portions are generally identified by like reference numerals throughout the several figures. In the drawings, elements or portions thereof are not necessarily drawn to scale.
Fig. 1 is a flowchart of a network transmission privacy protection method according to an embodiment.
Fig. 2 is a schematic diagram of broadcasting when a node list provided in the embodiment is changed.
Fig. 3 is a flowchart of a node list updating method according to an embodiment.
Detailed Description
Embodiments of the technical scheme of the present application will be described in detail below with reference to the accompanying drawings. The following examples are only for more clearly illustrating the technical aspects of the present application, and thus are merely examples, and are not intended to limit the scope of the present application. It is noted that unless otherwise indicated, technical or scientific terms used herein should be given the ordinary meaning as understood by one of ordinary skill in the art to which this application belongs.
It should be understood that the terms "comprises" and "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
As used in this specification and the appended claims, the term "if" may be interpreted as "when..once" or "in response to a determination" or "in response to detection" depending on the context. Similarly, the phrase "if a determination" or "if a [ described condition or event ] is detected" may be interpreted in the context of meaning "upon determination" or "in response to determination" or "upon detection of a [ described condition or event ]" or "in response to detection of a [ described condition or event ]".
Examples:
a network transmission privacy protection method of a distributed system, see fig. 1, comprising:
the method comprises the steps that a local node list is created by a kernel of each node; the node list comprises a security domain set read by all processes in the distributed system;
After receiving the data packet, the kernel acquires a process corresponding to the data packet to obtain a counterpart process, queries a local node list according to the counterpart process to obtain a security domain set read by the counterpart process, and allows or refuses the local process to receive the data packet according to the security domain set.
In this embodiment, the kernel of each node creates a node list, maintaining a set of security domains that each process has read. Each process that reads the security domain has a certain limit to use socket, and the process is mainly characterized in that when receiving the data packet, a verification needs to be performed to ensure whether the local process can receive the data packet.
In this embodiment, as each packet arrives at a node, the LSM framework intercepts the packet before the packet notifies the upper layer applications. At this time, the kernel acquires the opposite end IP and port number of the data packet to obtain the opposite process. And then searching a corresponding entry in the local node list to obtain a security domain set read by the opposite process, and allowing or refusing the process to receive the data packet according to the security domain set. For example, since the data packet may include information in any security domain read by the opposite process, if the local process has already read and written one security domain, and the received data packet may include data outside the security domain, the local process refuses to receive the data packet, so that the process can be prevented from writing the data in the data packet into a different security domain. And also for example, intercept packets that the local process cannot receive due to read-write limitations. For some readable data packets which need to be recorded, recording and reading corresponding security domain information in a task_struct of a local process for subsequent judgment. Processes that do not read through the secure domain will go directly through.
According to the network transmission privacy protection method, the kernel has all information for judging whether the data packet is received by the local process at any time, so that the delay caused by the kernel judging process is shortened, and the requirement of no delay of the kernel can be met. And when the node receives the data packet, the kernel needs to judge whether the local process can receive the data packet or not, so that the device can be prevented from transmitting or revealing the content of the security domain through the network.
Further, in some embodiments, referring to fig. 2, further comprising:
when the kernel detects that a local node list changes, list change information is acquired, and the upper layer application of the node where the list change information is located is notified through a Netlink;
the upper layer application broadcasts list change information to other nodes in the distributed system;
When receiving list change information broadcast by other nodes, the upper layer application informs the kernel of the node where the list change information is located through a Netlink;
And when receiving the list change information of the upper application from the node where the kernel is located, updating the local node list according to the list change information.
In this embodiment, the upper layer application of the distributed system is mainly a daemon module. The daemon module includes DvAgent and DvServer. Typically, the daemon module and the kernel of the distributed system each need to maintain their own required data and operate independently. The interaction between the daemon module and the kernel is realized through system call. These system calls are typically behavior that alters the security domain or whitelist, which is costly. However, if frequent interaction between the kernel and the daemon module is required, the existing system call method cannot meet the overhead requirement. In order to solve the problem of high cost of the existing system call, the network transmission privacy protection method selects the NetLink as a data interaction mode between the daemon module and the kernel. The Netlink code is simple, no extra structure is needed, and the system call of the socket function cluster can be used. Netlink may share the same IO multiplexing interface with other file handles, whether shared memory, TCP, or UDP. The Netlink resources occupy less, and compared with other modes needing to frequently switch the management states or frequently read and write the real files, the Netlink only needs to occupy one port on the basis of the VFS.
In this embodiment, if the security domain read by a process of a node changes, the local node list may be directly modified. In order to enable other nodes of the distributed cluster to know the change of the node, the changed kernel needs to inform DvAgent the change, dvAgent broadcasts the change to all other nodes, so that after DvAgent of any node receives the message, list change information is informed to the kernel, and the kernel updates a local node list according to the list change information, thereby ensuring the consistency of the node list of each node in the whole distributed cluster and ensuring that the node list of each node is up-to-date.
Further, in some embodiments, the node list identifies the process by the node IP address and the port number called by the process;
The security domain set comprises security domain IDs corresponding to the security domains read by the process.
In this embodiment, since Netlink is not only a function using a socket cluster, its actual function call chain is also similar to TCP, UDP. Therefore, the transmission mode of Netlink is also streaming data transmission, and when data is transmitted or received through Netlink, serialization and deserialization of the data are required. The network transport privacy protection method uses the node IP address and the port number of the process call to identify the process. The network transmission privacy protection method constructs a structure body according to each procedure and the corresponding security domain set. Serialization and deserialization of the structure apply the following C language characteristics: the structure body has no corresponding field in the memory, and all the fields are obtained through defined fixed byte offset, so that the first pointer and the size of the structure body can be directly copied into a buffer zone and sent through the Netlink. And when the Netlink data packet is received, the first address is taken out and then converted into a corresponding structure body.
Further, in some embodiments, referring to fig. 3, the upper layer application broadcasts list change information to other nodes specifically includes:
after receiving the list change information, the upper layer application analyzes the security domain ID in the list change information, converts the security domain ID into a corresponding public key, and broadcasts the converted list change information to other nodes; wherein the public key is used to uniquely identify the security domain.
In this embodiment, for a distributed system, the security domain IDs between different nodes cannot uniquely identify the same security domain, for example, even if the security domain IDs are the same between different nodes, it cannot be guaranteed that the two security domains are the same security domain. Therefore, after the upper layer application receives the list change information, the security domain ID in the list change information is analyzed, and the security domain ID is mapped to the public key which can uniquely identify different security domains. Prior to DvAgent adding the security domain, dvServer needs to be authorized by the data provider to obtain a public key that uniquely identifies the security domain. DvAgent is used to maintain a mapping relationship between the security domain ID and the public key in the security domain.
Further, in some embodiments, referring to fig. 3, when receiving list change information broadcast by other nodes, the upper layer application notifies, through Netlink, the kernel of the node where the list change information is located specifically includes:
When receiving list change information broadcast by other nodes, the upper layer application analyzes a public key in the list change information, converts the public key into a corresponding security domain ID, and notifies the kernel of the node of the converted list change information through a Netlink.
In this embodiment, when receiving the list change information broadcast by other nodes, the upper layer application analyzes the public key in the list change information, and converts the public key into the corresponding security domain ID, so that the security domain data that changes can be uniquely identified, and the security domain data consistency in the distributed cluster is ensured.
Further, in some embodiments, the change in the node list includes creating, updating, deleting an entry in the security domain set read by the process.
In the present embodiment, the changes of the node list mainly include three kinds: create an entry, update an entry, and delete an entry. The list change information comprises IP, port number port called by the process, a security domain set and actions of the security domain, wherein the actions of the security domain comprise creation, updating or deletion of an entry. An entry is created when a process connects to the remote end or receives a new connection. The entry is updated when the process reads a file in a secure domain that has not been read before. When the TCP connection is closed, i.e. the socket_shdown hook function of the LSM framework is triggered, the entry is deleted.
A network transmission privacy protection system of a distributed system, the distributed system comprising a plurality of nodes, each node comprising a core;
The kernel is used for creating a local node list; the node list comprises a security domain set read by all processes in the distributed system; the kernel is also used for acquiring a process corresponding to the data packet after receiving the data packet so as to obtain a counterpart process, inquiring a local node list according to the counterpart process so as to obtain a security domain set read by the counterpart process, and allowing or refusing the process to receive the data packet according to the security domain set.
Further, in some embodiments, each node further comprises an upper layer application;
The kernel is also used for acquiring list change information when detecting that a local node list changes, and notifying the upper layer application of the node where the list change information is located through a Netlink; the kernel is further used for updating a local node list according to the list change information when the list change information of an upper application of the node is received;
The upper layer application is used for broadcasting list change information to other nodes in the distributed system; and when receiving list change information broadcast by other nodes, notifying the kernel of the node where the list change information is located through the Netlink.
Further, in some embodiments, the node list identifies the process by the node IP address and the port number called by the process;
The security domain set comprises security domain IDs corresponding to the security domains read by the process.
Further, in some embodiments, the upper layer application is specifically for: after receiving the list change information, analyzing a security domain ID in the list change information, converting the security domain ID into a corresponding public key, and broadcasting the converted list change information to other nodes; wherein the public key is used to uniquely identify the security domain;
The upper layer application is specifically for: when list change information broadcast by other nodes is received, a public key in the list change information is analyzed, the public key is converted into a corresponding security domain ID, and the converted list change information is notified to the kernel of the node through a Netlink.
For a brief description of the system provided by the embodiments of the present invention, reference may be made to the corresponding content in the foregoing embodiments where the description of the embodiments is not mentioned.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the invention, and are intended to be included within the scope of the appended claims and description.
Claims (8)
1. A network transmission privacy protection method of a distributed system, comprising:
the method comprises the steps that a local node list is created by a kernel of each node; the node list comprises a security domain set read by all processes in the distributed system;
After receiving a data packet, the kernel acquires a process corresponding to the data packet to obtain a counterpart process, queries a local node list according to the counterpart process to obtain a security domain set read by the counterpart process, and allows or refuses the local process to receive the data packet according to the security domain set;
Further comprises:
When the kernel detects that a local node list changes, list change information is acquired, and the upper layer application of the node where the list change information is located is notified through a Netlink;
the upper layer application broadcasts the list change information to other nodes in the distributed system;
When receiving list change information broadcast by other nodes, the upper layer application informs the kernel of the node where the list change information is located through a Netlink;
And when receiving the list change information of the upper application from the node where the kernel is located, updating a local node list according to the list change information.
2. The method for protecting network transport privacy of a distributed system according to claim 1,
The node list identifies the process through the node IP address and the port number called by the process;
the security domain set comprises security domain IDs corresponding to the security domains read by the process.
3. The network transmission privacy protection method of a distributed system according to claim 2, wherein the broadcasting of the list change information to other nodes by the upper layer application specifically comprises:
After receiving the list change information, the upper layer application analyzes the security domain ID in the list change information, converts the security domain ID into a corresponding public key, and broadcasts the converted list change information to other nodes; wherein the public key is used to uniquely identify the security domain.
4. The method for protecting network transmission privacy of a distributed system according to claim 3, wherein when receiving the list change information broadcast by other nodes, the upper layer application notifies the kernel of the node where the list change information is located through Netlink specifically includes:
When receiving list change information broadcast by other nodes, an upper layer application analyzes a public key in the list change information, converts the public key into a corresponding security domain ID, and notifies the kernel of the node of the converted list change information through a Netlink.
5. The method of claim 1, wherein the change in the node list includes creating, updating, and deleting entries in the security domain set read by the process.
6. A network transmission privacy protection system of a distributed system, the distributed system comprising a plurality of nodes, each node comprising a kernel; it is characterized in that the method comprises the steps of,
The kernel is used for creating a local node list; the node list comprises a security domain set read by all processes in the distributed system; the kernel is further configured to, after receiving a data packet, obtain a process corresponding to the data packet, so as to obtain a peer process, query a local node list according to the peer process, so as to obtain a security domain set read by the peer process, and allow or reject the local process to receive the data packet according to the security domain set;
Each of the nodes further includes an upper layer application;
the kernel is further used for acquiring list change information when detecting that a local node list changes, and notifying an upper layer application of the node where the list change information is located through a Netlink; the kernel is further used for updating a local node list according to the list change information when the list change information of an upper application of the node is received;
The upper layer application is used for broadcasting the list change information to other nodes in the distributed system; and when receiving list change information broadcast by other nodes, notifying the kernel of the node where the list change information is located through the Netlink.
7. The network transmission privacy protection system of claim 6, wherein,
The node list identifies the process through the node IP address and the port number called by the process;
the security domain set comprises security domain IDs corresponding to the security domains read by the process.
8. The network transmission privacy protection system of claim 7, wherein,
The upper layer application is specifically for: after receiving the list change information, resolving a security domain ID in the list change information, converting the security domain ID into a corresponding public key, and broadcasting the converted list change information to other nodes; wherein the public key is used to uniquely identify the security domain;
the upper layer application is specifically for: when list change information broadcast by other nodes is received, a public key in the list change information is analyzed, the public key is converted into a corresponding security domain ID, and the converted list change information is notified to the kernel of the node through a Netlink.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311764252.7A CN117749489B (en) | 2023-12-20 | 2023-12-20 | Network transmission privacy protection method and system of distributed system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311764252.7A CN117749489B (en) | 2023-12-20 | 2023-12-20 | Network transmission privacy protection method and system of distributed system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117749489A CN117749489A (en) | 2024-03-22 |
| CN117749489B true CN117749489B (en) | 2024-09-24 |
Family
ID=90254145
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311764252.7A Active CN117749489B (en) | 2023-12-20 | 2023-12-20 | Network transmission privacy protection method and system of distributed system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117749489B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109508550A (en) * | 2018-10-22 | 2019-03-22 | 南瑞集团有限公司 | Privacy of user guard method and system based on SEAndroid |
| CN116776970A (en) * | 2023-06-26 | 2023-09-19 | 北京熠智科技有限公司 | Federal learning parameter transmission method, aggregation server and federal learning system |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9367700B2 (en) * | 2011-02-16 | 2016-06-14 | Adobe Systems Incorporated | System and method for establishing a shared secret for communication between different security domains |
| CN102254123B (en) * | 2011-06-22 | 2013-04-17 | 深圳市安盾椒图科技有限公司 | Method and device for enhancing security of application software |
| CN104077244A (en) * | 2014-07-20 | 2014-10-01 | 湖南蓝途方鼎科技有限公司 | Process isolation and encryption mechanism based security disc model and generation method thereof |
| CN104573507A (en) * | 2015-02-05 | 2015-04-29 | 浪潮电子信息产业股份有限公司 | Secure container and design method thereof |
| US11500699B2 (en) * | 2019-01-24 | 2022-11-15 | Hewlett Packard Enterprise Development Lp | Communication of data between virtual processes |
| CN114003941B (en) * | 2021-12-28 | 2022-04-05 | 麒麟软件有限公司 | Software authority control system and method based on Linux operating system |
| CN116232659A (en) * | 2022-12-23 | 2023-06-06 | 厦门网宿有限公司 | Data processing method, device and readable storage medium |
| CN116132187B (en) * | 2023-02-23 | 2024-05-14 | 北京京航计算通讯研究所 | Data packet filtering method and system |
| CN116821951A (en) * | 2023-05-04 | 2023-09-29 | 北京熠智科技有限公司 | Method and system for privacy protection for data API service |
-
2023
- 2023-12-20 CN CN202311764252.7A patent/CN117749489B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109508550A (en) * | 2018-10-22 | 2019-03-22 | 南瑞集团有限公司 | Privacy of user guard method and system based on SEAndroid |
| CN116776970A (en) * | 2023-06-26 | 2023-09-19 | 北京熠智科技有限公司 | Federal learning parameter transmission method, aggregation server and federal learning system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117749489A (en) | 2024-03-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8156538B2 (en) | Distribution of information protection policies to client machines | |
| US7702693B1 (en) | Role-based access control enforced by filesystem of an operating system | |
| US7165083B2 (en) | File management method in a distributed storage system | |
| US11030123B2 (en) | Fine grained memory and heap management for sharable entities across coordinating participants in database environment | |
| US20120078866A1 (en) | Method For Managing Lock Resources in a Distributed Storage System | |
| US20070256083A1 (en) | Systems and methods of accessing information across distributed computing components | |
| CN111258627A (en) | Interface document generation method and device | |
| US20090287800A1 (en) | Method, device and system for managing network devices | |
| CN114244654B (en) | URL forwarding method, device, equipment and computer storage medium | |
| CN104243214A (en) | Data processing method, device and system | |
| US7809828B2 (en) | Method for maintaining state consistency among multiple state-driven file system entities when entities become disconnected | |
| CN114253707A (en) | Micro-service request method based on API gateway | |
| CN108021339A (en) | A kind of method of disk read-write, equipment and computer-readable recording medium | |
| CN117459444A (en) | Method, device and storage medium for micro-service co-city dual-activity concentric priority routing | |
| CN115051851B (en) | User access behavior management and control system and method in scene of internet of things | |
| CN103051623B (en) | The method of calling of restriction open platform | |
| US7802065B1 (en) | Peer to peer based cache management | |
| CN117749489B (en) | Network transmission privacy protection method and system of distributed system | |
| CN119421143A (en) | Request processing method, device, equipment, storage medium and product | |
| US20050053091A1 (en) | Method and infrastructure for minimizing compatibility issues among interacting components of different dialect versions | |
| CN118041660A (en) | High-speed large-scale concurrent full-volume network flow intrusion detection method and system | |
| CN116361016B (en) | A network controller message processing method and system | |
| CN111683056B (en) | An information flow control system and method between cloud platforms based on Linux security module | |
| CN115378993A (en) | Method and system for service registration and discovery supporting namespace awareness | |
| JP2006067279A (en) | Intrusion detection system and communication device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |