CN107506641A - Sandbox management method and device, computing device, storage medium - Google Patents
Sandbox management method and device, computing device, storage medium Download PDFInfo
- Publication number
- CN107506641A CN107506641A CN201710915235.7A CN201710915235A CN107506641A CN 107506641 A CN107506641 A CN 107506641A CN 201710915235 A CN201710915235 A CN 201710915235A CN 107506641 A CN107506641 A CN 107506641A
- Authority
- CN
- China
- Prior art keywords
- sandbox
- copy
- detected
- sample
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
Abstract
The invention discloses a kind of sandbox management method and device, computing device, storage medium, its method includes:Sandbox copy is generated using default sandbox image copying, and starts sandbox copy;Register sandbox copy;Sample data information to be detected is pushed into sandbox copy to be detected;Close and reclaim sandbox copy.The method that the present invention passes through sandbox management, in that context it may be convenient to replicate detection of the sandbox copy to sample, and easily close in the completed and reclaim sandbox copy.
Description
Technical field
The present invention relates to sandbox technology field, and in particular to a kind of sandbox management method and device, computing device, storage Jie
Matter.
Background technology
Sandbox is a virtual system program, and the program for needing to detect can be run in sandbox, obtains the work of program
Dynamic behavior, operation result etc..And run in sandbox influences then to delete caused by the program of detection, will not be to hard
Disk has an impact in itself.Sandbox can be independent as one virtual environment, detect not trusted program.
When being detected to multiple programs, it may be necessary to the parallel operation of multiple sandboxs.When running multiple sandboxs, such as
The corresponding different sandbox (50) of different system version (50 system versions), multiple programs (5) are equal in different system version
Need to be detected, it is necessary to which the sandbox of the 50*5 orders of magnitude is run parallel.The processes such as the startup of each sandbox, detection, closing need
Manage, it is also necessary to resource is taken to sandbox and is monitored.Prior art not to the solution of multiple parallel sandbox management,
During so that multiple sandboxs being run parallel, the controllable management to the operation of each sandbox can not be accomplished so that meeting during multiple sandbox operations
Compare chaotic.
Therefore, it is necessary to a kind of sandbox management method, to solve problem of management when above-mentioned multiple sandboxs are run parallel.
The content of the invention
In view of the above problems, it is proposed that the present invention so as to provide one kind overcome above mentioned problem or at least in part solve on
State the sandbox management method and device, computing device, storage medium of problem.
According to an aspect of the invention, there is provided a kind of sandbox management method, it includes:
Sandbox copy is generated using default sandbox image copying, and starts sandbox copy;
Register sandbox copy;
Sample data information to be detected is pushed into sandbox copy to be detected;
Close and reclaim sandbox copy.
According to another aspect of the present invention, there is provided a kind of sandbox managing device, it includes:
Replication module, suitable for generating sandbox copy using default sandbox image copying, and start sandbox copy;
Registering modules, suitable for registering sandbox copy;
Detection module, detected suitable for sample data information to be detected is pushed into sandbox copy;
Closedown module, suitable for closing and reclaiming sandbox copy.
According to another aspect of the invention, there is provided a kind of sandbox management system, it includes cloud server and above-mentioned
Sandbox managing device.
In accordance with a further aspect of the present invention, there is provided a kind of computing device, including:Processor, memory, communication interface and
Communication bus, the processor, the memory and the communication interface complete mutual communication by the communication bus;
The memory is used to deposit an at least executable instruction, and the executable instruction makes the computing device above-mentioned
Operated corresponding to sandbox management method.
In accordance with a further aspect of the present invention, there is provided a kind of computer-readable storage medium, be stored with the storage medium to
A few executable instruction, the executable instruction make computing device be operated as corresponding to above-mentioned sandbox management method.
According to sandbox management method provided by the invention and device, computing device, storage medium, default sandbox mirror image is utilized
Generation sandbox copy is replicated, and starts sandbox copy;Register sandbox copy;Sample data information to be detected is pushed to sandbox pair
This is detected;Close and reclaim sandbox copy.The present invention is managed by way of remote procedure call to sandbox, can
Easily to replicate detection of the sandbox copy to sample, and easily close in the completed and reclaim sandbox copy.Solve more
Problem of management when individual sandbox is run parallel.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention,
And can be practiced according to the content of specification, and in order to allow above and other objects of the present invention, feature and advantage can
Become apparent, below especially exemplified by the embodiment of the present invention.
Brief description of the drawings
By reading the detailed description of hereafter preferred embodiment, it is various other the advantages of and benefit it is common for this area
Technical staff will be clear understanding.Accompanying drawing is only used for showing the purpose of preferred embodiment, and is not considered as to the present invention
Limitation.And in whole accompanying drawing, identical part is denoted by the same reference numerals.In the accompanying drawings:
Fig. 1 shows the flow chart of sandbox management method according to an embodiment of the invention;
Fig. 2 shows the flow chart of sandbox management method in accordance with another embodiment of the present invention;
Fig. 3 shows the functional block diagram of sandbox managing device according to an embodiment of the invention;
Fig. 4 shows the functional block diagram of sandbox managing device in accordance with another embodiment of the present invention;
Fig. 5 shows a kind of structural representation of computing device according to an embodiment of the invention.
Embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although the disclosure is shown in accompanying drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here
Limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure
Completely it is communicated to those skilled in the art.
Fig. 1 shows the flow chart of sandbox management method according to an embodiment of the invention.As shown in figure 1, sandbox pipe
Reason method specifically comprises the following steps:
Step S101, sandbox copy is generated using default sandbox image copying, and start sandbox copy.
The different sandbox mirror images that default sandbox mirror image uses for the different system version of the correspondence of pre-production.Utilize this
Default sandbox mirror image can replicate the multiple sandbox copies of generation, and the sandbox copy for replicating generation can be according to follow-up test sample to be checked
This configuration script modification configuration information, such as changes internal memory, CPU configurations.After generation sandbox copy is replicated, and start duplication
The sandbox copy of generation.Wherein, generating sandbox copy using default sandbox image copying can use Docker image instanceizations to hold
The method of device is realized.
Default sandbox mirror image can be iso forms., it is necessary to will enter to default sandbox mirror image before using default sandbox mirror image
Row loading.Specifically, default sandbox mirror image is decompressed, configuration therein is read, completes the loading of default sandbox mirror image.
Further, for convenience of subsequently being detected to sample to be detected, preset sandbox mirror image and use in operation test sample to be checked
This when, can get the virtual machine sandbox mirror image of I/O data stream, when the sandbox copy of convenient reproduction generation can get operation
I/O data stream.Specifically, hooking up I/O data stream handling function in the virtual machine of default sandbox mirror image, I/O data stream is obtained
Parameter information.The parameter information of I/O data stream can include the port information, data message, I/O device state of the operation of I/O data stream
Information etc..The parameter information for obtaining I/O data stream is conveniently checked I/O data stream.
Step S102, register sandbox copy.
The sandbox copy for replicating generation upon actuation, can go to connect gateway.By DHCP, sandbox is obtained
The IP address of copy, the network connection for dynamically reconfiguring sandbox copy are set, and realize the registration of sandbox copy.Meanwhile can also
The information of sandbox copy is reported.The information of sandbox copy include sandbox copy version information, operating system version information,
The information such as plug-in list.
Step S103, sample data information to be detected is pushed to sandbox copy and detected.
Sample data information to be detected includes the information such as the configuration script of sample to be detected, operation sample to be detected.According to
Running the configuration script of sample to be detected can clearly recognize how sample to be detected runs, as have recorded in configuration script
The ambient parameter of sample operation to be detected, precondition of sample to be detected operation etc..The acquisition of sample data information to be detected
The practical operation of user equipment can be monitored by monitoring devices such as such as Active Defending System Againsts, monitoring device is intercepted and not can determine that
Data message, i.e., sample data information to be detected.
, can according to the configuration script for running sample to be detected after sample data information to be detected is pushed into sandbox copy
Set with such as changing the ambient parameter of sandbox copy, start program specified in configuration script etc., transported afterwards in sandbox copy
Row sample to be detected, and record log information caused by operation sample to be detected.Log information can record to be detected in detail
The crawler behavior of sample, run the information, such as I/O operation, internal memory operation such as influence caused by sample to be detected.Log information meeting
First it is recorded in the preassigned memory headroom of sandbox copy.After preassigned memory headroom is fully written, record is obtained
Log information, and log information is sent to log server.The address of log server can be recorded in sample number to be detected
It is believed that in breath, can also be specified in advance in default sandbox mirror image, sandbox copy can directly obtain the address of log server.
According to the address of log server, log information is sent.When sending, sent out again after can log information can be compressed
Send, convenient transmission.
Further, log information can also be analyzed by characterization rules engine according to various preset rules, to judge
Sample to be detected whether exceptional sample.
In sandbox copy carries out detection process, monitoring sandbox copy runs the process of sample to be detected, so as to sandbox
Process resource that copy uses, sandbox copy total system power consumption are controlled, convenient that sandbox process is scheduled.
Step S104, close and reclaim sandbox copy.
After sample to be detected is completed in operation, sandbox copy is closed, and reclaims the sandbox copy, corresponding deletion sandbox sample
Intermediate data caused by this.That is a sandbox copy is shut off after a sample to be detected is run and reclaims the sandbox sample.
Specifically, run the process of sample to be detected in monitoring sandbox copy, when finding that it is to be detected that the process has performed completion operation
After sample, it can close and reclaim sandbox copy.Or it can not such as stop when sample to be detected is the program sample of endless loop
Transmission prior data bank when, monitor and the process of sample to be detected run in sandbox copy.If process in default time-out time (such as
2 minutes) in record log information when being substantially the same, it is not necessary to continuing to run with sample to be detected, closing and reclaim sandbox pair
This.Or after log information is completely sent into log server, closes and reclaim sandbox copy.
It should be noted that the whole process of above sandbox management uses remote procedure call mode so that sandbox copy
Toggle speed, data transfer etc. significantly improves.
According to sandbox management method provided by the invention, sandbox copy is generated using default sandbox image copying, and start
Sandbox copy;Register sandbox copy;Sample data information to be detected is pushed into sandbox copy to be detected;Close and reclaim sand
Case copy.The present invention is managed, in that context it may be convenient to replicate sandbox copy to sample by way of remote procedure call to sandbox
This detection, and easily close in the completed and reclaim sandbox copy.Solve management when multiple sandboxs are run parallel to ask
Topic.
Fig. 2 shows the flow chart of sandbox management method in accordance with another embodiment of the present invention.As shown in Fig. 2 sandbox
Management method specifically comprises the following steps:
Step S201, sandbox copy is generated using default sandbox image copying, and start sandbox copy.
Step S202, register sandbox copy.
Step S203, sample data information to be detected is pushed to sandbox copy and detected.
The description of step S101-S103 in the embodiment of above step reference picture 1, will not be repeated here.
Step S204, presupposition analysis plug-in unit is inserted into sandbox copy, inserted for running presupposition analysis in sandbox copy
Part.
Presupposition analysis plug-in unit is the plug-in unit analyzed different samples to be detected, and presupposition analysis plug-in unit includes multiple analyses
Plug-in unit.According to the needs of each sample to be detected, corresponding one or more presupposition analysis plug-in units are dynamically inserted into sandbox
Copy.The presupposition analysis plug-in unit of insertion can be directly run in sandbox copy, runs presupposition analysis plug-in unit and the operation of insertion
Sample to be detected can perform parallel.After the registration of sandbox copy is completed, presupposition analysis plug-in unit can be dynamically inserted into sand
Case copy.
Step S205, close and reclaim sandbox copy.
After sample to be detected is completed in operation, sandbox copy is closed, and reclaims the sandbox copy, corresponding deletion sandbox sample
Intermediate data caused by this.That is a sandbox copy is shut off after a sample to be detected is run and reclaims the sandbox sample.
Specifically, run the process of sample to be detected in monitoring sandbox copy, when finding that it is to be detected that the process has performed completion operation
After sample, it can close and reclaim sandbox copy.Or it can not such as stop when sample to be detected is the program sample of endless loop
Transmission prior data bank when, monitor and the process of sample to be detected run in sandbox copy.If process in default time-out time (such as
2 minutes) in record log information when being substantially the same, it is not necessary to continuing to run with sample to be detected, closing and reclaim sandbox pair
This.Or after log information is completely sent into log server, closes and reclaim sandbox copy.
Step S206, delete default sandbox mirror image.
When default sandbox mirror image is no longer applicable, or generates new default sandbox mirror image, original default sandbox is deleted
Mirror image, new default sandbox mirror image can be reacquired.It is required for being loaded when each time using new default sandbox mirror image,
After loading, the default sandbox mirror image of loading can be used to carry out replicating generation sandbox copy etc..
Step S207, change the configuration information of default sandbox mirror image.
When the configuration information of default sandbox mirror image is wrong, the configuration information of default sandbox mirror image corresponding can be changed,
Such as change the memory setting in default sandbox mirror image, the address of the log server connected sets information.It should be noted that
In the configuration information of the default sandbox mirror image of modification, by the sandbox copy Close All of replicated generation and can reclaim.Repairing
After the configuration information for changing default sandbox mirror image, replicated again using amended default sandbox mirror image and generate new sandbox copy.
Fixed tandem relation is not present between step S206 and step S207 and above-mentioned steps, according to actual conditions
Performed.
According to sandbox management method provided by the invention, the configuration information of default sandbox mirror image can be changed, or may be used also
To delete former default sandbox mirror image, new default sandbox mirror image is reloaded, it is convenient to utilize different default sandbox image copyings
Sandbox copy is generated, to realize the detection of sample to be detected under different system environment.
Fig. 3 shows the functional block diagram of sandbox managing device according to an embodiment of the invention.As shown in figure 3, sandbox
Managing device includes following module:
Replication module 310, suitable for generating sandbox copy using default sandbox image copying, and start sandbox copy.
The different sandbox mirror images that default sandbox mirror image uses for the different system version of the correspondence of pre-production.Backed stamper
Block 310 presets sandbox mirror image using this can replicate the multiple sandbox copies of generation, and the sandbox copy for replicating generation can basis
The configuration script modification configuration information of follow-up sample to be detected, such as changes internal memory, CPU configurations.Replication module 310 is replicating life
Into after sandbox copy, and start the sandbox copy for replicating generation.Wherein, replication module 310 utilizes default sandbox image copying life
The method that can use Docker image instance containers into sandbox copy is realized.
Default sandbox mirror image can be iso forms.Replication module 310 is before using default sandbox mirror image, it is necessary to will be to pre-
If sandbox mirror image is loaded.Specifically, replication module 310 is decompressed default sandbox mirror image, configuration therein is read, it is complete
Into the loading of default sandbox mirror image.
Further, for convenience of subsequently being detected to sample to be detected, preset sandbox mirror image and use in operation test sample to be checked
This when, can get the virtual machine sandbox mirror image of I/O data stream, when the sandbox copy of convenient reproduction generation can get operation
I/O data stream.Specifically, hooking up I/O data stream handling function in the virtual machine of default sandbox mirror image, I/O data stream is obtained
Parameter information.The parameter information of I/O data stream can include the port information, data message, I/O device state of the operation of I/O data stream
Information etc..The parameter information for obtaining I/O data stream is conveniently checked I/O data stream.
Registering modules 320, suitable for registering sandbox copy.
The sandbox copy for replicating generation upon actuation, can go to connect gateway.Registering modules 320 are assisted by dynamic host configuration
View, the IP address of sandbox copy is obtained, the network connection for dynamically reconfiguring sandbox copy is set, and realizes the note of sandbox copy
Volume.Meanwhile Registering modules 320 can also be reported the information of sandbox copy.The information of sandbox copy includes sandbox copy version
The information such as this information, operating system version information, plug-in list.
Detection module 330, detected suitable for sample data information to be detected is pushed into sandbox copy.
Sample data information to be detected includes the information such as the configuration script of sample to be detected, operation sample to be detected.According to
Running the configuration script of sample to be detected can clearly recognize how sample to be detected runs, as have recorded in configuration script
The ambient parameter of sample operation to be detected, precondition of sample to be detected operation etc..The acquisition of sample data information to be detected
The practical operation of user equipment can be monitored by monitoring devices such as such as Active Defending System Againsts, monitoring device is intercepted and not can determine that
Data message, i.e., sample data information to be detected.
After sample data information to be detected is pushed to sandbox copy by detection module 330, according to operation sample to be detected
Configuration script, the ambient parameter that can such as change sandbox copy set, start the program specified in configuration script, detection module
330 run sample to be detected in sandbox copy, and record log information caused by operation sample to be detected.Log information can be with
The information such as influence caused by the crawler behavior for recording sample to be detected in detail, operation sample to be detected, as I/O operation, internal memory are grasped
Make etc..Log information is first recorded in the preassigned memory headroom of sandbox copy by detection module 330.When preassigned interior
Deposit after space is fully written, detection module 330 obtains the log information of record, and log information is sent into log server.Day
The address of will server can be recorded in sample data information to be detected, can also be specified in advance in default sandbox mirror image,
Sandbox copy can directly obtain the address of log server.Detection module 330 sends daily record according to the address of log server
Information.When sending, detection module 330 retransmits after can log information can be compressed, convenient transmission.
Further, log information can also be analyzed by characterization rules engine according to various preset rules, to judge
Sample to be detected whether exceptional sample.
In sandbox copy carries out detection process, detection module 330 also monitors sandbox copy and runs entering for sample to be detected
Journey, it is convenient that sandbox process is entered so that the process resource that uses sandbox copy, sandbox copy total system power consumption are controlled
Row scheduling.
Closedown module 340, suitable for closing and reclaiming sandbox copy.
After sample to be detected is completed in the operation of detection module 330, closedown module 340 closes sandbox copy, and reclaims the sand
Case copy, corresponding closedown module 340 delete intermediate data caused by sandbox sample.That is a sandbox copy is treated for one in operation
After detecting sample, closedown module 340 is shut off and reclaims the sandbox sample.Specifically, closedown module 340 is monitored in sandbox copy
The process of sample to be detected is run, after finding that the process has performed completion operation sample to be detected, closedown module 340 is closed
And reclaim sandbox copy.Or such as it can ceaselessly send prior data bank when sample to be detected is the program sample of endless loop
When, closedown module 340 monitors the process that sample to be detected is run in sandbox copy.If closedown module 340 finds process default
When the log information of record is substantially the same in time-out time (such as 2 minutes), it is not necessary to continuing to run with sample to be detected, closing mould
Block 340 is closed and reclaims sandbox copy.Or closedown module 340 is closed after log information is completely sent into log server
Close and reclaim sandbox copy.
It should be noted that the whole process of above sandbox management uses remote procedure call mode so that sandbox copy
Toggle speed, data transfer etc. significantly improves.
According to sandbox managing device provided by the invention, sandbox copy is generated using default sandbox image copying, and start
Sandbox copy;Register sandbox copy;Sample data information to be detected is pushed into sandbox copy to be detected;Close and reclaim sand
Case copy.The present invention is managed, in that context it may be convenient to replicate sandbox copy to sample by way of remote procedure call to sandbox
This detection, and easily close in the completed and reclaim sandbox copy.Solve management when multiple sandboxs are run parallel to ask
Topic.
Fig. 4 shows the functional block diagram of sandbox managing device in accordance with another embodiment of the present invention.As shown in figure 4, with
Fig. 3 differences are that the present apparatus also includes:
Card module 350, it is default for being run in sandbox copy suitable for presupposition analysis plug-in unit is inserted into sandbox copy
Analyze plug-in unit.
Presupposition analysis plug-in unit is the plug-in unit analyzed different samples to be detected, and presupposition analysis plug-in unit includes multiple analyses
Plug-in unit.Card module 350 is dynamic by corresponding one or more presupposition analysis plug-in units according to the needs of each sample to be detected
It is inserted into sandbox copy.Card module 350 can directly run the presupposition analysis plug-in unit of insertion, operation insertion in sandbox copy
Presupposition analysis plug-in unit can be performed parallel with running sample to be detected.After Registering modules 320 complete the registration of sandbox copy, insert
Presupposition analysis plug-in unit is dynamically inserted into sandbox copy by part module 350.
Modified module 360, it is suitably modified to the configuration information of default sandbox mirror image.
When the configuration information of default sandbox mirror image is wrong, modified module 360 can the corresponding default sandbox mirror image of modification
Configuration information, the memory setting in default sandbox mirror image is changed such as modified module 360, the address of log server of connection is set
The information such as put.It should be noted that modified module 360 can perform closing mould in the configuration information of the default sandbox mirror image of modification
The sandbox copy Close All of the replicated generation of block 340 simultaneously reclaims.Configuration of the modified module 360 in the default sandbox mirror image of modification
After information, replication module 310 is replicated and generates new sandbox copy again using amended default sandbox mirror image.
Removing module 370, suitable for deleting default sandbox mirror image.
When default sandbox mirror image is no longer applicable, or generates new default sandbox mirror image, removing module 370 is deleted original
Default sandbox mirror image, new default sandbox mirror image can be reacquired.All needed when each time using new default sandbox mirror image
Loaded, after loading, the default sandbox mirror image of loading can be used to carry out replicating generation sandbox copy etc..
Modified module 360 and removing module 370 are performed as needed.
According to sandbox managing device provided by the invention, the configuration information of default sandbox mirror image can be changed, or may be used also
To delete former default sandbox mirror image, new default sandbox mirror image is reloaded, it is convenient to utilize different default sandbox image copyings
Sandbox copy is generated, to realize the detection of sample to be detected under different system environment.
Present invention also provides a kind of nonvolatile computer storage media, the computer-readable storage medium is stored with least
One executable instruction, the computer executable instructions can perform the sandbox management method in above-mentioned any means embodiment.
Fig. 5 shows a kind of structural representation of computing device according to an embodiment of the invention, of the invention specific real
Specific implementation of the example not to computing device is applied to limit.
As shown in figure 5, the computing device can include:Processor (processor) 502, communication interface
(Communications Interface) 504, memory (memory) 506 and communication bus 508.
Wherein:
Processor 502, communication interface 504 and memory 506 complete mutual communication by communication bus 508.
Communication interface 504, for being communicated with the network element of miscellaneous equipment such as client or other servers etc..
Processor 502, for configuration processor 510, it can specifically perform the correlation in above-mentioned sandbox management method embodiment
Step.
Specifically, program 510 can include program code, and the program code includes computer-managed instruction.
Processor 502 is probably central processor CPU, or specific integrated circuit ASIC (Application
Specific Integrated Circuit), or it is arranged to implement the integrated electricity of one or more of the embodiment of the present invention
Road.The one or more processors that computing device includes, can be same type of processor, such as one or more CPU;Also may be used
To be different types of processor, such as one or more CPU and one or more ASIC.
Memory 506, for depositing program 510.Memory 506 may include high-speed RAM memory, it is also possible to also include
Nonvolatile memory (non-volatile memory), for example, at least a magnetic disk storage.
Program 510 specifically can be used for so that processor 502 performs the sandbox manager in above-mentioned any means embodiment
Method.The specific implementation of each step may refer to right in corresponding steps and the unit in above-mentioned sandbox management implementation example in program 510
The description answered, will not be described here.It is apparent to those skilled in the art that for convenience and simplicity of description, on
The equipment of description and the specific work process of module are stated, may be referred to the corresponding process description in preceding method embodiment, herein
Repeat no more.
Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein.
Various general-purpose systems can also be used together with teaching based on this.As described above, required by constructing this kind of system
Structure be obvious.In addition, the present invention is not also directed to any certain programmed language.It should be understood that it can utilize various
Programming language realizes the content of invention described herein, and the description done above to language-specific is to disclose this hair
Bright preferred forms.
In the specification that this place provides, numerous specific details are set forth.It is to be appreciated, however, that the implementation of the present invention
Example can be put into practice in the case of these no details.In some instances, known method, structure is not been shown in detail
And technology, so as not to obscure the understanding of this description.
Similarly, it will be appreciated that in order to simplify the disclosure and help to understand one or more of each inventive aspect,
Above in the description to the exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes
In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention:I.e. required guarantor
The application claims of shield features more more than the feature being expressly recited in each claim.It is more precisely, such as following
Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore,
Thus the claims for following embodiment are expressly incorporated in the embodiment, wherein each claim is in itself
Separate embodiments all as the present invention.
Those skilled in the art, which are appreciated that, to be carried out adaptively to the module in the equipment in embodiment
Change and they are arranged in one or more equipment different from the embodiment.Can be the module or list in embodiment
Member or component be combined into a module or unit or component, and can be divided into addition multiple submodule or subelement or
Sub-component.In addition at least some in such feature and/or process or unit exclude each other, it can use any
Combination is disclosed to all features disclosed in this specification (including adjoint claim, summary and accompanying drawing) and so to appoint
Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification (including adjoint power
Profit requires, summary and accompanying drawing) disclosed in each feature can be by providing the alternative features of identical, equivalent or similar purpose come generation
Replace.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments
In included some features rather than further feature, but the combination of the feature of different embodiments means in of the invention
Within the scope of and form different embodiments.For example, in the following claims, embodiment claimed is appointed
One of meaning mode can use in any combination.
The all parts embodiment of the present invention can be realized with hardware, or to be run on one or more processor
Software module realize, or realized with combinations thereof.It will be understood by those of skill in the art that it can use in practice
Microprocessor or digital signal processor (DSP) realize some in the device of sandbox management according to embodiments of the present invention
Or some or all functions of whole parts.The present invention be also implemented as perform method as described herein one
Partly or completely equipment or program of device (for example, computer program and computer program product).It is such to realize this
The program of invention can store on a computer-readable medium, or can have the form of one or more signal.So
Signal can download and obtain from internet website, either provide on carrier signal or provided in the form of any other.
It should be noted that the present invention will be described rather than limits the invention for above-described embodiment, and ability
Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference symbol between bracket should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not
Element or step listed in the claims.Word "a" or "an" before element does not exclude the presence of multiple such
Element.The present invention can be by means of including the hardware of some different elements and being come by means of properly programmed computer real
It is existing.In if the unit claim of equipment for drying is listed, several in these devices can be by same hardware branch
To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and run after fame
Claim.
The invention discloses:A1. a kind of sandbox management method, it includes:
Sandbox copy is generated using default sandbox image copying, and starts the sandbox copy;
Register the sandbox copy;
Sample data information to be detected is pushed into the sandbox copy to be detected;
Close and reclaim the sandbox copy.
A2. the method according to A1, wherein, the registration sandbox copy further comprises:
Obtain the IP address of the sandbox copy, and by the information reporting of the sandbox copy, wherein the sandbox copy
Information include sandbox copy version information, operating system version information and/or plug-in list.
A3. the method according to A1 or A2, wherein, the sample data information to be detected include sample to be detected and/
Or the configuration script of the operation sample to be detected;
It is described sample data information to be detected be pushed to the sandbox copy carry out detection further comprise:
According to the configuration script of the operation sample to be detected, the test sample to be checked is run in the sandbox copy
This, and record log information caused by the operation sample to be detected;
The log information is obtained, and the log information is sent to log server.
A4. the method according to any one of A1-A3, wherein, sample data information to be detected is pushed to described
Before the sandbox copy is detected, methods described also includes:
Presupposition analysis plug-in unit is inserted into the sandbox copy, for running the presupposition analysis in the sandbox copy
Plug-in unit.
A5. the method according to A3, wherein, it is described to close and reclaim the sandbox copy and further comprise:
The process that the sample to be detected is run in the sandbox copy is monitored, after the completion of process execution, is closed
And reclaim the sandbox copy.
A6. the method according to A3, wherein, it is described to close and reclaim the sandbox copy and further comprise:
Monitor the process that the sample to be detected is run in the sandbox copy;If the process is in default time-out time
When the log information of record is identical, closes and reclaim the sandbox copy.
A7. the method according to A3, wherein, it is described to close and reclaim the sandbox copy and further comprise:
After the log information is sent into log server, closes and reclaim the sandbox copy.
A8. the method according to any one of A1-A7, wherein, methods described also includes:
The configuration information of the default sandbox mirror image of modification.
A9. the method according to any one of A1-A8, wherein, methods described also includes:
Delete default sandbox mirror image.
A10. the method according to any one of A1-A9, wherein, the sandbox management process uses remote procedure call
Mode.
The invention also discloses:B11. a kind of sandbox managing device, it includes:
Replication module, suitable for generating sandbox copy using default sandbox image copying, and start the sandbox copy;
Registering modules, suitable for registering the sandbox copy;
Detection module, detected suitable for sample data information to be detected is pushed into the sandbox copy;
Closedown module, suitable for closing and reclaiming the sandbox copy.
B12. the device according to B11, wherein, the Registering modules are further adapted for:
Obtain the IP address of the sandbox copy, and by the information reporting of the sandbox copy, wherein the sandbox copy
Information include sandbox copy version information, operating system version information and/or plug-in list.
B13. the device according to B11 or B12, wherein, the sample data information to be detected includes sample to be detected
And/or the configuration script of the operation sample to be detected;
The detection module is further adapted for:According to the configuration script of the operation sample to be detected, in the sand
The sample to be detected is run in case copy, and records log information caused by the operation sample to be detected;Obtain the day
Will information, and the log information is sent to log server.
B14. the device according to any one of B11-B13, wherein, described device also includes:
Card module, suitable for presupposition analysis plug-in unit is inserted into the sandbox copy, for being transported in the sandbox copy
The row presupposition analysis plug-in unit.
B15. the device according to B13, wherein, the closedown module is further adapted for:
The process that the sample to be detected is run in the sandbox copy is monitored, after the completion of process execution, is closed
And reclaim the sandbox copy.
B16. the device according to B13, wherein, the closedown module is further adapted for:
Monitor the process that the sample to be detected is run in the sandbox copy;If the process is in default time-out time
When the log information of record is identical, closes and reclaim the sandbox copy.
B17. the device according to B13, wherein, the closedown module is further adapted for:
After the log information is sent into log server, closes and reclaim the sandbox copy.
B18. the device according to any one of B11-B17, wherein, described device also includes:
Modified module, it is suitably modified to the configuration information of default sandbox mirror image.
B19. the device according to any one of B11-B18, wherein, described device also includes:
Removing module, suitable for deleting default sandbox mirror image.
B20. the device according to any one of B11-B19, wherein, the sandbox management process is adjusted using remote process
Use mode.
The invention also discloses:C21. a kind of computing device, including:Processor, memory, communication interface and communication are total
Line, the processor, the memory and the communication interface complete mutual communication by the communication bus;
The memory is used to deposit an at least executable instruction, and the executable instruction makes the computing device such as
Operated corresponding to sandbox management method any one of A1-A10.
The invention also discloses:D22. a kind of computer-readable storage medium, being stored with least one in the storage medium can hold
Row instruction, the executable instruction make corresponding to sandbox management method of the computing device as any one of A1-A10
Operation.
Claims (10)
1. a kind of sandbox management method, it includes:
Sandbox copy is generated using default sandbox image copying, and starts the sandbox copy;
Register the sandbox copy;
Sample data information to be detected is pushed into the sandbox copy to be detected;
Close and reclaim the sandbox copy.
2. according to the method for claim 1, wherein, the registration sandbox copy further comprises:
Obtain the IP address of the sandbox copy, and by the information reporting of the sandbox copy, wherein the letter of the sandbox copy
Breath includes sandbox copy version information, operating system version information and/or plug-in list.
3. method according to claim 1 or 2, wherein, the sample data information to be detected include sample to be detected and/
Or the configuration script of the operation sample to be detected;
It is described sample data information to be detected be pushed to the sandbox copy carry out detection further comprise:
According to the configuration script of the operation sample to be detected, the sample to be detected is run in the sandbox copy,
And record log information caused by the operation sample to be detected;
The log information is obtained, and the log information is sent to log server.
4. according to the method any one of claim 1-3, wherein, sample data information to be detected is pushed to described
Before the sandbox copy is detected, methods described also includes:
Presupposition analysis plug-in unit is inserted into the sandbox copy, inserted for running the presupposition analysis in the sandbox copy
Part.
5. according to the method for claim 3, wherein, it is described to close and reclaim the sandbox copy and further comprise:
The process that the sample to be detected is run in the sandbox copy is monitored, after the completion of process execution, closes and returns
Receive the sandbox copy.
6. according to the method for claim 3, wherein, it is described to close and reclaim the sandbox copy and further comprise:
Monitor the process that the sample to be detected is run in the sandbox copy;If the process records in default time-out time
Log information it is identical when, close and reclaim the sandbox copy.
7. according to the method for claim 3, wherein, it is described to close and reclaim the sandbox copy and further comprise:
After the log information is sent into log server, closes and reclaim the sandbox copy.
8. a kind of sandbox managing device, it includes:
Replication module, suitable for generating sandbox copy using default sandbox image copying, and start the sandbox copy;
Registering modules, suitable for registering the sandbox copy;
Detection module, detected suitable for sample data information to be detected is pushed into the sandbox copy;
Closedown module, suitable for closing and reclaiming the sandbox copy.
9. a kind of computing device, including:Processor, memory, communication interface and communication bus, the processor, the storage
Device and the communication interface complete mutual communication by the communication bus;
The memory is used to deposit an at least executable instruction, and the executable instruction makes the computing device such as right will
Ask and operated corresponding to the sandbox management method any one of 1-7.
10. a kind of computer-readable storage medium, an at least executable instruction, the executable instruction are stored with the storage medium
Make operation corresponding to sandbox management method of the computing device as any one of claim 1-7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710915235.7A CN107506641A (en) | 2017-09-30 | 2017-09-30 | Sandbox management method and device, computing device, storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710915235.7A CN107506641A (en) | 2017-09-30 | 2017-09-30 | Sandbox management method and device, computing device, storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107506641A true CN107506641A (en) | 2017-12-22 |
Family
ID=60700390
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710915235.7A Pending CN107506641A (en) | 2017-09-30 | 2017-09-30 | Sandbox management method and device, computing device, storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107506641A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109446800A (en) * | 2018-11-15 | 2019-03-08 | 珠海市知安全科技有限公司 | A kind of sample sandbox analysis method and device |
CN110311901A (en) * | 2019-06-21 | 2019-10-08 | 南京尓嘉网络科技有限公司 | A kind of lightweight network sandbox setting method based on container technique |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104598812A (en) * | 2011-12-28 | 2015-05-06 | 奇智软件(北京)有限公司 | Webpage browsing method and device in sandbox |
CN105760755A (en) * | 2016-02-24 | 2016-07-13 | 浪潮通用软件有限公司 | Visual Studio extension pack isolation method |
CN106547608A (en) * | 2016-09-09 | 2017-03-29 | 北京安天电子设备有限公司 | A kind of sandbox concurrent method and system based on page active folding |
CN106557701A (en) * | 2016-11-28 | 2017-04-05 | 北京奇虎科技有限公司 | kernel leak detection method and device based on virtual machine |
CN106709326A (en) * | 2016-11-24 | 2017-05-24 | 北京奇虎科技有限公司 | Processing method and device for suspicious sample |
-
2017
- 2017-09-30 CN CN201710915235.7A patent/CN107506641A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104598812A (en) * | 2011-12-28 | 2015-05-06 | 奇智软件(北京)有限公司 | Webpage browsing method and device in sandbox |
CN105760755A (en) * | 2016-02-24 | 2016-07-13 | 浪潮通用软件有限公司 | Visual Studio extension pack isolation method |
CN106547608A (en) * | 2016-09-09 | 2017-03-29 | 北京安天电子设备有限公司 | A kind of sandbox concurrent method and system based on page active folding |
CN106709326A (en) * | 2016-11-24 | 2017-05-24 | 北京奇虎科技有限公司 | Processing method and device for suspicious sample |
CN106557701A (en) * | 2016-11-28 | 2017-04-05 | 北京奇虎科技有限公司 | kernel leak detection method and device based on virtual machine |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109446800A (en) * | 2018-11-15 | 2019-03-08 | 珠海市知安全科技有限公司 | A kind of sample sandbox analysis method and device |
CN110311901A (en) * | 2019-06-21 | 2019-10-08 | 南京尓嘉网络科技有限公司 | A kind of lightweight network sandbox setting method based on container technique |
CN110311901B (en) * | 2019-06-21 | 2022-03-08 | 北京雅客云安全科技有限公司 | Lightweight network sandbox setting method based on container technology |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10397077B2 (en) | Generating production server load activity for a test server | |
JP5665188B2 (en) | System for inspecting information processing equipment to which software update is applied | |
US20100071066A1 (en) | System, method and program product for dynamically performing an audit and security compliance validation in an operating environment | |
US9274778B2 (en) | Software signature discovery | |
US10585785B2 (en) | Preservation of modifications after overlay removal from a container | |
CN107193615A (en) | The renewal dispositions method and device of item code information | |
US9921930B2 (en) | Using values of multiple metadata parameters for a target data record set population to generate a corresponding test data record set population | |
CN107506641A (en) | Sandbox management method and device, computing device, storage medium | |
EP3980894A1 (en) | Systems and methods for simulating real-world io workloads in a parallel and distributed storage system | |
CN114978963A (en) | Network system monitoring analysis method and device, electronic equipment and storage medium | |
US9690819B2 (en) | Verification of record based systems | |
US9569453B1 (en) | Systems and methods for simulating file system instances | |
Lutui et al. | Data Acquisition from Cloud Network Storage | |
KR102131446B1 (en) | System, apparatus for operating analysis engine and method of analysis engine update thereof | |
US20230418787A1 (en) | Prediction of file interaction by a user | |
US11221925B2 (en) | Continuous storage of data in a system with limited storage capacity | |
CN110377326B (en) | Installation package generation method, installation package generation device, development device and computer readable medium | |
CN117493159A (en) | Application testing method and device, electronic equipment and readable storage medium | |
US20140089911A1 (en) | Rationalizing functions to identify re-usable services | |
US20170103087A1 (en) | Subsystem dataset utilizing cloud storage | |
CN115454808A (en) | Method and system for controlling file to be online and electronic equipment | |
CN116679965A (en) | Database client upgrading method and system | |
CN117176551A (en) | Service request feedback method and device and computer readable storage medium | |
CN110750293A (en) | Component warehouse implementation method and device | |
US20160011892A1 (en) | Application discovery in virtual machines using temporal clustering of installation files |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171222 |
|
RJ01 | Rejection of invention patent application after publication |