CN114254270A - Cloud desktop software management and control method, system, server and readable storage medium - Google Patents

Cloud desktop software management and control method, system, server and readable storage medium Download PDF

Info

Publication number
CN114254270A
CN114254270A CN202011023360.5A CN202011023360A CN114254270A CN 114254270 A CN114254270 A CN 114254270A CN 202011023360 A CN202011023360 A CN 202011023360A CN 114254270 A CN114254270 A CN 114254270A
Authority
CN
China
Prior art keywords
software
management
control list
cloud desktop
list
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011023360.5A
Other languages
Chinese (zh)
Inventor
侯国松
车刚健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN202011023360.5A priority Critical patent/CN114254270A/en
Publication of CN114254270A publication Critical patent/CN114254270A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Stored Programmes (AREA)

Abstract

The embodiment of the invention provides a cloud desktop software control method, which comprises the steps of acquiring a software control list, wherein feature information of software is recorded in the software control list; monitoring currently called software in a virtual machine system through a software authentication driver; comparing the monitoring result with a software control list; if the feature information of the currently called software is matched with the feature information in the blacklist of the software control list, the current operation of the software is intercepted through the software authentication driver, the effect of preventing a user from randomly installing unauthenticated software in certain implementation processes is achieved, and the stability of the cloud desktop and the safety of cloud data are improved.

Description

Cloud desktop software management and control method, system, server and readable storage medium
Technical Field
The embodiment of the invention relates to the field of cloud desktop management, and particularly relates to a cloud desktop software management and control method, a cloud desktop software management and control system, a server and a readable storage medium.
Background
The cloud desktop is a new mode for replacing a traditional computer in a cloud computing mode. After the cloud desktop is adopted, a user does not need to purchase a computer host, and running resources required by the user, such as a Central Processing Unit (CPU), a memory, a hard disk, a Graphics Processing Unit (GPU), and other components, are all virtualized in a server at the back end. The cloud desktop has the characteristics of flexible access, simplified management, greenness, energy conservation and the like. However, since all the user data are stored in the cloud, the security and stability of the system are a great challenge faced by the cloud desktop. The cloud desktop is a high-performance server which simulates a plurality of user desktops simultaneously through related virtual technologies. In the related art, it is highly likely that the user is allowed to install unauthorized software at will, which affects the stability of the system. Meanwhile, in some application scenarios, such as company office, education, etc., data security needs to be ensured, and data leakage may occur due to the use of some software.
Disclosure of Invention
The cloud desktop software management and control method, the system, the server and the readable storage medium provided by the embodiment of the invention mainly solve the technical problem that the stability and the safety of the system of the cloud desktop can be caused by software installed by a user in the related technology.
In order to solve the technical problem, an embodiment of the present invention provides a cloud desktop software management and control method, including:
acquiring a software control list, wherein the software control list is recorded with feature information of software;
monitoring currently called software in a virtual machine system through a software authentication driver;
comparing the monitoring result with the software control list;
and if the feature information of the currently called software is matched with the feature information in the blacklist of the software control list, intercepting the current operation of the software through the software authentication driver.
The embodiment of the invention also provides a cloud desktop system, which comprises a management platform, a desktop management module and a software authentication driver;
the management platform is used for providing a software control list;
the desktop management module is used for acquiring the software management and control list from the management platform and sending the software management and control list to the software authentication driver;
the software authentication driver is used for monitoring the currently called software in the virtual machine system, comparing the monitoring result with the software control list, and intercepting the current operation of the software if the feature information of the currently called software is matched with the feature information in the blacklist of the software control list.
The embodiment of the invention also provides a server, which comprises a processor, a memory and a communication bus;
the communication bus is used for realizing connection communication between the processor and the memory;
the processor is configured to execute one or more computer programs stored in the memory to implement the steps of the cloud desktop software management and control method as described above
Embodiments of the present invention also provide a readable storage medium, where one or more programs are stored, and the one or more programs are executable by one or more processors to implement the steps of the cloud desktop software management and control method described above.
According to the cloud desktop software management and control method, the cloud desktop software management and control system, the server and the readable storage medium provided by the embodiment of the invention, the software management and control list recording the feature information of the software is acquired, the software currently called in the virtual machine system is monitored by the software authentication driver, and when the feature information of the currently called software is found to be matched with the feature information in the blacklist of the software management and control list, the operation of the software is intercepted.
Additional features and corresponding advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
Fig. 1 is a schematic flow chart illustrating a cloud desktop software management and control method according to a first embodiment of the present invention;
fig. 2 is a schematic flow chart illustrating a dynamic adjustment of a software management and control list according to a first embodiment of the present invention;
fig. 3 is a schematic structural diagram of a cloud desktop system according to a first embodiment of the present invention;
fig. 4a is a schematic flow chart illustrating a configuration software management and control list and issuing to a software authentication driver according to a second embodiment of the present invention;
fig. 4b is a working diagram of configuring a software management and control list and issuing the list to a software authentication driver according to the second embodiment of the present invention;
fig. 5a is a schematic flowchart illustrating a process of monitoring software installed or used by a user by a software authentication driver according to a second embodiment of the present invention;
fig. 5b is a schematic diagram illustrating a software authentication driver according to a second embodiment of the present invention monitoring software installed or used by a user;
fig. 6a is a schematic flowchart illustrating a process of managing and controlling by a software authentication driver according to a second embodiment of the present invention;
fig. 6b is a schematic diagram illustrating the operation of the software authentication driver for performing management and control according to the second embodiment of the present invention;
fig. 7a is a schematic flow chart illustrating an updating process of dynamically adjusting a management and control list according to a second embodiment of the present invention;
fig. 7b is a working diagram of an update process of a dynamic adjustment control list according to a second embodiment of the present invention;
fig. 8 is a schematic diagram illustrating a software management and control process according to a second embodiment of the present invention;
fig. 9 is a schematic structural diagram of a server according to a second embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention are described in detail below with reference to the accompanying drawings. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The first embodiment is as follows:
in order to solve the problem that software installed on a cloud desktop by a user in the related art may cause stability and security of a system in the cloud desktop, an embodiment of the present invention provides a cloud desktop software management and control method, please refer to fig. 1, where the method includes:
s101, acquiring a software control list, wherein feature information of software is recorded in the software control list;
in this step, the software management and control list may be obtained from a management platform of the cloud desktop, or in some embodiments, a software management and control list pre-stored in the virtual machine system is read. In practical application, the software control list may be managed and configured by a manager of the cloud desktop, and after the manager configures the software control list, the manager may preset the software control list in the virtual machine system, or after the management platform receives a corresponding request, the management platform sends the software control list to a requester.
S102, monitoring currently called software in a virtual machine system through a software authentication driver;
s103, comparing the monitoring result with a software control list;
it can be understood that, in the step, the monitored feature information of the called software is compared with the feature information of the software recorded in the software management and control list.
And S104, if the feature information of the currently called software is matched with the feature information in the blacklist of the software control list, intercepting the related operation of the software through the software authentication driver.
If the feature information of the software is matched with the feature information of the blacklist in the software control list, the software can be considered to be forbidden by the software control list. In the embodiment of the invention, the interception of the related operation of the software can be the prohibition of a part of operation or request of the software, such as calling some data; the software can also be directly prohibited from running, and if the software is already in a running state, the software can be closed; it may also be that installation of the software is prohibited. For example, when a user tries to install a piece of software, the feature information of the piece of software is matched with the feature information of the blacklist in the software control list, the installation of the piece of software is intercepted, and the piece of software is prevented from being installed in the cloud desktop. Optionally, the software for monitoring the current call in the virtual machine system includes at least one of the following:
monitoring software corresponding to a process in which a system is running;
monitoring software corresponding to disk IO (input/output) action in the system.
It will be appreciated that a user, after using or initiating installation of software, will generate a corresponding disk IO action. By monitoring the IO action of the disk, the software currently started or installed by a user can be known, and further the related information of the software can be known.
Optionally, the cloud desktop software management and control method provided by the embodiment of the invention is provided with multiple interception strategies, so that an administrator is helped to realize more flexible software management and control. In the embodiment of the present invention, the feature information of the software recorded in the software management and control list includes, but is not limited to, at least one of the following:
a system process name of the software;
keywords in the software installation path;
a publisher of the software;
version number of the same software.
The embodiments of the present invention are not limited to the names of the software, and as shown above, even if different versions of the same software or an exception exists in a publisher, the corresponding software can be managed. It will be appreciated that in practical applications, more different kinds of software feature information may be added. It should be noted that the determination rule of whether the feature information of the currently called software matches the feature information recorded in the software control list may also be flexibly set, for example, when any feature information of the currently called software is consistent with the feature information recorded in the software control list, the two feature information are matched; or it may also be set that at least X (X is greater than or equal to 2) or all feature information in the currently called software is matched with the feature information recorded in the software management and control list.
Optionally, after the software management and control list is acquired, the following steps S201 and S202 are further included, but not limited thereto.
S201, acquiring a latest software control list;
s202, enabling the software authentication driver to update the software control list, and performing software control on the virtual machine system based on the updated software control list.
That is to say, the software management and control list in the embodiment of the present invention is not invariable, and in an actual application scenario, software that needs to be managed and controlled may change. For example, some software is newly added in the market, and if some software may affect the stability of the cloud desktop system or some new malicious software may cause the insecurity of the cloud desktop system, the software control list may be dynamically adjusted, and the feature information of the software is added to the blacklist of the software control list; or if some original software which is not added into the blacklist of the software control list discovers a serious bug in the using process and may damage the cloud desktop, the feature information of the software can be added into the blacklist of the software control list, so that the software can not be called any more. Of course, the feature information of some software in the blacklist of the software control list can also be deleted, so that the installation or the call of the software on the cloud desktop is not intercepted.
It should be noted that the dynamic adjustment of the software management and control list may be performed manually by a manager of the cloud desktop, or may be performed automatically by the cloud desktop system. After the administrator of the cloud desktop manually configures the software management and control list, the updated software management and control list may be obtained from the management platform of the cloud desktop. It can be understood that the obtaining of the software management and control list may be that the corresponding management application in the cloud desktop sends a request to the management platform to obtain the software management and control list, and when the management application obtains the updated software management and control list, the management application should send the software management and control list to the software authentication driver so that the software authentication driver can perform software management and control on the virtual machine system based on the updated software management and control list, and in a specific implementation, the software management and control list obtained by the management application may be sent to the software authentication driver through the interface layer. It should be further noted that different software control lists may be set for different users or different groups, and meanwhile, different dynamically adjusted policies may also be set.
In some embodiments, the software control list may be dynamically adjusted according to the operation condition of the virtual machine system, and referring to fig. 2, the process may include, but is not limited to:
s301, monitoring the resource occupation condition in the virtual machine system;
illustratively, occupancy of at least one resource including, but not limited to, the following may be monitored: CPU usage, memory occupation size, handle number and network bandwidth. It should be noted that, for the resource occupation situation in the system, the monitoring may be performed by a corresponding management application, and of course, in some implementation processes, the monitoring may also be performed by a corresponding driver.
S302, if the resource occupation situation in the virtual machine system is monitored to be abnormal, reporting a corresponding process for analysis;
analyzing the monitored resource occupation situation, and judging whether the resource occupation situation is abnormal, wherein it should be noted that an analysis strategy for judging whether the resource occupation situation is abnormal is preset, and for example, a corresponding analysis strategy can be set according to the resource situation of the virtual machine itself and the possible occupation situation of each software in the virtual machine. In practical application, the analysis strategy can be configured by a manager of the cloud desktop, or can be a self-decision of the cloud desktop system based on a learning algorithm, and the analysis strategy configured by the manager can be requested from the management platform.
The corresponding process can be reported to a management platform of the cloud desktop and analyzed by corresponding management personnel, or in some embodiments, the server of the management platform directly analyzes based on a certain policy.
S303, acquiring a latest software control list after the process is analyzed;
after analyzing the process with the abnormal resource occupation, a manager or a server of the management platform may decide whether to add the software corresponding to the process into a blacklist of the software control list (that is, add the feature information of the software into the blacklist of the software control list).
In some embodiments, after the analysis is completed, the manager or the server may issue a corresponding instruction (the instruction may be issued to a related application or service on the cloud desktop), and when the instruction is received, the software management and control list is updated once; or in some embodiments, after the preset time for reporting the abnormal process, or once updating the software management and control list every other preset time, or through other updating strategies, it is only required that the software authentication driver of the cloud desktop can finally obtain the latest software management and control list. It is to be understood that the blacklist of the software-managed list may or may not change based on the final decision.
Optionally, when the feature information of the software is matched with the feature information of the blacklist in the software control list, the related operation of the software is intercepted, and after the interception, the method further includes sending an interception prompt message to the user to inform the user that the software cannot be installed in the blacklist.
Optionally, the software authentication drives an application with a system privilege higher than that of the application layer. It should be noted that in some examples, the software authentication driver may be located at the application layer of the system (or some functions may be performed at the system application layer), and setting the authority of the software authentication driver higher than the application may help the software authentication driver perform better. In some examples, the software authentication driver is located at the bottom layer of the virtual machine system instead of the application layer, for example, the software authentication driver is located at the kernel layer, monitoring of the system and management of the software are implemented through the software authentication driver located at the bottom layer of the virtual machine system, the driver of the kernel layer can have high authority, and usually has higher authority than the application or driver in the application layer, so that the cloud desktop software management and control method has good reliability in the whole management and control process, the cloud desktop software management and control method of the embodiment of the invention is guaranteed to have good stability and high efficiency, and in some practical applications, the software authentication driver of the kernel layer is also beneficial to cross-platform application.
Optionally, the software control list further includes a white list, and similarly, the white list also records feature information of the software, and the software matched with the feature information of the white list is not intercepted when performing operations including installation, operation, and the like. In practice, the white list typically records feature information of certified software configured to the white list to avoid restrictions. In some cases, the currently invoked software is not in the white list or the black list, that is, the software control list has no feature information matching with the software, at this time, a risk prompt message is sent to the user to prompt the user that the software currently invoked, operated or installed is not recorded by the software control list, and there may be a certain risk.
In the embodiment of the present invention, a cloud desktop system is further provided, as shown in fig. 3, including a management platform 11, a desktop management module 12, and a software authentication driver 13;
the management platform is used for providing a software control list, and in practical application, a manager of the cloud desktop can configure the software control list through the management platform. The desktop management module is used for acquiring a software control list from the management platform and sending the software control list to the software authentication driver; the software authentication driver is used for monitoring the currently called software in the system of the virtual machine, comparing the monitoring result with a software control list, and intercepting the current operation of the software if the feature information of the currently called software is matched with the feature information in a blacklist of the software control list. Through the cloud desktop system, a safe and stable cloud desktop can be provided for a user, and the user is prevented from using unauthorized software on the cloud desktop at will.
The cloud desktop system may be deployed in one or more servers. In one example, the desktop management module may be a management application or service, which may operate at an application layer of the cloud desktop virtual machine, the software authentication driver may be located at a kernel layer of the cloud desktop virtual machine, and the desktop management module may send data including, but not limited to, a software control list to the software authentication driver through an interface layer.
According to the cloud desktop software control method provided by the embodiment of the invention, the software control list is obtained, the software in the system is monitored and the operation of the application in the blacklist is intercepted through the software authentication driver, so that the stable and safe software management control of the cloud desktop is realized, and the situation that a user randomly installs unauthenticated software can be avoided.
Example two:
in order to facilitate understanding of the cloud desktop software management and control method, the embodiment of the present invention is further described with reference to specific examples.
First, a software management and control list is to be acquired, and a software management and control list configured by a manager is acquired from a management platform in the embodiment of the present invention, referring to fig. 4a and 4b, a cloud desktop software management and control method may include:
s401, configuring a software list to be controlled through a management platform of a cloud end;
and adding the software to be controlled into a software control list by a manager, wherein the characteristic information of the software is recorded in the software control list. When the feature information of the software on the cloud desktop is matched with the feature information of the software in the software control list, the software is recorded in the software control list.
S402, acquiring a latest software control list;
in the embodiment of the invention, the software management and control list is obtained through the management application. In one example, the management application periodically sends a request to the management platform to obtain the latest software control list. In other examples, the management application may also obtain a latest managed list of software at a specific time, for example, after an application is installing or reporting an abnormal process.
S403, configuring a software control list to a software authentication driver through an interface layer;
s404, monitoring software installed or used by a user by a software authentication driver;
the software authentication driver monitors software installed or used by a user in the current virtual machine system, and realizes software control in the user virtual machine.
S405, monitoring and analyzing the system running condition by the management application, and reporting the process with abnormal resource occupation;
in order to better realize the dynamic update and flexible control of the software control list, the process with abnormal resource occupation is reported so that the management platform can adjust the software control list according to the actual condition. The monitoring and analyzing system operation condition refers to monitoring the resource occupation condition in the system. The management application may obtain a latest analysis policy from the management platform (the analysis policy may be preconfigured by a manager), perform monitoring and analysis based on the analysis policy, and report a process to the management platform when it is monitored that some process resource occupation is abnormal (for example, memory occupation exceeds a threshold set in the analysis policy). After receiving the abnormal process reported by the management application, the management platform analyzes the abnormal process, and can select to add corresponding software into a blacklist of a software control list. It should be noted that, the decision of the administrator may be made by selecting whether to add the corresponding software to the black list of the software management and control list, or may be made by using a program of the management platform.
Referring to fig. 5a and 5b, in the embodiment of the present invention, the step S404 may include, but is not limited to:
s501, filtering relevant operations of software installation or use by a filtering manager and sending the filtered operations to a software authentication driver;
illustratively, the filtering manager filters the disk IO actions, a user may generate corresponding disk IO actions in a process of installing or starting software, and the part of the disk IO actions are screened by the filtering manager for the software authentication driver to identify.
S502, the software authentication driver identifies according to a software management and control list and generates different responses according to different configurations;
fig. 6a and 6b are schematic diagrams illustrating a specific flow of management and control by a software authentication driver, where the software authentication driver receives related operations sent by a filter manager;
s601, judging whether the software is blacklist software, if so, executing a step S602, otherwise, executing a step S603;
and if the feature information of the software corresponding to the relevant operation is matched with the feature information in the blacklist of the software control list, the software is blacklist software.
S602, intercepting blacklist software, and informing a user of the interception condition through a management application;
intercepting the corresponding operation of installing or running the blacklist software, it can be understood that if the software is in a running state, the software can be stopped running, and even can be uninstalled after the software is stopped running.
S603, judging whether the software is white list software, if so, not intercepting, and if not, executing the step S604;
any operation of the white listing software, unless otherwise specifically set forth, is not limited in this step. It will be appreciated that for white list software, no prompting may be made without special settings.
S604, for the software which is not in the black list or the white list, performing risk prompt on the user through the management application and then executing operation;
in a specific implementation process, the software authentication driver can inform the management application of a result, and the management application pops up a risk prompt according to an actual result.
In the embodiment of the invention, the management application acquires the analysis strategy configured by the management personnel from the management platform, and carries out monitoring analysis and abnormal process report on the system operation condition based on the analysis strategy. Referring to fig. 7a and 7b, an update process of dynamically adjusting the regulatory list is shown:
s701, managing, applying, monitoring and analyzing the running condition of the system;
and S702, reporting the detailed information of the abnormal process to a management platform after the abnormal process is found.
In some embodiments, the exception may not be reported to the software in the white list of the software control list, and the software in the white list may also be monitored and reported in some embodiments.
The embodiment of the present invention further provides a more complete example of a software management and control process, which is shown in fig. 8, and includes, but is not limited to, the following steps:
s801, managing personnel configure a software control list and a reporting strategy of system operation conditions;
the software control list can comprise a black list and a white list.
S802, the management application sends a request to a management platform at regular time when the management application is started or runs each time, and a latest software management and control list is obtained;
s803, the management application sends the acquired software control name list to a software authentication driver through an interface layer;
s804, monitoring the IO action of the disk by the software authentication driver;
as shown in the above example, in some embodiments, the software authentication driver also monitors processes running in the system.
S805, a user or other processes sends a request for installing or starting software;
s806, operating by a user or other processes to generate a disk IO action;
in this embodiment, the disk IO actions of the installation or startup software are filtered by the filter manager and sent to the software authentication driver for analysis.
S807, the software authentication driver identifies the installed or started software, intercepts corresponding operation if the software is in a blacklist, can normally execute if the software is in a white list, and prompts risks of the software which is not in the blacklist and is not in the white list;
s808, the software authentication driver returns the result to the management application, and the management application prompts the user that the software in the blacklist is installed or used or prompts the user that the risky software is installed or used;
the management application may prompt by, for example, popping up a window, or popping up a prompt. In some implementations, the user may decide whether to intercept operations related to the risk-prompted software.
S809, normally executing operation on the software in the white list;
and S810, reporting the abnormal process for analysis by a manager if the abnormal process is analyzed.
It should be noted that, in the embodiment of the present invention, the above-mentioned steps can be executed in a different order or simultaneously with other steps without conflict.
According to the embodiment of the invention, the software management and control list is obtained, the software authentication driver monitors the disk IO action in real time, when the software recorded in the blacklist in the software management and control list is installed or started, the software authentication driver intercepts the corresponding operation, further, in some embodiments, the operation condition in the system can be analyzed through the management application, and if an abnormal process is analyzed, the abnormal process is reported to realize the dynamic update of the software management and control list.
Example three:
an embodiment of the present invention provides a server, as shown in fig. 9, which includes a processor 91, a memory 92, and a communication bus 93, where:
the communication bus 93 is used for realizing connection communication between the processor 91 and the memory 92;
the processor 91 is configured to execute one or more computer programs stored in the memory 92 to implement at least one step of the cloud desktop software management and control method in the first and second embodiments.
Embodiments of the present invention also provide a readable storage medium, including volatile or non-volatile, removable or non-removable media implemented in any method or technology for storage of information such as computer-readable instructions, data structures, computer program modules or other data. Readable storage media include, but are not limited to, RAM (Random Access Memory), ROM (Read-Only Memory), EEPROM (Electrically Erasable Programmable Read-Only Memory), flash Memory or other Memory technology, CD-ROM (Compact Disc Read-Only Memory), Digital Versatile Discs (DVD) or other optical Disc storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer.
The readable storage medium in the embodiment of the present invention may be used to store one or more computer programs, and the stored one or more computer programs may be executed by the processor to implement at least one step of the cloud desktop software management and control method in the first and second embodiments.
It will be apparent to those skilled in the art that all or some of the steps of the methods, systems, functional modules/units in the devices disclosed above may be implemented as software (which may be implemented in computer program code executable by a computing device), firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed by several physical components in cooperation. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit.
In addition, communication media typically embodies computer readable instructions, data structures, computer program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to one of ordinary skill in the art. Thus, the present invention is not limited to any specific combination of hardware and software.
The foregoing is a more detailed description of embodiments of the present invention, and the present invention is not to be considered limited to such descriptions. For those skilled in the art to which the invention pertains, several simple deductions or substitutions can be made without departing from the spirit of the invention, and all shall be considered as belonging to the protection scope of the invention.

Claims (10)

1. A cloud desktop software management and control method comprises the following steps:
acquiring a software control list, wherein the software control list is recorded with feature information of software;
monitoring currently called software in a virtual machine system through a software authentication driver;
comparing the monitoring result with the software control list;
and if the feature information of the currently called software is matched with the feature information in the blacklist of the software control list, intercepting the current operation of the software through the software authentication driver.
2. The cloud desktop software management and control method of claim 1, wherein the monitoring of currently invoked software in the virtual machine system comprises at least one of:
monitoring software corresponding to a process in which the system is running;
and monitoring software corresponding to the IO action of the disk in the system.
3. The cloud desktop software management and control method of claim 1, wherein the feature information comprises at least one of:
a system process name of the software;
keywords in the software installation path;
a publisher of the software;
version number of the same software.
4. The cloud desktop software management and control method according to claim 1, wherein after obtaining the software management and control list from the management platform, the method further comprises:
acquiring a latest software control list;
and enabling the software authentication driver to update the software control list, and performing software control on the virtual machine system based on the updated software control list.
5. The cloud desktop software management and control method according to claim 4, wherein the obtaining the latest software management and control list includes:
monitoring the resource occupation condition in the virtual machine system;
if the resource occupation situation in the virtual machine system is monitored to be abnormal, reporting the corresponding process for analysis;
and acquiring a latest software control list after the process is analyzed.
6. The cloud desktop software management and control method of claim 1, wherein the software authentication-driven system rights are higher than applications at an application layer in the system.
7. The cloud desktop software management and control method according to any one of claims 1-6, wherein the software management and control list further includes a white list, and the cloud desktop software management and control method further includes:
if the characteristics of the software corresponding to the current process or the disk IO action are matched with the characteristic information in the white list in the software control list, the related operation of the software is not intercepted;
and if the characteristics of the software corresponding to the current process or the disk IO action are not matched with the characteristic information in the white list and the black list in the software control list, sending risk prompt information to the user.
8. A cloud desktop system comprises a management platform, a desktop management module and a software authentication driver;
the management platform is used for providing a software control list;
the desktop management module is used for acquiring the software management and control list from the management platform and sending the software management and control list to the software authentication driver;
the software authentication driver is used for monitoring the currently called software in the virtual machine system, comparing the monitoring result with the software control list, and intercepting the current operation of the software if the feature information of the currently called software is matched with the feature information in the blacklist of the software control list.
9. A server, comprising a processor, a memory, and a communication bus;
the communication bus is used for realizing connection communication between the processor and the memory;
the processor is configured to execute one or more computer programs stored in the memory to implement the steps of the cloud desktop software hosting method as claimed in any one of claims 1 to 7.
10. Readable storage medium, characterized in that the readable storage medium
One or more computer programs stored thereon that are executable by one or more processors to implement the steps of the cloud desktop software hosting method as claimed in any one of claims 1 to 7.
CN202011023360.5A 2020-09-25 2020-09-25 Cloud desktop software management and control method, system, server and readable storage medium Pending CN114254270A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011023360.5A CN114254270A (en) 2020-09-25 2020-09-25 Cloud desktop software management and control method, system, server and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011023360.5A CN114254270A (en) 2020-09-25 2020-09-25 Cloud desktop software management and control method, system, server and readable storage medium

Publications (1)

Publication Number Publication Date
CN114254270A true CN114254270A (en) 2022-03-29

Family

ID=80790488

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011023360.5A Pending CN114254270A (en) 2020-09-25 2020-09-25 Cloud desktop software management and control method, system, server and readable storage medium

Country Status (1)

Country Link
CN (1) CN114254270A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117633797A (en) * 2023-11-27 2024-03-01 北京微步在线科技有限公司 Software control method and device, electronic equipment and storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117633797A (en) * 2023-11-27 2024-03-01 北京微步在线科技有限公司 Software control method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN110651269B (en) Isolated container event monitoring
US11720393B2 (en) Enforcing compliance rules using guest management components
CN108369625B (en) Dual memory introspection for protecting multiple network endpoints
US8806009B2 (en) System and method for optimization of security tasks by configuring security modules
JP6059812B2 (en) Technology for detecting security vulnerabilities
US8925076B2 (en) Application-specific re-adjustment of computer security settings
US10944794B2 (en) Real-time policy selection and deployment based on changes in context
US8954897B2 (en) Protecting a virtual guest machine from attacks by an infected host
WO2019158915A1 (en) Managing virtual machine security resources
US20170269955A1 (en) Enforcing compliance rules using guest management components
US20080276295A1 (en) Network security scanner for enterprise protection
US10769275B2 (en) Systems and methods for monitoring bait to protect users from security threats
US9940466B2 (en) Computer-implemented command control in information technology service environment
US20140101428A1 (en) Dynamic protection of one or more deployed copies of a master operating system image
US20120066765A1 (en) System and method for improving security using intelligent base storage
US20090293100A1 (en) Apparatus and method for checking pc security
EP3753221B1 (en) System and method for monitoring effective control of a machine
WO2015070376A1 (en) Method and system for realizing virtualization security
CN114254270A (en) Cloud desktop software management and control method, system, server and readable storage medium
US11113389B1 (en) Systems and methods for providing persistent visual warnings for application launchers
US10243963B1 (en) Systems and methods for generating device-specific security policies for applications
US20230291589A1 (en) Integration of oem endpoint management and unified endpoint management
US11775272B1 (en) Deployment of software programs based on security levels thereof
KR20220123904A (en) Unmanned ground vehicle with dual network system and operating method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination