CN105653260A - Multi-CPU framework-supporting application software development and operation service system - Google Patents
Multi-CPU framework-supporting application software development and operation service system Download PDFInfo
- Publication number
- CN105653260A CN105653260A CN201510961141.4A CN201510961141A CN105653260A CN 105653260 A CN105653260 A CN 105653260A CN 201510961141 A CN201510961141 A CN 201510961141A CN 105653260 A CN105653260 A CN 105653260A
- Authority
- CN
- China
- Prior art keywords
- application
- sandbox
- rack structure
- software development
- application software
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/30—Creation or generation of source code
- G06F8/31—Programming languages or programming paradigms
- G06F8/315—Object-oriented languages
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
Abstract
The invention discloses a multi-CPU framework-supporting application software development and operation service system. The system is divided into an operation system state, an operation state, a development state, an application state and a distribution state from bottom to top; and the system mainly comprises three parts: a multi-framework application software development and operation core framework runtime, a multi-framework application software development and operation core framework development tool and a multi-framework application software operation sandbox. The system disclosed in the invention has the advantages of standardizing the industrial standard of application software development and operation and enabling the application software packages to satisfy the application authority control requirement on the basis of the standard.
Description
Technical field
The present invention relates to a kind of service system, specifically a kind of applied software development and operation service system supporting multi-CPU architecture, belongs to service system field.
Background technology
There are some great defects in current Linux desktop system, comprises following 4 points:
First, exploitation heavy fragmentation: this embodiment exists too many exploitation storehouse on linux, and lack a set of unified exploitation solution (similar microemulsion sample injection framework), a direct result is exactly that developer is difficult to select best exploitation language, exploitation storehouse and development environment, such as C/C++, user interface (UI) program development of main flow has Gtk, Qt, WxWidget tri-kinds, Gtk itself has Gtk2 and Gtk3 series simultaneously, Qt has Qt4 and Qt5 to distinguish, Linux applies this software developer often to be needed a set of exploitation and runs industry standard, solve Development Framework and select difficulty, document is few or nothing in exploitation, exploitation storehouse version is many, the problems such as development interface is ununified.
2nd, tradition Linux uses based on the mechanism of authorization control based of user role, and application generally possesses such as accesses user file, accesses other application data, uses the authority such as network and peripheral equipment. Although the Linux hair style version of great majority (typical in Debian, Ubuntu, Redhat, Centos) all provides the software package maintenance mechanism of self, user often also uses credible source down load application, but most of virus often also can utilize this paths of application program to propagate. The illegal operation of some programs, when using computer, is often caused serious safety problem, brings great puzzlement to user by user. Such as, when the application program that user uses needs accesses network; likely can download malice program from unsafe website; perform some illegal operations; as stolen the responsive information of user; the routine work of interference user, data security and individual privacy etc.; user needs a kind of method of effective protection calculation machine safety, such as provides a running space isolated to application program, is also exactly sandbox.
3rd, application software portability is more and more paid close attention to. The language such as such as Java, Python all provide a set of virtual machine for shielding floor processor and operating system difference, but for platform corresponding programming language such as C/C++, lack a kind of portable developing operation solution across framework at present.
4th, traditional Linux issues version and uses the packaging systems such as similar RPM, DPKG to build, the maximum feature of this kind of model is: upstream developer and down-stream software bag guardian (packing person) are significantly distinguished and opened, and upstream developer writes code, and uploads with the form wrapped;Packing person obtains this bag, and to be transformed (compile, write rule and repack) be RPM or DEB bag; Finally this bag is installed in local system. This kind of scene to some extent solves the risk problem of bag, because software package guardian often selects credible and application that is reliable in function, but also it is difficult to invariably expose some problems: upstream application developer depends on the application of downstream publisher packing exploitation completely, downstream publisher determines concrete scheduling, statement, pack, the rule such as provide support, and often developer wishes higher issue speed; The actual test of application itself becomes very difficult, because final user often may use many different bag versions, at the same time it is wished that these versions can run under different systems issues version, the test being applied under certain version of certain distribution version, can normally run under cannot determining to be applied in the arbitrary combination of other distribution version and other version; Wanting the operation of Test Application under certain version of certain distribution version, developer often needs to install this version environment of this distribution version, and compiles and run this application, and this will be a numerous and diverse job.
In sum, currently need the applied software development on a kind of Linux badly and run industry standard and solve the problem.
Summary of the invention
In order to solve the problem, a kind of applied software development and the operation service system supporting multi-CPU architecture of inventive design, object mainly contains following 4 points: the unified operation storehouse 1) providing a set of cross-platform multi rack structure, shielding bottom software and hardware difference, making application be easier to be distributed to different platform frameworks, this operation storehouse covers the basic running environment of application such as the most basic C/C++ standard storehouse, Python virtual machine, Java virtual machine; 2) a set of unification and the development interface easily used are provided, solve the fragmentation problem in exploitation storehouse on Linux; 3) application is provided to run sandbox, prevent upper layer application from directly accessing bottom main frame as much as possible, reduce the impact that main frame is caused by application program, for the application program distrusted is provided the running environment of an independent sum safety, sandbox to provide the strategies such as file system isolation, system resource isolation, physical resource isolation, powers and functions restriction and forced symmetric centralization by user; 4) provide that the version in a set of developing operation storehouse coexists, version evolution and transactional update strategy.
The technical scheme of the present invention is:
Supporting applied software development and the operation service system of multi-CPU architecture, described system is bottom-up is divided into operating system state, run mode (CRE), exploitation state (CDK), application state and distribution state;
Wherein, the Linux that described operating system layer comprises current all main flows issues version and floor processor framework, a kind of support multi-CPU architecture applied software development and operation service system can support that all main flow Linux issue version and overwhelming majority processor architecture, CCF mask operation system and processor architecture difference, the CCF of respective type is only depended on based on the application software of CCF exploitation and operation, unrelated with operating system difference; Using operating system class storehouse, and directly to run the application software in host computer system be non-hosts applications, these application are generally that Platform Type is correlated with;
Firing floor comprises a sandbox, some key foundation storehouses (such as storehouses such as libc, glib, xlib), some programming language general-purpose libraries (be divided into user interface, multi-media, process communication, database manipulation etc. 20 broad variety), programming language enforcement engine (such as C++ standard storehouse libstdc++, Java virtual machine, Python virtual machine, PHP enforcement engine, JavaScript analytics engine etc.).
In fact development layer is that run mode adds the file compositions such as the necessary header file of Application and Development, compiler, jar bag, python module. Using CCF develop and rely on the application that CCF runs is that " trustship " applies, and distributes in the way of " CPK ".
Described system mainly comprises multi rack structure applied software development and runs (CRE) when core frame is run, multi rack structure applied software development and run core frame developing instrument (CDK) and multi rack structure application software operation sandbox (CCFSandbox) three part.
When multi rack structure applied software development and operation core frame are run (CRE): the environment providing a good definition and height optimization when multi rack structure application software is run, with the operation of support applications software. When being in fact the operation of a series of different framework, different editions during the operation referred to here. When an application runs corresponding to one. Comprising the High-Level Languages such as C/C++, Python, Java basic running environment during operation, being embodied in can execute file, dynamic link storehouse, resource file, configuration file, script etc. When itself being divided into again basic operation during operation and during developing operation, the former supports the minimum environment that an application runs, and the latter is then comprising on the former basis, adds the Essential Environment needed for compiling and debugging application;
Multi rack structure applied software development and run core frame developing instrument (CDK): multi rack structure applied software development instrument by developing operation time, tools chain, basis class storehouse, public interface, application framework form. Support the multiple programming languages such as C/C++, Java, PHP, Python, it is provided that unified public programming interface and general basic class storehouse. The modes such as tools chain compiling, virtual machine operation are utilized to realize the final operation of application program in sandbox;
Multi rack structure application software runs sandbox (CCFSandbox): it is that a set of application incorporating kernel cgroups, namespaces, selinux, kdbus, systemd and wayland display server runs sandbox mechanism that multi rack structure application software runs sandbox. Basic principle is, applies and performs with domestic consumer's identity, only possesses minimum access rights. More authority needs defined by authority and put forward power. Different from general sandbox, what multi rack structure application software ran sandbox employing is " whether resource is visible " principle, but not " resources accessing control ". Different from restriction application access operating-system resources authority, the application that sandbox acquiescence here is run in sandbox is invisible to operating-system resources. After sandbox initialize completes, first create a file system, simultaneously, file in some White List and path (being generally some the most basic resources) are mounted to name space (namespace) thereupon, only those through screening, examine and be considered as application run sufficiently stable file or catalogue just meeting by the accessible with application software in sandbox.
The present invention is across framework, multilingual, the unified hosted-type multi rack structure applied software development in class storehouse and the global design realization of operation frame and standard. The application realized based on " whether resource is visible " and " White List " rule runs sandbox mechanism.
Present invention, avoiding type and version that application software uses multiple exploitation storehouse, cause software in the poor compatibility of different platform, software not Easy Test, transplanting and use; The security avoiding tradition application software package is not high, user's security of system is impacted
It is an advantage of the current invention that: the industry standard of Regular application Software development and operation;The requirement of application permission management and control can be met based on this standard operating software bag.
Below in conjunction with specific embodiment, the invention will be further described.
Embodiment
Hereinafter the preferred embodiments of the present invention are described, it will be appreciated that preferred embodiment described herein, only for instruction and explanation of the present invention, is not intended to limit the present invention.
Embodiment 1
According to the technical scheme of above-mentioned multi rack structure applied software development and operation method, for the gedit application software of x86 mechanism, introduce from developing to the realization flow run.
Before building a gedit, (CRE), kit (CDK) and sandbox instrument during the operation that first installation application software is corresponding.
First catalogue initialize catalogue is created, when selecting corresponding operation and kit:
$mkdirmy-app
$ccf-appbuild-init./my-appgeditccf/x86/1.0ccf/x86/1.0
" metadata " file (this file is for defining some environment configurations and authority statement) and empty " my-app/files/ " and " my-app/exports/ " catalogue can be obtained afterwards. Then " prefix=/app " is used to build application software:
$ ccf-appbuild./my-app./configure--prefix=/app
$ccf-appbuild./my-appmake&&makeinstall
" ccf-app " will select corresponding kit to build application program, and the application built will be installed to " my-app/files " catalogue.
Then some resource files (such as desktop file and icon file) are needed to derive and application software of packing:
$ccf-appbuild-finish./my-app
Finally the application that packing generates is converted into deb, rpm or cpk form. And it is distributed to the Linux platform of corresponding framework. This platform runs this application on the basis installing corresponding version (or higher-version):
$ccf-apprungedit��
Claims (1)
1. support applied software development and the operation service system of multi-CPU architecture for one kind, it is characterised in that: described system is bottom-up is divided into operating system state, run mode, exploitation state, application state and distribution state; Described system mainly comprises multi rack structure applied software development and runs core frame when running, multi rack structure applied software development and run core frame developing instrument and multi rack structure application software runs sandbox three part;
When multi rack structure applied software development and operation core frame are run: when being the operation of a series of different framework, different editions during operation; When an application runs corresponding to one; Comprising C/C++, Python, Java High-Level Language basic running environment during operation, being embodied in can execute file, dynamic link storehouse, resource file, configuration file, script; When itself being divided into again basic operation during operation and during developing operation, the former supports the minimum environment that an application runs, and the latter is then comprising on the former basis, adds the Essential Environment needed for compiling and debugging application;
Multi rack structure applied software development and run core frame developing instrument: multi rack structure applied software development instrument by developing operation time, tools chain, basis class storehouse, public interface, application framework form; Support C/C++, Java, PHP, Python many kinds of programming languages, it is provided that unified public programming interface and general basic class storehouse; Tools chain compiling, virtual machine operation scheme is utilized to realize the final operation of application program in sandbox;
Multi rack structure application software runs sandbox: it is that a set of application incorporating kernel cgroups, namespaces, selinux, kdbus, systemd and wayland display server runs sandbox mechanism that multi rack structure application software runs sandbox; What multi rack structure application software ran sandbox employing is " whether resource is visible " principle; Different from restriction application access operating-system resources authority, the application that sandbox acquiescence here is run in sandbox is invisible to operating-system resources; After sandbox initialize completes, first create a file system, simultaneously, file in some White List and path are mounted to name space thereupon, only those through screening, examine and be considered as application run sufficiently stable file or catalogue just meeting by the accessible with application software in sandbox.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510961141.4A CN105653260A (en) | 2015-12-22 | 2015-12-22 | Multi-CPU framework-supporting application software development and operation service system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510961141.4A CN105653260A (en) | 2015-12-22 | 2015-12-22 | Multi-CPU framework-supporting application software development and operation service system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105653260A true CN105653260A (en) | 2016-06-08 |
Family
ID=56477416
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510961141.4A Pending CN105653260A (en) | 2015-12-22 | 2015-12-22 | Multi-CPU framework-supporting application software development and operation service system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105653260A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106776186A (en) * | 2016-12-29 | 2017-05-31 | 湖南国科微电子股份有限公司 | CPU running statuses adjustment method and system under a kind of multi-CPU architecture |
| CN107704757A (en) * | 2017-09-22 | 2018-02-16 | 成都知道创宇信息技术有限公司 | The method that the open Python user programs interface of safety is realized using pypy sandbox modes |
| CN108985086A (en) * | 2018-07-18 | 2018-12-11 | 中软信息系统工程有限公司 | Application program authority control method, device and electronic equipment |
| WO2020010554A1 (en) * | 2018-07-11 | 2020-01-16 | Accenture Global Solutions Limited | Managing software components for software application development |
| CN111240752A (en) * | 2019-12-31 | 2020-06-05 | 北京元心科技有限公司 | Operating system self-adaption method and system |
| CN111736816A (en) * | 2020-07-20 | 2020-10-02 | 华控清交信息科技(北京)有限公司 | Compiling and linking method and device and compiling and linking device |
| CN112084490A (en) * | 2020-09-09 | 2020-12-15 | 南京烽火星空通信发展有限公司 | Method and system for realizing protection of software source code based on Linux kernel calling |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050155027A1 (en) * | 2004-01-09 | 2005-07-14 | Wei Coach K. | System and method for developing and deploying computer applications over a network |
| CN101102207A (en) * | 2006-07-05 | 2008-01-09 | 李树德 | Development platform based on intelligent agent |
| US20100146481A1 (en) * | 2008-12-09 | 2010-06-10 | Microsoft Corporation | Developing applications at runtime |
| CN104793928A (en) * | 2015-01-30 | 2015-07-22 | 深圳雪帆软件有限公司 | Developing and running platform implementation method and system based on Java |
| CN105022620A (en) * | 2014-04-28 | 2015-11-04 | 上海未达数码科技有限公司 | Application software development method based on mobile platform |
-
2015
- 2015-12-22 CN CN201510961141.4A patent/CN105653260A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050155027A1 (en) * | 2004-01-09 | 2005-07-14 | Wei Coach K. | System and method for developing and deploying computer applications over a network |
| CN101102207A (en) * | 2006-07-05 | 2008-01-09 | 李树德 | Development platform based on intelligent agent |
| US20100146481A1 (en) * | 2008-12-09 | 2010-06-10 | Microsoft Corporation | Developing applications at runtime |
| CN105022620A (en) * | 2014-04-28 | 2015-11-04 | 上海未达数码科技有限公司 | Application software development method based on mobile platform |
| CN104793928A (en) * | 2015-01-30 | 2015-07-22 | 深圳雪帆软件有限公司 | Developing and running platform implementation method and system based on Java |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106776186A (en) * | 2016-12-29 | 2017-05-31 | 湖南国科微电子股份有限公司 | CPU running statuses adjustment method and system under a kind of multi-CPU architecture |
| CN106776186B (en) * | 2016-12-29 | 2020-04-07 | 湖南国科微电子股份有限公司 | Method and system for debugging CPU running state under multi-CPU architecture |
| CN107704757A (en) * | 2017-09-22 | 2018-02-16 | 成都知道创宇信息技术有限公司 | The method that the open Python user programs interface of safety is realized using pypy sandbox modes |
| WO2020010554A1 (en) * | 2018-07-11 | 2020-01-16 | Accenture Global Solutions Limited | Managing software components for software application development |
| CN110945478A (en) * | 2018-07-11 | 2020-03-31 | 埃森哲环球解决方案有限公司 | Managing software components for software application development |
| US10768911B2 (en) | 2018-07-11 | 2020-09-08 | Accenture Global Solutions Limited | Managing software components for software application development |
| CN110945478B (en) * | 2018-07-11 | 2021-07-06 | 埃森哲环球解决方案有限公司 | Managing software components for software application development |
| CN108985086A (en) * | 2018-07-18 | 2018-12-11 | 中软信息系统工程有限公司 | Application program authority control method, device and electronic equipment |
| CN111240752A (en) * | 2019-12-31 | 2020-06-05 | 北京元心科技有限公司 | Operating system self-adaption method and system |
| CN111240752B (en) * | 2019-12-31 | 2021-08-17 | 北京元心科技有限公司 | Operating system self-adaption method and system |
| CN111736816A (en) * | 2020-07-20 | 2020-10-02 | 华控清交信息科技(北京)有限公司 | Compiling and linking method and device and compiling and linking device |
| CN112084490A (en) * | 2020-09-09 | 2020-12-15 | 南京烽火星空通信发展有限公司 | Method and system for realizing protection of software source code based on Linux kernel calling |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105653260A (en) | Multi-CPU framework-supporting application software development and operation service system | |
| CN102831342B (en) | A kind of method improving application program protection intensity in Android system | |
| US8281288B1 (en) | Integrated development environment with network-based compilation and sandboxed native machine-language capabilities | |
| Jang et al. | SafeDispatch: Securing C++ Virtual Calls from Memory Corruption Attacks. | |
| US20160335431A1 (en) | Method of Securing Non-Native Code | |
| US8090959B2 (en) | Method and apparatus for protecting .net programs | |
| CN105046116B (en) | Protect dex files not by the method for decompiling in android system | |
| CN103914637B (en) | A kind of executable program encryption method of Android platform | |
| TW201839644A (en) | Protection method of executable program on android platform | |
| KR20090093967A (en) | Compiling executable code into a less-trusted address space | |
| CN103713902B (en) | A kind of BOA Compilation Methods and system based on android system | |
| Rad et al. | ZeroVM: secure distributed processing for big data analytics | |
| US8468543B2 (en) | System and method for preventing DRM client crash using process separate execution | |
| CN103051711B (en) | Based on the construction method of the embedded cloud terminal system of SPICE agreement | |
| CN103413074A (en) | Method and device for protecting software through API | |
| Sartakov et al. | Spons & Shields: practical isolation for trusted execution | |
| CN101777002B (en) | Software running method based on virtualization | |
| KR101436741B1 (en) | The method and system for applying security solution program | |
| US10417015B2 (en) | Modified JVM with multi-tenant application domains and class differentiation | |
| KR100881386B1 (en) | Method for preventing drm client crash using process separate execution | |
| Peters et al. | Software separation in measuring instruments through security concepts and separation kernels | |
| Haoliang et al. | The Design and Implementation on the Android Application Protection System | |
| Schuermann et al. | Encapsulated Functions: Fortifying Rust's FFI in Embedded Systems | |
| Ren et al. | Using the B Method to Formalize Access Control Mechanism with TrustZone Hardware Isolation (Short Paper) | |
| Zheng et al. | bpftime: userspace eBPF Runtime for Uprobe, Syscall and Kernel-User Interactions |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160608 |
|
| RJ01 | Rejection of invention patent application after publication |