CN114338160A - Program access control method and device, electronic equipment and storage medium - Google Patents
Program access control method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN114338160A CN114338160A CN202111631674.8A CN202111631674A CN114338160A CN 114338160 A CN114338160 A CN 114338160A CN 202111631674 A CN202111631674 A CN 202111631674A CN 114338160 A CN114338160 A CN 114338160A
- Authority
- CN
- China
- Prior art keywords
- flow
- program
- container
- sidecar
- access control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 63
- 238000006243 chemical reaction Methods 0.000 claims abstract description 11
- 238000004590 computer program Methods 0.000 claims description 13
- 230000008569 process Effects 0.000 description 20
- 238000004891 communication Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 6
- 238000012545 processing Methods 0.000 description 6
- 230000009471 action Effects 0.000 description 3
- 238000005111 flow chemistry technique Methods 0.000 description 3
- 238000001514 detection method Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The embodiment of the application provides a program access control method, a program access control device, an electronic device and a storage medium, wherein the method comprises the following steps: adding a sidecar container to the group of program execution containers; intercepting the flow entering the program execution container group by using a side car container; carrying out configuration format conversion on the flow to obtain the flow which can be identified by the container of the side car; browsing the flow recognizable by the container of the side car; reading the identification in the identifiable flow through the sidecar container; and releasing the flow according to the identity. By implementing the embodiment of the application, the program is lighter and simpler, and the compiling difficulty and the compiling efficiency are reduced.
Description
Technical Field
The present application relates to the field of network security technologies, and in particular, to a program access control method and apparatus, an electronic device, and a computer-readable storage medium.
Background
Access control methods in an enterprise environment generally include three types: an autonomous access control method. At present, access control modules in most information systems in China basically use access control lists in an autonomous access control method; the forced access control method is used for military application with multi-level security level. A Role-Based access control (RBAC) method is currently recognized as an effective method for solving the problem of uniform resource access control in large-scale enterprises.
The current universal RBAC is realized based on codes, so that a programmer still considers authority control when writing service codes, a large number of logic branches of authority control are generated in the service codes, the codes in the programs are bloated, the simplicity of the programs is influenced, and the writing difficulty and the writing efficiency are also improved.
Disclosure of Invention
An object of the embodiments of the present application is to provide a program access control method, device, electronic device, and computer-readable storage medium, so that the program is lighter and simpler, the compiling difficulty is reduced, and the compiling efficiency is improved.
In a first aspect, an embodiment of the present application provides a program access control method, where the method includes:
adding a sidecar container to the group of program execution containers;
intercepting the flow entering the program execution container group by using the sidecar container;
carrying out configuration format conversion on the flow to obtain the flow which can be identified by the sidecar container;
browsing the flow recognizable by the sidecar container;
reading the identification in the identifiable flow through the sidecar container;
and releasing the flow according to the identity.
In the implementation process, the sidecar container is added as a bridge between the programs, the flow entering the programs is intercepted and detected through the sidecar container, the flow entering the programs is guaranteed to be feasible and safe, and the quantity of the programs is reduced, so that the programs are simpler.
Further, the intercepting with the sidecar container of the flow into the program execution container group includes:
acquiring an IP address of the flow;
judging whether the IP address of the flow is identifiable by the program execution container group;
if so, sending an instruction to the sidecar container so that the sidecar container is provided with a firewall to intercept the flow.
In the implementation process, the recognizable program in the program is intercepted by the sidecar container, the flow entering the program is ensured to be the flow corresponding to the program, the flow processing and recognizing processes of the subsequent program are reduced, and the complexity of the program is reduced.
Further, the step of converting the configuration format of the flow rate to obtain the flow rate recognizable by the sidecar container includes:
acquiring request parameters in the flow;
and converting the flow into the flow which can be identified by the sidecar container according to the request parameter.
In the implementation process, the flow is converted into the flow which can be identified by the side car container according to the specific request parameters in the flow, so that the flow can be further conveniently detected by the subsequent side car container, the complex steps of detecting the flow by a program are avoided, and the programming difficulty of the program is reduced.
Further, the step of releasing the traffic according to the identity includes:
acquiring a flow strategy and authority information in the identity;
and if the permission information accords with the flow strategy, releasing the flow.
In the implementation process, whether the authority information in the identity label accords with the flow strategy is judged, if so, the time for processing the flow by a subsequent program can be saved, and the programming efficiency and the flow receiving efficiency of the program are improved.
In a second aspect, an embodiment of the present application further provides a program access control apparatus, where the apparatus includes:
the adding module is used for adding the sidecar container to the program execution container group;
the intercepting module is used for intercepting the flow entering the program execution container group by using the sidecar container;
the conversion module is used for carrying out configuration format conversion on the flow to obtain the flow which can be identified by the sidecar container;
the browsing module is used for browsing the flow which can be identified by the sidecar container;
the reading module is used for reading the identification in the identifiable flow through the sidecar container;
and the receiving module is used for releasing the flow according to the identity.
In the implementation process, the sidecar container is added as a bridge between the programs, the flow entering the programs is intercepted and detected through the sidecar container, the flow entering the programs is guaranteed to be feasible and safe, and the quantity of the programs is reduced, so that the programs are simpler.
Further, the intercepting module is further configured to:
acquiring an IP address of the flow;
judging whether the IP address of the flow is identifiable by the program execution container group;
if so, sending an instruction to the sidecar container so that the sidecar container is provided with a firewall to intercept the flow.
In the implementation process, the recognizable program in the program is intercepted by the sidecar container, the flow entering the program is ensured to be the flow corresponding to the program, the flow processing and recognizing processes of the subsequent program are reduced, and the complexity of the program is reduced.
Further, the conversion module is further configured to:
acquiring request parameters in the flow;
and converting the flow into the flow which can be identified by the sidecar container according to the request parameter.
In the implementation process, the flow is converted into the flow which can be identified by the side car container according to the specific request parameters in the flow, so that the flow can be further conveniently detected by the subsequent side car container, the complex steps of detecting the flow by a program are avoided, and the programming difficulty of the program is reduced.
Further, the receiving module is further configured to:
acquiring a flow strategy and authority information in the identity;
and if the permission information accords with the flow strategy, releasing the flow.
In the implementation process, the authority information in the identity label is matched with the program information in the sidecar container, so that the time for processing the flow by a subsequent program can be saved, and the programming efficiency and the flow receiving efficiency of the program can be improved.
In a third aspect, an electronic device provided in an embodiment of the present application includes: memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the method according to any of the first aspect when executing the computer program.
In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium having instructions stored thereon, which, when executed on a computer, cause the computer to perform the method according to any one of the first aspect.
In a fifth aspect, embodiments of the present application provide a computer program product, which when run on a computer, causes the computer to perform the method according to any one of the first aspect.
Additional features and advantages of the disclosure will be set forth in the description which follows, or in part may be learned by the practice of the above-described techniques of the disclosure, or may be learned by practice of the disclosure.
The present invention can be implemented in accordance with the content of the specification, and the following detailed description of the preferred embodiments of the present application is made with reference to the accompanying drawings.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a schematic flowchart of a program access control method according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of a program access control device according to an embodiment of the present application;
fig. 3 is a schematic structural component diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
The following detailed description of embodiments of the present application will be described in conjunction with the accompanying drawings and examples. The following examples are intended to illustrate the present application but are not intended to limit the scope of the present application.
Example one
Fig. 1 is a schematic flowchart of a program access control method provided in an embodiment of the present application, and as shown in fig. 1, the method includes:
s1, adding a sidecar container to the program execution container group;
s2, intercepting the flow entering the program execution container group by using the sidecar container;
s3, converting the configuration format of the flow to obtain the flow which can be identified by the container of the side car;
s4, browsing the flow recognizable by the side car container;
s5, reading the identification in the recognizable flow through the sidecar container;
and S6, passing the flow according to the identity.
Taking this embodiment as an example, a sidecar container is added as a bridge between programs, and the flow entering the program is intercepted and detected through the sidecar container, so that the flow entering the program is guaranteed to be feasible and safe, and the amount of the program is reduced, so that the program is simpler.
The embodiment of the application is realized based on a uniform distributed system, and the RBAC authority control function is sunk to the bottom layer of the system, so that a programmer only needs to pay attention to business logic without controlling various authorities in codes, and the development efficiency of the programmer is improved.
The whole system bottom layer is realized by using a container technology, container arrangement is performed by a unified container arrangement system, optionally, the container arrangement system can be kubernets (K8s), a program execution container group is a pod, each service consists of a group of pods, one pod can contain a plurality of containers, generally, only one application program (program for short) is deployed in one pod, in the embodiment of the application, one container is injected into one pod, the container is in the same pod with the application program, the injected container is called a sidecar container (sidecar), the sidecar program is a high-performance agent written by C + +, the initiation of the sidecar can automatically set an IP tables (Linux kernel integrated IP packet filtering system, namely a firewall), and the flow of all incoming and outgoing programs of the agent is intercepted, and the Internet Protocol (IP).
Further, S2 includes:
acquiring an IP address of flow;
judging whether the IP address of the flow is recognizable to the program execution container group;
if so, sending an instruction to the sidecar container so that the sidecar container sets a firewall to intercept the flow.
Taking this embodiment as an example, the side car container intercepts the recognizable program in the entering program, so as to ensure that the flow rate in the entering program is the flow rate corresponding to the program, reduce the flow rate processing and recognizing processes of the subsequent programs, and reduce the complexity of the program.
Further, S3 includes:
acquiring request parameters in flow;
and converting the flow into the flow which can be identified by the sidecar container according to the request parameters.
Taking this embodiment as an example, according to a specific request parameter in the flow, the flow is converted into a flow that can be identified by the sidecar container, which further facilitates the detection of the flow by the subsequent sidecar container, avoids the complex steps of detecting the flow by the program, and reduces the difficulty in writing the program.
Illustratively, by managing the rights access relationship between page configurable applications, this relationship may be governed to the interface level, namely: the method comprises the steps that a program A is allowed to access interfaces of a program B, access to the interfaces of an application program B is forbidden, all authority rules of page configuration are sent to a configuration conversion program in a restful (Representational State Transfer) mode, REST request parameters are converted into a configuration format which can be recognized by sidecar by the configuration conversion program, the sidecar is connected with the configuration conversion program through a grpc (high-performance open-source RPC framework of Google), configuration is pulled in real time, the sidecar program can automatically update configuration and dynamically take effect, the program does not need to be restarted, and the sidecar is not needed to be restarted.
In S4, the view is an authenticated view of the sidecar container.
Further, S6 includes:
acquiring authority information in a flow strategy and an identity;
and if the authority information accords with the flow strategy, releasing the flow.
In the embodiment of the application, the flow policy contains an access rule of the flow to the program, the flow is divided into two layers for the access of the program, the first layer directly judges whether the flow is the flow corresponding to the program, if so, the side car container can identify and simultaneously intercept the flow to perform the next detection, specific authority information in the flow is needed at the moment, if the specific authority information can be matched with the program information in the side car container, the flow is received, the flow is indicated to be the flow of the access program, and if the specific authority information cannot be matched with the program information in the side car container, the flow is indicated to be the flow of the access program, and if the specific authority information cannot be matched with the program information, the flow is indicated to be not the flow of the access program, and the flow is rejected.
Taking this embodiment as an example, it is determined whether the authority information in the identity identifier conforms to the traffic policy, and if so, the time for the subsequent program to process the traffic can be saved, and the programming efficiency and the traffic receiving efficiency of the program can be improved.
Example two
In order to implement the method corresponding to the above-mentioned embodiment to achieve the corresponding functions and technical effects, the following provides a program access control device, as shown in fig. 2, comprising:
an adding module 1, configured to add a sidecar container to the program execution container group;
the intercepting module 2 is used for intercepting the flow entering the program execution container group by using the sidecar container;
the conversion module 3 is used for carrying out configuration format conversion on the flow to obtain the flow which can be identified by the container of the side car;
the browsing module 4 is used for browsing the flow which can be identified by the side car container;
the reading module 5 is used for reading the identification in the identifiable flow through the sidecar container;
and the receiving module 6 is used for releasing the flow according to the identity.
In the implementation process, the sidecar container is added as a bridge between the programs, the flow entering the programs is intercepted and detected through the sidecar container, the flow entering the programs is guaranteed to be feasible and safe, and the quantity of the programs is reduced, so that the programs are simpler.
Further, the intercepting module 2 is further configured to:
acquiring an IP address of flow;
judging whether the IP address of the flow is recognizable to the program execution container group;
if so, sending an instruction to the sidecar container so that the sidecar container sets a firewall to intercept the flow.
In the implementation process, the recognizable program in the program is intercepted by the sidecar container, the flow entering the program is ensured to be the flow corresponding to the program, the flow processing and recognizing processes of the subsequent program are reduced, and the complexity of the program is reduced.
Further, the conversion module 3 is further configured to:
acquiring request parameters in flow;
and converting the flow into the flow which can be identified by the sidecar container according to the request parameters.
In the implementation process, the flow is converted into the flow which can be identified by the side car container according to the specific request parameters in the flow, so that the flow can be further conveniently detected by the subsequent side car container, the complex steps of detecting the flow by a program are avoided, and the programming difficulty of the program is reduced.
Further, the receiving module 6 is further configured to:
acquiring authority information in a flow strategy and an identity;
and if the authority information accords with the flow strategy, releasing the flow.
In the implementation process, whether the authority information in the identity label accords with the flow strategy is judged, if so, the time for processing the flow by a subsequent program can be saved, and the programming efficiency and the flow receiving efficiency of the program are improved.
The program access control device can implement the method of the first embodiment. The alternatives in the first embodiment are also applicable to the present embodiment, and are not described in detail here.
The rest of the embodiments of the present application may refer to the contents of the first embodiment, and in this embodiment, details are not repeated.
EXAMPLE III
An embodiment of the present application provides an electronic device, which includes a memory and a processor, where the memory is used to store a computer program, and the processor runs the computer program to enable the electronic device to execute the program access control method of the first embodiment.
Alternatively, the electronic device may be a server.
Referring to fig. 3, fig. 3 is a schematic structural composition diagram of an electronic device according to an embodiment of the present disclosure. The electronic device may include a processor 31, a communication interface 32, a memory 33, and at least one communication bus 34. Wherein the communication bus 34 is used for realizing direct connection communication of these components. The communication interface 32 of the device in the embodiment of the present application is used for performing signaling or data communication with other node devices. The processor 31 may be an integrated circuit chip having signal processing capabilities.
The Processor 31 may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor 31 may be any conventional processor or the like.
The Memory 33 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an erasable Read-Only Memory (EPROM), an electrically erasable Read-Only Memory (EEPROM), and the like. The memory 33 has stored therein computer readable instructions which, when executed by the processor 31, enable the apparatus to perform the various steps involved in the method embodiment of fig. 1 described above.
Optionally, the electronic device may further include a memory controller, an input output unit. The memory 33, the memory controller, the processor 31, the peripheral interface, and the input/output unit are electrically connected to each other directly or indirectly to realize data transmission or interaction. For example, these components may be electrically connected to each other via one or more communication buses 34. The processor 31 is adapted to execute executable modules stored in the memory 33, such as software functional modules or computer programs comprised by the device.
The input and output unit is used for providing a task for a user to create and start an optional time period or preset execution time for the task creation so as to realize the interaction between the user and the server. The input/output unit may be, but is not limited to, a mouse, a keyboard, and the like.
It will be appreciated that the configuration shown in fig. 3 is merely illustrative and that the electronic device may include more or fewer components than shown in fig. 3 or have a different configuration than shown in fig. 3. The components shown in fig. 3 may be implemented in hardware, software, or a combination thereof.
In addition, an embodiment of the present application further provides a computer-readable storage medium, in which a computer program is stored, and the computer program, when executed by a processor, implements the program access control method according to the first embodiment.
Embodiments of the present application further provide a computer program product, which when running on a computer, causes the computer to execute the method described in the method embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a U disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Claims (10)
1. A program access control method, the method comprising:
adding a sidecar container to the group of program execution containers;
intercepting the flow entering the program execution container group by using the sidecar container;
carrying out configuration format conversion on the flow to obtain the flow which can be identified by the sidecar container;
browsing the flow recognizable by the sidecar container;
reading the identification in the identifiable flow through the sidecar container;
and releasing the flow according to the identity.
2. The program access control method of claim 1, wherein the step of intercepting with the sidecar container traffic entering the group of program execution containers comprises:
acquiring an IP address of the flow;
judging whether the IP address of the flow is identifiable by the program execution container group;
if so, sending an instruction to the sidecar container so that the sidecar container is provided with a firewall to intercept the flow.
3. The program access control method according to claim 1, wherein the step of converting the configuration format of the traffic to obtain the traffic recognizable by the sidecar container includes:
acquiring request parameters in the flow;
and converting the flow into the flow which can be identified by the sidecar container according to the request parameter.
4. The program access control method of claim 1, wherein the step of passing the traffic through the network according to the identity comprises:
acquiring a flow strategy and authority information in the identity;
and if the permission information accords with the flow strategy, releasing the flow.
5. A program access control apparatus, characterized in that the apparatus comprises:
the adding module is used for adding the sidecar container to the program execution container group;
the intercepting module is used for intercepting the flow entering the program execution container group by using the sidecar container;
the conversion module is used for carrying out configuration format conversion on the flow to obtain the flow which can be identified by the sidecar container;
the browsing module is used for browsing the flow which can be identified by the sidecar container;
the reading module is used for reading the identification in the identifiable flow through the sidecar container;
and the receiving module is used for releasing the flow according to the identity.
6. The program access control device of claim 5, wherein the interception module is further configured to:
acquiring an IP address of the flow;
judging whether the IP address of the flow is identifiable by the program execution container group;
if so, sending an instruction to the sidecar container so that the sidecar container is provided with a firewall to intercept the flow.
7. The program access control device of claim 5, wherein the translation module is further configured to:
acquiring request parameters in the flow;
and converting the flow into the flow which can be identified by the sidecar container according to the request parameter.
8. The program access control device of claim 5, wherein the receiving module is further configured to:
acquiring a flow strategy and authority information in the identity;
and if the permission information accords with the flow strategy, releasing the flow.
9. An electronic device, comprising a memory for storing a computer program and a processor for executing the computer program to cause the electronic device to perform the program access control method according to any one of claims 1 to 4.
10. A computer-readable storage medium, characterized in that it stores a computer program which, when executed by a processor, implements the program access control method according to any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111631674.8A CN114338160A (en) | 2021-12-29 | 2021-12-29 | Program access control method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111631674.8A CN114338160A (en) | 2021-12-29 | 2021-12-29 | Program access control method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114338160A true CN114338160A (en) | 2022-04-12 |
Family
ID=81015846
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111631674.8A Pending CN114338160A (en) | 2021-12-29 | 2021-12-29 | Program access control method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114338160A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114826906A (en) * | 2022-04-13 | 2022-07-29 | 北京奇艺世纪科技有限公司 | Flow control method and device, electronic equipment and storage medium |
| CN116032806A (en) * | 2023-03-27 | 2023-04-28 | 杭州谐云科技有限公司 | Flow dyeing method and system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112153049A (en) * | 2020-09-24 | 2020-12-29 | 绿盟科技集团股份有限公司 | Intrusion detection method and device |
| CN112311800A (en) * | 2020-11-02 | 2021-02-02 | 杭州安恒信息技术股份有限公司 | Method, system, equipment and readable storage medium for area access control |
-
2021
- 2021-12-29 CN CN202111631674.8A patent/CN114338160A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112153049A (en) * | 2020-09-24 | 2020-12-29 | 绿盟科技集团股份有限公司 | Intrusion detection method and device |
| CN112311800A (en) * | 2020-11-02 | 2021-02-02 | 杭州安恒信息技术股份有限公司 | Method, system, equipment and readable storage medium for area access control |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114826906A (en) * | 2022-04-13 | 2022-07-29 | 北京奇艺世纪科技有限公司 | Flow control method and device, electronic equipment and storage medium |
| CN114826906B (en) * | 2022-04-13 | 2023-09-22 | 北京奇艺世纪科技有限公司 | Flow control method, device, electronic equipment and storage medium |
| CN116032806A (en) * | 2023-03-27 | 2023-04-28 | 杭州谐云科技有限公司 | Flow dyeing method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10270781B2 (en) | Techniques for data security in a multi-tenant environment | |
| US8938775B1 (en) | Dynamic data loss prevention in a multi-tenant environment | |
| US8590003B2 (en) | Controlling access to resources by hosted entities | |
| US20190034647A1 (en) | Managing access to documents with a file monitor | |
| RU2618946C1 (en) | Method to lock access to data on mobile device with api for users with disabilities | |
| CN114338160A (en) | Program access control method and device, electronic equipment and storage medium | |
| US11425127B2 (en) | Securing application behavior in serverless computing | |
| JP2017532649A (en) | Confidential information processing method, apparatus, server, and security determination system | |
| JP6701097B2 (en) | Resolvable protection of sensitive data items | |
| KR20160090905A (en) | Protection system including security rule evaluation | |
| US10540637B2 (en) | Intelligent, context-based delivery of sensitive email content to mobile devices | |
| US20160350542A1 (en) | Security with respect to managing a shared pool of configurable computing resources | |
| CN111191279A (en) | Big data safe operation space implementation method and system oriented to data sharing service | |
| US10594703B2 (en) | Taint mechanism for messaging system | |
| CN108289080B (en) | Method, device and system for accessing file system | |
| Djemame et al. | Legal issues in clouds: towards a risk inventory | |
| US8635692B2 (en) | System and method for user friendly detection of spammers | |
| US9652608B2 (en) | System and method for securing inter-component communications in an operating system | |
| CN112346888B (en) | Data communication method and device based on software application and server equipment | |
| US11483355B1 (en) | System and methods for agentless managed device identification as part of setting a security policy for a device | |
| EP3702921B1 (en) | Clipboard listener detector | |
| Pratyush et al. | A Secure Mechanism for Safeguarding Cloud Infrastructure | |
| Ghorbel et al. | Privacy data envelope: Concept and implementation | |
| CN113742768A (en) | Privacy protection method, device and system for online application | |
| Sulistio et al. | Towards a self-protecting cloud |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |