CN111736960B - Service providing method, device and storage medium based on software isolation - Google Patents

Service providing method, device and storage medium based on software isolation Download PDF

Info

Publication number
CN111736960B
CN111736960B CN202010792767.8A CN202010792767A CN111736960B CN 111736960 B CN111736960 B CN 111736960B CN 202010792767 A CN202010792767 A CN 202010792767A CN 111736960 B CN111736960 B CN 111736960B
Authority
CN
China
Prior art keywords
jvm
sub
user
main
child
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010792767.8A
Other languages
Chinese (zh)
Other versions
CN111736960A (en
Inventor
焦靖伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Infosec Technologies Co Ltd
Original Assignee
Beijing Infosec Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Infosec Technologies Co Ltd filed Critical Beijing Infosec Technologies Co Ltd
Priority to CN202010792767.8A priority Critical patent/CN111736960B/en
Publication of CN111736960A publication Critical patent/CN111736960A/en
Application granted granted Critical
Publication of CN111736960B publication Critical patent/CN111736960B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45504Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45562Creating, deleting, cloning virtual machine instances
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Stored Programmes (AREA)

Abstract

The embodiment of the application provides a service providing method, equipment and storage medium based on software isolation. In the embodiment of the application, JVMs are adopted to realize isolation among services, a main JVM is used as an interface for interaction between computing services and users, a sub JVM with independent operating environments can be created for different users according to the requirements of the users, the sub JVM is used for providing computing services for the users, and the sub JVM returns the computing results to the users through the main JVM. The mutual isolation of the operating environments between the sub JVMs can realize the isolation between different user computing services, so that the user data is safer.

Description

Service providing method, device and storage medium based on software isolation
Technical Field
The present application relates to the field of internet technologies, and in particular, to a service providing method and device based on software isolation, and a storage medium.
Background
In order to deploy a service to a server, we need to configure a runtime environment for the service. In the prior art, in order to ensure safety, an isolation technology is generally required to isolate an operating environment. The hardware isolation performance is good, but the migration is not easy, and the method is not suitable for the scenes of cloud computing and the like which depend on the hardware weakly. Therefore, how to implement the isolation technology is one of the problems that needs to be solved urgently.
Disclosure of Invention
Aspects of the present disclosure provide a service providing method, device, and storage medium based on software isolation, so as to implement an isolation technique.
The embodiment of the application provides a service providing method based on software isolation, which comprises the following steps: creating a main JVM facing a demand user of computing service; the main JVM establishes a sub JVM with an independent operation environment for a user according to a computing resource application initiated by the user, and establishes a communication connection with the sub JVM according to a computing service use application of the user; and the main JVM forwards the computing service requirements of the user to the sub JVM based on the communication connection so that the sub JVM can provide computing services for the user, and the computing results of the sub JVM are returned to the user.
An embodiment of the present application further provides a server device, including: a memory and a processor; a memory for storing a computer program corresponding to the main JVM; a processor, coupled to the memory, for executing a computer program corresponding to the host JVM, for: according to a computing resource application initiated by a user, a sub JVM with an independent operation environment is created for the user, and according to the computing service application of the user, a communication connection with the sub JVM is established; based on the communication connection, the computing service requirement of the user is forwarded to the sub JVM so that the sub JVM can provide computing service for the user, and the computing result of the sub JVM is returned to the user.
Embodiments of the present application further provide a computer-readable storage medium storing a computer program, which, when executed by a processor, causes the processor to implement the steps in the software isolation-based service providing method in the embodiments of the present application.
In the embodiment of the application, JVMs are adopted to realize isolation among services, a main JVM is used as an interface for interaction between computing services and users, a sub JVM with independent operating environments can be created for different users according to the requirements of the users, the sub JVM is used for providing computing services for the users, and the sub JVM returns the computing results to the users through the main JVM. The mutual isolation of the operating environments between the sub JVMs can realize the isolation between different user computing services, so that the user data is safer.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a schematic structural diagram of a service system provided in an exemplary embodiment of the present application;
FIG. 2 is a flowchart illustrating a user interaction with a service system to provide computing services according to an exemplary embodiment of the present application;
fig. 3 is a schematic flowchart of a service providing method based on software isolation according to an exemplary embodiment of the present application;
fig. 4 is a schematic structural diagram of a server device according to an exemplary embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail and completely with reference to the following specific embodiments of the present application and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The technical solutions provided by the embodiments of the present application are described in detail below with reference to the accompanying drawings.
FIG. 1 is a schematic diagram of a service system according to an exemplary embodiment of the present application; as shown in fig. 1, the service system 100 includes: a main Java Virtual Machine (JVM) 101 and at least one sub-JVM 102.
In this embodiment, the service system 100 may provide computing services to the outside, and the computing services may be, but are not limited to: an online education service, an online video service, an online live broadcast service, or the like. A user may initiate a computing resource application to the host JVM 101, where the computing resource application refers to a request from the user to create a child JVM 102. Based on this, the user, who needs the computing service, of the main JVM 101 can serve as an interactive interface between the service system and the user, and can create the sub JVM 102 with an independent operating environment for the user according to the computing resource application initiated by the user, so as to provide the computing service for the user by using the sub JVM 102, and return the computing result of the sub JVM 102 to the user. Different sub-JVMs 102 have independent operating environments, that is, different sub-JVMs 102 are isolated from each other and cannot communicate with each other, and the communication between the user and the sub-JVM 102 is realized through the main JVM 101, so that not only can the isolation between different user computing services be realized, but also the data of the user can be more secure. In addition, the execution environment of the sub-JVM 102 is purer (e.g., only provides computing services, not providing management services), and the function is single, so that the sub-JVM 102 can concentrate on providing computing services, and the efficiency is higher. Further, a just-in-time compiler (JIT) overlaying the child JVM 102 may provide better performance using optimizations such as inlining, pre-heating, etc. In-line is to embed logic of other methods called internally by a method into its own method in the sub JVM 102, and then to change the method to itself, thereby saving the extra expense of calling a function. Pre-warming refers to pre-caching all classes in the child JVM 102 so as to be immediately available when the child JVM 102 is running.
In this embodiment, after creating the child JVM 102, the user may send a computing service usage application to the host JVM 101, where the computing service usage application is used to apply for providing computing services using the created child JVM 102. The computing service use application can carry the computing service requirements of the user. Based on this, the main JVM 101 can establish a communication connection with the sub JVM 102 according to the computing service use application of the user, and lay a foundation for providing computing service using the sub JVM 102. Further, based on the communication connection, the computing service requirements of the user are forwarded to the sub-JVM 102 for the sub-JVM 102 to provide computing services for the user, and the computing results of the sub-JVM 102 are returned to the user.
As shown in fig. 2, an embodiment of the present application further provides an interaction flowchart of a user providing computing services through a service system, and as shown in fig. 2, the flowchart includes the following steps:
21a, the service manager creates a main JVM.
22a, the user initiates a computing resource application to the main JVM to apply for the sub JVM.
23a, the main JVM creates a sub JVM with an independent operation environment according to the computing resource application.
And 24a, initiating a computing service use application to the main JVM by the user to request to use the sub JVM to provide services for the user.
25a, the main JVM establishes communication connection with the sub JVM according to the computing service use application of the user.
Based on the communication connection, the master JVM forwards the user's computing service requirements to the child JVM 26 a.
27a, the sub JVM provides calculation service for the user, and returns the calculation result to the main JVM.
28a, the main JVM returns the calculation result returned by the sub JVM to the user.
In step 21a, an embodiment of creating a host JVM for providing services to the outside includes: receiving an instruction for creating a main JVM (JVM) input by a service manager through a command line; executing an executable file corresponding to the main JVM according to the instruction, creating the main JVM and distributing a name and a main process number to the main JVM; and establishing a binding relation between the name of the main JVM and the number of the main process. Wherein the master JVM may provide its name to the child JVM for the child JVM to establish a communication connection with the master JVM. In addition, the service manager can destroy the main JVM through the main process number.
In step 23a, an embodiment of a host JVM creating a child JVM with an independent operating environment for a user according to a computing resource application initiated by the user, includes: receiving a computing resource application initiated by a user, wherein the computing resource application is used for requesting to establish a sub JVM providing computing service; executing the executable file corresponding to the child JVM to create the child JVM for a user and allocate a child process number and a child process name to the child JVM; and establishing a binding relationship between the name of the child JVM and the child process number. In this embodiment, the main JVM may establish a communication connection with the sub JVM according to the name of the sub JVM, and may destroy the sub JVM by the process number.
In an optional embodiment, the method of this embodiment further includes: the main JVM allocates a user identifier to a user; and establishing a mapping relation between the user identifier and the name of the sub JVM, and storing the mapping relation into a mapping relation table. In this embodiment, the host JVM may assign a user identifier to the user according to the information such as the MAC address, IP address or name of the user, where the user identifier refers to identification information that can uniquely identify a user, and may be, for example, an alphabet, a number, a numeric string or a character string, such as "aaa", or "111", or "aabb" or "11 aa".
In step 24a, a user identifier of the user may be obtained according to the computing service use application of the user; the computing service use application of the user comprises information such as an MAC address, an IP address or a user name of the user, a user identifier of the user can be obtained based on the information, and further, a mapping relation table is inquired according to the user identifier to judge whether the name of the sub JVM corresponding to the user identifier exists or not; if the child JVM exists, according to the name of the child JVM, a Socket service is started between the main JVM and the child JVM identified by the name of the child JVM so as to establish communication connection with the child JVM; if the sub-JVM does not exist, the main JVM is not used for creating the sub-JVM for the user or the sub-JVM corresponding to the user is recycled and destroyed, the executable file is executed, the sub-JVM is created for the user, and the sub-process number and the corresponding name are distributed to the sub-JVM; and according to the name of the child JVM, starting a Socket service between the main JVM and the child JVM to establish communication connection with the child JVM. Wherein the master JVM may provide its name to the child JVM to enable establishing a communication connection with the child JVM.
The Socket is an intermediate software abstraction layer for communication between an application layer and a Transmission Control Protocol/Internet Protocol (TCP/IP) family, and is a group of interfaces. The main JVM and the sub JVM can establish connection based on Socket service, the main JVM sends a calculation service requirement, the sub JVM receives a request and processes the calculation service requirement, then a calculation result is sent to the main JVM, and the main JVM returns the calculation result to a user.
In an optional embodiment, the method of this embodiment further includes: after the main JVM creates the sub JVM, if a computing service use application initiated by a user for the sub JVM is not received within the time exceeding a set first threshold value, the sub JVM is recovered; or the main JVM recovers the sub JVM after returning the calculation result of the sub JVM to the user. Wherein, recycling the child JVM means that the child JVM is destroyed by the main JVM through the process number of the child JVM.
In the embodiment of the application, JVMs are adopted to realize isolation among services, a main JVM is used as an interface for interaction between computing services and users, a sub JVM with independent operating environments can be created for different users according to the requirements of the users, the sub JVM is used for providing computing services for the users, and the sub JVM returns the computing results to the users through the main JVM. The mutual isolation of the operating environments between the sub JVMs can realize the isolation between different user computing services, so that the user data is safer.
Fig. 3 is a schematic flowchart of a service providing method based on software isolation according to an exemplary embodiment of the present application; as shown in fig. 3, the method includes:
31. creating a main JVM facing a demand user of computing service;
32. the main JVM establishes a sub JVM with an independent operation environment for a user according to a computing resource application initiated by the user, and establishes a communication connection with the sub JVM according to a computing service use application of the user;
33. and the main JVM forwards the computing service requirements of the user to the sub JVM based on the communication connection so that the sub JVM can provide computing services for the user, and the computing results of the sub JVM are returned to the user.
In this embodiment, the main JVM may provide a computing service to a demand user on one hand, and may control the creation and destruction of the sub JVM on the other hand, and provide the computing service demand of the user to the sub JVM. The sub-JVM is a Java virtual machine providing computing services for a user, different sub-JVMs have independent operating environments, i.e., different sub-JVMs are isolated from each other and cannot communicate with each other, and communication between the user and the sub-JVM is realized through the main JVM.
Among these, computing services may be, but are not limited to: an online education service, an online video service, an online live broadcast service, or the like. Computing service requirements refer to user requirements for computing services, and the user may submit the computing service requirements in the form of a Software Development Kit (SDK) or an Application Programming Interface (API).
In this embodiment, a user may initiate a computing resource application to a host JVM, where the computing resource application refers to a request for the user to apply for creating a child JVM. Based on this, the main JVM can create a sub-JVM with an independent operating environment for the user according to the computing resource application initiated by the user. One user may have multiple sub JVMs, or one computing unit may be shared by one group (including multiple users), which is not limited herein.
In this embodiment, after creating the child JVM, the user may send a computing service use application to the host JVM, where the computing service use application is used to apply for the created child JVM to the host JVM. The computing service use application can carry the computing service requirements of the user. Based on this, the main JVM can establish a communication connection with the sub JVM according to the computing service use application of the user. Further, based on the communication connection, the computing service requirement of the user is forwarded to the sub JVM to provide the computing service for the user by the sub JVM, and the computing result of the sub JVM is returned to the user.
In the embodiment of the application, JVMs are adopted to realize isolation among services, a main JVM is used as an interface for interaction between computing services and users, a sub JVM with independent operating environments can be created for different users according to the requirements of the users, the sub JVM is used for providing computing services for the users, and the sub JVM returns the computing results to the users through the main JVM. The mutual isolation of the operating environments between the sub JVMs can realize the isolation between different user computing services, so that the user data is safer.
In an alternative embodiment, an implementation of creating a host JVM for providing services to the outside includes: receiving an instruction for creating a main JVM (JVM) input by a service manager through a command line; executing an executable file corresponding to the main JVM according to the instruction, creating the main JVM and distributing a name and a main process number to the main JVM; and establishing a binding relation between the name of the main JVM and the number of the main process. Wherein the master JVM may provide its name to the child JVM for the child JVM to establish a communication connection with the master JVM. In addition, the service manager can destroy the main JVM through the main process number.
In an alternative embodiment, an implementation of a master JVM creating a child JVM with an independent operating environment for a user according to a computing resource application initiated by the user includes: receiving a computing resource application initiated by a user, wherein the computing resource application is used for requesting to establish a sub JVM providing computing service; executing the executable file corresponding to the child JVM to create the child JVM for a user and allocate a child process number and a child process name to the child JVM; and establishing a binding relationship between the name of the child JVM and the child process number. In this embodiment, the main JVM may establish a communication connection with the sub JVM according to the name of the sub JVM, and may destroy the sub JVM by the process number.
In an optional embodiment, the method of this embodiment further includes: the main JVM allocates a user identifier to a user; and establishing a mapping relation between the user identifier and the name of the sub JVM, and storing the mapping relation into a mapping relation table. In this embodiment, the host JVM may assign a user identifier to the user according to the information such as the MAC address, IP address or name of the user, where the user identifier refers to identification information that can uniquely identify a user, and may be, for example, an alphabet, a number, a numeric string or a character string, such as "aaa", or "111", or "aabb" or "11 aa".
Further optionally, the user identifier of the user may be obtained according to the computing service use application of the user; the computing service use application of the user comprises information such as an MAC address, an IP address or a user name of the user, a user identifier of the user can be obtained based on the information, and further, a mapping relation table is inquired according to the user identifier to judge whether the name of the sub JVM corresponding to the user identifier exists or not; if the child JVM exists, according to the name of the child JVM, a Socket service is started between the main JVM and the child JVM identified by the name of the child JVM so as to establish communication connection with the child JVM; if the sub-JVM does not exist, the main JVM is not used for creating the sub-JVM for the user or the sub-JVM corresponding to the user is recycled and destroyed, the executable file is executed, the sub-JVM is created for the user, and the sub-process number and the corresponding name are distributed to the sub-JVM; and according to the name of the child JVM, starting a Socket service between the main JVM and the child JVM to establish communication connection with the child JVM. Wherein the master JVM may provide its name to the child JVM to enable establishing a communication connection with the child JVM.
In an optional embodiment, the method of this embodiment further includes: after the main JVM creates the sub JVM, if a computing service use application initiated by a user for the sub JVM is not received within the time exceeding a set first threshold value, the sub JVM is recovered; or the main JVM recovers the sub JVM after returning the calculation result of the sub JVM to the user. Wherein, recycling the child JVM means that the child JVM is destroyed by the main JVM through the process number of the child JVM.
In the embodiment of the application, JVMs are adopted to realize isolation among services, a main JVM is used as an interface for interaction between computing services and users, a sub JVM with independent operating environments can be created for different users according to the requirements of the users, the sub JVM is used for providing computing services for the users, and the sub JVM returns the computing results to the users through the main JVM. The mutual isolation of the operating environments between the sub JVMs can realize the isolation between different user computing services, so that the user data is safer.
It should be noted that the execution subjects of the steps of the methods provided in the above embodiments may be the same device, or different devices may be used as the execution subjects of the methods. For example, the execution subjects of steps 31 to 33 may be device a; for another example, the execution subject of steps 31 and 32 may be device a, and the execution subject of step 33 may be device B; and so on.
In addition, in some of the flows described in the above embodiments and the drawings, a plurality of operations are included in a specific order, but it should be clearly understood that the operations may be executed out of the order presented herein or in parallel, and the sequence numbers of the operations, such as 31, 32, etc., are merely used for distinguishing different operations, and the sequence numbers do not represent any execution order per se. Additionally, the flows may include more or fewer operations, and the operations may be performed sequentially or in parallel. It should be noted that, the descriptions of "first", "second", etc. in this document are used for distinguishing different messages, devices, modules, etc., and do not represent a sequential order, nor limit the types of "first" and "second" to be different.
Fig. 4 is a schematic structural diagram of a server device according to an exemplary embodiment of the present application; as shown in fig. 4, the server device includes: a memory 401 and a processor 402.
The memory 401 is used for storing a computer program corresponding to the host JVM, and may be configured to store other various data to support operations on the server device. Examples of such data include instructions for any application or method operating on the server device, contact data, phonebook data, messages, pictures, videos, and so forth.
The memory 401 may be implemented by any type or combination of volatile or non-volatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.
A processor 402, coupled to the memory 401, for running a computer program corresponding to the host JVM, for: according to a computing resource application initiated by a user, a sub JVM with an independent operation environment is created for the user, and according to the computing service application of the user, a communication connection with the sub JVM is established; based on the communication connection, the computing service requirement of the user is forwarded to the sub JVM so that the sub JVM can provide computing service for the user, and the computing result of the sub JVM is returned to the user.
In an alternative embodiment, the processor 402 is further configured to: receiving an instruction for creating a main JVM (JVM) input by a service manager through a command line; executing an executable file corresponding to the main JVM according to the instruction, creating the main JVM and distributing a name and a main process number to the main JVM; and establishing a binding relation between the name of the main JVM and the number of the main process.
In an optional embodiment, when the main JVM creates a sub JVM with an independent running environment for a user according to a computing resource application initiated by the user, the processor 402 is specifically configured to: receiving a computing resource application initiated by a user, wherein the computing resource application is used for requesting to establish a sub JVM providing computing service; executing an executable file corresponding to the child JVM to create the child JVM for a user and allocate a child process number and a child process name to the child JVM; and establishing a binding relationship between the name of the child JVM and the child process number.
In an alternative embodiment, the processor 402 is further configured to: allocating user identification for a user; and establishing a mapping relation between the user identifier and the name of the sub JVM, and storing the mapping relation into a mapping relation table.
In an alternative embodiment, the processor 402, when establishing a communication connection with the sub JVM according to the computing service usage application of the user, is specifically configured to: acquiring a user identifier of a user according to a computing service use application of the user; inquiring a mapping relation table according to the user identifier to judge whether the name of the sub JVM corresponding to the user identifier exists or not; if the child JVM exists, according to the name of the child JVM, a Socket service is started between the main JVM and the child JVM identified by the name of the child JVM so as to establish communication connection with the child JVM; if not, executing the executable file to create a child JVM for the user and allocate a child process number and a corresponding name to the child JVM; and according to the name of the child JVM, starting a Socket service between the main JVM and the child JVM to establish communication connection with the child JVM.
In an alternative embodiment, the processor 402 is further configured to: after the main JVM creates the sub JVM, if a computing service use application initiated by a user for the sub JVM is not received within the time exceeding a set first threshold value, the sub JVM is recovered; or the main JVM recovers the sub JVM after returning the calculation result of the sub JVM to the user.
In the embodiment of the application, JVMs are adopted to realize isolation among services, a main JVM is used as an interface for interaction between computing services and users, a sub JVM with independent operating environments can be created for different users according to the requirements of the users, the sub JVM is used for providing computing services for the users, and the sub JVM returns the computing results to the users through the main JVM. The mutual isolation of the operating environments between the sub JVMs can realize the isolation between different user computing services, so that the user data is safer.
Further, as shown in fig. 4, the server device further includes: communication components 406, power components 408, and the like. Only some of the components are schematically shown in fig. 4, and the server device is not meant to include only the components shown in fig. 4. If the server device of this embodiment is implemented as a conventional server, a cloud server, or a server array.
Accordingly, an embodiment of the present application further provides a computer-readable storage medium storing a computer program, where the computer program can implement the steps that can be executed by the server device in the software isolation-based service providing method embodiment.
The communication component of fig. 4 described above is configured to facilitate communication between the device in which the communication component is located and other devices in a wired or wireless manner. The device in which the communication component is located may access a wireless network based on a communication standard, such as WiFi, 2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component may further include a Near Field Communication (NFC) module, Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and the like.
The power supply assembly of fig. 4 described above provides power to the various components of the device in which the power supply assembly is located. The power components may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the device in which the power component is located.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (4)

1. A service providing method based on software isolation is characterized by comprising the following steps:
creating a main JVM facing a demand user of a computing service;
the main JVM establishes a sub JVM with an independent operation environment for a user according to a computing resource application initiated by the user, and establishes a communication connection with the sub JVM according to a computing service use application of the user;
the main JVM forwards the computing service requirement of the user to the sub JVM based on the communication connection so that the sub JVM can provide computing service for the user, and the computing result of the sub JVM is returned to the user;
wherein, creating a main JVM providing computing service to the outside comprises:
receiving an instruction for creating a main JVM (JVM) input by a service manager through a command line;
executing an executable file corresponding to the main JVM according to the instruction, creating the main JVM and distributing a name and a main process number to the main JVM;
establishing a binding relationship between the name of the main JVM and the number of the main process;
the main JVM establishes a sub JVM with an independent operation environment for a user according to a computing resource application initiated by the user, and the method comprises the following steps:
receiving a computing resource application initiated by a user, wherein the computing resource application is used for requesting to establish a sub JVM providing the computing service;
executing an executable file corresponding to the child JVM to create the child JVM for the user and allocate a child process number and a child process name to the child JVM;
establishing a binding relationship between the name of the child JVM and the child process number;
the method further comprises the following steps: allocating a user identifier for the user;
establishing a mapping relation between the user identifier and the name of the sub JVM, and storing the mapping relation into a mapping relation table;
establishing a communication connection with the sub JVM according to the computing service use application of the user, comprising:
acquiring a user identifier of the user according to the computing service application of the user;
inquiring the mapping relation table according to the user identifier to judge whether the name of the sub JVM corresponding to the user identifier exists or not;
if the sub-JVM exists, according to the name of the sub-JVM, starting Socket service between the main JVM and the sub-JVM identified by the name of the sub-JVM to establish communication connection with the sub-JVM;
if not, executing the executable file to create the child JVM for the user and allocate a child process number and a corresponding name to the child JVM; and according to the name of the sub JVM, starting Socket service between the main JVM and the sub JVM to establish communication connection with the sub JVM.
2. The method of claim 1, further comprising:
after the main JVM creates the sub JVM, if a computing service use application initiated by a user for the sub JVM is not received within a first set threshold time, recovering the sub JVM;
or
And after the main JVM returns the calculation result of the sub JVM to the user, the main JVM recycles the sub JVM.
3. A server-side device, comprising: a memory and a processor;
the memory is used for storing a computer program corresponding to the main JVM;
the processor, coupled to the memory, is configured to run a computer program corresponding to the host JVM, and is configured to: according to a computing resource application initiated by a user, a sub JVM with an independent operating environment is created for the user, and according to a computing service application of the user, a communication connection with the sub JVM is established; based on the communication connection, forwarding the computing service requirement of the user to the sub JVM to provide computing service for the user by the sub JVM, and returning the computing result of the sub JVM to the user;
the processor is further configured to:
receiving an instruction for creating a main JVM (JVM) input by a service manager through a command line;
executing an executable file corresponding to the main JVM according to the instruction, creating the main JVM and distributing a name and a main process number to the main JVM;
establishing a binding relationship between the name of the main JVM and the number of the main process;
the processor, when the main JVM applies for a computing resource initiated by a user and creates a sub JVM with an independent operating environment for the user, is specifically configured to:
receiving a computing resource application initiated by a user, wherein the computing resource application is used for requesting to establish a sub JVM providing the computing service;
executing an executable file corresponding to the child JVM to create the child JVM for the user and allocate a child process number and a child process name to the child JVM;
establishing a binding relationship between the name of the child JVM and the child process number;
the processor is further configured to: allocating a user identifier for the user;
establishing a mapping relation between the user identifier and the name of the sub JVM, and storing the mapping relation into a mapping relation table;
when the processor establishes a communication connection with the sub JVM according to the computing service use application of the user, the processor is specifically configured to:
acquiring a user identifier of the user according to the computing service application of the user;
inquiring the mapping relation table according to the user identifier to judge whether the name of the sub JVM corresponding to the user identifier exists or not;
if the sub-JVM exists, according to the name of the sub-JVM, starting Socket service between the main JVM and the sub-JVM identified by the name of the sub-JVM to establish communication connection with the sub-JVM;
if not, executing the executable file to create the child JVM for the user and allocate a child process number and a corresponding name to the child JVM; and according to the name of the sub JVM, starting Socket service between the main JVM and the sub JVM to establish communication connection with the sub JVM.
4. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, causes the processor to carry out the steps of the method of any one of claims 1-2.
CN202010792767.8A 2020-08-10 2020-08-10 Service providing method, device and storage medium based on software isolation Active CN111736960B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010792767.8A CN111736960B (en) 2020-08-10 2020-08-10 Service providing method, device and storage medium based on software isolation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010792767.8A CN111736960B (en) 2020-08-10 2020-08-10 Service providing method, device and storage medium based on software isolation

Publications (2)

Publication Number Publication Date
CN111736960A CN111736960A (en) 2020-10-02
CN111736960B true CN111736960B (en) 2020-12-22

Family

ID=72658253

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010792767.8A Active CN111736960B (en) 2020-08-10 2020-08-10 Service providing method, device and storage medium based on software isolation

Country Status (1)

Country Link
CN (1) CN111736960B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114416290B (en) * 2021-12-29 2024-09-17 航天信息股份有限公司 Method and equipment for automatically building container platform based on onsible

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103077072A (en) * 2013-01-04 2013-05-01 浪潮(北京)电子信息产业有限公司 Method and system for copying virtual machine
US8839188B2 (en) * 2011-05-18 2014-09-16 International Business Machines Corporation Automated build process and root-cause analysis
CN104331375A (en) * 2014-10-29 2015-02-04 中国建设银行股份有限公司 Shared virtualized resource management method and shared virtualized resource management device under shared virtualized resource pool environment
CN105917627A (en) * 2014-02-07 2016-08-31 甲骨文国际公司 Cloud service custom execution environment
CN106990998A (en) * 2016-01-21 2017-07-28 阿里巴巴集团控股有限公司 Virtual machine monitoring method and device
CN107515777A (en) * 2017-08-18 2017-12-26 郑州云海信息技术有限公司 The management method and device of resources of virtual machine in cloud system
CN109086136A (en) * 2018-07-26 2018-12-25 广东浪潮大数据研究有限公司 A kind of request processing method and relevant apparatus of Samba software
CN111078263A (en) * 2019-12-13 2020-04-28 深圳市随手科技有限公司 Hot deployment method, system, server and storage medium based on Drools rule engine

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101668022B (en) * 2009-09-14 2012-09-12 陈博东 Virtual network isolation system established on virtual machine and implementation method thereof
CN103034526B (en) * 2012-12-06 2016-04-13 中国电信股份有限公司 A kind of implementation method of virtualization services and device
CN104657215A (en) * 2013-11-19 2015-05-27 南京鼎盟科技有限公司 Virtualization energy-saving system in Cloud computing
CN104951694B (en) * 2014-03-24 2018-04-10 华为技术有限公司 A kind of partition method and device for managing virtual machine
CN106354544A (en) * 2016-08-24 2017-01-25 华为技术有限公司 Virtual machine creating method and system and host
US10452420B1 (en) * 2016-11-02 2019-10-22 Parallels International Gmbh Virtualization extension modules

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8839188B2 (en) * 2011-05-18 2014-09-16 International Business Machines Corporation Automated build process and root-cause analysis
CN103077072A (en) * 2013-01-04 2013-05-01 浪潮(北京)电子信息产业有限公司 Method and system for copying virtual machine
CN105917627A (en) * 2014-02-07 2016-08-31 甲骨文国际公司 Cloud service custom execution environment
CN104331375A (en) * 2014-10-29 2015-02-04 中国建设银行股份有限公司 Shared virtualized resource management method and shared virtualized resource management device under shared virtualized resource pool environment
CN106990998A (en) * 2016-01-21 2017-07-28 阿里巴巴集团控股有限公司 Virtual machine monitoring method and device
CN107515777A (en) * 2017-08-18 2017-12-26 郑州云海信息技术有限公司 The management method and device of resources of virtual machine in cloud system
CN109086136A (en) * 2018-07-26 2018-12-25 广东浪潮大数据研究有限公司 A kind of request processing method and relevant apparatus of Samba software
CN111078263A (en) * 2019-12-13 2020-04-28 深圳市随手科技有限公司 Hot deployment method, system, server and storage medium based on Drools rule engine

Also Published As

Publication number Publication date
CN111736960A (en) 2020-10-02

Similar Documents

Publication Publication Date Title
CN112019475B (en) Resource access method, device, system and storage medium under server-free architecture
CN109104467B (en) Development environment construction method and device, platform system and storage medium
AU2015419073B2 (en) Life cycle management method and device for network service
CN107196982B (en) User request processing method and device
US20170373931A1 (en) Method for updating network service descriptor nsd and apparatus
CN111641515B (en) VNF life cycle management method and device
CN113760452B (en) Container scheduling method, system, equipment and storage medium
CN106533713B (en) Application deployment method and device
CN108737224B (en) Message processing method and device based on micro-service architecture
CN114070822B (en) Kubernetes Overlay IP address management method
CN111835679B (en) Tenant resource management method and device under multi-tenant scene
US10282120B2 (en) Method, apparatus and system for inserting disk
CN113810230A (en) Method, device and system for carrying out network configuration on containers in container cluster
CN105516086A (en) Service processing method and apparatus
CN113438295A (en) Container group address allocation method, device, equipment and storage medium
JP2007226800A (en) System and method for managing resources by using virtual ids in multiple java application environment
CN114422350A (en) Public cloud container instance creating method
CN111736960B (en) Service providing method, device and storage medium based on software isolation
CN111683159A (en) IP address allocation method, device, system and storage medium
CN102077186A (en) Methods and systems for transmitting disk images
CN108667750B (en) Virtual resource management method and device
CN111294220B (en) Nginx-based network isolation configuration method and device
CN109660575B (en) Method and device for realizing NFV service deployment
CN112445602A (en) Resource scheduling method, device and system and electronic equipment
CN115174529B (en) Network processing method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant