CN103440189A - Software deadlock prevention method based on forced process running control - Google Patents
Software deadlock prevention method based on forced process running control Download PDFInfo
- Publication number
- CN103440189A CN103440189A CN2013103504142A CN201310350414A CN103440189A CN 103440189 A CN103440189 A CN 103440189A CN 2013103504142 A CN2013103504142 A CN 2013103504142A CN 201310350414 A CN201310350414 A CN 201310350414A CN 103440189 A CN103440189 A CN 103440189A
- Authority
- CN
- China
- Prior art keywords
- client
- business
- service end
- processes
- software
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a software deadlock prevention method based on forced process running control. In the invention, the process behaviors in a system are monitored by a process monitoring and scheduling method in real time, illegal processes are terminated according to a 'trusted network process list', unauthorized running processes are examined and dealt with, and thereby the security protection of business operations in the system is realized. The process monitoring procedure adopts a process data structure based on the kernel of the operating system to efficiently obtain process information in real time and discover and send abnormal processes to a monitoring and scheduling process for processing, and thereby the unpredictable 'deal halt' problem of application systems in the network environment can be solved at the level of the kernel of the operating system. A client reconnection mechanism under the C/S (client/server) mode increases the service quality of business processes, and ensures that the services provided by business processes cannot be interrupted, thus achieving the effect that business processes can run without interruption for a long time.
Description
Technical field
The present invention relates to computer software technology, network security technology technical field, particularly relate to the anti-deadlock method of software that a kind of processed-based forced service is controlled.
Background technology
In complex network environment, application software system usually there will be unpredictalbe Deadlock, i.e. " deadlock " phenomenon." deadlock " can cause the interruption of business, sometimes even can make whole application system collapse, and these problems have all had a strong impact on the reliability of application software.In complex network environment, the factor that produces the software deadlock is complicated, or even unpredictalbe.Prior art is to guarantee the reliability of software from the application software aspect, from application software itself, sets about, and the aspects such as logic closure of testing, strengthen program by enhancing guarantee software reliability.These methods can't thoroughly solve the Deadlock of software.
Traditional process monitoring dispatching method and instrument all are based on that api interface function that the call operation system provides or system call realize, can not be on one's own initiative in the middle of the process data structure of operating system nucleus, obtain the information that the user needs, can not be in real time, efficiently to the safety case of user report current system operation; Also have, traditional watchdog routine all operates in user's state, and the hacker who is easy to invaded system replaces or deletes.These problems all can affect the reliability of application server.
Summary of the invention
Goal of the invention: in order to address the above problem, the present invention proposes the anti-deadlock method of software that a kind of processed-based forced service is controlled.
Technical scheme: the anti-deadlock method of software that a kind of processed-based forced service is controlled comprises:
The process scheduling step:
Build " trustable network process list ";
In scheduling process, extract current process correlation behavior information from kernel, and judge that this process whether in " trustable network process list ", hangs up this process simultaneously;
This process if described process, in this list, is let pass, allow it to continue operation; If find registration in " trustable network process list " of current process, by terminal, inform that the user processes;
The process monitoring step:
Watchdog routine is measured each process in system, each process occupation condition under normal circumstances in the acquisition system;
Watchdog routine, by the method for statistics, is calculated the nominal value that takies every system resource under a normal operation to key business process in system, the threshold values of abnormal conditions appears in this nominal value as process;
Monitoring process is all key business processes in supervisory system in real time, when certain process has surpassed threshold values to CPU usage or the internal memory service condition of system, think that this process is abnormal process, watchdog routine will be recorded the relevant information of this process, and stop this process, discharge its shared system resource;
Safeguard a time counter in watchdog routine, when process is terminated, this counter starts counting, and after setting-up time t, watchdog routine will restart this process, recover the normal operation of this business process, otherwise this process continues to wait for.
Also comprise that client reconnects step:
Client, before carrying out alternately with the service end business process, sends request message to service end;
If this business process normal operation of service end,, after service end receives the request message from client, send response message to client, allow client process and this business process of service end to carry out alternately;
When if this business process of service end is suspended, the request that this process can't relative client; When the client terminal to discover service end can't respective request, every Δ t
1time sends request message to service end; After this business process of service end resumes operation, get final product the request of customer in response end, with client process, carry out alternately.
The present invention adopts technique scheme, there is following beneficial effect: real-time, efficient novel process monitoring method, abnormal process is found in time and processed, from the operating system nucleus aspect, solved application software system unpredictalbe " deadlock " problem under complex network environment.Novel process scheduling method, from the illegal process of operating system nucleus aspect interception, guarantee that the process of moving in operating system is all security procedures of confirming through the user, the destruction that has prevented the malicious process application server, improved the reliability of application server.The cooperation mechanism of client the service that provides of business process do not interrupt, improved the reliability of software.
The accompanying drawing explanation
The method flow diagram that Fig. 1 is process scheduling step of the present invention;
The method flow diagram that Fig. 2 is process monitoring step of the present invention;
Fig. 3 is the schematic diagram that client of the present invention reconnects step.
Embodiment
Below in conjunction with specific embodiment, further illustrate the present invention, should understand these embodiment only is not used in and limits the scope of the invention for the present invention is described, after having read the present invention, those of ordinary skills all fall within the application's claims limited range to the modification of the various equivalent form of values of the present invention.
In conjunction with Fig. 1-3, describe,
The key step that the method realizes is as follows:
As Fig. 1, process scheduling method
1. under the system environments of " safety ", the information of the security procedure in gathering system, form one " trustable network process list " as far as possible all sidedly, as the foundation of process monitoring scheduling.
2. in scheduling process, extract current process correlation behavior information from kernel, and judge that this process whether in " trustable network process list ", hangs up this process simultaneously.This process if this process, in this list, is let pass, allow it to continue operation.The data structure that comprises current process correlation behavior information is as follows:
If 3. find registration in " trustable network process list " of current process, inform the user by terminal at once, wait for that the user processes.If the user is legal by local keyboard, this process of mouse confirmation, allow this process to continue operation, this progress information is registered in " trustable network process list ", to improve this list simultaneously.Otherwise notice operating system is killed this process, finishes process scheduling.Concrete scheduling process is shown in Fig. 1.
Process monitoring method comprises:
Watchdog routine is monitored the key business process in operating system in real time, and the process that notes abnormalities is in time also processed.The key step that method realizes is as follows:
1. watchdog routine is measured each process in system, each process occupation condition under normal circumstances in the acquisition system.
2. watchdog routine, by the method for statistics, all calculates to all key business processes in operating system the nominal value that takies every system resource under a normal operation, and the threshold values of abnormal conditions appears in this nominal value as process.
3. monitoring process all key business processes in monitor operating system in real time, when certain process has surpassed threshold values to CPU usage or the internal memory service condition of operating system, think that this process is abnormal process, watchdog routine will be recorded the relevant information of this process, and stop this process, discharge its shared system resource.
4. safeguard a time counter in watchdog routine, when process is terminated, this counter starts counting, and after setting-up time t, watchdog routine will restart this process, recover the normal operation of this business process, otherwise this process continues to wait for.Concrete monitoring flow process as shown in Figure 2.
Client reconnection method under C/S model
As Fig. 3, under C/S model, client reconnects machine-processed cooperation, has guaranteed that the service that business process provides do not interrupt.The key step that this mechanism realizes is as follows:
1. client, before carrying out alternately with the service end business process, sends request message to service end.
If 2. this business process normal operation of service end,, after service end receives the request message from client, send response message to client, allow client process and this business process of service end to carry out alternately.
When 3. if this business process of service end is suspended, the request that this process can't relative client.When the client terminal to discover service end can't respective request, every Δ t
1time sends request message to service end.After this business process of service end resumes operation, get final product the request of customer in response end, with client process, carry out alternately.
Above method has realized the all-position safety protection to system from kernel state and two aspects of user's state.Process behavior in novel process monitoring dispatching method real-time monitoring system, stopped illegal process by " trustable network process list ", and the process of unauthorized operation is investigated and prosecuted, and realizes the security protection to business operation in system.In real time, the process monitoring flow process adopts the process data structure based on operating system nucleus efficiently, in real time, obtain efficiently progress information, the process that notes abnormalities is in time also transferred to the monitoring and scheduling process and is processed, unpredictalbe " deadlock " problem of application software system from operating system nucleus aspect solution network environment.Under C/S model, client reconnects mechanism and coordinates each other with front 2 core technologies, has improved business process service quality, has guaranteed that the service that business process provides do not interrupt, and reaches the unbroken effect of business process long-play.
Claims (4)
1. the anti-deadlock method of software that the processed-based forced service is controlled, is characterized in that, comprising:
The process scheduling step:
Build " trustable network process list ";
In scheduling process, extract current process correlation behavior information from kernel, and judge that this process whether in " trustable network process list ", hangs up this process simultaneously;
This process if described process, in this list, is let pass, allow it to continue operation; If find registration in " trustable network process list " of current process, by terminal, inform that the user processes;
The process monitoring step:
Watchdog routine is measured each process in system, each process occupation condition under normal circumstances in the acquisition system;
Watchdog routine, by the method for statistics, is calculated the nominal value that takies every system resource under a normal operation to key business process in system, the threshold values of abnormal conditions appears in this nominal value as process;
Monitoring process is all key business processes in supervisory system in real time, when certain process has surpassed threshold values to CPU usage or the internal memory service condition of system, think that this process is abnormal process, watchdog routine will be recorded the relevant information of this process, and stop this process, discharge its shared system resource;
Safeguard a time counter in watchdog routine, when process is terminated, this counter starts counting, and after setting-up time t, watchdog routine will restart this process, recover the normal operation of this business process, otherwise this process continues to wait for.
2. the anti-deadlock method of software that a kind of processed-based forced service according to claim 1 is controlled is characterized in that: also comprise that client reconnects step:
Client, before carrying out alternately with the service end business process, sends request message to service end;
If this business process normal operation of service end,, after service end receives the request message from client, send response message to client, allow client process and this business process of service end to carry out alternately;
When if this business process of service end is suspended, the request that this process can't relative client; When the client terminal to discover service end can't respective request, every Δ t
1time sends request message to service end; After this business process of service end resumes operation, get final product the request of customer in response end, with client process, carry out alternately.
3. the anti-deadlock method of software that a kind of processed-based forced service according to claim 1 is controlled, it is characterized in that: in described process scheduling step, described user's processing behavior refers to that the user passes through local keyboard, mouse confirmation is let pass, and this process can be moved; This progress information is registered in " trustable network process list " simultaneously.
4. the anti-deadlock method of software that a kind of processed-based forced service according to claim 1 is controlled, it is characterized in that: the data structure that comprises described current process correlation behavior information is
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013103504142A CN103440189A (en) | 2013-08-13 | 2013-08-13 | Software deadlock prevention method based on forced process running control |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013103504142A CN103440189A (en) | 2013-08-13 | 2013-08-13 | Software deadlock prevention method based on forced process running control |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103440189A true CN103440189A (en) | 2013-12-11 |
Family
ID=49693880
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013103504142A Pending CN103440189A (en) | 2013-08-13 | 2013-08-13 | Software deadlock prevention method based on forced process running control |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103440189A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106980564A (en) * | 2017-03-16 | 2017-07-25 | 北京科皓世纪科技有限公司 | Process behavior monitoring method based on kernel hook |
| CN107704133A (en) * | 2017-09-28 | 2018-02-16 | 努比亚技术有限公司 | Freeze screen monitoring with solving method, mobile terminal and computer-readable recording medium |
| CN108776633A (en) * | 2018-05-22 | 2018-11-09 | 深圳壹账通智能科技有限公司 | Method, terminal device and the computer readable storage medium of monitoring process operation |
| CN110941825A (en) * | 2019-12-13 | 2020-03-31 | 支付宝(杭州)信息技术有限公司 | Application monitoring method and device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101883003A (en) * | 2009-05-08 | 2010-11-10 | 华北电力大学 | Mandatory running method of computer operating system |
| CN102831355A (en) * | 2011-12-30 | 2012-12-19 | 中国科学院软件研究所 | Method for establishing trusted path in secure operating system |
-
2013
- 2013-08-13 CN CN2013103504142A patent/CN103440189A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101883003A (en) * | 2009-05-08 | 2010-11-10 | 华北电力大学 | Mandatory running method of computer operating system |
| CN102831355A (en) * | 2011-12-30 | 2012-12-19 | 中国科学院软件研究所 | Method for establishing trusted path in secure operating system |
Non-Patent Citations (1)
| Title |
|---|
| LIU JIZHEN ST.: "The Design and Implementation of Security Defense Technology Based on Mandatory Running Control", 《2009 FIFTH INTERNATIONAL CONFERENCE ON INFORMATION ASSURANCE AND SECURITY》 * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106980564A (en) * | 2017-03-16 | 2017-07-25 | 北京科皓世纪科技有限公司 | Process behavior monitoring method based on kernel hook |
| CN107704133A (en) * | 2017-09-28 | 2018-02-16 | 努比亚技术有限公司 | Freeze screen monitoring with solving method, mobile terminal and computer-readable recording medium |
| CN107704133B (en) * | 2017-09-28 | 2021-09-21 | 努比亚技术有限公司 | Screen freezing monitoring and solving method, mobile terminal and computer readable storage medium |
| CN108776633A (en) * | 2018-05-22 | 2018-11-09 | 深圳壹账通智能科技有限公司 | Method, terminal device and the computer readable storage medium of monitoring process operation |
| CN108776633B (en) * | 2018-05-22 | 2021-07-02 | 深圳壹账通智能科技有限公司 | Method for monitoring process operation, terminal equipment and computer readable storage medium |
| CN110941825A (en) * | 2019-12-13 | 2020-03-31 | 支付宝(杭州)信息技术有限公司 | Application monitoring method and device |
| CN110941825B (en) * | 2019-12-13 | 2022-05-27 | 支付宝(杭州)信息技术有限公司 | Application monitoring method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI746512B (en) | Physical machine fault classification processing method and device, and virtual machine recovery method and system | |
| US10445272B2 (en) | Network function virtualization architecture with device isolation | |
| TWI453624B (en) | Information security protection host | |
| Meng et al. | Reliable state monitoring in cloud datacenters | |
| WO2016082501A1 (en) | Method, apparatus and system for processing cloud application attack behaviours in cloud computing system | |
| CN110233817B (en) | Container safety system based on cloud computing | |
| US11100241B2 (en) | Virtual trap protection of data elements | |
| EP3068095A2 (en) | Monitoring apparatus and method | |
| WO2018095098A1 (en) | Network security protection method and device | |
| CA3021285C (en) | Methods and systems for network security | |
| CN104866407A (en) | Monitoring system and method in virtual machine environment | |
| US20150350236A1 (en) | System and methods thereof for monitoring and preventing security incidents in a computerized environment | |
| CN103440189A (en) | Software deadlock prevention method based on forced process running control | |
| CN106803037A (en) | A kind of software security means of defence and device | |
| CN102983990A (en) | Method and device for management of virtual machine | |
| CN101247263A (en) | Server centralized management method based on data link layer | |
| Uemura et al. | Availability analysis of an intrusion tolerant distributed server system with preventive maintenance | |
| CN105224867A (en) | A kind of based on the Host Security reinforcement means under virtualized environment | |
| JP2019066995A (en) | System capable of selectively switching between secure mode and non-secure mode | |
| EP3005201A1 (en) | Disabling and initiating nodes based on security issue | |
| CN105791027B (en) | A kind of detection method of industrial network abnormal interrupt | |
| KR102088308B1 (en) | Cloud security analysing apparatus, apparatus and method for management of security policy based on nsfv | |
| CN104219211A (en) | Detection method and detection device for network security in cloud computing network | |
| US10616245B2 (en) | Real-time remediation respective of security incidents | |
| CN108366077B (en) | Crack type anti-attack network access system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20170125 Address after: 102206 Beijing Changping District city Huilongguan Town Road No. 1 Building No. 5 hospital 8 floor 1 unit 906 Applicant after: Beijing Huadian Tianyi Information Technology Co., Ltd. Address before: Shishi Fuda Road Park 212000 city of Jiangsu Province, Zhenjiang Jurong Economic Development Zone, building 02, room 315 Applicant before: Jiangsu Huada Tianyi Electric Power Science & Technology Co., Ltd. |
|
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20131211 |
|
| RJ01 | Rejection of invention patent application after publication |