CN112783961B - Data export method and system based on managed operation - Google Patents
Data export method and system based on managed operation Download PDFInfo
- Publication number
- CN112783961B CN112783961B CN202110119550.5A CN202110119550A CN112783961B CN 112783961 B CN112783961 B CN 112783961B CN 202110119550 A CN202110119550 A CN 202110119550A CN 112783961 B CN112783961 B CN 112783961B
- Authority
- CN
- China
- Prior art keywords
- information
- data export
- data
- input
- tool
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/25—Integrating or interfacing systems involving database management systems
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
- G06F16/284—Relational databases
Landscapes
- Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a data export method and a system based on managed operation, which relate to the field of data security and comprise the following steps: collecting data input mode information and data output mode information of a data export tool; collecting all input data source information and output target information of the data export tool aiming at the data export task; summarizing information to obtain safety monitoring basis information; creating a preset environment for running the data export tool; configuring input and output of the preset environment based on the safety monitoring basis information, allowing the safety monitoring basis information to specify operations, and refusing operations except the specified operations in the safety monitoring basis information; and operating the data export tool in the preset environment to finish data export operation. The method has the advantages of low requirement on technical capability, simple implementation and realization, low cost, capability of being rapidly implemented and deployed in different software and hardware environments, and wide application and popularization values.
Description
Technical Field
The invention relates to the field of data security, in particular to a data export method and system based on managed operation.
Background
Data export is a common function in data processing and information systems, and for safety detection of data export, there are many methods, including static analysis of functional logic, dynamic analysis and monitoring of instruction execution, etc. for export tools and programs. However, these methods have high requirements on technical capabilities, and have disadvantages of difficult implementation and realization, so that it is difficult to widely apply and popularize these methods.
Disclosure of Invention
Aiming at the problem that the existing data export security guarantee is difficult to implement and realize, the invention provides a data export method and a data export system based on managed operation, and aims to simply and efficiently realize the secure export of data.
In order to achieve the above object, the present invention provides a data export method based on managed operation, which is characterized in that the method includes:
collecting data input mode information and data output mode information of a data export tool to obtain first information;
collecting all input data source information and output target information of the data export tool aiming at the data export task to obtain second information;
summarizing the first information and the second information to obtain safety monitoring basis information;
creating a preset environment for running the data export tool;
configuring input and output of the preset environment based on the safety monitoring basis information, allowing the safety monitoring basis information to perform specified operation, and refusing operations except the specified operation in the safety monitoring basis information;
and operating the data export tool in the preset environment to finish data export operation.
The principle of the invention is as follows: creating a preset environment such as a virtual software container, setting limits on input and output parameters and ports of the container according to the derived source data and the derived position, deploying and running the derived tool or service in the container, and taking over all input and output of the derived tool or service through the container, namely ensuring that the input and output of the derived tool or service are controlled by the container, and ensuring that no illegal or unexpected data input or output exists.
Preferably, the first information in the method includes: file read-write information, database table information, interprocess communication information and network socket information.
Preferably, the second information in the method is specified by a configuration file of the data export tool and a command line parameter of the data export tool.
Preferably, in the method, the preset environment has an input end and an output end, and the preset environment is isolated from the outside. The preset environment is isolated from the outside, so that the safety of data export can be guaranteed.
Preferably, the preset environment in the method is a virtual container or an application domain.
Preferably, the method allows security monitoring of read operations from the input source and write operations to the output destination specified in the information, and denies security monitoring of input and output operations other than the operations specified in the information.
Preferably, in the method, the executable file of the data export tool is loaded in the preset environment and the data export tool is started to run to complete the data export operation.
Preferably, the method further comprises: when the data export tool performs other read and write operations than a write operation for the specified input source read operation and output target, one or more of the following actions are taken: logging, giving runtime hints, denying and interrupting operations, and aborting the operation of the data export tool.
Preferably, the method further comprises: the data export process is executed, the log and the relevant running information of the preset environment are checked, and the statistical information of the data export process is output, and the statistical information comprises the following steps: the number of operations attempting to access a predetermined input source, the number of operations attempting to access a predetermined output target, the number of input operations rejected and interrupted, and the number of output operations rejected and interrupted.
The invention also provides a data export system based on managed operation, comprising:
the first collecting unit is used for collecting data input mode information and data output mode information of the data derivation tool to obtain first information;
the second collecting unit is used for collecting all input data source information and output target information of the data exporting tool aiming at the data exporting task at this time to obtain second information;
the collecting unit is used for collecting the first information and the second information to obtain safety monitoring basis information;
a creation unit for creating a preset environment for running the data export tool;
the configuration unit is used for configuring the input and the output of the preset environment based on the safety monitoring basis information, allowing the operation specified in the safety monitoring basis information, and refusing the operation except the specified operation in the safety monitoring basis information;
and the data export unit is used for operating the data export tool in the preset environment to finish data export operation.
The invention also provides a data export device based on managed operation, which comprises a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the processor realizes the steps of the data export method based on managed operation when executing the computer program.
The invention further provides a computer-readable storage medium storing a computer program which, when executed by a processor, implements the steps of the managed operation-based data derivation method.
One or more technical schemes provided by the invention at least have the following technical effects or advantages:
the invention takes over all the input and output of the export tool or service by creating the software container, namely ensuring that the input and output of the export tool or service are controlled by the container, and ensuring that no illegal or unexpected data input or export exists.
Drawings
The accompanying drawings, which are included to provide a further understanding of the embodiments of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention;
FIG. 1 is a schematic flow diagram of a data export method based on managed operations;
fig. 2 is a schematic diagram of a data export system operating on a managed basis.
Detailed Description
In order that the above objects, features and advantages of the present invention can be more clearly understood, a more particular description of the invention will be rendered by reference to the appended drawings. It should be noted that the embodiments of the present invention and features of the embodiments may be combined with each other without conflicting with each other.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, however, the present invention may be practiced in other ways than those specifically described and thus the scope of the present invention is not limited by the specific embodiments disclosed below.
It should be understood that "system", "device", "unit" and/or "module" as used herein is a method for distinguishing different components, elements, parts, portions or assemblies at different levels. However, other words may be substituted by other expressions if they accomplish the same purpose.
As used in this specification and the appended claims, the terms "a," "an," "the," and/or "the" are not intended to be inclusive in the singular, but rather are intended to be inclusive in the plural, unless the context clearly dictates otherwise. In general, the terms "comprises" and "comprising" merely indicate that steps and elements are included which are explicitly identified, that the steps and elements do not form an exclusive list, and that a method or apparatus may include other steps or elements.
Flow charts are used in this description to illustrate operations performed by a system according to embodiments of the present description. It should be understood that the preceding or following operations are not necessarily performed in the exact order in which they are performed. Rather, the various steps may be processed in reverse order or simultaneously. Meanwhile, other operations may be added to the processes, or a certain step or several steps of operations may be removed from the processes.
Example one
Referring to fig. 1, fig. 1 is a schematic flowchart of a data export method based on managed operation, and a first embodiment of the present invention provides a data export method based on managed operation, where the method includes:
collecting data input mode information and data output mode information of a data export tool to obtain first information;
collecting all input data source information and output target information of the data exporting tool aiming at the data exporting task to obtain second information;
summarizing the first information and the second information to obtain safety monitoring basis information;
creating a preset environment for running the data export tool;
configuring input and output of the preset environment based on the safety monitoring basis information, allowing the safety monitoring basis information to perform specified operation, and refusing operations except the specified operation in the safety monitoring basis information;
and operating the data export tool in the preset environment to finish data export operation.
The method is described in detail below with reference to specific examples, but the method is not limited to the following embodiments:
1. the input and output modes of the collected data export tool comprise file reading and writing, a database table, interprocess communication (such as pipelines, shared memories, message queues and the like), a network socket and the like;
2. collecting all input data sources and output targets of a data export tool for the export task, wherein the information is specified through a configuration file of the data export tool and command line parameters of the data export tool;
3. summarizing the information collected in the step 1 and the step 2 to form a table which is used as a safety monitoring basis of the managed container service for the input and the output of the data export tool;
suppose that the data source of a certain data export task is file1.txt, and its location is at c: \ data \; the target location of data export is the data table data.table1 on MySQL database server with IP address 10.10.1.1 and listening port 3306, then the table is filled as shown in table 1:
TABLE1
4. Creating a virtual container (VM) or application Domain (App Domain) for hosting a run data export tool;
5. configuring exception rules, i.e., actions that should be taken when the data export tool performs other read and write operations than write operations for the specified input source and output target:
logging;
give runtime hints;
refuse and interrupt the operation;
suspending the operation of the export tool;
6. according to the table data in the step 3, configuring all input and output in a virtual container (VM) or an application Domain (App Domain), only allowing the read operation of an input source and the write operation of an output target specified in the table, and completely forbidding other types of input and output operations;
7. loading an executable file of the export tool in a virtual container (VM) or an application Domain (App Domain) and starting to run;
8. for any read-write operation other than attempting to write to the specified input source and output target during the operation of the data export tool, the virtual container (VM) or application Domain (App Domain) takes a predetermined action according to the configuration of step 5;
9. after the export process is executed, checking logs and related running information of a virtual container (VM) or an application Domain (App Domain), and outputting statistical information of the export process:
number of operations attempting to access predetermined input sources and output targets:
number of input and output operations rejected and interrupted.
The data export tool in the method can be dtswizard or BCP or Bulk Insert and OpenRowSet or FORXML and OPENXML, Excel is used for exporting data, or queries are established, and the specific type and form of the data export tool are not limited by the invention.
Example two
Referring to fig. 2, fig. 2 is a schematic diagram illustrating a data export system based on managed operation, an embodiment of the present invention provides a data export system based on managed operation, including:
the first collecting unit is used for collecting data input mode information and data output mode information of the data derivation tool to obtain first information;
the second collecting unit is used for collecting all input data source information and output target information of the data exporting task aiming at the data exporting task to obtain second information;
the collecting unit is used for collecting the first information and the second information to obtain safety monitoring basis information;
a creation unit for creating a preset environment for running the data export tool;
the configuration unit is used for configuring the input and the output of the preset environment based on the safety monitoring basis information, allowing the operation specified in the safety monitoring basis information, and refusing the operation except the specified operation in the safety monitoring basis information;
and the data export unit is used for operating the data export tool in the preset environment to complete data export operation.
EXAMPLE III
The third embodiment of the present invention provides a data export apparatus based on managed operation, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the data export method based on managed operation when executing the computer program.
The processor may be a Central Processing Unit (CPU), or other general-purpose processor, a digital signal processor (digital signal processor), an Application Specific Integrated Circuit (Application Specific Integrated Circuit), an off-the-shelf programmable gate array (field programmable gate array) or other programmable logic device, a discrete gate or transistor logic device, a discrete hardware component, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory may be used to store the computer programs and/or modules, and the processor may implement various functions of the data derivation apparatus based on managed operation in the invention by executing or executing data stored in the memory. The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function (such as a sound playing function, an image playing function, etc.), and the like. Further, the memory may include high speed random access memory, and may also include non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a smart memory card, a secure digital card, a flash memory card, at least one magnetic disk storage device, a flash memory device, or other volatile solid state storage device.
Example four
A fourth embodiment of the present invention provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the steps of the data export method based on managed operation are implemented.
The data deriving means based on managed operation, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on such understanding, all or part of the flow in the method of implementing the embodiments of the present invention may also be stored in a computer readable storage medium through a computer program, and when the computer program is executed by a processor, the computer program may implement the steps of the above-described method embodiments. Wherein the computer program comprises computer program code, an object code form, an executable file or some intermediate form, etc. The computer readable medium may include: any entity or device capable of carrying said computer program code, a recording medium, a usb-disk, a removable hard disk, a magnetic disk, an optical disk, a computer memory, a read-only memory, a random access memory, a point carrier signal, a telecommunications signal, a software distribution medium, etc. It should be noted that the computer readable medium may contain content that is appropriately increased or decreased as required by legislation and patent practice in the jurisdiction.
The technical scheme in the embodiment of the invention at least has the following technical effects or advantages:
the technical scheme in the embodiment of the invention takes over all the input and output of the export tool or service by creating the software container, namely ensuring that the input and output of the export tool or service are controlled by the container, and ensuring that illegal or unexpected data input or export does not exist.
Having thus described the basic concept, it will be apparent to those skilled in the art that the foregoing detailed disclosure is to be considered as illustrative only and not limiting, of the present invention. Various modifications, improvements and adaptations to the present description may occur to those skilled in the art, although not explicitly described herein. Such modifications, improvements and adaptations are proposed in the present specification and thus fall within the spirit and scope of the exemplary embodiments of the present specification.
Also, the description uses specific words to describe embodiments of the specification. Reference throughout this specification to "one embodiment," "an embodiment," and/or "some embodiments" means that a particular feature, structure, or characteristic described in connection with at least one embodiment of the specification is included. Therefore, it is emphasized and should be appreciated that two or more references to "an embodiment" or "one embodiment" or "an alternative embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, some features, structures, or characteristics of one or more embodiments of the specification may be combined as appropriate.
Moreover, those skilled in the art will appreciate that aspects of the present description may be illustrated and described in terms of several patentable species or situations, including any new and useful combination of processes, machines, manufacture, or materials, or any new and useful improvement thereof. Accordingly, aspects of this description may be performed entirely by hardware, entirely by software (including firmware, resident software, micro-code, etc.), or by a combination of hardware and software. The above hardware or software may be referred to as "data block," module, "" engine, "" unit, "" component, "or" system. Furthermore, aspects of the present description may be represented as a computer product, including computer readable program code, embodied in one or more computer readable media.
The computer storage medium may comprise a propagated data signal with the computer program code embodied therewith, for example, on baseband or as part of a carrier wave. The propagated signal may take any of a variety of forms, including electromagnetic, optical, and the like, or any suitable combination. A computer storage medium may be any computer-readable medium that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code located on a computer storage medium may be propagated over any suitable medium, including radio, cable, fiber optic cable, RF, or the like, or any combination of the preceding.
Computer program code required for the operation of various portions of this specification may be written in any one or more programming languages, including an object oriented programming language such as Java, Scala, Smalltalk, Eiffel, JADE, Emerald, C + +, C #, VB.NET, Python, and the like, a conventional programming language such as C, Visual Basic, Fortran 2003, Perl, COBOL 2002, PHP, ABAP, a dynamic programming language such as Python, Ruby, and Groovy, or other programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any network format, such as a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet), or in a cloud computing environment, or as a service, such as a software as a service (SaaS).
Additionally, the order in which the elements and sequences of the process are recited in the specification, the use of alphanumeric characters, or other designations, is not intended to limit the order in which the processes and methods of the specification occur, unless otherwise specified in the claims. While various presently contemplated embodiments of the invention have been discussed in the foregoing disclosure by way of example, it is to be understood that such detail is solely for that purpose and that the appended claims are not limited to the disclosed embodiments, but, on the contrary, are intended to cover all modifications and equivalent arrangements that are within the spirit and scope of the embodiments herein. For example, although the system components described above may be implemented by hardware devices, they may also be implemented by software-only solutions, such as installing the described system on an existing server or mobile device.
Similarly, it should be noted that in the preceding description of embodiments of the present specification, various features are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure aiding in the understanding of one or more of the embodiments. This method of disclosure, however, is not intended to imply that more features than are expressly recited in a claim. Indeed, the embodiments may be characterized as having less than all of the features of a single embodiment disclosed above.
For each patent, patent application publication, and other material, such as articles, books, specifications, publications, documents, etc., cited in this specification, the entire contents of each are hereby incorporated by reference into this specification. Except where the application history document does not conform to or conflict with the contents of the present specification, it is to be understood that the application history document, as used herein in the present specification or appended claims, is intended to define the broadest scope of the present specification (whether presently or later in the specification) rather than the broadest scope of the present specification. It is to be understood that the descriptions, definitions and/or uses of terms in the accompanying materials of this specification shall control if they are inconsistent or contrary to the descriptions and/or uses of terms in this specification.
Finally, it should be understood that the embodiments described herein are merely illustrative of the principles of the embodiments of the present disclosure. Other variations are also possible within the scope of the present description. Thus, by way of example, and not limitation, alternative configurations of the embodiments of the specification can be considered consistent with the teachings of the specification. Accordingly, the embodiments of the present description are not limited to only those embodiments explicitly described and depicted herein.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (6)
1. A data export method based on managed operations, the method comprising:
collecting data input mode information and data output mode information of a data export tool to obtain first information;
collecting all input data source information and output target information of the data export tool aiming at the data export task to obtain second information;
summarizing the first information and the second information to obtain safety monitoring basis information;
creating a preset environment for running the data export tool;
configuring input and output of the preset environment based on the safety monitoring basis information, allowing the safety monitoring basis information to perform specified operation, and refusing operations except the specified operation in the safety monitoring basis information;
running the data export tool in the preset environment to finish data export operation;
wherein the first information includes: file read-write information, database table information, interprocess communication information and network socket information; the second information is specified by a configuration file of the data export tool and a command line parameter of the data export tool; the preset environment is provided with an input end and an output end and is isolated from the outside; the preset environment is a virtual container or an application domain.
2. The managed operation-based data export method of claim 1, wherein security monitoring is allowed for read operations from input sources and write operations to output targets specified in the information, and security monitoring is denied for input and output operations other than the operations specified in the information.
3. The managed operation-based data export method of claim 1, wherein the executable file of the data export tool is loaded in the preset environment and the data export tool is started to complete the data export operation.
4. The managed operation-based data export method of claim 1, wherein the method further comprises: when the data export tool performs other read and write operations than a write operation for the specified input source read operation and output target, one or more of the following actions are taken: logging, giving runtime hints, denying and interrupting operations, and aborting the operation of the data export tool.
5. The managed operation-based data export method of claim 1, wherein the method further comprises: after the data export process is completed, the log and the relevant running information of the preset environment are checked, and the statistical information of the data export process is output, which comprises the following steps: the number of operations attempting to access a predetermined input source, the number of operations attempting to access a predetermined output target, the number of input operations rejected and interrupted, and the number of output operations rejected and interrupted.
6. A data export system operating on a managed basis, the system comprising:
the first collecting unit is used for collecting data input mode information and data output mode information of the data derivation tool to obtain first information;
the second collecting unit is used for collecting all input data source information and output target information of the data exporting task aiming at the data exporting task to obtain second information;
the collecting unit is used for collecting the first information and the second information to obtain safety monitoring basis information;
a creation unit for creating a preset environment for running the data export tool;
the configuration unit is used for configuring the input and the output of the preset environment based on the safety monitoring basis information, allowing the operation specified in the safety monitoring basis information, and refusing the operation except the specified operation in the safety monitoring basis information;
the data export unit is used for operating the data export tool in the preset environment to complete data export operation;
wherein the first information includes: file read-write information, database table information, interprocess communication information and network socket information; the second information is specified by a configuration file of the data export tool and a command line parameter of the data export tool; the preset environment is provided with an input end and an output end, the preset environment is isolated from the outside, and the preset environment is a virtual container or an application domain.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110119550.5A CN112783961B (en) | 2021-01-28 | 2021-01-28 | Data export method and system based on managed operation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110119550.5A CN112783961B (en) | 2021-01-28 | 2021-01-28 | Data export method and system based on managed operation |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112783961A CN112783961A (en) | 2021-05-11 |
| CN112783961B true CN112783961B (en) | 2022-07-19 |
Family
ID=75759489
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110119550.5A Active CN112783961B (en) | 2021-01-28 | 2021-01-28 | Data export method and system based on managed operation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112783961B (en) |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9769174B2 (en) * | 2013-06-14 | 2017-09-19 | Catbird Networks, Inc. | Systems and methods for creating and modifying access control lists |
| US9378384B2 (en) * | 2014-04-16 | 2016-06-28 | Bank Of America Corporation | Secure endpoint file export in a business environment |
| CN107741877A (en) * | 2017-11-06 | 2018-02-27 | 湖南红手指信息技术有限公司 | A kind of method, storage medium and the processor of cloud handset starting virtual opetrating system |
| US11017107B2 (en) * | 2018-03-06 | 2021-05-25 | Amazon Technologies, Inc. | Pre-deployment security analyzer service for virtual computing resources |
| CN112100954B (en) * | 2020-08-31 | 2024-07-09 | 北京百度网讯科技有限公司 | Method, apparatus and computer storage medium for verifying chip |
-
2021
- 2021-01-28 CN CN202110119550.5A patent/CN112783961B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN112783961A (en) | 2021-05-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| RU2439665C2 (en) | Compilation of executable code in less trustworthy address space | |
| CN108363920B (en) | System call policy for containers | |
| US10127018B2 (en) | Dynamic addition of code in shared libraries | |
| US20200117615A1 (en) | Apparatus and method for handling page protection faults in a computing system | |
| US20170277903A1 (en) | Data Protection Using Virtual Resource Views | |
| US9665394B2 (en) | Sharing application objects among multiple tenants | |
| US20170160980A1 (en) | Accelerating concurrent access to a file in a memory-based file system | |
| CN103810009A (en) | Method and device for accelerating starting of computer operating system | |
| US12099624B2 (en) | Controlled data access via container visible location | |
| CN113239386A (en) | API (application program interface) permission control method and device | |
| US11847227B2 (en) | Firmware version corruption attack prevention | |
| US10459851B2 (en) | Method and apparatus for executing a process on a device using memory privileges | |
| CN115758330A (en) | Configuration method of sandbox application authority control strategy and access authority control method | |
| CN112783961B (en) | Data export method and system based on managed operation | |
| US11386012B1 (en) | Increasing address space layout randomization entropy via page remapping and rotations | |
| KR20160113142A (en) | Hardware acceleration for inline caches in dynamic languages | |
| WO2025025729A1 (en) | Application firewall implementation method for embedded device, storage medium, and apparatus | |
| CN112784290B (en) | Data export tool security analysis method and system and data export method | |
| CN112883093B (en) | Data export method, system, device and medium based on dynamic instruction stream detection | |
| EP3877881B1 (en) | Return-oriented programming protection | |
| US8788785B1 (en) | Systems and methods for preventing heap-spray attacks | |
| CN114675968A (en) | Thread running method, system and device and readable storage medium | |
| US8321668B2 (en) | Control of data access by dynamically verifying legal references | |
| CN111967846A (en) | Service access verification method and device and electronic equipment | |
| CN117272378A (en) | Resource data processing methods, devices and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |