CN106156631A - A kind of service function and structural characterization uncertain software and hardware device - Google Patents
A kind of service function and structural characterization uncertain software and hardware device Download PDFInfo
- Publication number
- CN106156631A CN106156631A CN201510293367.1A CN201510293367A CN106156631A CN 106156631 A CN106156631 A CN 106156631A CN 201510293367 A CN201510293367 A CN 201510293367A CN 106156631 A CN106156631 A CN 106156631A
- Authority
- CN
- China
- Prior art keywords
- service
- strategy
- function equivalence
- isomery
- equivalence body
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012512 characterization method Methods 0.000 title claims abstract description 27
- 230000004044 response Effects 0.000 claims abstract description 15
- 230000006870 function Effects 0.000 claims description 161
- 238000012544 monitoring process Methods 0.000 claims description 8
- 239000000470 constituent Substances 0.000 claims description 7
- 241000208340 Araliaceae Species 0.000 claims description 2
- 235000005035 Panax pseudoginseng ssp. pseudoginseng Nutrition 0.000 claims description 2
- 235000003140 Panax quinquefolius Nutrition 0.000 claims description 2
- 235000008434 ginseng Nutrition 0.000 claims description 2
- 230000007246 mechanism Effects 0.000 abstract description 4
- 238000009826 distribution Methods 0.000 abstract description 3
- 230000001681 protective effect Effects 0.000 abstract description 3
- 230000007547 defect Effects 0.000 description 11
- 238000000034 method Methods 0.000 description 10
- 238000000354 decomposition reaction Methods 0.000 description 4
- 238000013507 mapping Methods 0.000 description 4
- 230000003068 static effect Effects 0.000 description 4
- 238000013459 approach Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 3
- 238000013461 design Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000003860 storage Methods 0.000 description 2
- 230000009897 systematic effect Effects 0.000 description 2
- 108010022579 ATP dependent 26S protease Proteins 0.000 description 1
- 241000196324 Embryophyta Species 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004140 cleaning Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 238000012806 monitoring device Methods 0.000 description 1
- 230000003071 parasitic effect Effects 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000000246 remedial effect Effects 0.000 description 1
- 238000005728 strengthening Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of service function and structural characterization uncertain software and hardware device, described device includes the isomery function equivalence body of strategy generator, scheduler and multiple function equivalence, described scheduler is arranged between described strategy generator and described isomery function equivalence body, wherein, described strategy generator, for providing the scheduling strategy for isomery function equivalence body for described scheduler;Described scheduler, for receiving the service request of outside, is defined as its isomery function equivalence body providing service, distribution service request, and receives the feedback of these isomery function equivalence bodies, and export and the uncertain service response of structural characterization.Compared with prior art, assembly of the invention has imported uncertainty attribute between the isomery function equivalence body structure of service function and multiple function equivalence so that this device can obtain protective capacities actively from mechanism aspect in terms of reply control unknown risks.
Description
Technical field
The present invention relates to cyberspace technical field of safety protection, particularly relate to a kind of service function uncertain with structural characterization soft
Hardware unit.
Background technology
Commonly used along with Internet technology, people have increasing need for the cyberspace environment of safety and stability, therefore network
Information security is most important, but there is various security risk in network environment.These risks include: hardware, soft
Leak present on part or system;The back door that programmer creates in software, this back door can be walked around safety control and obtain
To program or the method for system access right;And in order to debug the trapdoor set up with test program, trapdoor is to be at certain
" machine-operated " arranged in system or certain file so that when providing specific input data, it is allowed to violate security strategy.Example
As, a login process subsystem permission processes a specific user identification code, to walk around common password checking.And
And these leaks, back door, trapdoor are the most inevitable in network system.
Cyberspace field includes the various software and hardware device with certain service function, and these software and hardware devices can be to be
System, subsystem, parts, module, component even device, and the configuration state that these software and hardware devices externally present claims
For structural characterization.The software and hardware device of a usual given function, deposits between its formal structure form and its inner constructional form
In certain mapping relations, and this mapping relations are the most static and determine on the Technical Architecture in cyberspace field.
Meanwhile, have again in system aspect based on the design defect (leak) on this framework or implanted trapdoor (back door)
Ubiquitous property and stability, therefore, be not easily hacked person and utilized.Such as assailant can be based on this deterministic mapping
Relation, detects or utilizes existence or defect that may be present (leak) or trapdoor (back door) in device internal structure to reach
To attack attempt.Once assailant make use of the trapdoor (back door) of these undiscovered defects (leak) or the unknown,
The the most asymmetric of cyberspace attacking and defending both sides' cost will be caused, and Network Security Environment is worked the mischief.
In prior art, the defensive measure to cyberspace safety is to accurately detect the safety in cyberspace field also
Take appropriate measures, but this defensive measure is only when having detected that network is attacked by assailant, just can take
Measure, and cannot tackle due to the design defect (leak) on cyberspace framework or implanted trapdoor (back door) and
The control unknown risks brought, so cannot defend in advance network attack.
Summary of the invention
The invention provides a kind of service function and structural characterization uncertain software and hardware device, ask to solve above-mentioned technology
Topic, the embodiment of the invention discloses following technical scheme:
A kind of service function and structural characterization uncertain software and hardware device, described device includes strategy generator, scheduler
With the isomery function equivalence body of multiple function equivalences, described scheduler is arranged on described strategy generator and described isomery function
Between equivalents, wherein,
Described strategy generator, for providing the scheduling strategy for isomery function equivalence body for described scheduler;
Described scheduler, for receiving the service request of outside, the scheduling strategy given according to described strategy generator is institute
State service request and be defined as its isomery function equivalence body that service is provided, described service is requested assignment to these isomery functions
Equivalents, and receive the feedback of these isomery function equivalence bodies, according to the tune that described feedback and described strategy generator are given
Degree strategy output and the uncertain service response of structural characterization.
Further, ask to be defined as its isomery function equivalence body that service is provided for described service as steps described below:
According to the state of isomery function equivalence body, it is determined to the isomery function equivalence body providing this to service;
According to the scheduling strategy that described strategy generator is given, for the isomery function equivalence body that this can be provided to service,
It is defined as its isomery function equivalence body that service is provided for described service request.
Further, described strategy generator is randomized policy maker or dynamic strategy maker.
Further, also include the parameter configuration device being connected with described strategy generator, be used for as described strategy generator
There is provided policing parameter, so that described strategy generator generates the scheduling strategy corresponding with described policing parameter.
Further, described device also includes that watch-dog, described watch-dog are connected with described scheduler, and described prison
Control device is connected with described isomery function equivalence body, for monitoring described scheduler and the work of described isomery function equivalence body
State, and carry out reporting to the police or sending operational order according to monitoring situation.
Further, described isomery function equivalence body and the service constituent functional units of any one level internal thereof, can adopt
Realize by the method identical with said apparatus.
Further, described scheduler and the service constituent functional units of any one level internal thereof, can use with above-mentioned
The method that device is identical realizes.
Further, described strategy generator provides for isomery merit for described scheduler according to internal strategy set in advance
The scheduling strategy of energy equivalents.
Further, described parameter configuration device provides strategy ginseng according to internal parameter set in advance for described strategy generator
Number.
Further, described parameter configuration device provides plan according to the control parameter of described outside input for described strategy generator
Slightly parameter.
Embodiment of the disclosure that the technical scheme of offer can comprise following beneficial effect:
Under conditions of function equivalence, the isomery of service function and multiple function equivalences of the software and hardware device provided in scheme
Uncertain scheduling strategy has been imported by strategy generator so that provide for service request between function equivalence body structure
Between the isomery function equivalence body of service response and this device, feedback result has uncertain corresponding relation, reflection to this device
Structural characterization aspect, it is uncertain for presenting between the service function of device and its structural characterization so that colonize in isomery merit
Leak (defect) or trapdoor (back door) in energy equivalents are mapped to outside meeting because of dynamic analog gelatinizing by sign approach
And lose nature static and definitiveness, thus reduce greatly and detect for device the unknown leak (defect) or trapdoor (back door)
The effectiveness examined or attack so that software and hardware device can obtain the anti-of active from mechanism aspect in terms of reply control unknown risks
Protect ability.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
In technology description, the required accompanying drawing used is briefly described, it should be apparent that, for those of ordinary skill in the art
Speech, on the premise of not paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 shows for the structure of a kind of service function software and hardware uncertain with structural characterization device that the embodiment of the present invention provides
It is intended to;
The flow chart determining isomery function equivalence body for service request that Fig. 2 provides for the embodiment of the present invention;
The another kind of service function that Fig. 3 provides for the embodiment of the present invention and the structure of structural characterization uncertain software and hardware device
Schematic diagram;
The another kind of service function that Fig. 4 provides for the embodiment of the present invention and the structure of structural characterization uncertain software and hardware device
Schematic diagram;
The iteration of a kind of service function that Fig. 5 provides for the embodiment of the present invention and structural characterization uncertain software and hardware device should
Use schematic diagram.
Detailed description of the invention
The embodiment of the present invention provides a kind of service function and structural characterization uncertain software and hardware device, to solve prior art
In when cyberspace is under attack, just can adopt remedial measures, and cannot tackle for the design on cyberspace framework
The problem that the control unknown risks that defect (leak) or implanted trapdoor (back door) bring is defendd in advance.
For the technical scheme making those skilled in the art be more fully understood that in the present invention, implement below in conjunction with the present invention
Accompanying drawing in example, is clearly and completely described the technical scheme in the embodiment of the present invention.
As it is shown in figure 1, a kind of service function of embodiment of the present invention offer and structural characterization uncertain software and hardware device
100, this device includes the isomery function equivalence body 30 of strategy generator 10, scheduler 20 and multiple function equivalence, scheduling
Device 20 is arranged between the isomery function equivalence body 30 of strategy generator 10 and multiple function equivalence, scheduler 20 and plan
Slightly maker 10 is connected, and scheduler 20 is also connected with multiple isomery function equivalence bodies 30, the most each isomery merit
Can equivalents all be connected with scheduler.
Wherein, strategy generator 10, for providing the scheduling strategy for isomery function equivalence body for scheduler 20.Should
Scheduling strategy can be to provide the scheduling for isomery function equivalence body according to internal strategy set in advance for scheduler 20
Strategy, is i.e. chosen as service request in multiple isomery function equivalence bodies 30 and provides the isomery function equivalence body of service, and
Feedback result according to relevant isomery function equivalence body generates the strategy of service response, such as at distribution isomery function equivalence body
Time random selection strategy, voting or the strategy such as changeable weight when generating service response.
Further, in order to make scheduler 20 be chosen as its isomery function equivalence body providing service, there is uncertainty,
The i.e. quantity of the isomery function equivalence body that selection carries out functional expression is uncertain, the output that these isomery function equivalence body surfaces reach
Result is uncertain, and strategy generator 10 can be randomized policy maker or dynamic strategy maker.This randomized policy generates
Device can be randomly generated scheduling strategy by the functional module of inner setting, and is supplied to scheduler 20;Dynamic strategy is raw
Growing up to be a useful person and be compared to the difference of randomized policy maker, dynamic strategy maker is not randomly generated scheduling strategy, and
Be according to certain rule or according to scheduler a certain state generate scheduling strategy, such as, if according to will select perform
Dry scheduling strategy is according to label 1,2,3,4 ..., order be arranged in order, strategy generator 10 is according to this numbering
Order scheduling strategy is supplied to scheduler 20.
As it is shown in figure 1, scheduler 20 is for receiving from outside service request, strategically maker 10 gives
Scheduling strategy is for being defined as its isomery function equivalence body providing service from outside service request, and it is different to receive these
The feedback of structure function equivalence body, according to the scheduling strategy output service response that these feedbacks and strategy generator 10 are given.On
Stating service request can be the instruction sent to software and hardware device 100 by computer by user, such as, when software and hardware fills
Put 100 when completing routing addressing function, purpose IP that service request is data message;When software and hardware device 100 is complete
When becoming data encryption feature, service request is clear data and key.
As it is shown in figure 1, in above-mentioned software and hardware device 100, be chosen as service request and provide the isomery function equivalence of service
The feedback of body refers to that these isomery function equivalence bodies selected carry out functional expression therein, and exports respective functional expression
Result, these isomery function equivalence bodies can be real by the way of software, hardware, combination thereof etc. compare rigidization
Existing functional expression, it is also possible to realize functional expression by flexibility modes such as reconstruct, restructuring and software are self-defined.Wherein,
Reconstruct refers to that all or part of logical resource to software and hardware realizes dynamically distribution and functional mapping;Restructuring refers to component
All or part of component in gasifying device reconfigures or replaces;Software is self-defined to be referred to isomery function equivalence body
Processing unit and control unit be separated, user can carry out the self-defined of service function according to abstract DLL, and
And isomery function equivalence body can realize functional expression in the way of not only using rigidization but also to use flexibility, additionally, each
Isomery function equivalence body can be individually for the service function that software and hardware device 100 provides given.When selected isomery function
When equivalents realizes in flexibility mode, automatically or can be realized by manual type change according to presupposed solution by scheduler 20
Structure, but change does not affect the service function of whole device.
Additionally, the scale of isomery function equivalence body 30 and its each realization rate do not limit, each isomery function equivalence
Body includes system, subsystem, module, function, middleware, component etc..
Isomery function equivalence body functionally has an equivalence provide service according to service request, but each isomery function etc.
Valency body has an isomerism at following aspect:
The first, key algorithm is different, and this key algorithm includes stream table rule matching algorithm, file system page allocation algorithm etc.;
The second, implementation is different, such as data structure, programming language, compiling option, software architecture, hardware-accelerated
The implementations such as mode;
3rd, running environment is different, such as OS Type version, hardware architecture environment etc..
Isomerism between isomery function equivalence body includes but not limited to above three aspect.The software and hardware dress that the present embodiment provides
Putting when receiving from external service request, the scheduling strategy provided by strategy generator received due to scheduler is not
Determine, and the state of the isomery function equivalence body of multiple function equivalence is different, even if therefore scheduler receives same
Scheduling strategy is asked with identical service, and scheduler is defined as service request provides the isomery function equivalence body serviced also to be not
Identical, and these isomery function equivalence bodies to realize functional expression in what manner the most uncertain, scheduler connects again
Receive the feedback result of these isomery function equivalence bodies, therefore according to the scheduling plan that these feedback result and strategy generator are given
The service response slightly exported and structural characterization also have uncertainty.
Under conditions of function equivalence, service function and multiple function equivalences of the software and hardware device provided in this enforcement different
Uncertain scheduling strategy has been imported by strategy generator so that provide for service request between structure function equivalence body structure
Service response and this device isomery function equivalence body between feedback result there is uncertain corresponding relation, reflection to this device
Structural characterization aspect, it is uncertain for presenting between the service function of device and its structural characterization so that colonize in isomery
Leak (defect) or trapdoor (back door) on function equivalence body are mapped to outside meeting because of dynamic fuzzy by sign approach
Change and lose nature static and definitiveness, thus reduce greatly for device the unknown leak (defect) or trapdoor (back door)
The effectiveness scouted or attack so that software and hardware device can obtain actively from mechanism aspect in terms of reply control unknown risks
Protective capacities.
Another aspect of the present embodiment, is defined as the isomery function etc. of its service as steps described below for described service request
Valency body, provides for function request so that being selected as service request with providing the isomery function equivalence physical ability more high-quality serviced
Service.
As in figure 2 it is shown, described device is the flow chart that a service request determines isomery function equivalence body, concrete steps are such as
Under:
Step S101: according to the state of isomery function equivalence body, be determined to the isomery function equivalence body providing this to service.
The state of isomery function equivalence body judges to may come from the last running status providing service, or scheduler passes through
Isomery function equivalence body is detected, and obtains the information response after the detection of these isomery function equivalence bodies;According to isomery
The state of function equivalence body can be determined which isomery function equivalence body is in duty, which isomery function equivalence body
It is in idle condition etc..Additionally, the state of described isomery function equivalence body can also be inquired about by scheduler or isomery function
Equivalents reports or system record obtains.
Step S102: the scheduling strategy that strategically maker is given, for the isomery function etc. that this can be provided to service
Valency body, is defined as its isomery function equivalence body providing service for external service request.So that determine asks for service
The isomery function equivalence body providing service can normally work, and provides feedback for scheduler, prevents the isomery being determined
Function equivalence body is due to occupied for last time service request offer service, or is in the state worked, and not
Service can be provided for this service request, and then affect whole device output service response.
In another embodiment, the strategy generator in above-mentioned software and hardware device 100 both can preset according to inside
Strategy provide for the scheduling strategy of isomery function equivalence body for described scheduler, the strategy of outside offer can be provided again
Parameter.
As it is shown on figure 3, also include in software and hardware device 100: the parameter configuration device being connected with strategy generator 10
40, this parameter configuration device 40 is for providing policing parameter for strategy generator 10, so that strategy generator 10 generates and plan
The scheduling strategy that slightly parameter is corresponding, for selecting the isomery function equivalence body of functional expression to provide uncertainty attribute.
Parameter configuration device 40 can provide policing parameter according to internal parameter set in advance for strategy generator 10, internal
Set and refer to preset many kinds of parameters, for people or machine choice according to the functional module within strategy generator 10;This
Outward, parameter configuration device 40 can also provide policing parameter according to the control parameter of outside input for strategy generator 10, should
Outside input refers to embody the systematic parameter of software and hardware plant running environmental uncertainty, and such as this systematic parameter includes
System clock, active schedule number, the storage dynamic random parameter such as occupancy, processor occupancy, and multiple service merit
The state parameter of isomery function equivalence body that can be of equal value, such as include the use frequency of isomery function equivalence body, accuracy,
Cleaning frequency etc..
In another embodiment of the disclosure, as shown in Figure 4, for strengthening the safety of software and hardware device 100, this dress
Putting and also include watch-dog 50 (being commonly called as " house dog "), this watch-dog 50 is connected with scheduler 20, also with multiple functions
Isomery function equivalence body 30 of equal value is connected, for monitoring and dispatching device 20 and the work of multiple isomery function equivalence body 30
State, and carry out reporting to the police or sending operational order according to monitoring situation.Such as, scheduler is detected when watch-dog 50
During 20 operation irregularity, scheduler 20 is sent reboot operation instruction;Or when multiple isomery function equivalence bodies 30 are to service
Request or instruction without respond/do not work time, watch-dog 50 to without response or do not work wait appearance exception isomery function etc.
Valency body sends instruction of restarting, correspondingly sends alarm signal simultaneously so that scheduler 20 controls abnormal isomery function occur
Equivalents is restarted and exports feedback result, makes not affect whole device output service response.
Additionally, watch-dog 50 is also connected with strategy generator 10, parameter configuration device 40, for monitoring policy maker
10 and the duty of parameter configuration device 40, and carry out reporting to the police or sending operational order according to monitoring situation, specifically supervise
Brake is identical with the mode of the scheduler 20 in aforementioned monitoring device 100 and isomery function equivalence body 30.
In another embodiment of the disclosure, this software and hardware device supports iterated application, the isomery of the most multiple function equivalences
Function equivalence body and the service constituent functional units of any one level internal thereof, and scheduler 20 and internal any one
The service constituent functional units of level, all can use the method as the software and hardware device 100 in above example, from
And strengthen the uncertainty between this software and hardware device service function and its structural characterization.
The process of concrete iterated application, as it is shown in figure 5, the first level of device 100 includes strategy generator 11, scheduling
The isomery function equivalence body of x and n function equivalence of device (numbered x1, x2 ..., xn), the most each isomery function
Equivalents x1, x2 ..., all right Function Decomposition further of xn, and a certain service subfunction can use and device
100 same methods.Such as, an isomery function equivalence body xn of the first level can be decomposed into and include by strategy generating
Device 12, y and m function equivalence of scheduler isomery function equivalence body (numbered y1, y2 ..., ym) form second
Level, and scheduler y and strategy generator 11, multiple isomery function equivalence body (y1, y2 ..., ym) be connected,
And the function of strategy generator 12 is identical with the function of the strategy generator 11 of the first level, scheduler y and scheduler
The function of x is the most identical, multiple isomery function equivalence bodies (y1, y2 ..., ym) the form of expression, to first service please
Ask provide the expression way of service also with multiple isomery function equivalence bodies of the first level (x1, x2 ..., xn) expression
Mode is the most identical.
Further, on the basis of the second level, all right Function Decomposition further of isomery function equivalence body y2, and
And a certain service subfunction is also adopted by the method as device, including by strategy generator 13, scheduler z and k different
Structure function equivalence body (numbered z1, z2 ..., zk) the third layer level that forms, and the annexation of these parts and
Function is all identical with the first level of this device or the second level.Decomposed by above-mentioned functions and software and hardware device is decomposited three
Layer iterative relation, and also the 4th layer, layer 5 can be proceeded ... iteration, generally, at software view
On, the iteration of last layer is the binary number of computer, and the iteration ability of the software and hardware device in the present embodiment depends on
Control decomposing and isomeric space size in given service function.
Additionally, in each level (the first level, the second level, third layer level) Function Decomposition, it is also possible to include with
Scheduler, parameter configuration device and the watch-dog that the 26S Proteasome Structure and Function of aforementioned means 100 is identical.
In Figure 5, scheduler x also support iterated application, i.e. scheduler x can also Function Decomposition, i.e. scheduler and
The service constituent functional units of any one level internal can also resolve into has substrategy maker, sub-scheduler and multiple
The sub-device of sub-isomery function equivalence body, and the annexation of these subassemblies decomposing out and function are all and device
The annexation of 100 is identical with function, also can be according to sub-services request output sub-services response, to strengthen whole device clothes
Uncertainty between business function and its structural characterization.
Compared with existing passive protection technology based on accurate perception, the technology that the embodiment of the present invention is provided, in soft or hard
Having imported uncertainty attribute between service function and the isomery function equivalence body of part device, this uncertainty attribute includes that strategy is raw
The scheduling strategy provided for scheduler of growing up to be a useful person is uncertain, and scheduler is defined as the isomery function equivalence body of service request service not
Determine, and scheduler receives the feedback result of these isomery function equivalence bodies, and raw according to these feedback result and strategy
The scheduling strategy growing up to be a useful person given selects the service response of output to be also uncertain with the structural characterization of this device so that parasitic
Leak (defect) or trapdoor (back door) on isomery function equivalence body are mapped to outside meeting by sign approach because moving
Morphotype gelatinizing and lose nature static and definitiveness, thus reduce greatly for device the unknown leak (defect) or trapdoor (after
Door) effectiveness scouting or attack, and then software and hardware device can be obtained from mechanism aspect in terms of reply control unknown risks
Obtain protective capacities actively.
Those skilled in the art it can be understood that can add by software to the technology in the embodiment of the present invention required
The mode of general hardware platform realizes.Based on such understanding, the technical scheme in the embodiment of the present invention substantially or
Saying that the part contributing prior art can embody with the form of software product, this computer software product is permissible
It is stored in storage medium, such as ROM/RAM, magnetic disc, CD etc., instructs with so that a computer sets including some
Standby (can be personal computer, server, or the network equipment etc.) performs each embodiment of the present invention or embodiment
The method described in some part.
The above is only the detailed description of the invention of the present invention, it is noted that for those skilled in the art
For, under the premise without departing from the principles of the invention, it is also possible to make some improvements and modifications, these improvements and modifications are also
Should be regarded as protection scope of the present invention.
Claims (10)
1. a service function and structural characterization uncertain software and hardware device, it is characterised in that described device includes strategy
The isomery function equivalence body of maker, scheduler and multiple function equivalence, described scheduler is arranged on described strategy generator
And between described isomery function equivalence body, wherein,
Described strategy generator, for providing the scheduling strategy for isomery function equivalence body for described scheduler;
Described scheduler, for receiving the service request of outside, the scheduling strategy given according to described strategy generator is institute
State service request and be defined as its isomery function equivalence body that service is provided, described service is requested assignment to these isomery functions
Equivalents, and receive the feedback of these isomery function equivalence bodies, according to the tune that described feedback and described strategy generator are given
Degree strategy output and the uncertain service response of structural characterization.
Device the most according to claim 1, it is characterised in that be defined as described service request as steps described below
The isomery function equivalence body of its offer service:
According to the state of isomery function equivalence body, it is determined to the isomery function equivalence body providing this to service;
According to the scheduling strategy that described strategy generator is given, for the isomery function equivalence body that this can be provided to service,
It is defined as its isomery function equivalence body that service is provided for described service request.
Device the most according to claim 2, it is characterised in that described strategy generator be randomized policy maker or
Dynamic strategy maker.
Device the most according to claim 3, it is characterised in that also include the ginseng being connected with described strategy generator
Number distributor, for providing policing parameter for described strategy generator, so that described strategy generator generates and described strategy
The scheduling strategy that parameter is corresponding.
Device the most according to claim 4, it is characterised in that described device also includes watch-dog, described watch-dog with
Described scheduler is connected, and described watch-dog is connected with described isomery function equivalence body, is used for monitoring described scheduling
Device and the duty of described isomery function equivalence body, and carry out reporting to the police or sending operational order according to monitoring situation.
Device the most according to claim 5, it is characterised in that described isomery function equivalence body and internal any one
The service constituent functional units of level, the service function described in any claim and structural characterization in employing claim 1-4
The scheme of uncertain software and hardware device.
Device the most according to claim 6, it is characterised in that described scheduler and the clothes of any one level internal thereof
Business constituent functional units, in employing claim 1-4, the service function described in any claim is uncertain with structural characterization
The scheme of software and hardware device.
8. according to the device described in claim 1,2 or 3, it is characterised in that described strategy generator is pre-according to inside
The strategy first set provides the scheduling strategy for isomery function equivalence body as described scheduler.
Device the most according to claim 4, it is characterised in that described parameter configuration device is set in advance according to inside
Parameter provides policing parameter for described strategy generator.
Device the most according to claim 4, it is characterised in that described parameter configuration device is according to described outside input
Control parameter be described strategy generator provide policing parameter.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510293367.1A CN106156631B (en) | 2015-06-01 | 2015-06-01 | A kind of service function and the uncertain software and hardware device of structural characterization corresponding relationship |
| US15/018,559 US9954885B2 (en) | 2015-06-01 | 2016-02-08 | Software/hardware device with uncertain service function and structural characterization, and scheduling method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510293367.1A CN106156631B (en) | 2015-06-01 | 2015-06-01 | A kind of service function and the uncertain software and hardware device of structural characterization corresponding relationship |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106156631A true CN106156631A (en) | 2016-11-23 |
| CN106156631B CN106156631B (en) | 2019-03-12 |
Family
ID=57348265
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510293367.1A Active CN106156631B (en) | 2015-06-01 | 2015-06-01 | A kind of service function and the uncertain software and hardware device of structural characterization corresponding relationship |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106156631B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107346272A (en) * | 2017-06-01 | 2017-11-14 | 上海红阵信息科技有限公司 | The determination method and apparatus of dynamic heterogeneous redundant system |
| CN107395591A (en) * | 2017-07-19 | 2017-11-24 | 中国人民解放军信息工程大学 | The isomery degree appraisal procedure and system of a kind of function equivalence body set |
| CN107395414A (en) * | 2017-07-19 | 2017-11-24 | 上海红阵信息科技有限公司 | A kind of negative feedback control method and system based on output ruling |
| WO2018059187A1 (en) * | 2016-09-27 | 2018-04-05 | 上海红阵信息科技有限公司 | A device and method for generating heterogeneous function equivalents |
| CN110048992A (en) * | 2018-01-17 | 2019-07-23 | 北京中科晶上超媒体信息技术有限公司 | A method of constructing dynamic heterogeneous redundancy structure |
| CN110177084A (en) * | 2019-04-04 | 2019-08-27 | 上海红阵信息科技有限公司 | Distributed memory system meta-service structure, construction method and system architecture for defending against network attacks |
| CN111431944A (en) * | 2020-06-10 | 2020-07-17 | 之江实验室 | Mimicry arbitration system and configuration and recovery method thereof |
| CN113312162A (en) * | 2021-05-28 | 2021-08-27 | 中国人民解放军战略支援部队航天工程大学 | Micro-service processing method, micro-service architecture platform and equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101599026A (en) * | 2009-07-09 | 2009-12-09 | 浪潮电子信息产业股份有限公司 | A Cluster Job Scheduling System with Elastic Architecture |
| CN102073546A (en) * | 2010-12-13 | 2011-05-25 | 北京航空航天大学 | Task-dynamic dispatching method under distributed computation mode in cloud computing environment |
| CN102209041A (en) * | 2011-07-13 | 2011-10-05 | 上海红神信息技术有限公司 | Scheduling method, device and system |
| CN104394150A (en) * | 2014-11-26 | 2015-03-04 | 大连梯耐德网络技术有限公司 | A system and method for implementing a pseudo-secure network architecture based on hardware reconfiguration |
| US20150096006A1 (en) * | 2013-09-27 | 2015-04-02 | The University Of North Carolina At Charlotte | Moving target defense against cross-site scripting |
-
2015
- 2015-06-01 CN CN201510293367.1A patent/CN106156631B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101599026A (en) * | 2009-07-09 | 2009-12-09 | 浪潮电子信息产业股份有限公司 | A Cluster Job Scheduling System with Elastic Architecture |
| CN102073546A (en) * | 2010-12-13 | 2011-05-25 | 北京航空航天大学 | Task-dynamic dispatching method under distributed computation mode in cloud computing environment |
| CN102209041A (en) * | 2011-07-13 | 2011-10-05 | 上海红神信息技术有限公司 | Scheduling method, device and system |
| US20150096006A1 (en) * | 2013-09-27 | 2015-04-02 | The University Of North Carolina At Charlotte | Moving target defense against cross-site scripting |
| CN104394150A (en) * | 2014-11-26 | 2015-03-04 | 大连梯耐德网络技术有限公司 | A system and method for implementing a pseudo-secure network architecture based on hardware reconfiguration |
Non-Patent Citations (3)
| Title |
|---|
| 刘杰等: ""动态弹性安全防御技术及发展趋势"", 《通信技术》 * |
| 邬江兴: ""拟态计算与拟态安全防御的原意和愿景"", 《电信科学》 * |
| 邬江兴: ""网络空间拟态安全防御"", 《保密科学技术》 * |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018059187A1 (en) * | 2016-09-27 | 2018-04-05 | 上海红阵信息科技有限公司 | A device and method for generating heterogeneous function equivalents |
| US11201895B2 (en) | 2016-09-27 | 2021-12-14 | Shanhai Hongzhen Information Science & Technology Co. Ltd. | Apparatus for generating heterogeneous functional equivalent and method thereof |
| CN107346272B (en) * | 2017-06-01 | 2020-11-17 | 珠海高凌信息科技股份有限公司 | Method and device for determining dynamic heterogeneous redundant system |
| CN107346272A (en) * | 2017-06-01 | 2017-11-14 | 上海红阵信息科技有限公司 | The determination method and apparatus of dynamic heterogeneous redundant system |
| CN107395591A (en) * | 2017-07-19 | 2017-11-24 | 中国人民解放军信息工程大学 | The isomery degree appraisal procedure and system of a kind of function equivalence body set |
| CN107395414A (en) * | 2017-07-19 | 2017-11-24 | 上海红阵信息科技有限公司 | A kind of negative feedback control method and system based on output ruling |
| WO2019015029A1 (en) * | 2017-07-19 | 2019-01-24 | 上海红阵信息科技有限公司 | Negative feedback control method and system based on output arbitration |
| US11575710B2 (en) | 2017-07-19 | 2023-02-07 | Shanghai Hongzhen Information Science & Technology | Output-decision-based negative feedback control method and system |
| CN107395591B (en) * | 2017-07-19 | 2019-08-20 | 中国人民解放军信息工程大学 | A method and system for evaluating heterogeneity of functional equivalence sets |
| CN107395414B (en) * | 2017-07-19 | 2020-07-28 | 上海红阵信息科技有限公司 | A Negative Feedback Control Method and System Based on Output Judgment |
| CN110048992B (en) * | 2018-01-17 | 2021-10-15 | 北京中科晶上超媒体信息技术有限公司 | Method for constructing dynamic heterogeneous redundant architecture |
| CN110048992A (en) * | 2018-01-17 | 2019-07-23 | 北京中科晶上超媒体信息技术有限公司 | A method of constructing dynamic heterogeneous redundancy structure |
| CN110177084A (en) * | 2019-04-04 | 2019-08-27 | 上海红阵信息科技有限公司 | Distributed memory system meta-service structure, construction method and system architecture for defending against network attacks |
| CN110177084B (en) * | 2019-04-04 | 2022-04-22 | 上海红阵信息科技有限公司 | Distributed storage system meta-service structure for defending network attack, construction method and system architecture |
| CN111431944A (en) * | 2020-06-10 | 2020-07-17 | 之江实验室 | Mimicry arbitration system and configuration and recovery method thereof |
| CN113312162A (en) * | 2021-05-28 | 2021-08-27 | 中国人民解放军战略支援部队航天工程大学 | Micro-service processing method, micro-service architecture platform and equipment |
| CN113312162B (en) * | 2021-05-28 | 2024-08-02 | 中国人民解放军战略支援部队航天工程大学 | Micro-service processing method, micro-service architecture platform and equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106156631B (en) | 2019-03-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106156631A (en) | A kind of service function and structural characterization uncertain software and hardware device | |
| US10318740B2 (en) | Security risk scoring of an application | |
| Wang et al. | Malicious firmware detection with hardware performance counters | |
| EP3120281B1 (en) | Dynamic identity checking | |
| US8041435B2 (en) | Modular object dynamic hosting | |
| US10581897B1 (en) | Method and system for implementing threat intelligence as a service | |
| US9954885B2 (en) | Software/hardware device with uncertain service function and structural characterization, and scheduling method thereof | |
| CN108234475A (en) | Account management method, electronic equipment and computer storage media | |
| US20100082123A1 (en) | Modular object and host matching | |
| CN104679717A (en) | Method and management system of elastic cluster deployment | |
| CN109145539A (en) | A kind of right management method and electronic equipment of more programming projects | |
| US20130219227A1 (en) | Multi-Entity Test Case Execution Workflow | |
| Kounev et al. | Model-driven algorithms and architectures for self-aware computing systems (Dagstuhl Seminar 15041) | |
| CN108701175A (en) | Associating user accounts with enterprise workspaces | |
| US8959645B2 (en) | Method for providing control information for a distributed operation in an automation system, computer program and automation system | |
| US8943013B2 (en) | Real-time equipment behavior selection | |
| Chen et al. | Indistinguishability prevents scheduler side channels in real-time systems | |
| US20200151049A1 (en) | Increasing processing capacity of processor cores during initial program load processing | |
| CN106354507A (en) | Enterprise-level application management system and method for operating same | |
| CN106257482B (en) | The control of data analysis result is placed | |
| CN105205123B (en) | Data interactive method and device between a kind of database | |
| Dehraj et al. | Autonomic provisioning in software development life cycle process | |
| US10747579B2 (en) | Method and device for allocating resources in a system | |
| Repp | The system of technical diagnostics of the industrial safety information network | |
| Haque et al. | Microservice-based architecture of a software as a service (saas) building energy management platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |