CN114780258A - Method and system for processing partition communication of operating system - Google Patents
Method and system for processing partition communication of operating system Download PDFInfo
- Publication number
- CN114780258A CN114780258A CN202210345443.9A CN202210345443A CN114780258A CN 114780258 A CN114780258 A CN 114780258A CN 202210345443 A CN202210345443 A CN 202210345443A CN 114780258 A CN114780258 A CN 114780258A
- Authority
- CN
- China
- Prior art keywords
- communication
- partition
- execution partition
- data
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/545—Interprogram communication where tasks reside in different layers, e.g. user- and kernel-space
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method and a system for processing communication of an operating system partition, which are used for acquiring kernel resource access information corresponding to an operating system, so that the kernel resource of the operating system is divided into a plurality of communication execution partitions and a security verification partition, and the address information of the kernel resource of each communication execution partition is determined; one of the communication execution partitions actively initiates a communication event request to carry out security verification and determine the address information of a target communication execution partition corresponding to the communication event request, so as to construct a virtual communication channel between the one of the communication execution partitions and the target communication execution partition; finally, communication data interaction between one of the communication execution partitions and the target communication execution partition is realized based on the virtual communication channel; and then, communication data encryption processing is carried out in the communication data interaction process, so that the data interaction communication order among different communication execution partitions can be improved, and meanwhile, the safety of the communication data in the interaction process can be ensured.
Description
Technical Field
The present invention relates to the field of operating system communication management technologies, and in particular, to a method and a system for processing partition communication of an operating system.
Background
In order to implement multi-process operation of an operating system, a plurality of relatively independent communication partitions are usually arranged in a memory space of a server corresponding to the operating system, and the communication partitions perform data interaction communication with each other to complete different communication event tasks, so that a plurality of communication time tasks can be conveniently executed in the same time period. In actual work, data interactive communication is carried out among different communication partitions, which easily causes the communication partitions to have communication data congestion and communication chaos, thereby reducing the ordering of data interactive communication among the different communication partitions and simultaneously failing to ensure the safety of communication data in the interactive process.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides an operating system partition communication processing method and system, which are used for acquiring kernel resource access information corresponding to an operating system, so that the kernel resource of the operating system is divided into a plurality of communication execution partitions and a security verification partition, and the address information of each communication execution partition in the kernel resource is determined; one of the communication execution partitions actively initiates a communication event request to carry out security verification and determine the address information of a target communication execution partition corresponding to the communication event request, so as to construct a virtual communication channel between the one of the communication execution partitions and the target communication execution partition; finally, based on the virtual communication channel, acquiring a response message of the target communication execution partition about the communication event request; according to the response message, communication data interaction between one communication execution partition and the target communication execution partition is formed; and then, communication data encryption processing is carried out in the communication data interaction process, so that the data interaction communication order among different communication execution partitions can be improved, and meanwhile, the safety of the communication data in the interaction process can be ensured.
The invention provides an operating system partition communication processing method, which is characterized by comprising the following steps:
step S1, obtaining kernel resource access information corresponding to the operating system; dividing the kernel resource of the operating system into a plurality of communication execution partitions and a security verification partition according to the kernel resource access information; and determining address information of each communication execution partition in the kernel resource;
step S2, when one of the communication execution partitions initiatively initiates a communication event request, the communication event request is sent to the security verification partition, so as to perform security verification on the communication event request and determine the address information of the corresponding target communication execution partition; then according to the address information, a virtual communication channel between the one communication execution partition and the target communication execution partition is constructed;
step S3, acquiring a response message of the target communication execution partition regarding the communication event request based on the virtual communication channel; according to the response message, communication data interaction between the one communication execution partition and the target communication execution partition is formed; then carrying out communication data encryption processing in the communication data interaction process;
further, in step S1, kernel resource access information corresponding to the operating system is obtained; dividing the kernel resource of the operating system into a plurality of communication execution partitions and a security verification partition according to the kernel resource access information; and determining the address information of each communication execution partition in the kernel resource specifically includes:
step S101, acquiring task running times and task running calculation data quantity of an operating system in a task running process within a preset time period; determining the memory space occupancy rate of the operating system in the task running process according to the task running times and the task running calculation data quantity, and taking the memory space occupancy rate as the kernel resource access information;
step S102, determining the residual available memory space of the server according to the memory space occupancy rate and the size of the whole memory space of the server corresponding to the operating system;
step S103, carrying out average equal division on the residual available memory space of the server so as to obtain a plurality of communication execution partitions and a safety verification partition; determining the number of a memory sector corresponding to the residual available memory space of each communication execution partition in the server at the same time, and taking the number as the address information of each communication execution partition in the kernel resource;
further, in step S2, when one of the communication execution partitions actively initiates a communication event request, the communication event request is sent to the security verification partition, so as to perform security verification on the communication event request and determine the address information of the target communication execution partition corresponding to the communication event request; then, according to the address information, constructing a virtual communication channel between the one communication execution partition and the target communication execution partition specifically includes:
step S201, obtaining the expected initiating time of each communication event in a communication event queue corresponding to one communication execution partition so as to determine the communication event corresponding to the current request to be initiated; marking the corresponding address information of a communication execution partition of a sending target on a communication event corresponding to a current request to be initiated, and then actively generating and initiating a communication event request;
step S202, sending the communication event request to the security verification subarea, and performing security verification on the communication event contained in the communication event request so as to determine whether the communication event belongs to a preset communication event list; if the communication event belongs to the communication event, the communication event is indicated to pass the security verification; if not, indicating that the communication event does not pass the security verification; the preset communication event list comprises at least one communication event which passes safety verification in advance; extracting address information of a corresponding sending target communication execution partition from a communication event request corresponding to a communication event passing the security verification so as to determine the target communication execution partition;
step S203, determining whether the target communication execution partition is in an idle state according to the address information; if the target communication execution partition is in the idle state, constructing a virtual communication channel between the one communication execution partition and the target communication execution partition; if the target communication execution partition is not in the idle state, not constructing a virtual communication channel between the one communication execution partition and the target communication execution partition;
further, in the step S3, based on the virtual communication channel, a response message of the target communication execution partition regarding the communication event request is acquired; according to the response message, communication data interaction between the one communication execution partition and the target communication execution partition is formed; then, the encrypting process of the communication data in the communication data interaction process specifically comprises the following steps:
step S301, based on the virtual communication channel, acquiring a reply response message of the target communication execution partition about the communication event request, thereby taking the one communication execution partition as a unique authentication communication execution partition object of the target communication execution partition;
step S302, the target communication execution partition analyzes the communication event corresponding to the communication event request, and generates corresponding communication data according to the analysis result, so as to interact with one of the communication execution partitions in the virtual communication channel; and simultaneously, encrypting the communication data in the interaction process.
Further, in the step S302, the encrypting the communication data in the interactive process specifically includes:
in the interactive process, the communication data is transmitted according to an eight-digit binary number, so that only a transmitting end and a receiving end know the total data length of the communication data, namely the number of bytes of the data, in the transmission process, each transmitted byte is encrypted once according to the data length of the communication data, and then the secondary encryption is completed by transmitting the bytes in the data in an odd-even alternating manner after the encryption is completed again, and the specific process comprises the following steps:
step S3021, instructing the communication transmitting end to encrypt each transmitted byte once according to the data length of the communication data using the following formula (1),
in the above-mentioned formula (1),
representing in said communication data after a single encryptionBinary form of the ith byte; [ D (i)]2A binary representation of an ith byte in the communication data before encryption; n represents the number of bytes contained in the communication data (i.e., the total data length of the communication data);
indicating a loop left shift;
indicating to perform an upward rounding; (n)2Representing the conversion of a value n into a binary number;
encrypting each byte in the communication data once by using the step S3021;
step S3022, after the communication transmitting end is instructed to complete the primary encryption, the following formula (2) is used to obtain the transmitting permutation value during the data transmission according to the parity of the sequence position of each byte in the communication data, and further complete the secondary encryption during the transmission,
in the above-mentioned formula (2),
a sending permutation value of the ith byte in the communication data after one encryption is expressed in the transmission process (namely, the ith byte encrypted in the transmission process is arranged in the ith byte
Bit transfer locations for transfer); f () represents a parity check function (the function value is 1 if the value in the parentheses is odd, and the function value is 0 if the value in the parentheses is even); k represents the traversal value (from 1 to n);
the step S3022 is performed to transmit the data according to the sequence of the odd and even bits in the transmission process to complete the secondary encryption;
step S3023, instructing the communication receiving end to decrypt the data according to the sequence position and data length of each byte at the time of reception using the following formula (3), thereby completing the encryption processing of the communication data during the interaction,
in the above formula (3), [ D (b)]2A binary representation of the b-th byte after decryption of the received communication data;
the above step S3023 is used to decrypt each byte of the communication data received by the interactive communication receiving end, thereby completing the step of encrypting the communication data during the interactive process.
The invention also provides an operating system partition communication processing system which is characterized by comprising a kernel resource partitioning module, a communication event request processing module, a virtual communication channel constructing module and a communication data interaction processing module; wherein the content of the first and second substances,
the kernel resource dividing module is used for acquiring kernel resource access information corresponding to the operating system; dividing the kernel resource of the operating system into a plurality of communication execution partitions and a security verification partition according to the kernel resource access information; and determining address information of each communication execution partition in the kernel resource;
the communication event request processing module is used for sending a communication event request to the security verification subarea when one of the communication execution subareas actively initiates the communication event request, so as to perform security verification on the communication event request and determine a corresponding target communication execution subarea;
the virtual communication channel construction module is used for constructing a virtual communication channel between the one communication execution partition and the target communication execution partition according to the address information;
the communication data interaction processing module is used for acquiring a response message of the target communication execution partition about the communication event request based on the virtual communication channel; according to the response message, communication data interaction between the one communication execution partition and the target communication execution partition is formed; then carrying out communication data encryption processing in the communication data interaction process;
further, the kernel resource dividing module acquires kernel resource access information corresponding to the operating system; dividing the kernel resource of the operating system into a plurality of communication execution partitions and a security verification partition according to the kernel resource access information; and determining the address information of each communication execution partition in the kernel resource specifically includes:
acquiring task running times and task running calculation data quantity of an operating system in a task running process within a preset time period; determining the memory space occupancy rate of the operating system in the task running process according to the task running times and the task running calculation data quantity, and taking the memory space occupancy rate as the kernel resource access information;
determining the remaining available memory space of the server according to the memory space occupancy rate and the size of the whole memory space of the server corresponding to the operating system;
equally dividing the residual available memory space of the server to obtain a plurality of communication execution partitions and a security verification partition; determining the number of a memory sector corresponding to the residual available memory space of each communication execution partition in the server at the same time, and taking the number as the address information of each communication execution partition in the kernel resource;
further, when one of the communication execution partitions of the communication event request processing module actively initiates a communication event request, the communication event request is sent to the security verification partition, so that performing security verification on the communication event request and determining address information of a target communication execution partition corresponding to the communication event request specifically include:
acquiring the initiation expected time of each communication event in a communication event queue corresponding to one communication execution partition so as to determine the communication event corresponding to the current request to be initiated; marking the corresponding address information of a communication execution partition of a sending target on a communication event corresponding to a current request to be initiated, and then actively generating and initiating a communication event request;
sending the communication event request to the security verification subarea, and performing security verification on the communication event contained in the communication event request so as to determine whether the communication event belongs to a preset communication event list; if the communication event belongs to the communication event, the communication event is indicated to pass the security verification; if not, indicating that the communication event does not pass the security verification; the preset communication event list comprises at least one communication event which passes safety verification in advance; extracting address information of a corresponding sending target communication execution partition from a communication event request corresponding to a communication event passing the security verification so as to determine the address information of the target communication execution partition;
and (c) a second step of,
the step of, by the virtual communication channel construction module, constructing a virtual communication channel between the one communication execution partition and the target communication execution partition according to the address information specifically includes:
determining whether the target communication execution partition is in an idle state or not according to the address information; if the target communication execution partition is in the idle state, constructing a virtual communication channel between the one communication execution partition and the target communication execution partition; if the target communication execution partition is not in the idle state, not constructing a virtual communication channel between the one communication execution partition and the target communication execution partition;
further, the communication data interaction processing module acquires a response message of the target communication execution partition about the communication event request based on the virtual communication channel; according to the response message, communication data interaction between the one communication execution partition and the target communication execution partition is formed; the encryption processing of the communication data in the communication data interaction process specifically comprises the following steps:
acquiring a reply response message of the target communication execution partition about the communication event request based on the virtual communication channel, so as to take the one communication execution partition as a unique authentication communication execution partition object of the target communication execution partition;
the target communication execution partition analyzes the communication event corresponding to the communication event request and generates corresponding communication data according to an analysis result so as to interact with one of the communication execution partitions in the virtual communication channel; and meanwhile, the communication data is encrypted in the interaction process.
Compared with the prior art, the operating system partition communication processing method and the operating system acquire the kernel resource access information corresponding to the operating system, so that the kernel resource of the operating system is divided into a plurality of communication execution partitions and a security verification partition, and the address information of each communication execution partition in the kernel resource is determined; one of the communication execution partitions actively initiates a communication event request to perform security verification and determine the address information of a corresponding target communication execution partition, so as to construct a virtual communication channel between the one of the communication execution partitions and the target communication execution partition; finally, based on the virtual communication channel, acquiring a response message of the target communication execution partition about the communication event request; according to the response message, communication data interaction between one of the communication execution partitions and the target communication execution partition is formed; and then, communication data encryption processing is carried out in the communication data interaction process, so that the ordering of data interaction communication among different communication execution partitions can be improved, and meanwhile, the safety of communication data in the interaction process can be ensured.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
The technical solution of the present invention is further described in detail by the accompanying drawings and embodiments.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart illustrating a partition communication processing method of an operating system according to the present invention.
Fig. 2 is a schematic structural diagram of an os partition communication processing system according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without inventive step based on the embodiments of the present invention, are within the scope of protection of the present invention.
Fig. 1 is a flowchart illustrating an operating system partition communication processing method according to an embodiment of the present invention. The partition communication processing method of the operating system comprises the following steps:
step S1, obtaining kernel resource access information corresponding to the operating system; dividing the kernel resource of the operating system into a plurality of communication execution partitions and a security verification partition according to the kernel resource access information; and determining address information of each communication execution partition in the kernel resource;
step S2, when one of the communication execution partitions initiatively initiates a communication event request, the communication event request is sent to the security verification partition, so as to perform security verification on the communication event request and determine the address information of the corresponding target communication execution partition; then according to the address information, a virtual communication channel between the one communication execution partition and the target communication execution partition is constructed;
step S3, acquiring a response message of the target communication execution partition regarding the communication event request based on the virtual communication channel; according to the response message, communication data interaction between the one communication execution partition and the target communication execution partition is formed; and then carrying out communication data encryption processing in the communication data interaction process.
The beneficial effects of the above technical scheme are: the operating system partition communication processing method obtains kernel resource access information corresponding to an operating system, so that the kernel resource of the operating system is divided into a plurality of communication execution partitions and a safety verification partition, and the address information of the kernel resource of each communication execution partition is determined; one of the communication execution partitions actively initiates a communication event request to carry out security verification and determine the address information of a target communication execution partition corresponding to the communication event request, so as to construct a virtual communication channel between the one of the communication execution partitions and the target communication execution partition; finally, based on the virtual communication channel, acquiring a response message of the target communication execution partition about the communication event request; according to the response message, communication data interaction between one of the communication execution partitions and the target communication execution partition is formed; and then, communication data encryption processing is carried out in the communication data interaction process, so that the ordering of data interaction communication among different communication execution partitions can be improved, and meanwhile, the safety of communication data in the interaction process can be ensured.
Preferably, in step S1, kernel resource access information corresponding to the operating system is obtained; dividing the kernel resource of the operating system into a plurality of communication execution partitions and a security verification partition according to the kernel resource access information; and determining the address information of the kernel resource of each communication execution partition specifically includes:
step S101, acquiring task running times and task running calculation data quantity of an operating system in a task running process within a preset time period; determining the memory space occupancy rate of the operating system in the task running process according to the task running times and the task running calculation data quantity, and taking the memory space occupancy rate as the kernel resource access information;
step S102, determining the remaining available memory space of the server according to the memory space occupancy rate and the size of the whole memory space of the server corresponding to the operating system;
step S103, evenly dividing the residual available memory space of the server to obtain a plurality of communication execution partitions and a security verification partition; and simultaneously determining the number of the memory sector corresponding to the residual available memory space of each communication execution partition in the server, and taking the number as the address information of each communication execution partition in the kernel resource.
The beneficial effects of the above technical scheme are: the operating system runs by depending on the memory space of the server, and in the actual running process, the operating system does not need to occupy all the memory space in the running process, but usually only occupies a part of the memory space, so that a part of the memory space can be reserved as a communication execution partition and a security verification partition. And acquiring the task running times A and the task running calculation data quantity B in the process of executing the task running by the operating system in a preset time period, taking the ratio of the product A of the two A and the product B to the size C of the whole memory space of the server corresponding to the operating system as the memory space occupancy rate D, and then calculating (1-D) C to obtain the residual available memory space of the server. And finally, the residual available memory space of the server is equally divided, so that a plurality of communication execution partitions and a safety verification partition can be quickly and accurately obtained, and the normal communication among the communication execution partitions can be ensured while the operating system is ensured to have sufficient memory space to maintain operation.
Preferably, in step S2, when one of the communication execution partitions actively initiates a communication event request, the communication event request is sent to the security verification partition, so as to perform security verification on the communication event request and determine the address information of its corresponding target communication execution partition; then, according to the address information, constructing a virtual communication channel between the one communication execution partition and the target communication execution partition specifically includes:
step S201, obtaining the expected time for initiating each communication event in the communication event queue corresponding to one communication execution partition, so as to determine the communication event corresponding to the current request to be initiated; marking the corresponding address information of a communication execution partition of a sending target on a communication event corresponding to a current request to be initiated, and then actively generating and initiating a communication event request;
step S202, sending the communication event request to the security verification subarea, and performing security verification on the communication event contained in the communication event request so as to determine whether the communication event belongs to a preset communication event list; if the communication event belongs to the communication event, the communication event is indicated to pass the security verification; if not, the communication event is not verified to be safe; the preset communication event list comprises at least one communication event which passes safety verification in advance; extracting address information of a corresponding sending target communication execution partition from a communication event request corresponding to the communication event passing the security verification so as to determine the target communication execution partition;
step S203, determining whether the target communication execution partition is in an idle state according to the address information; if the target communication execution partition is in the idle state, constructing a virtual communication channel between the one communication execution partition and the target communication execution partition; and if the target communication execution partition is not in the idle state, not constructing a virtual communication channel between the one communication execution partition and the target communication execution partition.
The beneficial effects of the above technical scheme are: by carrying out security verification on the communication request event, whether the communication event contained in the communication event request belongs to the preset communication event list or not can be ensured, and only the communication event contained in the preset communication event list is the communication event which can be processed by the communication execution partition and does not have data security hidden danger. Through the security verification, inappropriate communication events can be excluded from the communication execution partition in advance, so that the response efficiency of the subsequent communication execution partition on the communication events is improved.
Preferably, in the step S3, based on the virtual communication channel, a response message of the target communication execution partition with respect to the communication event request is acquired; according to the response message, forming communication data interaction between the one communication execution partition and the target communication execution partition; the encryption processing of the communication data in the communication data interaction process specifically comprises the following steps:
step S301, based on the virtual communication channel, acquiring a reply response message of the target communication execution partition regarding the communication event request, so as to take the one of the communication execution partitions as a unique authentication communication execution partition object of the target communication execution partition;
step S302, the target communication execution partition analyzes the communication event corresponding to the communication event request, and generates corresponding communication data according to the analysis result, so as to interact with one of the communication execution partitions in the virtual communication channel; and simultaneously, encrypting the communication data in the interaction process.
The beneficial effects of the above technical scheme are: and corresponding virtual communication channels are constructed only when the two communication execution partitions need to carry out communication interaction, so that the communication interaction cost between different communication execution partitions can be greatly reduced. In addition, the communication data are encrypted in the interaction process, so that the safety of the communication data can be ensured and the crosstalk of the communication data in the interaction process can be avoided.
Preferably, in step S302, the encrypting the communication data in the interaction process specifically includes:
during the interaction, the communication data is transmitted according to an octet binary number, so that only a transmitting end and a receiving end know the total data length of the communication data, namely the number of bytes of the data, during the transmission, each transmitted byte is encrypted once according to the data length of the communication data, and then the secondary encryption is completed by alternately transmitting the bytes in the data in parity after the encryption is completed again, wherein the specific process comprises the following steps:
step S3021, instructing the communication transmitting end to encrypt each transmitted byte once according to the data length of the communication data using the following formula (1),
in the above-mentioned formula (1),
a binary form representing the ith byte in the communication data after one encryption; [ D (i)]2A binary representation of the ith byte in the communication data before encryption; n represents the number of bytes contained in the communication data (i.e., the total data length of the communication data);
indicating a loop left shift;
indicating to perform an upward rounding; (n)2Representing the conversion of a value n into a binary number;
encrypting each byte in the communication data once by using the step S3021;
step S3022, after the communication transmitting end is instructed to complete the primary encryption, the following formula (2) is used to obtain the transmitting permutation value during the data transmission according to the parity of the sequence position of each byte in the communication data, and further complete the secondary encryption during the transmission,
in the above-mentioned formula (2),
indicating the sending rank value of the ith byte in the communication data after one encryption during the transmission (i.e. the ith byte encrypted during the transmission will be ranked at the ith byte
Bit transfer locations for transfer); f () represents a parity check function (the function value is 1 if the value in the parentheses is an odd number, and the function value is 0 if the value in the parentheses is an even number); k represents the traversal value (from 1 to n);
the second encryption is completed by the step S3022 of transmitting in the order of alternating parity of bytes during transmission;
step S3023, instructing the communication receiving end to decrypt the data according to the sequence position and the data length of each byte at the time of reception using the following formula (3), thereby completing the encryption processing of the communication data during the interaction,
in the above formula (3), [ D (b)]2A binary representation of the b-th byte after decryption of the received communication data;
the above step S3023 is used to decrypt each byte of the communication data received by the interactive communication receiving end, thereby completing the step of encrypting the communication data during the interactive process.
The beneficial effects of the above technical scheme are: the formula (1) is utilized to encrypt each transmitted byte once according to the data length of the communication data, so that the safety of the data before transmission at the transmitting end is ensured, and the data volume known by the transmitting end and the receiving end is utilized to encrypt the data, so that the data is safe and reliable and is convenient for subsequent decryption; obtaining a sending permutation value during data transmission according to the parity condition of the sequence position of each byte in the communication data by using the formula (2), further completing secondary encryption during transmission, and further ensuring the safety during interactive transmission of the data; and (4) decrypting the data according to the sequence position and the data length of each byte during receiving by using the formula (3), further completing encryption processing on the communication data only in the interaction process, and normally performing corresponding processing on the data after decrypting the data at a receiving end so as to ensure that the subsequent operation of the data is not influenced.
Fig. 2 is a schematic structural diagram of an os partition communication processing system according to an embodiment of the present invention. The partition communication processing system of the operating system comprises a kernel resource partitioning module, a communication event request processing module, a virtual communication channel building module and a communication data interaction processing module; wherein the content of the first and second substances,
the kernel resource dividing module is used for acquiring kernel resource access information corresponding to the operating system; dividing the kernel resource of the operating system into a plurality of communication execution partitions and a security verification partition according to the kernel resource access information; and determining address information of each communication execution partition in the kernel resource;
the communication event request processing module is used for sending the communication event request to the security verification subarea when one of the communication execution subareas actively initiates the communication event request, so as to carry out security verification on the communication event request and determine a corresponding target communication execution subarea;
the virtual communication channel construction module is used for constructing a virtual communication channel between the one communication execution partition and the target communication execution partition according to the address information;
the communication data interaction processing module is used for acquiring a response message of the target communication execution partition about the communication event request based on the virtual communication channel; according to the response message, forming communication data interaction between the one communication execution partition and the target communication execution partition; and then carrying out communication data encryption processing in the communication data interaction process.
The beneficial effects of the above technical scheme are: the operating system partition communication processing system acquires kernel resource access information corresponding to an operating system, so that the kernel resource of the operating system is divided into a plurality of communication execution partitions and a security verification partition, and the address information of each communication execution partition in the kernel resource is determined; one of the communication execution partitions actively initiates a communication event request to carry out security verification and determine the address information of a target communication execution partition corresponding to the communication event request, so as to construct a virtual communication channel between the one of the communication execution partitions and the target communication execution partition; finally, based on the virtual communication channel, acquiring a response message of the target communication execution partition about the communication event request; according to the response message, communication data interaction between one communication execution partition and the target communication execution partition is formed; and then, communication data encryption processing is carried out in the communication data interaction process, so that the ordering of data interaction communication among different communication execution partitions can be improved, and meanwhile, the safety of communication data in the interaction process can be ensured.
Preferably, the kernel resource dividing module obtains kernel resource access information corresponding to the operating system; dividing the kernel resource of the operating system into a plurality of communication execution partitions and a security verification partition according to the kernel resource access information; and determining the address information of the kernel resource of each communication execution partition specifically includes:
acquiring task running times and task running calculation data quantity of an operating system in a task running process within a preset time period; determining the memory space occupancy rate of the operating system in the task running process according to the task running times and the task running calculation data quantity, and taking the memory space occupancy rate as the kernel resource access information;
determining the remaining available memory space of the server according to the memory space occupancy rate and the size of the whole memory space of the server corresponding to the operating system;
equally dividing the residual available memory space of the server to obtain a plurality of communication execution partitions and a security verification partition; and simultaneously determining the memory sector number corresponding to the residual available memory space of each communication execution partition in the server, and taking the memory sector number as the address information of each communication execution partition in the kernel resource.
The beneficial effects of the above technical scheme are: the operating system runs by depending on the memory space of the server, and in the actual running process, the operating system does not need to occupy all the memory space in the running process, but usually only occupies a part of the memory space, so that a part of the memory space can be reserved as a communication execution partition and a security verification partition. And acquiring the task running times A and the task running calculation data quantity B in the process of executing the task running by the operating system in a preset time period, taking the ratio of the product A of the two A and the product B to the size C of the whole memory space of the server corresponding to the operating system as the memory space occupancy rate D, and then calculating (1-D) C to obtain the residual available memory space of the server. And finally, the residual available memory space of the server is equally divided, so that a plurality of communication execution partitions and a safety verification partition can be quickly and accurately obtained, and the normal communication among the communication execution partitions can be ensured while the operating system is ensured to have sufficient memory space to maintain operation.
Preferably, when one of the communication event request processing modules actively initiates a communication event request, the communication event request is sent to the security verification partition, so that performing security verification on the communication event request and determining address information of a target communication execution partition corresponding to the communication event request specifically include:
acquiring the initiation expected time of each communication event in a communication event queue corresponding to one communication execution partition so as to determine the communication event corresponding to the current request to be initiated; marking the corresponding address information of a communication execution partition of a sending target on a communication event corresponding to a current request to be initiated, and then actively generating and initiating a communication event request;
sending the communication event request to the security verification subarea, and performing security verification on the communication event contained in the communication event request so as to determine whether the communication event belongs to a preset communication event list; if the communication event belongs to the communication event, the communication event is indicated to pass the security verification; if not, indicating that the communication event does not pass the security verification; the preset communication event list comprises at least one communication event which passes safety verification in advance; extracting the address information of the corresponding sending target communication execution partition from the communication event request corresponding to the communication event passing the security verification, thereby determining the address information of the target communication execution partition;
and the number of the first and second groups,
the step of constructing, by the virtual communication channel construction module, a virtual communication channel between the one communication execution partition and the target communication execution partition according to the address information specifically includes:
determining whether the target communication execution partition is in an idle state according to the address information; if the target communication execution partition is in the idle state, constructing a virtual communication channel between the one communication execution partition and the target communication execution partition; and if the target communication execution partition is not in the idle state, not constructing a virtual communication channel between the one communication execution partition and the target communication execution partition.
The beneficial effects of the above technical scheme are: by carrying out security verification on the communication request event, whether the communication event contained in the communication event request belongs to a preset communication event list or not can be ensured, and only the communication event contained in the preset communication event list is the communication event which can be processed by the communication execution partition and has no data security hidden danger. Through the security verification, inappropriate communication events can be excluded from the communication execution partition in advance, so that the response efficiency of the subsequent communication execution partition on the communication events is improved.
Preferably, the communication data interaction processing module acquires a response message of the target communication execution partition with respect to the communication event request based on the virtual communication channel; according to the response message, forming communication data interaction between the one communication execution partition and the target communication execution partition; the encryption processing of the communication data in the communication data interaction process specifically comprises the following steps:
acquiring a reply response message of the target communication execution partition about the communication event request based on the virtual communication channel, so as to take the one communication execution partition as a unique authentication communication execution partition object of the target communication execution partition;
the target communication execution partition analyzes the communication event corresponding to the communication event request and generates corresponding communication data according to the analysis result so as to interact with one of the communication execution partitions in the virtual communication channel; and meanwhile, the communication data is encrypted in the interaction process.
The beneficial effects of the above technical scheme are: corresponding virtual communication channels are constructed only when two communication execution partitions need to carry out communication interaction, so that the communication interaction cost between different communication execution partitions can be greatly reduced. In addition, the communication data are encrypted in the interaction process, so that the safety of the communication data can be ensured and the crosstalk of the communication data in the interaction process can be avoided.
As can be seen from the content of the foregoing embodiment, the operating system partition communication processing method and system obtain kernel resource access information corresponding to an operating system, so as to divide kernel resources of the operating system into a plurality of communication execution partitions and a security verification partition, and determine address information of the kernel resources of each communication execution partition; one of the communication execution partitions actively initiates a communication event request to perform security verification and determine the address information of a corresponding target communication execution partition, so as to construct a virtual communication channel between the one of the communication execution partitions and the target communication execution partition; finally, based on the virtual communication channel, acquiring a response message of the target communication execution partition about the communication event request; according to the response message, communication data interaction between one communication execution partition and the target communication execution partition is formed; and then, communication data encryption processing is carried out in the communication data interaction process, so that the data interaction communication order among different communication execution partitions can be improved, and meanwhile, the safety of the communication data in the interaction process can be ensured.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (9)
1. The partition communication processing method of the operating system is characterized by comprising the following steps:
step S1, obtaining kernel resource access information corresponding to the operating system; dividing the kernel resource of the operating system into a plurality of communication execution partitions and a security verification partition according to the kernel resource access information; and determining address information of each communication execution partition in the kernel resource;
step S2, when one of the communication execution partitions initiatively initiates a communication event request, the communication event request is sent to the security verification partition, so as to perform security verification on the communication event request and determine the address information of the corresponding target communication execution partition; then according to the address information, a virtual communication channel between the one communication execution partition and the target communication execution partition is constructed;
step S3, acquiring a response message of the target communication execution partition regarding the communication event request based on the virtual communication channel; according to the response message, communication data interaction between the one communication execution partition and the target communication execution partition is formed; and then carrying out communication data encryption processing in the communication data interaction process.
2. The operating system partition communication processing method of claim 1, wherein:
in step S1, obtaining kernel resource access information corresponding to the operating system; dividing the kernel resource of the operating system into a plurality of communication execution partitions and a security verification partition according to the kernel resource access information; and determining the address information of each communication execution partition in the kernel resource specifically includes:
step S101, acquiring task running times and task running calculation data quantity of an operating system in a task running process within a preset time period; determining the memory space occupancy rate of the operating system in the task running process according to the task running times and the task running calculation data quantity, and taking the memory space occupancy rate as the kernel resource access information;
step S102, determining the residual available memory space of the server according to the memory space occupancy rate and the size of the whole memory space of the server corresponding to the operating system;
step S103, evenly dividing the residual available memory space of the server to obtain a plurality of communication execution partitions and a security verification partition; and simultaneously determining the memory sector number corresponding to the residual available memory space of each communication execution partition in the server, and taking the memory sector number as the address information of each communication execution partition in the kernel resource.
3. The operating system partition communication processing method according to claim 1, wherein:
in step S2, when one of the communication execution partitions actively initiates a communication event request, the communication event request is sent to the security verification partition, so as to perform security verification on the communication event request and determine the address information of the corresponding target communication execution partition; then, according to the address information, constructing a virtual communication channel between the one communication execution partition and the target communication execution partition specifically includes:
step S201, obtaining the expected time for initiating each communication event in the communication event queue corresponding to one communication execution partition, so as to determine the communication event corresponding to the current request to be initiated; marking the corresponding address information of a communication execution partition of a sending target on a communication event corresponding to a current request to be initiated, and then actively generating and initiating a communication event request;
step S202, sending the communication event request to the security verification subarea, and performing security verification on the communication event contained in the communication event request so as to determine whether the communication event belongs to a preset communication event list; if the communication event belongs to the communication event, the communication event is indicated to pass the security verification; if not, indicating that the communication event does not pass the security verification; the preset communication event list comprises at least one communication event which passes safety verification in advance; extracting address information of a corresponding sending target communication execution partition from a communication event request corresponding to a communication event passing the security verification so as to determine the target communication execution partition;
step S203, determining whether the target communication execution partition is in an idle state according to the address information; if the target communication execution partition is in the idle state, constructing a virtual communication channel between the one communication execution partition and the target communication execution partition; and if the target communication execution partition is not in the idle state, not constructing a virtual communication channel between the one communication execution partition and the target communication execution partition.
4. The operating system partition communication processing method according to claim 1, wherein:
in the step S3, acquiring a response message of the target communication execution partition with respect to the communication event request, based on the virtual communication channel; according to the response message, communication data interaction between the one communication execution partition and the target communication execution partition is formed; the encryption processing of the communication data in the communication data interaction process specifically comprises the following steps:
step S301, based on the virtual communication channel, acquiring a reply response message of the target communication execution partition about the communication event request, so as to take the one communication execution partition as a unique authentication communication execution partition object of the target communication execution partition;
step S302, the target communication execution partition analyzes the communication event corresponding to the communication event request, and generates corresponding communication data according to the analysis result, so as to interact with one of the communication execution partitions in the virtual communication channel; and meanwhile, the communication data is encrypted in the interaction process.
5. The operating system partition communication processing method of claim 4, wherein:
in step S302, the encrypting the communication data in the interaction process specifically includes: in the interactive process, the communication data is transmitted according to an eight-digit binary number, so that only a transmitting end and a receiving end know the total data length of the communication data, namely the number of bytes of the data, in the transmission process, each transmitted byte is encrypted once according to the data length of the communication data, and then the secondary encryption is completed by alternately transmitting the bytes in the data in parity after the encryption is completed again, wherein the specific process comprises the following steps:
step S3021, instructing the communication transmitting end to encrypt each transmitted byte once according to the data length of the communication data using the following formula (1),
in the above-mentioned formula (1),
a binary form representing an ith byte in the communication data after one encryption; [ D (i)]2A binary representation of an ith byte in the communication data before encryption; n represents the number of bytes contained in the communication data (i.e., the total data length of the communication data);
indicating a loop left shift;
indicating to perform rounding up; (n)2Representing the conversion of a value n into a binary number;
encrypting each byte in the communication data once by using the step S3021;
step S3022, after the communication sender is instructed to complete the primary encryption, the sending permutation value during data transmission is obtained according to the parity of the sequence position of each byte in the communication data by using the following formula (2), and then the secondary encryption during transmission is completed,
in the above-mentioned formula (2),
a sending permutation value of the ith byte in the communication data after one encryption is expressed in the transmission process (namely, the ith byte encrypted in the transmission process is arranged in the transmission processFirst, the
Bit transfer locations for transfer); f () represents a parity check function (the function value is 1 if the value in the parentheses is odd, and the function value is 0 if the value in the parentheses is even); k represents the traversal value (from 1 to n);
the step S3022 is performed to transmit the data according to the sequence of the odd and even bits in the transmission process to complete the secondary encryption;
step S3023, instructing the communication receiving end to decrypt the data according to the sequence position and the data length of each byte at the time of reception using the following formula (3), thereby completing the encryption processing of the communication data during the interaction,
in the above formula (3), [ D (b)]2A binary representation of the b-th byte after decryption of the received communication data;
the above step S3023 is used to decrypt each byte of the communication data received by the interactive communication receiving end, thereby completing the step of encrypting the communication data during the interactive process.
6. The operating system partition communication processing system is characterized by comprising a kernel resource dividing module, a communication event request processing module, a virtual communication channel building module and a communication data interaction processing module; wherein the content of the first and second substances,
the kernel resource dividing module is used for acquiring kernel resource access information corresponding to the operating system; dividing the kernel resource of the operating system into a plurality of communication execution partitions and a security verification partition according to the kernel resource access information; and determining address information of each communication execution partition in the kernel resource;
the communication event request processing module is used for sending a communication event request to the security verification subarea when one of the communication execution subareas actively initiates the communication event request, so as to perform security verification on the communication event request and determine a corresponding target communication execution subarea;
the virtual communication channel construction module is used for constructing a virtual communication channel between the one communication execution partition and the target communication execution partition according to the address information;
the communication data interaction processing module is used for acquiring a response message of the target communication execution partition about the communication event request based on the virtual communication channel; according to the response message, communication data interaction between the one communication execution partition and the target communication execution partition is formed; and then carrying out communication data encryption processing in the communication data interaction process.
7. The operating system partition communication processing system of claim 6 wherein:
the kernel resource dividing module acquires kernel resource access information corresponding to an operating system; dividing the kernel resource of the operating system into a plurality of communication execution partitions and a security verification partition according to the kernel resource access information; and determining the address information of the kernel resource of each communication execution partition specifically includes:
acquiring task running times and task running calculation data quantity of an operating system in a task running process within a preset time period; determining the memory space occupancy rate of the operating system in the task running process according to the task running times and the task running calculation data quantity, and taking the memory space occupancy rate as the kernel resource access information;
determining the residual available memory space of the server according to the memory space occupancy rate and the size of the whole memory space of the server corresponding to the operating system;
equally dividing the residual available memory space of the server to obtain a plurality of communication execution partitions and a security verification partition; and simultaneously determining the memory sector number corresponding to the residual available memory space of each communication execution partition in the server, and taking the memory sector number as the address information of each communication execution partition in the kernel resource.
8. The operating system partition communication processing system of claim 6 wherein:
when one of the communication execution partitions of the communication event request processing module actively initiates a communication event request, the communication event request is sent to the security verification partition, so that the security verification of the communication event request and the determination of the address information of the corresponding target communication execution partition specifically include:
acquiring the initiation expected time of each communication event in a communication event queue corresponding to one communication execution partition so as to determine the communication event corresponding to the current initiation request; marking the corresponding address information of a communication execution partition of a sending target on a communication event corresponding to a current request to be initiated, and then actively generating and initiating a communication event request;
sending the communication event request to the security verification subarea, and performing security verification on the communication event contained in the communication event request so as to determine whether the communication event belongs to a preset communication event list; if the communication event belongs to the communication event, the communication event is indicated to pass the security verification; if not, indicating that the communication event does not pass the security verification; the preset communication event list comprises at least one communication event which passes safety verification in advance; extracting address information of a corresponding sending target communication execution partition from a communication event request corresponding to a communication event passing the security verification so as to determine the address information of the target communication execution partition;
and the number of the first and second groups,
the step of, by the virtual communication channel construction module, constructing a virtual communication channel between the one communication execution partition and the target communication execution partition according to the address information specifically includes:
determining whether the target communication execution partition is in an idle state or not according to the address information; if the target communication execution partition is in the idle state, constructing a virtual communication channel between the one communication execution partition and the target communication execution partition; and if the target communication execution partition is not in the idle state, not constructing a virtual communication channel between the one communication execution partition and the target communication execution partition.
9. The operating system partition communication processing system of claim 6 wherein:
the communication data interaction processing module acquires a response message of the target communication execution partition about the communication event request based on the virtual communication channel; according to the response message, communication data interaction between the one communication execution partition and the target communication execution partition is formed; the encryption processing of the communication data in the communication data interaction process specifically comprises the following steps:
acquiring a reply response message of the target communication execution partition about the communication event request based on the virtual communication channel, so as to take the one communication execution partition as a unique authentication communication execution partition object of the target communication execution partition;
the target communication execution partition analyzes the communication event corresponding to the communication event request and generates corresponding communication data according to an analysis result so as to interact with one of the communication execution partitions in the virtual communication channel; and meanwhile, the communication data is encrypted in the interaction process.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210345443.9A CN114780258B (en) | 2022-03-31 | 2022-03-31 | Method and system for processing partition communication of operating system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210345443.9A CN114780258B (en) | 2022-03-31 | 2022-03-31 | Method and system for processing partition communication of operating system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114780258A true CN114780258A (en) | 2022-07-22 |
| CN114780258B CN114780258B (en) | 2022-11-15 |
Family
ID=82428085
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210345443.9A Active CN114780258B (en) | 2022-03-31 | 2022-03-31 | Method and system for processing partition communication of operating system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114780258B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090100436A1 (en) * | 2007-10-12 | 2009-04-16 | Microsoft Corporation | Partitioning system including a generic partitioning manager for partitioning resources |
| US20120010297A1 (en) * | 2009-03-23 | 2012-01-12 | Laila Pharmaceuticals Pvt. Ltd | Curcuminoids and its metabolites for the application in allergic ocular/nasal conditions |
| CN109815029A (en) * | 2019-01-10 | 2019-05-28 | 西北工业大学 | A kind of implementation method communicated between embedded partitions operating system partition |
| CN112671559A (en) * | 2020-12-07 | 2021-04-16 | 沈阳飞机设计研究所扬州协同创新研究院有限公司 | Inter-partition data communication method based on ARINC653 standard operating system |
| CN113157402A (en) * | 2021-05-24 | 2021-07-23 | 深圳联创和科技有限公司 | Virtualization authority control communication method based on partition operating system |
| CN113778612A (en) * | 2021-07-14 | 2021-12-10 | 中移物联网有限公司 | Embedded virtualization system implementation method based on microkernel mechanism |
-
2022
- 2022-03-31 CN CN202210345443.9A patent/CN114780258B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090100436A1 (en) * | 2007-10-12 | 2009-04-16 | Microsoft Corporation | Partitioning system including a generic partitioning manager for partitioning resources |
| US20120010297A1 (en) * | 2009-03-23 | 2012-01-12 | Laila Pharmaceuticals Pvt. Ltd | Curcuminoids and its metabolites for the application in allergic ocular/nasal conditions |
| CN109815029A (en) * | 2019-01-10 | 2019-05-28 | 西北工业大学 | A kind of implementation method communicated between embedded partitions operating system partition |
| CN112671559A (en) * | 2020-12-07 | 2021-04-16 | 沈阳飞机设计研究所扬州协同创新研究院有限公司 | Inter-partition data communication method based on ARINC653 standard operating system |
| CN113157402A (en) * | 2021-05-24 | 2021-07-23 | 深圳联创和科技有限公司 | Virtualization authority control communication method based on partition operating system |
| CN113778612A (en) * | 2021-07-14 | 2021-12-10 | 中移物联网有限公司 | Embedded virtualization system implementation method based on microkernel mechanism |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114780258B (en) | 2022-11-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108664223B (en) | Distributed storage method and device, computer equipment and storage medium | |
| CN108241968B (en) | Method for leading processor to participate block chain consensus | |
| US10747721B2 (en) | File management/search system and file management/search method based on block chain | |
| CN112396423B (en) | Transaction data processing method, device, equipment and storage medium | |
| US20170075941A1 (en) | Consensus system and method for adding data to a blockchain | |
| CN110995513B (en) | Data sending and receiving method in Internet of things system, internet of things equipment and platform | |
| KR102601973B1 (en) | System architecture and how it processes data | |
| CN110059055B (en) | File storage and reading method and device based on distributed private cloud | |
| EP3547601A1 (en) | Biometric information transmission establishing method , device, system, and storage medium | |
| CN105519028A (en) | Wireless system access control method and apparatus | |
| EP3917077A1 (en) | Method and system for securing peer nodes in a blockchain network | |
| CN114862397A (en) | Double-decoupling block chain distributed method based on double-chain structure | |
| CN114710504A (en) | Rotation method of common nodes in block chain system, nodes and block chain system | |
| CN114780258B (en) | Method and system for processing partition communication of operating system | |
| CN110585727B (en) | Resource acquisition method and device | |
| CN110213292B (en) | Data sending method and device and data receiving method and device | |
| CN115022012B (en) | Data transmission method, device, system, equipment and storage medium | |
| CN115085925B (en) | Security chip processing method and device for key information combination encryption | |
| CN109684856B (en) | Data confidentiality method and system aiming at MapReduce calculation | |
| CN113938883B (en) | Data encryption sending method and device based on intermediate node | |
| CN114363094B (en) | Data sharing method, device, equipment and storage medium | |
| CN114785805A (en) | Data transmission method and device, electronic equipment and storage medium | |
| CN113556333A (en) | Computer network data secure transmission method and device | |
| US20220343027A1 (en) | Computation system and computation method | |
| CN110049035A (en) | A kind of network attack protection method, device, electronic equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |