CN111967001B - Decoding and encoding safety isolation method based on double containers - Google Patents
Decoding and encoding safety isolation method based on double containers Download PDFInfo
- Publication number
- CN111967001B CN111967001B CN202010826541.5A CN202010826541A CN111967001B CN 111967001 B CN111967001 B CN 111967001B CN 202010826541 A CN202010826541 A CN 202010826541A CN 111967001 B CN111967001 B CN 111967001B
- Authority
- CN
- China
- Prior art keywords
- file
- container
- visualized
- viewable
- decoding
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Storage Device Security (AREA)
Abstract
Embodiments of the present disclosure provide a dual container based decoding and encoding security isolation method, system, apparatus, and computer readable storage medium. The method includes obtaining a target file from a mobile device; decoding or analyzing the target file in a first container to obtain a visualized target file; recoding the visualized target file in a second container according to a preset rule, and taking the recoded file as a new target file; and importing the new target file into local equipment, and importing the new target file into the source file in isolation. In this way, illegal unknown input importation can be prevented, and the security of file importation is improved.
Description
Technical Field
Embodiments of the present disclosure relate generally to the field of office security and, more particularly, relate to a dual container based decoding and encoding security isolation method, system, device, and computer readable storage medium.
Background
With the continuous development of society, people have used computers more and more frequently, and the computers have become an indispensable tool in daily life. The attendant safety issues should also be of great importance.
With the popularity and use of mobile devices, viruses have also been invading users' computers with the mobile devices. The principle of virus propagation is that the computer user can automatically run virus and Trojan horse programs when opening a file with the virus by double clicking by relying on the automatic running function of an operating system, so that the computer system is polluted and invaded.
The traditional file transfer protection method is to disinfect at the front end of file import. But are difficult to discover when the content entrained within the file or the file contains unknown virus Trojan, especially for certain specific players, file viewers, and/or operating systems.
Disclosure of Invention
The present disclosure is directed to solving at least one of the technical problems existing in the prior art or related art.
To this end, in a first aspect of the present disclosure, a dual container based decoding and encoding security isolation method is provided. The method comprises the following steps:
Obtaining a target file from a mobile device;
Decoding or analyzing the target file in a first container to obtain a visualized target file;
recoding the visualized target file in a second container according to a preset rule, and taking the recoded file as a new target file;
and importing the new target file into local equipment, and importing the new target file into the source file in isolation.
Further, the first container is a sandbox execution environment which is built by packaging related program codes, function libraries and environment configuration files required by decoding or analyzing the application program; the second container is a sandbox execution environment which is built by packaging relevant program codes, function libraries and environment configuration files required by the coding application program.
Further, the source files include viewable files, playable files, system files, and/or attached files;
The viewable files comprise word, excel and/or txt files;
The playable file comprises a video playing file and/or an audio playing file;
The system files comprise log and/or tlg files;
The additional file comprises virus, trojan horse and/or unauthorized information; wherein the additional file is attached to the viewable file and/or the playable file.
Further, the obtaining the target file from the mobile device includes:
Obtaining a source file from the mobile device;
cleaning the source file to obtain the target file;
Wherein cleaning the source file comprises:
Analyzing the source file to determine the file type;
and if the file type is a system file, deleting the system file.
Further, the decoding or parsing the target file in the first container to obtain a visualized target file includes:
if the file type is a viewable file, analyzing the viewable file in the first container to open the viewable file, and capturing a screen of each page of the viewable file to obtain a visualized viewable file;
if the file type is a video playing file, decoding the video playing file in the first container, opening the video playing file, and recording the playing video to obtain a visualized video playing file;
If the file type is the audio playing file, decoding the audio playing file in the first container, opening the audio playing file, and recording the audio file to obtain a visualized audio playing file.
Further, the recoding the visualized target file in the second container according to the preset rule, and taking the recoded file as a new target file includes:
if the visualized object file type is a visualized viewable file, recoding the visualized viewable file into a viewable file in the second container;
If the type of the visual target file is a visual video playing file, recoding the visual video playing file into a video playing file in the second container;
And if the type of the visualized object file is a visualized audio playing file, recoding the visualized audio playing file into an audio playing file in the second container.
Further, the importing the new target file into the local device, and after the isolation importing the source file, the method includes:
And carrying out integrity detection on the new target file, and if the detection is qualified, adding an integrity label into the new target file.
In a second aspect of the present disclosure, a dual container based decoding and encoding security isolation system is presented, comprising:
an acquisition module for acquiring a source file from a mobile device;
The processing module is used for decoding or analyzing the target file in the first container to obtain a visualized target file;
The encoding module is used for recoding the visualized target file in the second container according to a preset rule, and taking the recoded file as a new target file;
and the importing module is used for importing the new target file into local equipment and importing the new target file into the source file in isolation.
In a third aspect of the present disclosure, an apparatus is presented comprising:
One or more processors;
A storage means for storing one or more programs;
The one or more programs, when executed by the one or more processors, cause the one or more processors to implement the above-described methods as per the present disclosure.
In a fourth aspect of the present disclosure, a computer readable storage medium is provided, on which a computer program is stored, which program, when being executed by a processor, implements a method as described above according to the present disclosure.
The decoding and encoding safety isolation method based on the double containers provided by the embodiment of the application obtains a source file from mobile equipment; cleaning the source file to obtain a target file; decoding or analyzing the target file in a first container to obtain a visualized target file; recoding the visualized target file in a second container according to a preset rule, and taking the recoded file as a new target file; and importing the new target file into the local equipment, and conducting isolation importing on the source file, so that the source file is truncated, the illegal unknown input importing is effectively prevented, the file importing is obtained, and the security of the file importing is improved.
It should be understood that what is described in this summary is not intended to limit the critical or essential features of the embodiments of the disclosure nor to limit the scope of the disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The above and other features, advantages and aspects of embodiments of the present disclosure will become more apparent by reference to the following detailed description when taken in conjunction with the accompanying drawings. In the drawings, wherein like or similar reference numerals denote like or similar elements, in which:
FIG. 1 is an exemplary system architecture diagram in which an embodiment of the present application may be applied;
FIG. 2 is a flow chart of one embodiment of a dual container based decoding and encoding security isolation method in accordance with the present application;
Fig. 3 is a schematic diagram of a computer system for implementing a terminal device or a server according to an embodiment of the present application.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present disclosure more apparent, the technical solutions of the embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present disclosure, and it is apparent that the described embodiments are some embodiments of the present disclosure, but not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments in this disclosure without inventive faculty, are intended to be within the scope of this disclosure.
In addition, the term "and/or" herein is merely an association relationship describing an association object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship.
Fig. 1 illustrates an exemplary system architecture 100 to which embodiments of a dual container based decoding and encoding security isolation method or system of the present application may be applied.
As shown in fig. 1, the system architecture 100 may include mobile storage devices 101, 102, 103, a network 104, and a server 105. The network 104 is used as a medium to provide communication links between the mobile storage devices 101, 102, 103 and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
A user may interact with the server 105 over the network 104 using the mobile storage devices 101, 102, 103 to import or export files, etc. Various types of files may be stored on the mobile storage devices 101, 102, 103, such as system files, video files, audio files, viewable files, and the like.
The mobile storage devices 101, 102, 103 may be a variety of electronic devices with display screens including, but not limited to, smartphones, tablet computers, electronic book readers, MP3 players (Moving Picture Experts Group Audio Layer III, dynamic video expert compression standard audio plane 3), MP4 (Moving Picture Experts Group Audio Layer IV, dynamic video expert compression standard audio plane 4) players, laptop and desktop computers, and the like. But may also be conventional data storage devices including, but not limited to, a usb disk, a removable hard disk, etc.
The server 105 may be a server that provides various services, such as a background server that processes data on the mobile storage devices 101, 102, 103. The background server may analyze (import) received data and perform other processing.
The server may be hardware or software. When the server is hardware, the server may be implemented as a distributed server cluster formed by a plurality of servers, or may be implemented as a single server. When the server is software, it may be implemented as a plurality of software or software modules (e.g., a plurality of software or software modules for providing distributed services), or as a single software or software module. The present invention is not particularly limited herein.
It should be understood that the number of mobile storage devices, networks, and servers in fig. 1 are merely illustrative. There may be any number of mobile storage devices, networks, and servers, as desired for implementation. In particular, in the case where the target data does not need to be acquired from a remote location, the above-described system architecture may not include a network but only include a terminal device or a server.
Fig. 2 is a flow chart of a decoding and encoding security isolation method based on dual containers according to an embodiment of the present application. As can be seen from fig. 2, the dual-container-based decoding and encoding security isolation method of the present embodiment includes the following steps:
s210, acquiring a target file from the mobile device.
In this embodiment, an execution body (e.g., a server shown in fig. 1) for the dual container-based decoding and encoding security isolation method may acquire a source file through a wired or wireless connection.
The mobile device includes a smart phone, a tablet computer, an electronic book reader, an MP3 player (Moving Picture Experts Group Audio Layer III, dynamic image expert compression standard audio layer 3), an MP4 (Moving Picture Experts Group Audio Layer IV, dynamic image expert compression standard audio layer 4) player, a laptop, a desktop, a sound pen, a usb and/or a mobile hard disk, etc.
The source files may be stored in various devices as described above.
Optionally, the source file type includes a viewable file, a playable file, a system file, and/or an attached file;
the viewable files comprise word, excel, txt and/or picture files in various formats and the like;
The playable files comprise video playing files and/or audio playing files in various formats;
the system files comprise log and/or tlg files and the like;
The additional files include viruses, trojans, and/or unauthorized information. That is, illegal data unnecessary for file import.
Wherein the additional files may be attached to the viewable file and/or playable file.
Further, the illegal data includes known and/or unknown illegal data (viruses, trojans, etc.).
Alternatively, the viruses include all viruses that infect through an operating system and file system. For example, embedded viruses that embed their own code in an infected file, system boot viruses that are hosted in a disk boot or master boot, and/or file viruses that can be hosted in a file, etc.
Optionally, the source file to be imported is analyzed, the type of the source file is determined, and useless system files are deleted.
Optionally, the files may generate a significant number of system files during use, including temporary files (e.g., tmp, mp), log files (log), temporary help files (gid), disk check files (chk), temporary backup files (e.g., old, bak), and other temporary files. The part of files are usually useless system files (system garbage files) which do not need to be imported, so that the system files of the type are deleted first, source files needing to be imported are optimized, and the subsequent file importing efficiency is improved. That is, the source file is cleaned, and a system file which is not normally required to be imported is removed, thereby obtaining a source file (target file) which is actually required to be imported.
S220, decoding or analyzing the target file in the first container to obtain a visualized target file.
The Container technology directly packages related program codes, function libraries and environment configuration files required by an application program to establish a sandbox execution environment, and the environment generated by the Container technology is called a Container. The execution environment of the sandbox is isolated from the outside, so that the leakage of viruses and trojans can not be caused.
Optionally, the first container is a sandbox execution environment which is built by packaging related program codes, function libraries and environment configuration files required by decoding or analyzing the application program; the second container is a sandbox execution environment which is built by packaging relevant program codes, function libraries and environment configuration files required by the coding application program.
Preferably, a Docker container is used as the first container and the second container in the following steps. The Docker container has no additional overhead of a management program, shares an operating system with the bottom layer, has better performance and lower system load, can run more instances (specific 'objects' created according to classes) under the same condition, and fully utilizes system resources. Meanwhile, the Docker container has good resource isolation and restriction capability, can accurately allocate resources such as CPU, memory and the like to the applications, and ensures that the applications cannot be influenced mutually.
When the additional file exists in the target file, the decoded or parsed target file can be effectively isolated by opening the first container.
Optionally, decoding or parsing the target file according to the type of the target file in the first container to obtain a visualized target file.
Specifically, if the file type is a viewable file, the viewable file is parsed in the first container to open the viewable file, and each page of the viewable file is subjected to screenshot to obtain a visualized viewable file. For example, if the type of the viewable file is word, after the word file is parsed, the word file is opened, and screenshot is performed on each page content (all content) of the word file, and the generated set of pictures (screenshot) is a visualized viewable file;
if the file type is a video playing file, decoding the video playing file in the first container, opening the video playing file, and recording the playing video to obtain a visualized video playing file;
If the file type is the audio playing file, decoding the audio playing file in the first container, opening the audio playing file, and recording the audio file to obtain a visualized audio playing file.
Optionally, when the type of the visualized object file is a visualized playable file, in order to ensure the quality of the visualized playable file, an uncompressed MOV format with better recording effect is usually adopted.
S230, recoding the visualized target file in the second container according to a preset rule, and taking the recoded file as a new target file.
Optionally, recoding the visualized object file in the second container according to the visualized object file type.
Specifically, if the visualized object file type is a visualized viewable file, recoding the visualized viewable file (picture file) into a viewable file in the second container, wherein the viewable file is a new object file;
If the type of the visual target file is a visual video playing file, recoding the visual video playing file into a video playing file in the second container, wherein the video playing file is a new target file;
And if the type of the visualized object file is a visualized audio playing file, recoding the visualized audio playing file into an audio playing file in the second container, wherein the audio playing file is a new object file.
Optionally, when the visualized object file type is a visualized playable file, that is, a MOV format file. The visual playable file in the MOV format is re-encoded in the second container to the desired audio/video format. Because the MOV format is an uncompressed file play format, the data can be large. For example, the size of the target file is 1G, and the file becomes 10G after being converted into a visual playable file, which is unfavorable for subsequent local storage.
Alternatively, the file format of the viewable file, the video play file, and/or the audio play file, which are typically re-encoded, and the file format of the source file are the same, but may be set according to the actual situation. For example, the object file is in a word format, and the recoded file (new object file) is also in a word format in general, but we can recode the object file in the word format into an excel file (new object file) according to practical situations. Similarly, the object file in mp3 format may be recoded into an FLC file (new object file) or the like, which is not described herein.
S240, importing the new target file into local equipment, and importing the new target file into the source file in isolation.
Optionally, if the source file is stored in a mobile storage device (such as a usb disk and a mobile hard disk), decoding or parsing the source file through a first container in a local device, then recoding a file decoded in the first container through a second container in the local device, and storing the recoded file in a designated position in the local device, thereby completing isolation import of the source file. That is, importing the new target file into the local device;
If the source file is stored on a device such as a laptop or desktop computer, a first container may be provided on the device such as the laptop or desktop computer and a second container may be provided on the local device. That is, the source file is decoded or parsed in a first container on the laptop or desktop computer to generate a visualized target file, the visualized target file is recoded into a new target file in a second container on the local device, and the new target file is stored (imported) in a designated position in the local device, thereby completing the isolated import of the source file.
Further, the new target file is subjected to integrity detection, and if the detection is qualified, an integrity label is added to the new target file.
Optionally, the new target file is subjected to integrity detection through algorithms such as CRC32, MD4, MD5 and the like, and if the detection is qualified, an integrity tag is added to the new target file.
For example, the MD5 algorithm determines from the file length whether the new target file is complete.
Optionally, the file with the integrity tag added has better security, and when the integrity of the file is destroyed, remedial action can be taken in time.
According to the decoding and encoding safety isolation method based on the double containers, a source file to be imported is decoded or analyzed through a first container, and a visualized target file is generated; and recoding the visualized target file through a second container. The method and the device realize the interception of the source file, effectively prevent the illegal unknown input from being imported, ensure that the file is imported to be obtained immediately, and improve the security of the file import.
The embodiment of the application also provides a decoding and encoding safety isolation system based on double containers, which comprises the following steps:
an acquisition module for acquiring a source file from a mobile device;
The processing module is used for decoding or analyzing the target file in the first container to obtain a visualized target file;
The encoding module is used for recoding the visualized target file in the second container according to a preset rule, and taking the recoded file as a new target file;
and the importing module is used for importing the new target file into local equipment and importing the new target file into the source file in isolation.
It will be clear to those skilled in the art that, for convenience and brevity of description, reference may be made to the corresponding process in the foregoing embodiment of the dual container-based decoding and encoding security isolation method for the specific working process of the described system, which is not repeated herein.
The embodiment of the application also provides equipment, which comprises the following steps:
One or more processors;
A storage means for storing one or more programs;
The one or more programs, when executed by the one or more processors, cause the one or more processors to implement the dual container based decoding and encoding security isolation method described above.
In addition, the embodiment of the application also provides a computer readable storage medium, wherein a computer program is stored on the computer readable storage medium, and the program is executed by a processor to realize the double-container-based decoding and encoding security isolation method.
Referring now to FIG. 3, there is shown a schematic diagram of a computer system suitable for use in implementing a terminal device or server of an embodiment of the present application. The terminal device shown in fig. 3 is only an example, and should not impose any limitation on the functions and the scope of use of the embodiment of the present application.
As shown in fig. 3, the computer system includes a Central Processing Unit (CPU) 301 that can perform various appropriate actions and processes based on a program stored in a Read Only Memory (ROM) 302 or a program loaded from a storage section 308 into a Random Access Memory (RAM) 303. In the RAM 303, various programs and data required for the system operation are also stored. The CPU 301, ROM 302, and RAM 303 are connected to each other through a bus 304. An input/output (I/O) interface 305 is also connected to bus 304.
The following components are connected to the I/O interface 305: an input section 306 including a keyboard, a mouse, and the like; an output portion 307 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage section 308 including a hard disk or the like; and a communication section 309 including a network interface card such as a LAN card, a modem, or the like. The communication section 309 performs communication processing via a network such as the internet. The drive 310 is also connected to the I/O interface 305 on an as-needed basis. Removable media 311, such as magnetic disks, optical disks, magneto-optical disks, semiconductor memories, and the like, are installed on demand on drive 310 so that a computer program read therefrom is installed into storage section 308 on demand.
In particular, the processes described above with reference to flowcharts may be implemented as computer software programs, based on embodiments of the present disclosure. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 309, and/or installed from the removable medium 311. The above-described functions defined in the method of the present application are performed when the computer program is executed by a Central Processing Unit (CPU) 301.
The computer readable medium according to the present application may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the above. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present application, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a unit, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units involved in the embodiments of the present application may be implemented in software or in hardware. The described units may also be provided in a processor, for example, described as: a processor includes an information measurement unit, a travel locus determination unit, a map determination unit, and a driving strategy generation unit. The names of these units do not constitute limitations on the unit itself in some cases, and for example, the information measurement unit may also be described as "a unit that measures state information of the host vehicle and surrounding scene information".
As another aspect, the present application also provides a nonvolatile computer storage medium, which may be a nonvolatile computer storage medium included in the apparatus described in the above embodiment; or may be a non-volatile computer storage medium, alone, that is not incorporated into the terminal. The above-described nonvolatile computer storage medium stores one or more programs that, when executed by an apparatus, cause the apparatus to: obtaining a target file from a mobile device; decoding or analyzing the target file in a first container to obtain a visualized target file; recoding the visualized target file in a second container according to a preset rule, and taking the recoded file as a new target file; and importing the new target file into local equipment, and importing the new target file into the source file in isolation.
The above description is only illustrative of the preferred embodiments of the present application and of the principles of the technology employed. It will be appreciated by persons skilled in the art that the scope of the application referred to in the present application is not limited to the specific combinations of the technical features described above, but also covers other technical features formed by any combination of the technical features described above or their equivalents without departing from the inventive concept described above. Such as the above-mentioned features and the technical features disclosed in the present application (but not limited to) having similar functions are replaced with each other.
Claims (9)
1. A dual container based decoding and encoding security isolation method, comprising:
Obtaining a target file from a mobile device;
Decoding or analyzing the target file in a first container to obtain a visualized target file;
recoding the visualized target file in a second container according to a preset rule, and taking the recoded file as a new target file;
importing a new target file into local equipment to finish isolation importing of a source file;
The decoding or parsing the target file in the first container to obtain a visualized target file includes: if the file type is a viewable file, analyzing the viewable file in the first container to open the viewable file, and capturing a screenshot of each page of the viewable file to obtain a visualized viewable file; if the file type is a video playing file, decoding the video playing file in the first container, opening the video playing file, and recording a playing video to obtain a visualized video playing file; if the file type is an audio playing file, decoding the audio playing file in the first container, opening the audio playing file, and recording the audio playing file to obtain a visualized audio playing file.
2. The method of claim 1, wherein the first container is a sandbox execution environment created by packaging all relevant program code, libraries, and environment configuration files required for decoding or parsing an application; the second container is a sandbox execution environment which is built by packaging relevant program codes, function libraries and environment configuration files required by the coding application program.
3. The method of claim 2, wherein the source file comprises a viewable file, a playable file, a system file, and/or an attached file;
The viewable files comprise word, excel and/or txt files;
The playable file comprises a video playing file and/or an audio playing file;
The system files comprise log and/or tlg files;
The additional file comprises virus, trojan horse and/or unauthorized information; wherein the additional file is attached to the viewable file and/or the playable file.
4. The method of claim 3, wherein the obtaining the target file from the mobile device comprises:
Obtaining a source file from the mobile device;
cleaning the source file to obtain the target file;
Wherein cleaning the source file comprises:
Analyzing the source file to determine the file type;
and if the file type is a system file, deleting the system file.
5. The method of claim 1, wherein recoding the visualized object file in the second container according to a preset rule, and taking the recoded file as a new object file comprises:
if the visualized object file type is a visualized viewable file, recoding the visualized viewable file into a viewable file in the second container;
If the type of the visual target file is a visual video playing file, recoding the visual video playing file into a video playing file in the second container;
And if the type of the visualized object file is a visualized audio playing file, recoding the visualized audio playing file into an audio playing file in the second container.
6. The method of claim 1, wherein importing the new target file into the local device, and wherein the quarantining the source file after importing comprises:
And carrying out integrity detection on the new target file, and if the detection is qualified, adding an integrity label into the new target file.
7. A dual container based decoding and encoding security isolation system comprising:
The acquisition module is used for acquiring the target file from the mobile equipment;
The processing module is used for decoding or analyzing the target file in the first container to obtain a visualized target file;
The encoding module is used for recoding the visualized target file in the second container according to a preset rule, and taking the recoded file as a new target file;
The import module is used for importing the new target file into the local equipment to finish the isolation import of the source file;
The decoding or parsing the target file in the first container to obtain a visualized target file includes: if the file type is a viewable file, analyzing the viewable file in the first container to open the viewable file, and capturing a screenshot of each page of the viewable file to obtain a visualized viewable file; if the file type is a video playing file, decoding the video playing file in the first container, opening the video playing file, and recording a playing video to obtain a visualized video playing file; if the file type is an audio playing file, decoding the audio playing file in the first container, opening the audio playing file, and recording the audio playing file to obtain a visualized audio playing file.
8. An electronic device, comprising:
One or more processors;
A storage means for storing one or more programs;
When executed by the one or more processors, causes the one or more processors to implement the method of any of claims 1-6.
9. A computer readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the method according to any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010826541.5A CN111967001B (en) | 2020-08-17 | 2020-08-17 | Decoding and encoding safety isolation method based on double containers |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010826541.5A CN111967001B (en) | 2020-08-17 | 2020-08-17 | Decoding and encoding safety isolation method based on double containers |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111967001A CN111967001A (en) | 2020-11-20 |
| CN111967001B true CN111967001B (en) | 2024-07-12 |
Family
ID=73388112
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010826541.5A Active CN111967001B (en) | 2020-08-17 | 2020-08-17 | Decoding and encoding safety isolation method based on double containers |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111967001B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115209220B (en) * | 2022-06-08 | 2024-10-11 | 阿里巴巴(中国)有限公司 | Video file processing method and device, storage medium and electronic equipment |
| CN115167845A (en) * | 2022-08-17 | 2022-10-11 | 北京远舢智能科技有限公司 | Method, device and equipment for encapsulating business model and computer readable storage medium |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104219212A (en) * | 2013-06-04 | 2014-12-17 | 北大方正集团有限公司 | Method, device and system for cross-network transmission of video files |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103248624A (en) * | 2013-04-22 | 2013-08-14 | 郑永春 | Data security network system based on digital high-definition picture transmission |
| GB2538998A (en) * | 2015-06-03 | 2016-12-07 | Nokia Technologies Oy | A method, an apparatus, a computer program for video coding |
-
2020
- 2020-08-17 CN CN202010826541.5A patent/CN111967001B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104219212A (en) * | 2013-06-04 | 2014-12-17 | 北大方正集团有限公司 | Method, device and system for cross-network transmission of video files |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111967001A (en) | 2020-11-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10958416B2 (en) | Encrypted and compressed data transmission with padding | |
| KR102069940B1 (en) | Page-based compressed storage management | |
| US11184174B2 (en) | System and method for decentralized digital structured data storage, management, and authentication using blockchain | |
| US9064134B1 (en) | Method and apparatus for mitigating software vulnerabilities | |
| US20140149322A1 (en) | Protecting Contents in a Content Management System by Automatically Determining the Content Security Level | |
| CN111857550B (en) | Method, apparatus and computer readable medium for data deduplication | |
| CN107203574B (en) | Aggregation of data management and data analysis | |
| CN111967001B (en) | Decoding and encoding safety isolation method based on double containers | |
| CN110287146A (en) | Application downloading method, device and computer storage medium | |
| CN110070360B (en) | Transaction request processing method, device, equipment and storage medium | |
| US20190095540A1 (en) | Reducing latency in rendering of content | |
| US12499187B2 (en) | Methods and systems for watermarking digital data | |
| CN115048623A (en) | Method, computing device and storage medium for encrypting code | |
| CN113221554A (en) | Text processing method and device, electronic equipment and storage medium | |
| CN115348472A (en) | Video recognition method, device, readable medium and electronic equipment | |
| US20200133583A1 (en) | Method, apparatus and computer program product for storing data | |
| CN109150790A (en) | The recognition methods of Web page crawler and device | |
| CN113378025B (en) | Data processing method, device, electronic device and storage medium | |
| CN112434327A (en) | Information protection method and device and electronic equipment | |
| CN111737751B (en) | Method and device for realizing distributed data processing of privacy protection | |
| CN120180398A (en) | Data processing methods, devices, equipment, media and products | |
| CN116702218B (en) | Rendering method, device, terminal and storage medium of three-dimensional model in applet | |
| CN116028917A (en) | Authority detection method and device, storage medium and electronic equipment | |
| CN115296821A (en) | Data processing system for digital collection management | |
| CN115730104A (en) | Live broadcast room processing method, device, equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |