CN111967001A - Decoding and coding safety isolation method based on double containers - Google Patents
Decoding and coding safety isolation method based on double containers Download PDFInfo
- Publication number
- CN111967001A CN111967001A CN202010826541.5A CN202010826541A CN111967001A CN 111967001 A CN111967001 A CN 111967001A CN 202010826541 A CN202010826541 A CN 202010826541A CN 111967001 A CN111967001 A CN 111967001A
- Authority
- CN
- China
- Prior art keywords
- file
- container
- target file
- files
- viewable
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000002955 isolation Methods 0.000 title claims abstract description 26
- 230000000007 visual effect Effects 0.000 claims abstract description 38
- 238000000034 method Methods 0.000 claims abstract description 22
- 230000009977 dual effect Effects 0.000 claims abstract description 15
- 230000008676 import Effects 0.000 claims abstract description 14
- 238000012800 visualization Methods 0.000 claims description 18
- 241000700605 Viruses Species 0.000 claims description 15
- 238000004590 computer program Methods 0.000 claims description 11
- 244000035744 Hura crepitans Species 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 8
- 238000001514 detection method Methods 0.000 claims description 6
- 238000004806 packaging method and process Methods 0.000 claims description 6
- 238000004140 cleaning Methods 0.000 claims description 3
- 238000005406 washing Methods 0.000 claims description 2
- 230000006870 function Effects 0.000 description 12
- 238000010586 diagram Methods 0.000 description 8
- 238000004891 communication Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000006835 compression Effects 0.000 description 2
- 238000007906 compression Methods 0.000 description 2
- 239000000835 fiber Substances 0.000 description 2
- 230000003071 parasitic effect Effects 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000000246 remedial effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
Abstract
Embodiments of the present disclosure provide a dual container based decoding and encoding security isolation method, system, device, and computer readable storage medium. The method comprises the steps of obtaining a target file from a mobile device; decoding or analyzing the target file in a first container to obtain a visual target file; recoding the visual target file in a second container according to a preset rule, and taking the recoded file as a new target file; and importing the new target file into a local device, and importing the new target file into the source file in an isolation mode. In this way, illegal unknown input import can be prevented, and the file import safety is improved.
Description
Technical Field
Embodiments of the present disclosure relate generally to the field of office security and, more particularly, to a dual container based decoding and encoding security isolation method, system, device, and computer readable storage medium.
Background
With the continuous development of society, people use computers more and more frequently, and the computers become indispensable tools in daily life. However, the safety issues that follow should also be appreciated.
As mobile devices become popular and used, viruses perpetrate the user's computer with the mobile device. The principle of virus propagation is that the automatic operation function of an operating system is relied on, so that when a computer user opens a file with a virus by double-click, the virus and the Trojan horse program can be automatically operated, and further the computer system is polluted and invaded.
The traditional file transfer protection method is to perform antivirus at the file import front end. But are difficult to discover when the file content folders or files contain unknown virus trojans, especially for certain specific players, file viewers, and/or operating systems.
Disclosure of Invention
The present disclosure is directed to solving at least one of the technical problems of the related art or related art.
To this end, in a first aspect of the present disclosure, a dual container based decoding and encoding security isolation method is provided. The method comprises the following steps:
acquiring a target file from a mobile device;
decoding or analyzing the target file in a first container to obtain a visual target file;
recoding the visual target file in a second container according to a preset rule, and taking the recoded file as a new target file;
and importing the new target file into a local device, and importing the new target file into the source file in an isolation mode.
Furthermore, the first container is a sandbox execution environment which is established by packaging relevant program codes, a function library and an environment configuration file which are required by decoding or analyzing an application program; the second container is a sandbox execution environment which is established by packaging related program codes, a function library and an environment configuration file which are required by the coding application program.
Further, the source files include viewable files, playable files, system files, and/or additional files;
the viewable files comprise word, excel and/or txt files;
the playable files comprise video playing files and/or audio playing files;
the system files comprise log and/or tlg files;
the additional files comprise viruses, trojans and/or unauthorized information; wherein the additional file is appended to the viewable file and/or the playable file.
Further, the obtaining the target file from the mobile device includes:
obtaining a source file from the mobile device;
cleaning the source file to obtain the target file;
wherein the washing the source file comprises:
analyzing the source file and determining the file type;
and if the file type is a system file, deleting the system file.
Further, the decoding or parsing the object file in the first container to obtain a visualized object file includes:
if the file type is a viewable file, analyzing the viewable file in the first container to open the viewable file, and performing screenshot on each page of the viewable file to obtain a visual viewable file;
if the file type is a video playing file, decoding the video playing file in the first container to open the video playing file, and recording the playing video to obtain a visual video playing file;
if the file type is an audio playing file, decoding the audio playing file in the first container to open the audio playing file, and recording the audio file to obtain a visual audio playing file.
Further, the re-encoding the visualized target file in a second container according to a preset rule, and taking the re-encoded file as a new target file includes:
if the target file type of the visualization is a viewable file of the visualization, re-encoding the viewable file of the visualization into a viewable file in the second container;
if the type of the visual target file is a visual video playing file, recoding the visual video playing file into a video playing file in the second container;
and if the visualized target file type is a visualized audio playing file, recoding the visualized audio playing file into an audio playing file in the second container.
Further, the importing the new target file into a local device, after the isolated import of the source file, comprises:
and carrying out integrity detection on the new target file, and if the detection is qualified, adding an integrity label to the new target file.
In a second aspect of the present disclosure, a dual container based decoding and encoding security isolation system is presented, comprising:
an acquisition module to acquire a source file from a mobile device;
the processing module is used for decoding or analyzing the target file in the first container to obtain a visual target file;
the coding module is used for recoding the visual target file in a second container according to a preset rule and taking the recoded file as a new target file;
and the importing module is used for importing the new target file into local equipment and importing the new target file into the source file in an isolated manner.
In a third aspect of the disclosure, an apparatus is presented, comprising:
one or more processors;
storage means for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement the above-described methods according to the present disclosure.
In a fourth aspect of the disclosure, a computer-readable storage medium is provided, on which a computer program is stored, which program, when being executed by a processor, realizes the above-mentioned method as according to the disclosure.
According to the decoding and encoding security isolation method based on the double containers, the source file is obtained from the mobile equipment; cleaning the source file to obtain a target file; decoding or analyzing the target file in a first container to obtain a visual target file; recoding the visual target file in a second container according to a preset rule, and taking the recoded file as a new target file; the new target file is imported into the local equipment, and the source file is imported in an isolated mode, so that the source file is cut off, illegal and unknown input import is effectively prevented, what you see is what you get when the file is imported, and the file import safety is improved.
It should be understood that the statements herein reciting aspects are not intended to limit the critical or essential features of the embodiments of the present disclosure, nor are they intended to limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The above and other features, advantages and aspects of various embodiments of the present disclosure will become more apparent by referring to the following detailed description when taken in conjunction with the accompanying drawings. In the drawings, like or similar reference characters designate like or similar elements, and wherein:
FIG. 1 is an exemplary system architecture diagram in which one embodiment of the present application may be applied;
FIG. 2 is a flow diagram of one embodiment of a dual container-based decoding and encoding security isolation method according to the present application;
fig. 3 is a schematic structural diagram of a computer system used for implementing the terminal device or the server according to the embodiment of the present application.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present disclosure more clear, the technical solutions of the embodiments of the present disclosure will be described clearly and completely with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are some, but not all embodiments of the present disclosure. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
In addition, the term "and/or" herein is only one kind of association relationship describing an associated object, and means that there may be three kinds of relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
Fig. 1 illustrates an exemplary system architecture 100 to which embodiments of the dual container-based decode and encode security isolation method or dual container-based decode and encode security isolation system of the present application may be applied.
As shown in fig. 1, the system architecture 100 may include mobile storage devices 101, 102, 103, a network 104, and a server 105. The network 104 is used to provide a medium for communication links between the mobile storage devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
A user may use the mobile storage devices 101, 102, 103 to interact with the server 105 over the network 104 to import or export files, etc. Various types of files may be stored on the mobile storage devices 101, 102, 103, such as system files, video files, audio files, viewable files, and so on.
The mobile storage devices 101, 102, 103 may be various electronic devices having a display screen, including but not limited to smart phones, tablet computers, electronic book readers, MP3 players (Moving Picture Experts Group Audio Layer III, mpeg compression standard Audio Layer 3), MP4 players (Moving Picture Experts Group Audio Layer IV, mpeg compression standard Audio Layer 4), laptop portable computers, desktop computers, and the like. And may also be a conventional data storage device including, but not limited to, a usb disk, a removable hard disk, and the like.
The server 105 may be a server that provides various services, such as a backend server that processes data on the mobile storage devices 101, 102, 103. The backend server may perform processing such as analysis on the received (imported) data.
The server may be hardware or software. When the server is hardware, it may be implemented as a distributed server cluster formed by multiple servers, or may be implemented as a single server. When the server is software, it may be implemented as multiple pieces of software or software modules (e.g., multiple pieces of software or software modules used to provide distributed services), or as a single piece of software or software module. And is not particularly limited herein.
It should be understood that the number of mobile storage devices, networks, and servers in FIG. 1 is illustrative only. There may be any number of mobile storage devices, networks, and servers, as desired for an implementation. In particular, in the case where the target data does not need to be acquired from a remote place, the above system architecture may not include a network but only a terminal device or a server.
Fig. 2 is a flowchart illustrating a decoding and encoding security isolation method based on dual containers according to an embodiment of the present application. As can be seen from fig. 2, the decoding and encoding security isolation method based on dual containers of the present embodiment includes the following steps:
s210, acquiring the target file from the mobile equipment.
In this embodiment, an execution body (e.g., a server shown in fig. 1) for the dual container-based decoding and encoding security isolation method may acquire the source file in a wired manner or a wireless connection manner.
The mobile device includes a smart phone, a tablet computer, an e-book reader, an MP3 player (Moving Picture Experts Group Audio Layer III, motion Picture Experts compress standard Audio Layer 3), an MP4 player (Moving Picture Experts Group Audio Layer IV, motion Picture Experts compress standard Audio Layer 4), a laptop, a desktop, a recording pen, a usb disk, and/or a mobile hard disk, and the like.
The source files may be stored in the various devices described above.
Optionally, the source file type comprises a viewable file, a playable file, a system file, and/or an additional file;
the viewable files comprise word files, excel files, txt files and/or picture files in various formats and the like;
the playable files comprise video playing files and/or audio playing files in various formats;
the system files comprise log files and/or tlg files and the like;
the additional files include viruses, trojans, and/or unauthorized information. I.e., illegal data that is not needed for file import.
Wherein the additional files are attachable to the viewable file and/or the playable file.
Further, the illegal data includes known and/or unknown illegal data (viruses, trojans, etc.).
Optionally, the virus includes all viruses infected by an operating system and a file system. For example, an embedded virus that embeds its own code in an infected file, a system boot virus that is parasitic in a disk boot area or a main boot area, and/or a file type virus that can be parasitic in a file, and the like.
Optionally, the source file to be imported is analyzed, the type of the source file is determined, and useless system files are deleted.
Optionally, the files may generate a considerable number of system files during use, including temporary files (e.g., tmp, mp), log files (log), temporary help files (gid), disk check files (chk), temporary backup files (e.g., old, bak), and other temporary files. The part of files are usually useless system files (system junk files) which do not need to be imported, so that the system files of the type are deleted firstly, the source files which need to be imported are optimized, and the subsequent file importing efficiency is improved. That is, the source file is cleaned to remove the system files that do not need to be imported, and the source file (target file) that needs to be imported really is obtained.
S220, decoding or analyzing the target file in the first container to obtain a visual target file.
The Container technology (Container) directly packages the relevant program code, function library and environment configuration file required by an application program to establish a sandbox execution environment, and the environment generated by the Container technology is called a Container. The sandbox execution environment is isolated from the outside, and viruses and trojans cannot be leaked.
Optionally, the first container is a sandbox execution environment established by packaging related program codes, a function library and an environment configuration file required for decoding or analyzing the application program; the second container is a sandbox execution environment which is established by packaging related program codes, a function library and an environment configuration file which are required by the coding application program.
Preferably, a Docker vessel is used as the first vessel and the second vessel in the following step. The Docker container has no extra overhead of a management program, has better performance and lower system load with a bottom shared operating system, can run more instances (specific objects created according to classes) under the same condition, and fully utilizes system resources. Meanwhile, the Docker container has good resource isolation and restriction capability, resources such as a CPU (central processing unit), a memory and the like can be accurately allocated to the applications, and the mutual influence among the applications is ensured.
When the additional file is stored in the target file, the decoded or analyzed target file is opened in the first container, so that the additional file can be effectively isolated.
Optionally, decoding or parsing the object file in the first container according to the type of the object file to obtain a visualized object file.
Specifically, if the file type is a viewable file, the viewable file is analyzed in the first container to open the viewable file, and each page of the viewable file is subjected to screenshot to obtain a visual viewable file. For example, if the viewable file type is word, the word file is parsed, the word file is opened, each page of content (all content) of the word file is captured, and a set of generated pictures (captured pictures) is a visual viewable file;
if the file type is a video playing file, decoding the video playing file in the first container to open the video playing file, and recording the playing video to obtain a visual video playing file;
if the file type is an audio playing file, decoding the audio playing file in the first container to open the audio playing file, and recording the audio file to obtain a visual audio playing file.
Optionally, when the type of the target file of the visualization is a playable file of the visualization, in order to ensure the quality of the playable file of the visualization, an uncompressed MOV format with a better recording effect is usually adopted.
And S230, recoding the visualized target file in a second container according to a preset rule, and taking the recoded file as a new target file.
Optionally, the object file of the visualization is re-encoded in the second container according to the object file type of the visualization.
Specifically, if the target file type of the visualization is a viewable file of the visualization, re-encoding the viewable file (picture file) of the visualization into a viewable file in the second container, wherein the viewable file is a new target file;
if the type of the visual target file is a visual video playing file, recoding the visual video playing file into a video playing file in the second container, wherein the video playing file is a new target file;
if the visualized target file type is a visualized audio playing file, recoding the visualized audio playing file into an audio playing file in the second container, wherein the audio playing file is a new target file.
Optionally, when the target file type of the visualization is a playable file of the visualization, that is, a MOV format file. The playable file of the MOV formatted visualization needs to be re-encoded in the second container to convert to the desired audio/video format. Because the MOV format is an uncompressed file play format, the data can be large. For example, the size of the target file is 1G, and the file converted into the visual playable file is changed to 10G, which is not beneficial to subsequent local storage.
Optionally, the file format of the re-encoded viewable file, video playing file and/or audio playing file and the file format of the source file are generally the same, but may be set according to the actual situation. For example, the target file is in a word format, and the re-encoded file (new target file) is also in a word format in general, but the target file in the word format may also be re-encoded into an excel file (new target file) according to actual situations. Similarly, the object file with the format of mp3 can be re-encoded into an FLC file (new object file) and the like, which are not described herein.
S240, importing the new target file into a local device, and importing the new target file into the source file in an isolation way.
Optionally, when the source file is stored in a removable storage device (e.g., a usb disk, a removable hard disk, etc.), the source file is decoded or parsed by a first container in the local device, then the decoded file in the first container is re-encoded by a second container in the local device, and the re-encoded file is stored in a designated location in the local device, so as to complete the isolated import of the source file. Namely, the new target file is imported into the local equipment;
if the source file is stored on a device such as a laptop or desktop computer, a first container may be set on the laptop or desktop computer and a second container may be set on a local device. Namely, the source file is decoded or parsed in a first container on the laptop or desktop computer to generate a visualized object file, the visualized object file is re-encoded into a new object file in a second container on the local device, and the new object file is stored (imported) in a specified position in the local device, so that the isolated import of the source file is completed.
Further, integrity detection is carried out on the new target file, and if the detection is qualified, an integrity label is added into the new target file.
Optionally, integrity check is performed on the new target file through algorithms such as CRC32, MD4, MD5, and the like, and if the check is qualified, an integrity tag is added to the new target file.
For example, whether the new target file is complete is judged from the file length by the MD5 algorithm.
Optionally, the file with the integrity tag is better in safety, and when the integrity of the file is damaged, remedial measures can be taken timely.
In the decoding and encoding security isolation method based on the dual container of the embodiment, a source file to be imported is decoded or analyzed through a first container to generate a visual target file; and recoding the visualized target file through a second container. The method and the device realize the truncation of the source file, effectively prevent illegal and unknown input import, ensure that the file import is known as what you see is what you get, and improve the safety of the file import.
The embodiment of the present application further provides a decoding and encoding security isolation system based on dual containers, including:
an acquisition module to acquire a source file from a mobile device;
the processing module is used for decoding or analyzing the target file in the first container to obtain a visual target file;
the coding module is used for recoding the visual target file in a second container according to a preset rule and taking the recoded file as a new target file;
and the importing module is used for importing the new target file into local equipment and importing the new target file into the source file in an isolated manner.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working process of the described system may refer to the corresponding process in the foregoing embodiment of the decoding and encoding security isolation method based on dual containers, and will not be described herein again.
An embodiment of the present application further provides an apparatus, including:
one or more processors;
storage means for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement the dual container-based decode and encode secure isolation method described above.
In addition, an embodiment of the present application further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the above-mentioned dual-container based decoding and encoding security isolation method.
Reference is now made to fig. 3, which illustrates a schematic block diagram of a computer system suitable for implementing a terminal device or server of an embodiment of the present application. The terminal device shown in fig. 3 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.
As shown in fig. 3, the computer system includes a Central Processing Unit (CPU)301 that can perform various appropriate actions and processes based on a program stored in a Read Only Memory (ROM)302 or a program loaded from a storage section 308 into a Random Access Memory (RAM) 303. In the RAM 303, various programs and data necessary for system operation are also stored. The CPU 301, ROM 302, and RAM 303 are connected to each other via a bus 304. An input/output (I/O) interface 305 is also connected to bus 304.
The following components are connected to the I/O interface 305: an input portion 306 including a keyboard, a mouse, and the like; an output section 307 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 308 including a hard disk and the like; and a communication section 309 including a network interface card such as a LAN card, a modem, or the like. The communication section 309 performs communication processing via a network such as the internet. The driver 310 is also connected to the I/O interface 305 on an as needed basis. A removable medium 311 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 310 on an as-needed basis, so that a computer program read out therefrom is mounted on the storage section 308 on an as-needed basis.
In particular, based on the embodiments of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 309, and/or installed from the removable medium 311. The computer program performs the above-described functions defined in the method of the present application when executed by the Central Processing Unit (CPU) 301.
It should be noted that the computer readable medium described herein can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a unit, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present application may be implemented by software or hardware. The described units may also be provided in a processor, and may be described as: a processor includes an information measuring unit, a travel track determining unit, a mapping relation determining unit, and a driving strategy generating unit. Here, the names of these units do not constitute a limitation on the unit itself in some cases, and for example, the information measuring unit may also be described as a "unit that measures the state information of the own vehicle and the surrounding scene information".
As another aspect, the present application also provides a non-volatile computer storage medium, which may be the non-volatile computer storage medium included in the apparatus in the above-described embodiments; or it may be a non-volatile computer storage medium that exists separately and is not incorporated into the terminal. The non-transitory computer storage medium stores one or more programs that, when executed by a device, cause the device to: acquiring a target file from a mobile device; decoding or analyzing the target file in a first container to obtain a visual target file; recoding the visual target file in a second container according to a preset rule, and taking the recoded file as a new target file; and importing the new target file into a local device, and importing the new target file into the source file in an isolation mode.
The above description is only a preferred embodiment of the application and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention herein disclosed is not limited to the particular combination of features described above, but also encompasses other arrangements formed by any combination of the above features or their equivalents without departing from the spirit of the invention. For example, the above features may be replaced with (but not limited to) features having similar functions disclosed in the present application.
Claims (10)
1. A decoding and coding security isolation method based on double containers is characterized by comprising the following steps:
acquiring a target file from a mobile device;
decoding or analyzing the target file in a first container to obtain a visual target file;
recoding the visual target file in a second container according to a preset rule, and taking the recoded file as a new target file;
and importing the new target file into a local device, and importing the new target file into the source file in an isolation mode.
2. The method of claim 1, wherein the first container is a sandbox execution environment which is established by packaging related program codes, a function library and an environment configuration file which are required for decoding or parsing the application program; the second container is a sandbox execution environment which is established by packaging related program codes, a function library and an environment configuration file which are required by the coding application program.
3. The method of claim 2, wherein the source files comprise viewable files, playable files, system files, and/or additional files;
the viewable files comprise word, excel and/or txt files;
the playable files comprise video playing files and/or audio playing files;
the system files comprise log and/or tlg files;
the additional files comprise viruses, trojans and/or unauthorized information; wherein the additional file is appended to the viewable file and/or the playable file.
4. The method of claim 3, wherein obtaining the target file from the mobile device comprises:
obtaining a source file from the mobile device;
cleaning the source file to obtain the target file;
wherein the washing the source file comprises:
analyzing the source file and determining the file type;
and if the file type is a system file, deleting the system file.
5. The method of claim 4, wherein decoding or parsing the object file in the first container to obtain a visualized object file comprises:
if the file type is a viewable file, analyzing the viewable file in the first container to open the viewable file, and performing screenshot on each page of the viewable file to obtain a visual viewable file;
if the file type is a video playing file, decoding the video playing file in the first container to open the video playing file, and recording the playing video to obtain a visual video playing file;
if the file type is an audio playing file, decoding the audio playing file in the first container to open the audio playing file, and recording the audio file to obtain a visual audio playing file.
6. The method according to claim 5, wherein the re-encoding the target file of the visualization in the second container according to the preset rule, and the using the re-encoded file as a new target file comprises:
if the target file type of the visualization is a viewable file of the visualization, re-encoding the viewable file of the visualization into a viewable file in the second container;
if the type of the visual target file is a visual video playing file, recoding the visual video playing file into a video playing file in the second container;
and if the visualized target file type is a visualized audio playing file, recoding the visualized audio playing file into an audio playing file in the second container.
7. The method of claim 6, wherein importing the new target file into a local device, subsequent to the isolated import of the source file, comprises:
and carrying out integrity detection on the new target file, and if the detection is qualified, adding an integrity label to the new target file.
8. A dual container based decoding and encoding security isolation system, comprising:
the acquisition module is used for acquiring a target file from the mobile equipment;
the processing module is used for decoding or analyzing the target file in the first container to obtain a visual target file;
the coding module is used for recoding the visual target file in a second container according to a preset rule and taking the recoded file as a new target file;
and the importing module is used for importing the new target file into local equipment and importing the new target file into the source file in an isolated manner.
9. An apparatus, comprising:
one or more processors;
storage means for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-7.
10. A computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, carries out the method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010826541.5A CN111967001A (en) | 2020-08-17 | 2020-08-17 | Decoding and coding safety isolation method based on double containers |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010826541.5A CN111967001A (en) | 2020-08-17 | 2020-08-17 | Decoding and coding safety isolation method based on double containers |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111967001A true CN111967001A (en) | 2020-11-20 |
Family
ID=73388112
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010826541.5A Pending CN111967001A (en) | 2020-08-17 | 2020-08-17 | Decoding and coding safety isolation method based on double containers |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111967001A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115209220A (en) * | 2022-06-08 | 2022-10-18 | 阿里巴巴(中国)有限公司 | Video file processing method and device, storage medium and electronic equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103248624A (en) * | 2013-04-22 | 2013-08-14 | 郑永春 | Data security network system based on digital high-definition picture transmission |
| CN104219212A (en) * | 2013-06-04 | 2014-12-17 | 北大方正集团有限公司 | Method, device and system for cross-network transmission of video files |
| US20180160156A1 (en) * | 2015-06-03 | 2018-06-07 | Nokia Technologies Oy | A method, an apparatus, a computer program for video coding |
-
2020
- 2020-08-17 CN CN202010826541.5A patent/CN111967001A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103248624A (en) * | 2013-04-22 | 2013-08-14 | 郑永春 | Data security network system based on digital high-definition picture transmission |
| CN104219212A (en) * | 2013-06-04 | 2014-12-17 | 北大方正集团有限公司 | Method, device and system for cross-network transmission of video files |
| US20180160156A1 (en) * | 2015-06-03 | 2018-06-07 | Nokia Technologies Oy | A method, an apparatus, a computer program for video coding |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115209220A (en) * | 2022-06-08 | 2022-10-18 | 阿里巴巴(中国)有限公司 | Video file processing method and device, storage medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10958416B2 (en) | Encrypted and compressed data transmission with padding | |
| CN110119643B (en) | Two-dimensional code generation method and device and two-dimensional code identification method and device | |
| US9934235B2 (en) | Efficient data compression and analysis as a service | |
| CN107395209B (en) | Data compression method, data decompression method and equipment thereof | |
| CN111857550B (en) | Method, apparatus and computer readable medium for data deduplication | |
| US10389685B2 (en) | Systems and methods for securely transferring selective datasets between terminals | |
| CN110738323B (en) | Method and device for establishing machine learning model based on data sharing | |
| CN109218393B (en) | Push implementation method, device, equipment and computer storage medium | |
| US20210375326A1 (en) | Method, device, and computer program product for storing and providing video | |
| CN110069729B (en) | Offline caching method and system for application | |
| CN112436943B (en) | Request deduplication method, device, equipment and storage medium based on big data | |
| CN111967001A (en) | Decoding and coding safety isolation method based on double containers | |
| US11429317B2 (en) | Method, apparatus and computer program product for storing data | |
| CN113268453A (en) | Log information compression storage method and device | |
| CN110505289B (en) | File downloading method and device, computer readable medium and wireless communication equipment | |
| CN111913938A (en) | Data migration method, system, device, electronic equipment and medium | |
| CN116028917A (en) | Authority detection method and device, storage medium and electronic equipment | |
| CN113377376A (en) | Data packet generation method, data packet generation device, electronic device, and storage medium | |
| CN113221554A (en) | Text processing method and device, electronic equipment and storage medium | |
| CN115004623A (en) | Protecting encryption keys | |
| US10168909B1 (en) | Compression hardware acceleration | |
| CN116702218B (en) | Rendering method, device, terminal and storage medium of three-dimensional model in applet | |
| CN110210230B (en) | Method and device for improving system security, electronic equipment and storage medium | |
| CN114595670B (en) | Method, device, medium and equipment for editing dwg file format based on B/S architecture | |
| US10650078B2 (en) | Reducing latency in rendering of content |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |