CN112084491A - Sandbox mechanism-based cluster virtual user system implementation method - Google Patents
Sandbox mechanism-based cluster virtual user system implementation method Download PDFInfo
- Publication number
- CN112084491A CN112084491A CN202010872358.9A CN202010872358A CN112084491A CN 112084491 A CN112084491 A CN 112084491A CN 202010872358 A CN202010872358 A CN 202010872358A CN 112084491 A CN112084491 A CN 112084491A
- Authority
- CN
- China
- Prior art keywords
- sandbox
- virtual user
- user system
- security level
- cluster virtual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The invention relates to a method for realizing a cluster virtual user system based on a sandbox mechanism. Applying a sandbox mechanism to a cluster communication system consisting of a plurality of terminal devices and a base station to form a cluster virtual user system; the cluster virtual user system is provided with a plurality of switchable modes, and different modes belong to different security levels respectively; meanwhile, the cluster virtual user system has two priority levels of high priority and low priority, wherein the high priority right belongs to the high security level, and the low priority right belongs to the low security level; program resources of high security level of the cluster virtual user system can access program resources of low security level, and program resources of low security level are enclosed in a sandbox, and external resources are not accessible. The sandbox mechanism is applied to the cluster communication system, so that potential safety hazards existing when the system is switched in networks with different modes or user priorities are well solved, and better protection is provided for data.
Description
Technical Field
The invention relates to a cluster communication system, in particular to a cluster virtual user system implementation method based on a sandbox mechanism.
Background
The trunking communication system mainly provides production scheduling and command control services for professionals who work outdoors, is widely used in various fields such as railway transportation, communication propagation, electric power, petroleum, forest, public security and the like, can carry out individual calling, group calling and emergency calling, can also be connected into a public network for communication, and simultaneously has the functions of reliable communication channels, different priority levels, dynamic networking and the like provided for users, and different use fields can be flexibly configured and used according to self requirements, so that the trunking communication system has great convenience. When the device works in a multi-mode and multi-level network, because the network is not controlled and the network devices are mixed, a command system does not have complete control power on the network, the network device may have other authentication forms or authentication capabilities and other factors, if an application program can access any resource, other resources being used may be damaged or data damage, data leakage and the like may be caused, the security of the system may be greatly threatened, and therefore some methods need to be adopted to ensure that the information cannot be tampered or leaked without the right.
Disclosure of Invention
In view of the problems in the prior art, the invention provides a method for implementing a cluster virtual user system based on a sandbox mechanism.
The technical scheme adopted by the invention is as follows: a method for realizing cluster virtual user system based on sandbox mechanism is characterized in that the sandbox mechanism is applied to a cluster communication system composed of a plurality of terminal devices and a base station to form a cluster virtual user system; the cluster virtual user system is provided with a plurality of switchable modes, and different modes belong to different security levels respectively; meanwhile, the cluster virtual user system has two priority levels of high priority and low priority, wherein the high priority right belongs to the high security level, and the low priority right belongs to the low security level; program resources of high security level of the cluster virtual user system can access program resources of low security level, and program resources of low security level are enclosed in a sandbox, and external resources are not accessible.
The cluster virtual user system judges the high and low security and judges whether to restart and load, and the specific process is as follows: when switching between different security levels, the cluster virtual user system needs to be restarted to complete the destruction and establishment of the sandbox and switch the operating environment, when the cluster virtual user system is degraded for use, relevant resources of high-level security services are unloaded and even shielded, and the low-level mode reloads the service template by configuring the sandbox; the sandbox limits the program operating environment and the resource access range in the virtual space corresponding to the current level, ensures the security of other resources, and automatically selects information backup or destruction when the sandbox is destroyed.
When the cluster virtual user system switches the modes, the security level of the modes before and after switching is judged first, and when the priority is changed, the cluster virtual user system judges the priority level before and after changing; the device with high priority has higher authority and belongs to high security level, and the device with low priority has lower authority and belongs to low security level; the content with low security level can not access and change the content with high priority level, and the content with high security level can access and read and write the content with low security level, so that the content which is not safe or reliable is isolated safely, and other resources in the system can not be damaged.
The method comprises the steps that a safe sandbox process pool is arranged in a cluster virtual user system and used for scheduling and managing sandbox processes, the cluster virtual user system initiates a request when the mode is switched, the request comprises security level information and equipment Identity (ID) before and after the mode is switched, logic processing is carried out, whether sandbox switching is needed or not is judged, if sandbox operation is needed, the sandbox processes are managed through a sandbox management module, the needed sandbox processes are taken out from the safe sandbox process pool according to request information, and sandbox content is configured in advance.
The invention has the technical effects that: the sandbox mechanism is applied to the cluster communication system, so that potential safety hazards existing when the system is switched in networks with different modes or user priorities are well solved, and better protection is provided for data.
The sandbox is an independent virtual logic space, and a closed running environment is constructed for the non-trusted resources, so that the program is put in a limited environment, and the internal data of the program cannot be shared with the external resources, so that the sandbox has good sealing property and isolation property. The sandbox has the function of controlling access, namely, an application program and data running in the sandbox cannot access and change external data, the reading and writing of the content of the sandbox are completed in the sandbox, the access right of a user is managed on the basis of maximum resource sharing, any reading and writing operation performed by the user in the sandbox can be redirected to a specific folder, the data outside the sandbox cannot be accessed, the unauthorized and misuse of information is prevented, the access of normal resources can be met, and the safety of a system is ensured.
Drawings
FIG. 1 is a schematic illustration of a sandbox of the system of the present invention;
FIG. 2 is a schematic diagram of sandbox process scheduling in the system of the present invention;
FIG. 3 is a network topology diagram of a trunked communication system;
FIG. 4 is a flow chart of mode switching according to the present invention;
FIG. 5 is a schematic diagram illustrating the switching from the high security level mode to the low security level mode according to the present invention;
FIG. 6 is a diagram illustrating a low security level mode being switched to another low security level mode according to the present invention;
FIG. 7 is a diagram illustrating a low security level mode switching to a high security level mode according to the present invention;
FIG. 8 is a flow chart of priority modification according to the present invention.
Detailed Description
The invention is further illustrated by the following figures and examples.
As shown in fig. 1, the system has several switchable modes, such as mode 1, mode 2, … …, and mode n, where different modes belong to different security levels. Meanwhile, the system has two priority levels of high priority and low priority, wherein the high priority right belongs to the high security level, and the low priority right belongs to the low security level. Program resources of a high security level of the system are accessible and program resources of a low security level are enclosed in a sandbox and external resources are not accessible.
The system can judge the high and low safety and judge whether to restart and load, and the specific process is as follows: when switching between different security levels, the system needs to be restarted to complete the destruction and establishment of the sandbox and switch the operating environment, and when the system is degraded for use, relevant resources of high-level security services are unloaded and even shielded, for example, a high-level encryption module cannot be seen under a low security level. And the low-level mode reloads the service template, such as an address book, frequency point information, a virtual storage space and the like, through the configuration sandbox. The sandbox limits the program operating environment and the resource access range in the virtual space, so that the safety of other resources such as logs, configuration data and the like is guaranteed, and the sandbox can automatically select backup or destroy of information when being destroyed.
When the system switches the modes, the security level of the modes before and after switching is judged first, and when the priority is changed, the system judges the priority level before and after changing. A high priority device has a higher authority and belongs to a high security level, and a low priority device has a lower authority and belongs to a low security level. The content with low security level can not access and change the content with high priority level, while the content with high security level can access the content with read-write low security level, so the content which is not safe or reliable is isolated safely, and other resources in the system can not be damaged.
Each device identity in the cluster communication network has a unique ID assigned by the system, the ID is an identification for accessing the sandbox, downstream resource access is performed by using the ID determined by the membership of the current caller, the right can be individually assigned when accessing the resources, the access right of the resources is limited based on the access role identity, for example, in order to ensure the security of the log file and limit the access to the log file, the person having right to operate the log file is granted the access right.
As shown in fig. 2, the system initiates a request during mode switching, where the request includes security level information and an equipment identity ID before and after mode switching, and after logic processing, the system determines whether sandbox switching is required, and if sandbox operation is required, the system manages the sandbox process through a sandbox management module, and takes out the required sandbox process from the process pool according to the request information, and the sandbox content may be configured in advance, such as data in which an address book, a frequency bank, user personal information, and the like may be written.
The sandbox is provided with a safety check mechanism, the data in the sandbox is provided with specific information such as key data or verification information, and the system can check the specific information regularly or manually to determine whether the sandbox is invaded.
The specific embodiment of the invention is as follows: a cluster virtual user system based on sandbox mechanism includes several terminal devices and base stations, which form several communication networks as shown in fig. 3. Wherein, the base station 1 works in the mode 1, the base station 2 works in the mode 2, … …, the base station n works in the mode n, the terminal device connected with the base station and the base station work in the same mode, and each terminal device has the low priority authority or the high priority authority.
In the normal communication process of each network, a base station and a terminal device in a certain communication network perform mode switching, and a specific flow of security protection implemented by a system in the mode switching process is shown in fig. 4. If the security level is low level 1 or other low security levels, the system is restarted, a virtual space sandbox 1 is established, corresponding programs and resources are used in the sandbox, at this time, the operation range is limited in the sandbox 1, resources outside the sandbox 1 cannot be accessed, and related resources of high-level security services are shielded, as shown in fig. 5.
If the terminal equipment or the base station is switched from the mode 2 to the mode 3, the security level of the mode 2 is the low level 1, the security level of the mode 3 is judged, if the security level is still the low level 1, the direct switching is successful, and the operation is continued in the sandbox 1. If the security level of the mode 3 is other low security levels, the system is restarted, the mode is switched to the mode 3, the original sandbox is destroyed, and a new virtual space sandbox 2 … … is established and entered to use the resource with the corresponding authority, as shown in fig. 6. If the mode 3 is at a high security level, the system is restarted, the original sandbox is destroyed, and the system environment is entered to use the resources of the advanced security mode, as shown in fig. 7.
In the normal communication process of each network, a certain terminal device in a certain communication network changes the priority, and a specific flow of security protection adopted by the system in the priority changing process is shown in fig. 8. When the equipment is reduced from high priority to low priority, the system establishes a sandbox to provide an independent closed space for programs and resources with low priority; when the equipment is upgraded from low priority to high priority, the system selects to destroy or backup the information in the original sandbox, then destroys the sandbox, enters the system environment, uses the programs and resources of the system, and provides higher authority for the high priority.
Claims (2)
1. A method for realizing cluster virtual user system based on sandbox mechanism is characterized in that the sandbox mechanism is applied to a cluster communication system composed of a plurality of terminal devices and a base station to form a cluster virtual user system; the cluster virtual user system is provided with a plurality of switchable modes, and different modes belong to different security levels respectively; meanwhile, the cluster virtual user system has two priority levels of high priority and low priority, wherein the high priority right belongs to the high security level, and the low priority right belongs to the low security level; program resources with high security level of the cluster virtual user system can access program resources with low security level, and the program resources with low security level are sealed in a sandbox and cannot access external resources;
the cluster virtual user system judges the high and low safety and judges whether to restart and load, and the specific process is as follows: when switching between different security levels, the cluster virtual user system needs to be restarted to complete the destruction and establishment of the sandbox and switch the operating environment, when the cluster virtual user system is degraded for use, relevant resources of high-level security services are unloaded and even shielded, and the low-level mode reloads the service template by configuring the sandbox; the sandbox limits the program operating environment and the resource access range in the virtual space corresponding to the current level, ensures the security of other resources, and automatically selects information backup or destruction when the sandbox is destroyed;
when the cluster virtual user system switches the modes, firstly judging the security level of the modes before and after switching, and when the priority is changed, judging the priority level before and after changing by the cluster virtual user system; the device with high priority has higher authority and belongs to high security level, and the device with low priority has lower authority and belongs to low security level; the content with low security level can not access and change the content with high priority level, and the content with high security level can access and read and write the content with low security level, so that the content which is not safe or reliable is isolated safely, and other resources in the system can not be damaged.
2. The method for implementing the cluster virtual user system based on the sandbox mechanism as claimed in claim 1, wherein a secure sandbox process pool is set in the cluster virtual user system for scheduling and managing sandbox processes, the cluster virtual user system initiates a request during mode switching, the request includes security level information and device identity ID before and after mode switching, after logic processing, it is determined whether sandbox switching is required, if sandbox operation is required, the sandbox process is managed by a sandbox management module, the required sandbox process is taken out from the secure sandbox process pool according to the request information, and sandbox content is configured in advance.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010872358.9A CN112084491A (en) | 2020-08-26 | 2020-08-26 | Sandbox mechanism-based cluster virtual user system implementation method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010872358.9A CN112084491A (en) | 2020-08-26 | 2020-08-26 | Sandbox mechanism-based cluster virtual user system implementation method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112084491A true CN112084491A (en) | 2020-12-15 |
Family
ID=73728871
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010872358.9A Pending CN112084491A (en) | 2020-08-26 | 2020-08-26 | Sandbox mechanism-based cluster virtual user system implementation method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112084491A (en) |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1941951A (en) * | 2005-09-29 | 2007-04-04 | 华为技术有限公司 | Method and system for group call telecommunication |
| US20100057774A1 (en) * | 2008-08-29 | 2010-03-04 | Google Inc. | Altered Token Sandboxing |
| US20130024930A1 (en) * | 2011-07-20 | 2013-01-24 | Michael Steil | Executing Functions of a Secure Program in Unprivileged Mode |
| CN102902920A (en) * | 2012-09-13 | 2013-01-30 | 西北工业大学 | Method and system for access safety detection and isolation of virtualized user |
| CN105117645A (en) * | 2015-07-29 | 2015-12-02 | 杭州安恒信息技术有限公司 | Method for operating multiple samples of sandbox virtual machine based on file system filtering drive |
| CN105787382A (en) * | 2016-01-28 | 2016-07-20 | 东软集团股份有限公司 | Access control method and apparatus |
| WO2016192414A1 (en) * | 2015-06-04 | 2016-12-08 | 中兴通讯股份有限公司 | Group calling method and device in trunking communication system |
| CN107066887A (en) * | 2016-02-10 | 2017-08-18 | 道芬综合公司 | Processing unit with sensitive data access module |
| CN107533569A (en) * | 2015-10-23 | 2018-01-02 | 甲骨文国际公司 | The system and method supported for the sandbox in multidimensional data lab environment |
| US20190068641A1 (en) * | 2017-08-31 | 2019-02-28 | International Business Machines Corporation | Application-level sandboxing |
| CN110502364A (en) * | 2018-05-17 | 2019-11-26 | 复旦大学 | Across the cloud back-up restoring method of big data sandbox cluster under a kind of OpenStack platform |
| CN111191225A (en) * | 2020-01-03 | 2020-05-22 | 北京字节跳动网络技术有限公司 | Method, device, medium and electronic equipment for switching isolated objects |
-
2020
- 2020-08-26 CN CN202010872358.9A patent/CN112084491A/en active Pending
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1941951A (en) * | 2005-09-29 | 2007-04-04 | 华为技术有限公司 | Method and system for group call telecommunication |
| US20100057774A1 (en) * | 2008-08-29 | 2010-03-04 | Google Inc. | Altered Token Sandboxing |
| US20130024930A1 (en) * | 2011-07-20 | 2013-01-24 | Michael Steil | Executing Functions of a Secure Program in Unprivileged Mode |
| CN102902920A (en) * | 2012-09-13 | 2013-01-30 | 西北工业大学 | Method and system for access safety detection and isolation of virtualized user |
| WO2016192414A1 (en) * | 2015-06-04 | 2016-12-08 | 中兴通讯股份有限公司 | Group calling method and device in trunking communication system |
| CN105117645A (en) * | 2015-07-29 | 2015-12-02 | 杭州安恒信息技术有限公司 | Method for operating multiple samples of sandbox virtual machine based on file system filtering drive |
| CN107533569A (en) * | 2015-10-23 | 2018-01-02 | 甲骨文国际公司 | The system and method supported for the sandbox in multidimensional data lab environment |
| CN105787382A (en) * | 2016-01-28 | 2016-07-20 | 东软集团股份有限公司 | Access control method and apparatus |
| CN107066887A (en) * | 2016-02-10 | 2017-08-18 | 道芬综合公司 | Processing unit with sensitive data access module |
| US20190068641A1 (en) * | 2017-08-31 | 2019-02-28 | International Business Machines Corporation | Application-level sandboxing |
| CN110502364A (en) * | 2018-05-17 | 2019-11-26 | 复旦大学 | Across the cloud back-up restoring method of big data sandbox cluster under a kind of OpenStack platform |
| CN111191225A (en) * | 2020-01-03 | 2020-05-22 | 北京字节跳动网络技术有限公司 | Method, device, medium and electronic equipment for switching isolated objects |
Non-Patent Citations (9)
| Title |
|---|
| BOYINTHESUN: "Windows沙盒——系统自带的一次性虚拟机", Retrieved from the Internet <URL:https://blog.csdn.net/weixin_37891983/article/details/105233517> * |
| ROBIN: "Windows下的沙盒运行模式,竟然这么有用?!", Retrieved from the Internet <URL:Windows下的沙盒运行模式,竟然这么有用?! - robin的文章 - 知乎 https://zhuanlan.zhihu.com/p/60568682> * |
| STANLEY BAK等: "Sandboxing Controllers for Cyber-Physical Systems", 《2011 IEEE/ACM SECOND INTERNATIONAL CONFERENCE ON CYBER-PHYSICAL SYSTEMS》, pages 3 - 12 * |
| 刘冰炎等: "空地数据链系统中越区切换技术的分析", 《中国新通信》, vol. 20, no. 18, pages 59 * |
| 常瑞: "嵌入式终端可信执行环境构建与安全防护技术研究", 《中国博士学位论文全文数据库》, pages 138 - 9 * |
| 罗启康: "终端虚拟化打造安全银行网络", 《金融科技时代》, vol. 20, no. 07, pages 47 - 48 * |
| 邱崚岭: "在电子政务涉密网络的云计算建设研究", 《通信技术》, vol. 51, no. 9, pages 2215 - 2221 * |
| 马甲林: "航标现场巡检APP的信息安全机制研究", 《航海》, no. 02, pages 34 - 36 * |
| 黄勇军等: "智能终端虚拟化及安全隔离技术", 《电信科学》, vol. 34, no. 02, pages 99 - 109 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104657213B (en) | Using the method and terminal of switching between a kind of system | |
| CN101594360B (en) | Local area network system and method for maintaining safety thereof | |
| CN103679007A (en) | Method and device for managing application program permission and mobile device | |
| CN104794374B (en) | A kind of application rights management method and apparatus for Android system | |
| CN103646215A (en) | Application installation control method, related system and related device | |
| CN104427089B (en) | Mobile terminal and mobile terminal authority management method | |
| CN103813314A (en) | Soft SIM card enabling method and network access method, terminal, and network access device | |
| CN102625310A (en) | Wireless network access method and authentication method and device | |
| CN104735091A (en) | Linux system-based user access control method and device | |
| CN111901360B (en) | Control system and method suitable for safe access of intranet data | |
| CN106648384A (en) | Method and device for service calling | |
| CN111797418A (en) | Control method and device of online service, service terminal, server and storage medium | |
| CN109005198A (en) | A kind of controller attack protection security strategy generation method and system | |
| CN103778379B (en) | Application in management equipment performs and data access | |
| CN114244568B (en) | Security access control method, device and equipment based on terminal access behavior | |
| CN110851825A (en) | eSIM card and working method thereof | |
| CN104955043B (en) | A kind of intelligent terminal security protection system | |
| CN105446901A (en) | Data processing method and device for multi-user terminal | |
| CN107645474A (en) | Log in the method for open platform and log in the device of open platform | |
| CN112084491A (en) | Sandbox mechanism-based cluster virtual user system implementation method | |
| CN103476025A (en) | Progress management method, progress management system and mobile terminal | |
| CN109726187B (en) | Hadoop-oriented adaptive permission control method and device | |
| CN116319927A (en) | Service calling method, electronic equipment and system in hybrid cloud environment | |
| CN115935424A (en) | File unified storage management method and device based on file security and personnel permission | |
| CN101778094B (en) | Mobile storage system used for monitoring |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |