CN116938610B - Mail system based on mimicry architecture - Google Patents

Mail system based on mimicry architecture Download PDF

Info

Publication number
CN116938610B
CN116938610B CN202311206966.6A CN202311206966A CN116938610B CN 116938610 B CN116938610 B CN 116938610B CN 202311206966 A CN202311206966 A CN 202311206966A CN 116938610 B CN116938610 B CN 116938610B
Authority
CN
China
Prior art keywords
target
mail
processes
scheduling
processing result
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202311206966.6A
Other languages
Chinese (zh)
Other versions
CN116938610A (en
Inventor
袁海滨
刘博�
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Aoxing Technology Co ltd
Original Assignee
Beijing Aoxing Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Aoxing Technology Co ltd filed Critical Beijing Aoxing Technology Co ltd
Priority to CN202311206966.6A priority Critical patent/CN116938610B/en
Publication of CN116938610A publication Critical patent/CN116938610A/en
Application granted granted Critical
Publication of CN116938610B publication Critical patent/CN116938610B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/21Monitoring or handling of messages
    • H04L51/212Monitoring or handling of messages using filtering or selective blocking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/42Mailbox-related aspects, e.g. synchronisation of mailboxes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/306Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/308Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information retaining data, e.g. retaining successful, unsuccessful communication attempts, internet access, or e-mail, internet telephony, intercept related information or call content
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Abstract

The invention provides a mail system based on a mimicry architecture, which comprises: the receiving function module is used for receiving the service request of the target mail, determining a plurality of target first processes in a first process pool comprising a plurality of heterogeneous processes, and accordingly carrying out receiving service processing to obtain a receiving service processing result; the mail processing function module is used for determining a plurality of target second processes in a second process pool comprising a plurality of heterogeneous processes when the target mail is required to be subjected to mail processing, and accordingly carrying out the mail processing to obtain a mail service processing result; and the queue scheduling function module is used for determining a plurality of target third processes in a third process pool containing a plurality of heterogeneous processes when the target mail needs to be scheduled, and accordingly scheduling the target mail to obtain a scheduling service processing result. By applying the system provided by the invention, each functional module can perform service processing through a plurality of heterogeneous processes, thereby realizing mimicry defense, being beneficial to timely finding out abnormality and improving the safety of the system.

Description

Mail system based on mimicry architecture
Technical Field
The invention relates to the technical field of computers, in particular to a mail system based on a mimicry architecture.
Background
Mail service is one of the main services in the internet, and internet users can realize mail service through a mail server built based on a mail system. The simple mail transfer protocol (Simple Mail Transfer Protocol, SMTP) is one of the commonly used email transfer protocols in cross-domain communications.
Security performance has been one of the important concerns of mail systems, and currently, passive defense type security protection is generally adopted in mail systems employing SMTP. Mainly, an additional safety protection component is deployed, safety protection rules are formulated based on a mastered knowledge base, and known threats are filtered as far as possible.
With the development of computer technology, network attack technology is changing, and an attacker can continuously mine available holes in a mail system and launch attacks to the mail system by new attack means. Based on the safety protection measures of the existing mail system, the mail system can only filter the known threats, and is generally difficult to identify the threats and cannot intercept the attacks when facing the attacks which are not mastered, so that the system has poor safety and is not beneficial to guaranteeing the normal operation of the mail system.
Disclosure of Invention
In view of the above, the embodiment of the invention provides a mail system based on a mimicry architecture, so as to solve the problem that the security of the system is poor because the existing mail system is only capable of filtering the mastered threat and cannot intercept the unknown threat attack.
In order to achieve the above object, the embodiment of the present invention provides the following technical solutions:
a mimicry architecture based mail system, comprising:
the system comprises a receiving function module, a letter processing function module and a queue scheduling function module;
the receiving function module is used for determining a plurality of target first processes corresponding to the target mail in the constructed first process pool when receiving a service request corresponding to the target mail, and carrying out receiving service processing on the target mail based on the plurality of target first processes to obtain a receiving service processing result corresponding to the target mail; the first process pool comprises a plurality of heterogeneous first processes;
the mail processing function module is used for determining a plurality of target second processes corresponding to the target mail in the constructed second process pool when the target mail is required to be subjected to mail processing, and performing mail processing on the target mail based on the plurality of target second processes to obtain a mail service processing result corresponding to the target mail so as to put the target mail into a preset mail queue based on the mail service processing result; the second process pool comprises a plurality of heterogeneous second processes;
The queue scheduling function module is used for determining a plurality of target third processes corresponding to the target mail in a constructed third process pool when the target mail needs to be scheduled, and scheduling the target mail based on the plurality of target third processes to obtain a scheduling service processing result corresponding to the target mail so that a preset mail delivery proxy service processes the target mail based on the scheduling service processing result; the third process pool includes a plurality of heterogeneous third processes.
In the above system, optionally, in the constructed first process pool, determining a plurality of target first processes corresponding to the target mail includes:
judging whether the current first process pool meets preset calling conditions or not;
if the current first process pool does not accord with the calling condition, performing a process pulling operation on the first process pool so as to switch a first process in a candidate state in the first process pool into a dormant state;
selecting a plurality of first processes from a first process pool subjected to process pulling operation according to a preset work process scheduling strategy, and taking the selected first processes as the target first processes.
The above system, optionally, further comprising:
and if the current first process pool meets the calling condition, selecting a plurality of first processes in the first process pool according to the working process scheduling strategy, and taking the selected first processes as the target first processes.
The system, optionally, the plurality of heterogeneous first processes include a plurality of heterogeneous normal processes, a plurality of heterogeneous container processes, a plurality of heterogeneous virtual machine processes, and a plurality of heterogeneous remote service processes.
In the above system, optionally, the processing the receiving service of the target mail based on the plurality of target first processes to obtain a receiving service processing result corresponding to the target mail includes:
creating a receiving task corresponding to the target mail;
distributing the receiving task to each target first process, and enabling each target first process to process the receiving task respectively to obtain a processing result of each target first process;
and determining a first target result in the processing results of each target first process according to a preset first judging strategy, and taking the first target result as the receiving service processing result.
In the above system, optionally, the performing letter processing on the target mail based on the plurality of target second processes to obtain a letter service processing result corresponding to the target mail includes:
creating a letter processing task corresponding to the target mail;
distributing the letter processing task to each target second process, so that each target second process processes the letter processing task respectively to obtain a processing result of each target second process;
and determining a second target result in the processing results of each target second process according to a preset second judging strategy, and taking the second target result as the letter service processing result.
In the above system, optionally, the scheduling processing is performed on the target mail based on the plurality of target third processes to obtain a scheduling service processing result corresponding to the target mail, where the scheduling service processing result includes:
creating a scheduling task corresponding to the target mail;
distributing the scheduling task to each target third process, and enabling each target third process to process the scheduling task respectively to obtain a processing result of each target third process;
And determining a third target result in the processing results of each target third process according to a preset third arbitration strategy, and taking the third target result as the scheduling service processing result.
The above system, optionally, the receiving function module is further configured to:
and for each target first process, judging whether the target first process is an abnormal process according to the receiving service processing result, and if the target first process is an abnormal process, performing scheduling policy updating processing on the target first process so as to reduce the use frequency of the target first process.
The above system, optionally, the letter processing function module is further configured to:
and for each target second process, judging whether the target second process is an abnormal process according to the letter service processing result, and if the target second process is an abnormal process, performing scheduling policy updating processing on the target second process so as to reduce the use frequency of the target second process.
The above system, optionally, the queue scheduling function module is further configured to:
and for each target third process, judging whether the target third process is an abnormal process according to the scheduling service processing result, and if the target third process is an abnormal process, performing scheduling policy updating processing on the target third process so as to reduce the use frequency of the target third process.
Based on the above-mentioned mail system based on mimicry architecture provided by the embodiment of the present invention, the mail system includes: the receiving function module is used for determining a plurality of target first processes corresponding to the target mail in the constructed first process pool when receiving the service request corresponding to the target mail, and carrying out receiving service processing on the target mail based on the plurality of target first processes to obtain a receiving service processing result corresponding to the target mail; the first process pool comprises a plurality of heterogeneous first processes; the mail processing function module is used for determining a plurality of target second processes corresponding to the target mail in the constructed second process pool when the target mail is required to be processed, and processing the target mail based on the plurality of target second processes to obtain a mail service processing result corresponding to the target mail so as to put the target mail into a preset mail queue based on the mail service processing result; the second process pool comprises a plurality of heterogeneous second processes; the queue scheduling function module is used for determining a plurality of target third processes corresponding to the target mail in the constructed third process pool when the target mail needs to be scheduled, and scheduling the target mail based on the plurality of target third processes to obtain a scheduling service processing result corresponding to the target mail so as to enable a preset mail delivery proxy service to process the target mail based on the scheduling service processing result; the third process pool includes a plurality of heterogeneous third processes. By applying the system provided by the embodiment of the invention, each functional module carries out service processing through a plurality of heterogeneous working processes in the running process of the mail system, and can realize mimicry defense based on the working processes of the heterogeneous redundancy structure. Each working process has specificity, the probability of existence of common loopholes is small, malicious attacks are difficult to bypass all working processes at the same time, abnormal services can be found in time in the service processing process, and then threats are filtered. Whether facing the known threat or the unknown threat, the method can timely discover the attack behavior and conduct active defense, thereby being beneficial to improving the security of the mail system.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic structural diagram of a mail system based on a mimicry architecture according to an embodiment of the present invention;
FIG. 2 is an exemplary diagram of a workflow of a mail system provided by an embodiment of the present invention;
FIG. 3 is an exemplary diagram of a process state switching procedure according to an embodiment of the present invention;
FIG. 4 is a diagram illustrating an exemplary workflow of a functional module according to an embodiment of the present invention;
fig. 5 is a morphological exemplary diagram of a working process according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In the present disclosure, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The embodiment of the application provides a mail system based on a mimicry architecture, which can be deployed on a mail server to provide mail business services, and the schematic structure of the mail system can be shown as fig. 1, and comprises:
a reception function module 101, a letter processing function module 102, and a queue scheduling function module 103;
the receiving function module 101 is configured to determine, in a constructed first process pool, a plurality of target first processes corresponding to a target mail when a service request corresponding to the target mail is received, and perform receiving service processing on the target mail based on the plurality of target first processes, so as to obtain a receiving service processing result corresponding to the target mail; the first process pool comprises a plurality of heterogeneous first processes;
The mail processing function module 102 is configured to determine, in a constructed second process pool, a plurality of target second processes corresponding to the target mail when the mail processing is required for the target mail, and perform the mail processing on the target mail based on the plurality of target second processes, so as to obtain a mail service processing result corresponding to the target mail, so that the target mail is placed in a preset mail queue based on the mail service processing result; the second process pool comprises a plurality of heterogeneous second processes;
the queue scheduling function module 103 is configured to determine, in a third process pool that is constructed, a plurality of target third processes corresponding to the target mail when scheduling processing is required for the target mail, and schedule the target mail based on the plurality of target third processes to obtain a scheduling service processing result corresponding to the target mail, so that a preset mail delivery proxy service processes the target mail based on the scheduling service processing result; the third process pool includes a plurality of heterogeneous third processes.
The system provided by the embodiment of the invention is a Postfix-based mail system, and the Postfix is an open-source mail server software system, which is not described in detail herein, and adopts the SMTP protocol. The receiving function module deployed in the system provided by the embodiment of the invention realizes the service, namely Smtpd service in Postfix, wherein Smtpd is a process responsible for receiving functions in Postfix. The business service implemented by the letter processing function module is the clearup service in Postfix, which is a process in Postfix that is responsible for the letter processing function. The business service implemented by the queue scheduling function module is Qmgr service in Postfix, and Qmgr is a process responsible for the queue scheduling function in Postfix. Implementation of other functional services of the mail system can be deployed based on existing modes provided by Postfix, and will not be described in detail herein.
In the system provided by the embodiment of the invention, corresponding process pools are respectively provided for each functional module such as the receiving functional module, the letter processing functional module, the queue scheduling functional module and the like, so as to process tasks of the modules. The process pool corresponding to each functional module is a process pool adopting dynamic heterogeneous redundancy construction (Dynamic Heterogeneous Redundancy, DHR), wherein the process pool comprises a plurality of heterogeneous working processes, namely, each working process in the process pool has functionally equivalent heterogeneous characteristics, and the heterogeneous characteristics can be embodied in programming language, deployment form, running mode and the like. It can be understood that the system provided by the embodiment of the invention is a mail system based on a mimicry architecture, namely, the mimicry defense architecture is used for modifying a process pool.
The mail receiving function module in the embodiment of the invention is used for receiving the mail sent to the mail server, and when receiving a certain mail, the mail receiving function module receives a service request corresponding to the mail. When the receiving function module receives a service request of the target mail, a plurality of heterogeneous working processes are selected from a process pool corresponding to the receiving function module, namely a first process pool, and the selected working processes are used as target first processes corresponding to the target mail. The receiving service of the target mail is processed through each target first process, and the final processing result of the receiving function module, namely the receiving service processing result corresponding to the target mail, is determined according to the processing result of each target first process.
The mail system can identify whether to continue service processing on the target mail according to the receiving service processing result, if the receiving service processing result indicates that the target mail can continue processing, the target mail and the receiving service processing result thereof are transferred to the mail processing function module, and when the mail processing function module receives the information, the mail processing function module is regarded as to need to process the mail on the target mail. The mail processing functional module can select a plurality of heterogeneous working processes in the corresponding process pool, namely the second process pool, and the selected working processes are used as target second processes corresponding to the target mails. And carrying out letter processing on the target mails through each target second process to obtain processing results of each target second process, and determining a final processing result of the letter processing functional module, namely a letter service processing result corresponding to the target mails, based on the processing results.
The mail system can identify whether to continue the service processing to the target mail according to the mail service processing result, if so, the target mail is put into a corresponding mail queue according to the mail service processing result. Through mail queue circulation, the target mail enters a queue scheduling functional module for processing, and the target mail is considered to be required to be scheduled at the moment. The queue scheduling functional module selects a plurality of heterogeneous working processes from the corresponding process pools, namely the third process pool, and takes the selected working processes as target third processes. And scheduling the target mails through the target third processes to obtain the processing result of each target third process. And determining the final processing result of the queue scheduling functional module, namely the scheduling service processing result of the target mail, according to the processing result of each target third process.
The mail system can identify whether to continue the service processing on the target mail according to the scheduling service processing result, if so, the target mail and the scheduling service processing result thereof are sent to a preset mail delivery proxy service, so that the mail delivery proxy service performs corresponding processing to realize mail delivery. The mail delivery proxy service is Mail Delivery Agent, abbreviated as MDA.
The system provided by the embodiment of the invention comprises: the receiving function module is used for receiving the service request corresponding to the target mail, determining a plurality of target first processes in the constructed first process pool, and carrying out receiving service processing based on the plurality of target first processes to obtain a receiving service processing result; the mail processing function module is used for determining a plurality of target second processes in the constructed second process pool, and performing mail processing based on the plurality of target second processes to obtain a mail service processing result so as to put target mails into a preset mail queue based on the mail service processing result; and the queue scheduling function module is used for determining a plurality of target third processes in the constructed third process pool, scheduling the target mail based on the plurality of target third processes to obtain a scheduling service processing result, so that the preset mail delivery proxy service processes the target mail based on the scheduling service processing result. By applying the system provided by the embodiment of the invention, each functional module carries out service processing through a plurality of heterogeneous working processes in the running process of the mail system, and can realize mimicry defense based on the working processes of the heterogeneous redundancy structure. Each working process has specificity, the probability of existence of common loopholes is small, malicious attacks are difficult to bypass all working processes at the same time, abnormal services can be found in time in the service processing process, and then threats are filtered. Whether facing the known threat or the unknown threat, the method can timely discover the attack behavior and conduct active defense, thereby being beneficial to improving the security of the mail system.
In order to better explain the system provided by the embodiment of the present invention, a brief description of the workflow of the system provided by the embodiment of the present invention follows. As shown in fig. 2, the workflow of the system provided by the embodiment of the present invention mainly includes:
and the main process (main SMTPD process) of the SMTPD service (namely the receiving function module) receives the mail, the main SMTPD process selects a plurality of heterogeneous SMTPD working processes from the SMTPD process pool to form an active process group, the mail is subjected to service processing to obtain a processing result of each SMTPD working process, and then a final processing result is selected from the processing results according to a judging strategy to obtain the SMTPD service processing result of the mail.
After being processed by the SMTPD service, the service flow of the mail is transferred to a main process (main clear process) of the clear service (namely a letter processing function module), the main clear process selects a plurality of heterogeneous clear work processes in a clear process pool to form an active process group, the mail is processed by the service to obtain a processing result of each clear work process, and a final processing result is selected from the processing results according to a judging strategy to obtain a clear service processing result of the mail.
After being processed by the CLEANUP service, the mail can enter a mail queue for circulation, the mail can enter a corresponding mail queue according to a processing result, the system mainly comprises an incoming mail queue, an active mail, a hold mail, a deferred mail and the like, the incoming mail is used for placing the mail which is not found yet in the arriving queue or the management process, the active mail is used for placing the mail which is already opened by the queue management process and is ready for delivery, the queue has a limit on the length, the hold mail is used for placing the mail which is prevented from being sent, and the deferred mail is used for placing the mail which can not be delivered, and the mail which is possibly deferred to be sent. Under normal conditions, the mail is put into an incoming queue or a hold queue according to the processing result, the mail in the incoming queue sequentially enters an active queue, and the mail in the active queue and the released queue may flow according to the processing situation. The mail queue may employ an existing Postfix mail queue architecture, which is not described in detail herein.
When the mail in the active queue needs to be delivered, the mail enters a main process (main QMGR process) of a QMGR service (namely a queue scheduling functional module), the main QMGR process selects a plurality of heterogeneous QMGR working processes in a qmrg process pool to form an active process group, the mail is subjected to service processing, a processing result of each QMGR working process is obtained, a final processing result is selected from the processing results according to a arbitration policy, and a QMGR service processing result of the mail is obtained. Then the mail can enter the MDA pool to deliver the mail and send the mail. The MDA pool includes various delivery processes, including relay, smtp, local, pipe, virtual, etc., and may use an existing MDA service architecture, which is not described in detail herein.
On the basis of the system provided by the above embodiment, in the system provided by the embodiment of the present invention, in the constructed first process pool, a process of determining a plurality of target first processes corresponding to the target mail includes:
judging whether the current first process pool meets preset calling conditions or not;
in the system provided by the embodiment of the invention, the call condition can be preset, namely, the condition that the process can be directly called from the process pool to carry out service processing can be specifically set according to the number requirement of idle processes, for example, when the number of idle processes in the process pool exceeds a preset threshold value, the condition is considered to be met. An idle process refers to a process in a sleep state.
In the service processing process of the receiving function module, whether the current first process pool meets preset calling conditions can be judged.
If the current first process pool does not accord with the calling condition, performing a process pulling operation on the first process pool so as to switch a first process in a candidate state in the first process pool into a dormant state;
in the system provided by the embodiment of the invention, if the current first process pool does not meet the calling condition, the process pulling operation is performed on the working process (namely the first process) in the candidate state in the first process pool, so that the corresponding first process is switched from the candidate state to the dormant state.
Referring to the example diagram of FIG. 3, the process states of a worker process in an embodiment of the present invention include three states, candidate, dormant, and active. The candidate state is the initial state of the process in which the process is not running. The process in the candidate state can be directly pulled up by the main process to enter a dormant state, and the process in the dormant state is already running and waits for the main process to deliver the task. After the main process distributes task information to the process in the dormant state, the process enters an active state, and the process in the active state is carrying out task processing work. After the work process is completed, the work process will fall back to the sleep state and wait for the release of new tasks. If the work process is in the dormant state for more than a period of time, the work process is actively exited and switched back to the candidate state in order to save system resources. Meanwhile, after each business processing, the system can switch the abnormal working process to a candidate state.
Selecting a plurality of first processes from a first process pool subjected to process pulling operation according to a preset work process scheduling strategy, and taking the selected first processes as the target first processes.
In the system provided by the embodiment of the invention, the scheduling strategy of the working process can be preset according to the actual demand, namely, the working process is selected according to the strategy to carry out service processing. After the process pulling operation is completed, a plurality of first processes can be selected from the current first process pool based on a preset work process scheduling strategy, namely, the process in the dormant state is selected, and the selected first processes are used as target first processes, so that a plurality of target first processes are obtained.
On the basis of the system provided by the above embodiment, the system provided by the embodiment of the present invention further includes:
and if the current first process pool meets the calling condition, selecting a plurality of first processes in the first process pool according to the working process scheduling strategy, and taking the selected first processes as the target first processes.
In the system provided by the embodiment of the invention, if the current first process pool meets the preset calling condition, the idle process of the current first process pool meets the calling requirement, and then a plurality of target first processes can be selected from the first process pool directly according to the work process scheduling strategy.
Similarly, the letter processing function module may determine each target second process according to the above principle of determining the target first process, and the queue scheduling function module may determine each target third process according to the above principle of determining the target first process, which is not described herein.
In order to better explain the system provided by the embodiment of the present invention, the working flows of the function modules such as the receiving function module, the letter processing function module, the queue scheduling function module and the like provided by the embodiment of the present invention are briefly described with reference to fig. 4. The working process of the functional module mainly comprises the following steps:
And performing service monitoring, judging whether idle working processes in the current working process pool are sufficient or not when the arrival event of the new connection is monitored, and distributing input excitation, namely distributing tasks, through an IPC channel if the idle processes are sufficient. The IPC (Inter-Process Communication) channel refers to an interprocess communication channel. If the idle work process is insufficient, a work process pulling operation is performed based on the work group selection policy (i.e., the work process scheduling policy in the foregoing embodiment), and the designated work process in the candidate state is activated to the dormant state.
The input stimulus is distributed to each active work process in the active process group appointed in the work process pool, the work processes are in a dormant state before receiving the stimulus, and are switched to an active state after receiving the stimulus, and become active work processes. After each active working process in the active process group finishes processing, the corresponding processing result can be output, the processing result of each active working process can be sent to a decision-making service through an IPC channel, the decision-making service can select a more reliable processing result from the processing results based on a preset decision strategy to carry out decision output, and the output processing result is the processing result of the functional module.
Based on the system provided by the above embodiment, in the system provided by the embodiment of the present invention, the plurality of heterogeneous first processes include a plurality of heterogeneous normal processes, a plurality of heterogeneous container processes, a plurality of heterogeneous virtual machine processes, and a plurality of heterogeneous remote service processes.
In the system provided by the embodiment of the invention, the process pool of each functional module contains heterogeneous working processes in various forms, as shown in fig. 5, the working processes can be divided into a local working process and a remote working process, and the local working process mainly comprises a plurality of heterogeneous common processes, heterogeneous container processes and heterogeneous virtual machine processes. The tele-working process then comprises a plurality of heterogeneous remote service processes. The heterogeneous normal process can be a heterogeneous process constructed based on normal process files such as elf, the heterogeneous container process can be a heterogeneous process constructed based on container engines such as rkt and dock, the heterogeneous virtual machine process can be a heterogeneous process constructed based on virtual machines such as Xen Project and KVM, and the heterogeneous remote service process can be a heterogeneous process constructed based on remote call realization technologies such as gRPC and REST.
Correspondingly, in the system provided by the embodiment of the invention, each heterogeneous first process in the first process pool comprises a plurality of heterogeneous common processes, a plurality of heterogeneous container processes, a plurality of heterogeneous virtual machine processes and a plurality of heterogeneous remote service processes.
Similarly, the second process pool and the third process pool also respectively comprise heterogeneous working processes in multiple types, which are not described in detail herein.
Based on the system provided by the above embodiment, in the system provided by the embodiment of the present invention, the process of performing the terminating service processing on the target mail based on the plurality of target first processes to obtain the terminating service processing result corresponding to the target mail includes:
creating a receiving task corresponding to the target mail;
in the system provided by the embodiment of the invention, the main process of the receiving function module can create the receiving task corresponding to the target mail based on the related information of the target mail so as to process the receiving business of the target mail.
Distributing the receiving task to each target first process, and enabling each target first process to process the receiving task respectively to obtain a processing result of each target first process;
in the system provided by the embodiment of the invention, the main process can respectively send the receiving task to each target first process, after each target first process receives the receiving task, the receiving task can be processed based on the receiving service processing mechanism of the main process, and the processing result is output, so that the main process can obtain the processing result of each target first process for the receiving task.
And determining a first target result in the processing results of each target first process according to a preset first judging strategy, and taking the first target result as the receiving service processing result.
In the system provided by the embodiment of the invention, the first arbitration policy can be preset, can be set based on the arbitration rules of the existing mimicry defense technology, and can be set based on rules such as most of consistence and the like.
The main process can select a more reliable processing result from the processing results of each target first process as a first target result according to a first arbitration policy, and the first target result is used as a receiving service processing result.
Based on the system provided by the above embodiment, in the system provided by the embodiment of the present invention, the process of performing letter processing on the target mail based on the plurality of target second processes to obtain a letter service processing result corresponding to the target mail includes:
creating a letter processing task corresponding to the target mail;
distributing the letter processing task to each target second process, so that each target second process processes the letter processing task respectively to obtain a processing result of each target second process;
And determining a second target result in the processing results of each target second process according to a preset second judging strategy, and taking the second target result as the letter service processing result.
In the system provided by the embodiment of the present invention, the processing principle of the letter processing function module in the flow is the same as the processing principle of the letter receiving function module in the previous embodiment for processing the letter receiving service, so that the letter receiving service processing result is obtained by processing the target mail based on the plurality of target first processes in the previous embodiment, and the description of the letter receiving service processing result is omitted herein.
Based on the system provided by the above embodiment, in the system provided by the embodiment of the present invention, the process of performing scheduling processing on the target mail based on the plurality of target third processes to obtain a scheduling service processing result corresponding to the target mail includes:
creating a scheduling task corresponding to the target mail;
distributing the scheduling task to each target third process, and enabling each target third process to process the scheduling task respectively to obtain a processing result of each target third process;
And determining a third target result in the processing results of each target third process according to a preset third arbitration strategy, and taking the third target result as the scheduling service processing result.
In the system provided by the embodiment of the present invention, the processing principle of the queue scheduling function module in the flow is the same as the processing principle of the receiving function module in the previous embodiment for obtaining the receiving service processing result, which refers to the description of the receiving service processing result obtained by processing the target mail based on the multiple target first processes in the previous embodiment, and is not repeated herein.
It should be noted that, the decision strategies adopted by the receiving function module, the letter processing function module and the queue scheduling function module in the processing process can be the same or different, and can be set according to actual requirements without affecting the system implementation function provided by the embodiment of the invention.
On the basis of the system provided by the above embodiment, in the system provided by the embodiment of the present invention, the receiving function module is further configured to:
and for each target first process, judging whether the target first process is an abnormal process according to the receiving service processing result, and if the target first process is an abnormal process, performing scheduling policy updating processing on the target first process so as to reduce the use frequency of the target first process.
In the system provided by the embodiment of the invention, after the receiving function module finishes the receiving service processing of the target mail, whether abnormal processes exist in each target first process currently participating in the service processing can be judged according to the receiving service processing result. Specifically, the reception service processing result may be compared with the processing result of each target first process, and if the processing result of the target first process is inconsistent with the reception service processing result, the target first process is regarded as an abnormal process. And for the target first process belonging to the abnormal process, carrying out updating processing on the scheduling strategy so as to reduce the use frequency of the process in the subsequent working process, for example, the weight corresponding to the process in the working process scheduling strategy can be reduced.
On the basis of the system provided by the above embodiment, in the system provided by the embodiment of the present invention, the letter processing function module is further configured to:
and for each target second process, judging whether the target second process is an abnormal process according to the letter service processing result, and if the target second process is an abnormal process, performing scheduling policy updating processing on the target second process so as to reduce the use frequency of the target second process.
In the system provided by the embodiment of the invention, after the mail processing function module finishes the mail processing of the target mail, the recognition processing of the abnormal process can be performed, the recognition processing principle of the abnormal process is the same as that of the receiving function module, and the description of the recognition processing of the abnormal process by the receiving function module in the previous embodiment can be referred to, and is not repeated here.
Based on the system provided by the above embodiment, in the system provided by the embodiment of the present invention, the queue scheduling function module is further configured to:
and for each target third process, judging whether the target third process is an abnormal process according to the scheduling service processing result, and if the target third process is an abnormal process, performing scheduling policy updating processing on the target third process so as to reduce the use frequency of the target third process.
In the system provided by the embodiment of the invention, after completing the scheduling processing of the target mail, the queue scheduling functional module can perform the recognition processing of the abnormal process, and the recognition processing principle of the abnormal process is the same as that of the receiving functional module, so that the description of the recognition processing of the abnormal process by the receiving functional module in the previous embodiment is omitted herein.
In order to better illustrate the system provided by the embodiment of the present invention, the embodiment of the present invention provides another mail system based on a mimicry architecture based on the system provided by the embodiment of the present invention, and the system provided by the embodiment of the present invention is implemented based on a mimicry defense technology, and the system is deployed on a mail server, and then a brief description is provided for the design principle of the system provided by the embodiment of the present invention.
The system provided by the embodiment of the invention is based on the Postfix of the open source mail server system, utilizes the multi-process cooperation mode thereof to reform the process pool principle, and is provided with a simplified mimicry defense architecture, so that the mimicry defense capability of the mail system at the component level is endowed, and the mail system externally presents an endogenous safety characteristic.
The security of the mimicry defense technology comes from endogenous effects such as self architecture, functions and operation mechanisms of the system, so that an endogenous security function is obtained. Specifically, based on DHR, the specificity of faults and vulnerabilities among heterogeneous executors is utilized, and the attack scene is irreproducible, the attack experience is inheritable and an attack chain cannot be formed by combining the intrusion effect generated by a multimode arbitration mechanism and the error correction effect generated by a feedback scheduling mechanism.
The system provided by the embodiment of the invention is obtained by modifying a process pool mechanism of Postfix, and a process pool model is organized according to a DHR architecture, so that each component which utilizes the process pool model and forms a mail system has an endogenous safety characteristic brought by a mimicry defense architecture.
Native Postfix defines a variety of process pool models, and a resident host process will dynamically augment the number of working processes based on current traffic. Each working process adopts a single-thread mode, and after the working process finishes working, if no new task is added, the working process automatically exits. In the Postfix native process pool, a task is completed by a work process. The process pool framework provided by the embodiment of the invention distributes a task to a plurality of working processes to finish, the main process of the functional module distributes task content to the working processes, receives and compares the processing results, and forms a final processing result as the overall output of the module through a plurality of uniform arbitration strategies and the like. As shown in fig. 4, main operations of the main process of the functional module include:
interact with an external module. The main process directly monitors the service request, and then forms a decision for outputting the output result of the working process, wherein the working process interacts with the main process through the IPC channel;
Maintaining a working process pool. The master process will pull up and activate the work process based on the traffic. The working processes have the functionally equivalent heterogeneous characteristics, and the isomerism can be reflected in programming languages, deployment forms, operation modes and the like;
a set of work processes is activated. The main process maintains a work process scheduling policy (i.e. a work group selection policy), and based on the policy, the main process activates a specific work process to be selected and issues a task;
forming a decision. The main process receives the processing results sent by the active process group, and forms a more reliable final decision to send out through the transverse comparison of the processing results of each process based on a plurality of consistent strategies and the like;
and feeding back a work process scheduling strategy. The main process adjusts the scheduling weight of the abnormal process according to the processing result of each process, so that the scheduled frequency is reduced in the next scene.
In the system provided by the embodiment of the invention, the process calling mode of the original Postfix system is modified, and the process calling mode based on system calling in the original architecture is changed into a custom action, so that the form of a working process can be independent of the common process form, and the containerized, virtualized and clouded working process forms are introduced. The form of the working process may be shown in fig. 5, and the description of the form of the working process shown in fig. 5 may be referred to the previous embodiments, which are not repeated here.
In the system provided by the embodiment of the invention, the states of the processes in the working process pool are divided into three types: alternatively, examples of state machines for dormant and active process states may be as shown in FIG. 3. The candidate state is the initial state of the process in which the process is not running. The process in the candidate state can be directly pulled up by the main process to enter a dormant state, and the process in the dormant state is already running and waits for the main process to deliver the task. After the main process distributes task information to the process in the dormant state, the process enters an active state, and the process in the active state is carrying out task processing work. After the work process is completed, the work process will fall back to the sleep state to wait for the release of new tasks. If the work process is in the dormant state for more than a period of time, the work process can be actively exited to save system resources.
The system provided by the embodiment of the invention is obtained by modifying the Smtpd module, the clearup module, the Qmgr module and other modules of the Postfix, so that the system runs in a mimicry process pool form and corresponds to a mail receiving stage, a mail processing stage and a mail sending scheduling stage respectively. The module architecture and workflow of the system, as shown in fig. 2, and the description of the flow shown in fig. 2 can be referred to the foregoing embodiments, which are not repeated here.
According to the system provided by the embodiment of the invention, the mimicry defense architecture is implanted in each service stage of the mail system through Smtpd, cleanup and Qmgr services with self-judging characteristics, so that the mail system has a multi-dimensional and deep active safety effect. The security of the mimicry defense architecture is derived from a dynamic heterogeneous redundancy structure, and the architecture can externally present an operation mechanism of 'inaccurate measurement' through heterogeneous execution bodies, multimode arbitration and a feedback scheduling mechanism, and the dynamic online execution bodies can timely block the formation of an attack chain.
The system provided by the embodiment of the invention is based on the Postfix process pool mechanism, the process pool framework is modified, and the DHR framework is formed in the process pool framework, so that key components forming the mail system all have endogenous safety characteristics, and the safety gain is added at each business stage of mail processing, thereby greatly improving the capability of a mail server for coping with unknown threats.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. The systems and system embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A mimicry architecture based mail system, comprising:
the system comprises a receiving function module, a letter processing function module and a queue scheduling function module;
the receiving function module is used for determining a plurality of target first processes corresponding to the target mail in the constructed first process pool when receiving a service request corresponding to the target mail, and carrying out receiving service processing on the target mail based on the plurality of target first processes to obtain a receiving service processing result corresponding to the target mail; the first process pool comprises a plurality of heterogeneous first processes;
the mail processing function module is used for determining a plurality of target second processes corresponding to the target mail in the constructed second process pool when the target mail is required to be subjected to mail processing, and performing mail processing on the target mail based on the plurality of target second processes to obtain a mail service processing result corresponding to the target mail so as to put the target mail into a preset mail queue based on the mail service processing result; the second process pool comprises a plurality of heterogeneous second processes;
the queue scheduling function module is used for determining a plurality of target third processes corresponding to the target mail in a constructed third process pool when the target mail needs to be scheduled, and scheduling the target mail based on the plurality of target third processes to obtain a scheduling service processing result corresponding to the target mail so that a preset mail delivery proxy service processes the target mail based on the scheduling service processing result; the third process pool includes a plurality of heterogeneous third processes.
2. The system of claim 1, wherein the determining, in the constructed first process pool, a plurality of target first processes corresponding to the target mail includes:
judging whether the current first process pool meets preset calling conditions or not;
if the current first process pool does not accord with the calling condition, performing a process pulling operation on the first process pool so as to switch a first process in a candidate state in the first process pool into a dormant state;
selecting a plurality of first processes from a first process pool subjected to process pulling operation according to a preset work process scheduling strategy, and taking the selected first processes as the target first processes.
3. The system of claim 2, further comprising:
and if the current first process pool meets the calling condition, selecting a plurality of first processes in the first process pool according to the working process scheduling strategy, and taking the selected first processes as the target first processes.
4. The system of claim 1, wherein the plurality of heterogeneous first processes comprises a plurality of heterogeneous normal processes, a plurality of heterogeneous container processes, a plurality of heterogeneous virtual machine processes, and a plurality of heterogeneous remote service processes.
5. The system of claim 1, wherein the processing the destination mail based on the plurality of target first processes to obtain the destination mail processing result corresponding to the destination mail includes:
creating a receiving task corresponding to the target mail;
distributing the receiving task to each target first process, and enabling each target first process to process the receiving task respectively to obtain a processing result of each target first process;
and determining a first target result in the processing results of each target first process according to a preset first judging strategy, and taking the first target result as the receiving service processing result.
6. The system of claim 1, wherein the performing, based on the plurality of target second processes, letter processing on the target mail to obtain a letter service processing result corresponding to the target mail includes:
creating a letter processing task corresponding to the target mail;
distributing the letter processing task to each target second process, so that each target second process processes the letter processing task respectively to obtain a processing result of each target second process;
And determining a second target result in the processing results of each target second process according to a preset second judging strategy, and taking the second target result as the letter service processing result.
7. The system of claim 1, wherein the scheduling the target mail based on the plurality of target third processes to obtain a scheduling service processing result corresponding to the target mail includes:
creating a scheduling task corresponding to the target mail;
distributing the scheduling task to each target third process, and enabling each target third process to process the scheduling task respectively to obtain a processing result of each target third process;
and determining a third target result in the processing results of each target third process according to a preset third arbitration strategy, and taking the third target result as the scheduling service processing result.
8. The system of claim 1, wherein the addressee function module is further configured to:
and for each target first process, judging whether the target first process is an abnormal process according to the receiving service processing result, and if the target first process is an abnormal process, performing scheduling policy updating processing on the target first process so as to reduce the use frequency of the target first process.
9. The system of claim 1, wherein the letter processing function module is further configured to:
and for each target second process, judging whether the target second process is an abnormal process according to the letter service processing result, and if the target second process is an abnormal process, performing scheduling policy updating processing on the target second process so as to reduce the use frequency of the target second process.
10. The system of claim 1, wherein the queue scheduling function is further configured to:
and for each target third process, judging whether the target third process is an abnormal process according to the scheduling service processing result, and if the target third process is an abnormal process, performing scheduling policy updating processing on the target third process so as to reduce the use frequency of the target third process.
CN202311206966.6A 2023-09-19 2023-09-19 Mail system based on mimicry architecture Active CN116938610B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311206966.6A CN116938610B (en) 2023-09-19 2023-09-19 Mail system based on mimicry architecture

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311206966.6A CN116938610B (en) 2023-09-19 2023-09-19 Mail system based on mimicry architecture

Publications (2)

Publication Number Publication Date
CN116938610A CN116938610A (en) 2023-10-24
CN116938610B true CN116938610B (en) 2023-11-17

Family

ID=88390136

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311206966.6A Active CN116938610B (en) 2023-09-19 2023-09-19 Mail system based on mimicry architecture

Country Status (1)

Country Link
CN (1) CN116938610B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20040021042A (en) * 2002-09-02 2004-03-10 엘지전자 주식회사 A device and a operating method thereof improving processing performance for real time operating system
CN101179532A (en) * 2007-12-13 2008-05-14 腾讯科技(深圳)有限公司 Mail server system and mail distributing method
JP2011159244A (en) * 2010-02-04 2011-08-18 Sumitomo Electric System Solutions Co Ltd E-mail transmission control program, operating method and computer device
CN111638977A (en) * 2020-05-16 2020-09-08 中信银行股份有限公司 Data transmission method and system based on mail slot
WO2021051530A1 (en) * 2019-09-19 2021-03-25 平安科技(深圳)有限公司 Method, apparatus and device for detecting abnormal mail, and storage medium
WO2021093673A1 (en) * 2019-11-12 2021-05-20 深圳前海微众银行股份有限公司 E-mail sending method, apparatus and device, and computer-readable storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8019863B2 (en) * 2008-03-28 2011-09-13 Ianywhere Solutions, Inc. Synchronizing events between mobile devices and servers

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20040021042A (en) * 2002-09-02 2004-03-10 엘지전자 주식회사 A device and a operating method thereof improving processing performance for real time operating system
CN101179532A (en) * 2007-12-13 2008-05-14 腾讯科技(深圳)有限公司 Mail server system and mail distributing method
JP2011159244A (en) * 2010-02-04 2011-08-18 Sumitomo Electric System Solutions Co Ltd E-mail transmission control program, operating method and computer device
WO2021051530A1 (en) * 2019-09-19 2021-03-25 平安科技(深圳)有限公司 Method, apparatus and device for detecting abnormal mail, and storage medium
WO2021093673A1 (en) * 2019-11-12 2021-05-20 深圳前海微众银行股份有限公司 E-mail sending method, apparatus and device, and computer-readable storage medium
CN111638977A (en) * 2020-05-16 2020-09-08 中信银行股份有限公司 Data transmission method and system based on mail slot

Also Published As

Publication number Publication date
CN116938610A (en) 2023-10-24

Similar Documents

Publication Publication Date Title
CN109587168B (en) Network function deployment method based on mimicry defense in software defined network
CN108833417B (en) Mail system based on mimicry defense
CN110290100A (en) A kind of mimicry Web server and user's request processing method based on SDN
CN110324417B (en) Cloud service execution body dynamic reconstruction method based on mimicry defense
CN105721535A (en) Parallel processing of service functions in service function chains
EP2472817B1 (en) System and method for optimization of execution of security tasks in local network
US10817606B1 (en) Detecting delayed activation malware using a run-time monitoring agent and time-dilation logic
US9973472B2 (en) Methods and systems for orchestrating physical and virtual switches to enforce security boundaries
KR101038048B1 (en) Botnet malicious behavior real-time analyzing system
US20190363988A1 (en) System and/or method for predictive resource management in file transfer servers
US10706149B1 (en) Detecting delayed activation malware using a primary controller and plural time controllers
CN109300217B (en) Queuing and calling method, computer storage medium, queuing and calling server and system
US20170223035A1 (en) Scaling method and management device
US20080320548A1 (en) Proxy-based malware scan
US11349852B2 (en) Apparatus and methods for network-based line-rate detection of unknown malware
US11119828B2 (en) Digital processing system for event and/or time based triggering management, and control of tasks
CN108540356B (en) Processing method and processing apparatus
CN109981478B (en) Message processing method and device
US9122546B1 (en) Rapid processing of event notifications
CN116938610B (en) Mail system based on mimicry architecture
US10536332B1 (en) Configuration invocation management
CN115549985A (en) Mimicry architecture-based honeypot service system and processing method thereof
US11968228B2 (en) Early malware detection in on-the-fly security sandboxes using recursive neural networks (RNNs)to capture relationships in behavior sequences on data communication networks
CN101247397A (en) Optimization method for effective order of mirror and access control list function
CN114915460A (en) Heterogeneous dynamic expansion and contraction capacity device and method for container cloud

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant