CN114944958A - Processing method and device of access request and electronic equipment - Google Patents
Processing method and device of access request and electronic equipment Download PDFInfo
- Publication number
- CN114944958A CN114944958A CN202210669771.4A CN202210669771A CN114944958A CN 114944958 A CN114944958 A CN 114944958A CN 202210669771 A CN202210669771 A CN 202210669771A CN 114944958 A CN114944958 A CN 114944958A
- Authority
- CN
- China
- Prior art keywords
- access request
- target
- firewall
- request
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title abstract description 23
- 238000012545 processing Methods 0.000 claims abstract description 176
- 238000005192 partition Methods 0.000 claims abstract description 124
- 238000000034 method Methods 0.000 claims abstract description 49
- 238000011156 evaluation Methods 0.000 claims description 128
- 230000004044 response Effects 0.000 claims description 73
- 238000012360 testing method Methods 0.000 claims description 67
- 230000000977 initiatory effect Effects 0.000 claims description 57
- 238000012544 monitoring process Methods 0.000 claims description 6
- 238000012795 verification Methods 0.000 abstract description 31
- 238000004458 analytical method Methods 0.000 abstract description 8
- 230000000694 effects Effects 0.000 abstract description 5
- 230000006870 function Effects 0.000 description 8
- 230000005284 excitation Effects 0.000 description 7
- 238000004590 computer program Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000007123 defense Effects 0.000 description 3
- 239000003999 initiator Substances 0.000 description 3
- 239000000463 material Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The application provides a processing method and device of an access request and electronic equipment, wherein the method comprises the steps of receiving the access request for accessing a target object; determining a target request processing partition corresponding to the access request from a plurality of candidate request processing partitions in the firewall; and acquiring a security access address field of the target request processing partition, and intercepting the access request according to the security access address field. According to the method and the device, safe access to the target object and shunting processing of the access request are achieved, the processing efficiency of the firewall to the access request is improved, the verification analysis efficiency of the performance of the firewall is further improved, manageability of performance verification of the firewall is achieved, and the verification method and the verification effect are optimized.
Description
Technical Field
The present application relates to the field of data processing, and in particular, to a method and an apparatus for processing an access request, and an electronic device.
Background
With the development of technology, the application range of the system-on-chip on the product is increasingly wide, and in order to realize the security control of the system-on-chip and the protection of data in the system, a corresponding security defense system can be configured on the chip.
In the related art, after the security defense system is configured on the chip, the operation performance of the chip may be affected, and therefore, the performance of the chip configured with the security defense system needs to be verified in a related manner.
Disclosure of Invention
The object of the present application is to solve at least to some extent one of the technical problems in the above-mentioned technology.
A first aspect of the present application provides a method for processing an access request, including: receiving an access request for accessing a target object; determining a target request processing partition corresponding to the access request from a plurality of candidate request processing partitions in the firewall; and acquiring a security access address field of the target request processing partition, and intercepting the access request according to the security access address field.
The method for processing an access request provided by the first aspect of the present application further has the following technical features, including:
according to an embodiment of the present application, intercepting an access request according to a secure access address field includes: acquiring a target access address of an access request to a target object; identifying whether the access request is an illegal access request or not according to the safe access address field and the target access address; and intercepting the illegal access request in response to identifying that the access request is an illegal access request.
According to an embodiment of the present application, identifying whether an access request is an illegal access request according to a secure access address segment and a target access address includes: responding to the target access address belonging to the safe access address field of the target request processing partition, and determining that the access request is a safe access request; and in response to the target access address not belonging to the secure access address field of the target request processing partition, determining that the access request is an illegal access request.
According to an embodiment of the present application, determining a target request processing partition of an access request from a plurality of candidate request processing partitions inside a firewall includes: acquiring an identification corresponding relation between an area identification of a candidate request processing partition and an equipment identification of test equipment, wherein the test equipment is used for initiating an access request to a target object; determining the target equipment identification of the target test equipment initiating the access request from the information carried by the access request; and determining a target area identifier corresponding to the target equipment identifier according to the identifier corresponding relation, and determining a candidate request processing partition corresponding to the target area identifier as a target request processing partition for processing the access request.
According to an embodiment of the application, the method further comprises: performing performance evaluation on the firewall and the target object, and respectively acquiring a first performance evaluation result of the firewall and a second performance evaluation result of the target object; and evaluating the performance of the target system according to the first performance evaluation result and the second performance evaluation result.
According to an embodiment of the present application, obtaining a first performance evaluation result of a firewall includes: determining the initiation ratio of illegal access requests from the initiation amount of the access requests; monitoring the interception amount of the firewall to the illegal access request, and acquiring the interception ratio of the interception amount in the receiving amount of the access request; and evaluating the performance of the firewall according to the initiating occupation ratio and the intercepting occupation ratio so as to obtain a first performance evaluation result of the firewall.
According to an embodiment of the present application, evaluating the performance of the firewall according to the initiating duty ratio and the intercepting duty ratio to obtain a first performance evaluation result of the firewall, includes: obtaining error values of the initiating occupation ratio and the intercepting occupation ratio; and determining that the first performance evaluation result of the firewall is qualified in response to the error value belonging to the set error range.
According to an embodiment of the present application, obtaining a second performance evaluation result of a target object includes: obtaining the response delay time of a target object to an access request which is not intercepted by a firewall; and evaluating the performance of the target object according to the response delay time to obtain a second performance evaluation result of the target object.
According to an embodiment of the present application, evaluating the performance of the target object according to the response delay time to obtain a second performance evaluation result of the target object, includes: acquiring the threshold time of response delay of a target object; and in response to the response delay time being less than or equal to the threshold time, determining that the second performance evaluation result of the target object is qualified.
According to an embodiment of the present application, evaluating the performance of the target system according to the first performance evaluation result and the second performance evaluation result includes: and judging that the target system performance evaluation result is qualified in response to the first performance evaluation result indicating that the firewall performance is qualified and the second performance evaluation result indicating that the target object performance is qualified.
A second aspect of the present application provides an apparatus for processing an access request, including: a receiving module for receiving an access request for accessing a target object; the determining module is used for determining a target request processing partition corresponding to the access request from a plurality of candidate request processing partitions in the firewall; and the processing module is used for acquiring the safe access address field of the target request processing partition and intercepting the access request according to the safe access address field.
A second aspect of the present invention provides an access request processing apparatus, further including:
according to an embodiment of the present application, the processing module is further configured to: acquiring a target access address of an access request to a target object; identifying whether the access request is an illegal access request or not according to the safe access address field and the target access address; and intercepting the illegal access request in response to identifying that the access request is an illegal access request.
According to an embodiment of the present application, the processing module is further configured to: responding to the fact that the target access address belongs to the safe access address field of the target request processing partition, and determining that the access request is a safe access request; and in response to the target access address not belonging to the secure access address field of the target request processing partition, determining that the access request is an illegal access request.
According to an embodiment of the present application, the determining module is further configured to: acquiring an identification corresponding relation between an area identification of a candidate request processing partition and an equipment identification of test equipment, wherein the test equipment is used for initiating an access request to a target object; determining the target equipment identification of the target test equipment initiating the access request from the information carried by the access request; and determining a target area identifier corresponding to the target equipment identifier according to the identifier corresponding relation, and determining a candidate request processing partition corresponding to the target area identifier as a target request processing partition for processing the access request.
According to an embodiment of the application, the apparatus further comprises an evaluation module configured to: performing performance evaluation on the firewall and the target object, and respectively obtaining a first performance evaluation result of the firewall and a second performance evaluation result of the target object; and evaluating the performance of the target system according to the first performance evaluation result and the second performance evaluation result.
According to an embodiment of the application, the evaluation module is further configured to: determining the initiation ratio of illegal access requests from the initiation amount of the access requests; monitoring the interception amount of the firewall to the illegal access request, and acquiring the interception ratio of the interception amount in the receiving amount of the access request; and evaluating the performance of the firewall according to the initiating occupation ratio and the intercepting occupation ratio so as to obtain a first performance evaluation result of the firewall.
According to an embodiment of the application, the evaluation module is further configured to: obtaining error values of the initiating occupation ratio and the intercepting occupation ratio; and determining that the first performance evaluation result of the firewall is qualified in response to the error value belonging to the set error range.
According to an embodiment of the application, the evaluation module is further configured to: obtaining the response delay time of a target object to an access request which is not intercepted by a firewall; and evaluating the performance of the target object according to the response delay time to obtain a second performance evaluation result of the target object.
According to an embodiment of the application, the evaluation module is further configured to: acquiring the threshold time of response delay of a target object; and in response to the response delay time being less than or equal to the threshold time, determining that the second performance evaluation result of the target object is qualified.
According to an embodiment of the application, the evaluation module is further configured to: and judging that the target system performance evaluation result is qualified in response to the first performance evaluation result indicating that the firewall performance is qualified and the second performance evaluation result indicating that the target object performance is qualified.
An embodiment of a third aspect of the present application provides an electronic device, including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor, the instructions being executable by the at least one processor to enable the at least one processor to perform the method for processing an access request as set forth in the first aspect of the present application.
A fourth aspect of the present application is directed to a non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the method for processing an access request according to the first aspect of the present application.
An embodiment of the fifth aspect of the present application proposes a computer program product, which, when executed by an instruction processor in the computer program product, performs the processing method of the access request proposed in the first aspect of the present application.
The access request processing method and device receive an access request of a target object, determine a target request processing partition corresponding to the access request from a plurality of candidate request processing partitions divided inside a firewall, further identify and judge the access request according to a safe access address section of the target request processing partition, and intercept the access request which is determined to carry a non-safe access address. In the application, the access request of the target object is identified and intercepted through the firewall, the safe access to the target object is realized, the interior of the firewall is divided into a plurality of candidate request processing partitions, the access request is divided, the processing efficiency of the firewall on the access request is improved, the verification analysis efficiency of the performance of the firewall is further improved, the manageability of the performance verification of the firewall is realized, and the verification method and the verification effect are optimized.
Additional aspects and advantages of the present application will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the present application.
Drawings
The foregoing and/or additional aspects and advantages of the present application will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
fig. 1 is a schematic flowchart of a processing method of an access request according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a processing method of an access request according to another embodiment of the present application;
fig. 3 is a flowchart illustrating a processing method of an access request according to another embodiment of the present application;
fig. 4 is a flowchart illustrating a processing method of an access request according to another embodiment of the present application;
fig. 5 is a schematic structural diagram of an access request processing apparatus according to an embodiment of the present application;
fig. 6 is a block diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to the embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the same or similar elements or elements having the same or similar functions throughout. The embodiments described below with reference to the drawings are exemplary and intended to be used for explaining the present application and should not be construed as limiting the present application.
A method, an apparatus, an electronic device, and a storage medium for processing an access request according to an embodiment of the present application are described below with reference to the drawings.
Fig. 1 is a schematic flowchart of a processing method of an access request according to an embodiment of the present application, and as shown in fig. 1, the method includes:
s101, receiving an access request for accessing a target object.
In implementation, a System On Chip (SOC) has requirements for security control and security access, and a corresponding security control System may be set on the SOC Chip, so as to protect related functions and related information on the SOC Chip.
Optionally, a corresponding security control system may be set at a port for receiving total information of the SOC chip, and a corresponding security control system may also be set at a port for receiving information of the functional module on the SOC chip.
The firewall can be arranged at the information receiving port of the functional module of the SOC chip, so that the functional module is protected and safely controlled.
Alternatively, an object protected by a firewall may be determined as a target object.
For example, a target object is a Double Data Rate Synchronous Dynamic Random Access Memory (DDR SDRAM) on the SOC chip, and a corresponding firewall may be configured for the DDR Memory system, so as to protect information stored in the DDR Memory system.
In some implementations, the performance of a target object configured with a firewall may be affected to some extent compared to a target object not configured with a firewall.
Therefore, in order to guarantee the operation performance of the target object configured with the firewall, the performance of the target object can be verified and analyzed after the firewall is configured.
Correspondingly, in order to realize the security protection of the firewall on the target object, after the firewall is configured for the target object, relevant verification and analysis processing can be further performed on the interception protection performance of the firewall.
In the embodiment of the application, a corresponding verification environment can be established for the target object configured with the firewall, and a corresponding test case is established, so that the performance verification of the firewall and the target object configured with the firewall is realized.
Alternatively, an access request may be sent to a target object configured with a firewall, and the performance verification and analysis of the firewall may be implemented through relevant processing information of the access request by the firewall, and accordingly, the verification analysis of the performance of the target object configured with the firewall may be implemented through relevant information of a response of the target object to the access request.
In the implementation, the firewall realizes the security protection of the target object through the related functions of identification and interception, so the access request can be received by the firewall in advance.
The firewall has a corresponding access port, and receives the access request through the related function of information receiving configured by the access port.
Optionally, the sending of the access request and the receiving of the access request by the firewall may be implemented by an Advanced eXtensible Interface (AXI) between an initiator of the access request and the firewall.
S102, determining a target request processing partition corresponding to the access request from a plurality of candidate request processing partitions in the firewall.
In the embodiment of the application, the firewall can intercept the access request through the access request processing area inside the firewall, wherein the access request processing area set inside the firewall can be divided, a plurality of divided processing areas are obtained, and the divided processing areas are determined as a plurality of candidate request processing partitions inside the firewall.
Furthermore, different area attribute information is configured for different candidate request processing partitions, so that corresponding processable access requests exist in the different candidate request processing partitions respectively, and further shunting processing on the received access requests is realized.
Alternatively, the information configuration of the candidate requested processing partition may be implemented by a top-level module (tb _ top module) in the validation environment. For example, the tb _ top module may fill the received region attribute information into the region attribute register corresponding to the candidate request processing partition by a setting method, and further implement configuration of the region attribute information of the candidate request processing partition by the region attribute register.
In some implementations, the information of the area attribute register of the candidate request processing partition may be static information, and therefore, the area attribute information of all candidate request processing partitions may be filled into the area attribute register by a setting method, thereby implementing batch configuration of the area attribute information of all candidate request processing partitions inside the firewall.
Furthermore, a corresponding setting standard may be configured for each access request that can be processed by the candidate request processing partition, and when an access request satisfies a setting standard corresponding to one of the candidate request processing partitions, the candidate request processing partition may be used as a target request processing partition of the access request.
For example, for the candidate request processing partition a, there is a setting criterion B corresponding to the access request that can be processed, and when the received access request satisfies the setting criterion B, the candidate request processing partition a can be used as the target request processing partition of the access request.
S103, a safe access address field of the target request processing partition is obtained, and the access request is intercepted according to the safe access address field.
In the embodiment of the application, corresponding access address segments can be configured for the candidate request processing partitions inside the firewall according to the set access address range of the target object, and the access address segments serve as the security access address segments corresponding to the candidate request processing partitions.
Further, when the candidate request processing partition is used as the target request processing partition to process the access request, whether the access request is a secure access request or not can be judged according to the corresponding secure access address field, and whether the access request is intercepted or not can be further judged.
If the access address in the access request belongs to the secure access address field of the target request processing partition, the access request can be determined to be a secure access request, and the access request is not intercepted.
Correspondingly, if the access address in the access request does not belong to the secure access address field corresponding to the target request processing partition, the access request can be determined as a non-secure access request and intercepted.
The access request processing method receives an access request of a target object, determines a target request processing partition corresponding to the access request from a plurality of candidate request processing partitions divided inside a firewall, further identifies and judges the access request according to a safe access address field of the target request processing partition, and intercepts the access request which is determined to carry a non-safe access address. According to the method and the device, the access request of the target object is identified and intercepted through the firewall, the safe access to the target object is realized, the interior of the firewall is divided into a plurality of candidate request processing partitions, the access request is shunted, the processing efficiency of the firewall on the access request is improved, the verification analysis efficiency of the firewall performance is improved, the manageability of the firewall performance verification is realized, and the verification method and the verification effect are optimized.
In the foregoing embodiment, regarding the processing and intercepting of the access request, as can be further understood with reference to fig. 2, fig. 2 is a schematic flowchart of a processing method of the access request according to another embodiment of the present application, and as shown in fig. 2, the method includes:
s201, obtaining a target access address of the access request to a target object.
In the embodiment of the application, the firewall may obtain an intended access address of an initiator of the access request to the target object from the received access request, and determine the access address as a target access address of the initiator of the access request to access the target object.
Optionally, the firewall may read the trust information of the received access request through its configured access port, so as to obtain the target access address carried therein.
S202, identifying whether the access request is an illegal access request or not according to the safe access address field and the target access address.
In the implementation, an illegal access request may occur in an access request for accessing a target object, and under a scenario that the illegal access request successfully accesses the target object, the security of information stored on the target object may be affected to a certain extent.
For example, if the target object is a storage system on the SOC chip, information leakage of the storage system may occur in a scenario where an illegal access request successfully accesses the storage system, which affects information security of the storage system.
In this scenario, the configured firewall can intercept the illegal access request, and prevent the illegal access request from successfully accessing the target object, so that in order to effectively verify the interception performance of the firewall, the illegal access request with a set proportion can be configured in the access request received by the firewall.
Optionally, the determination standard corresponding to the illegal access request may be obtained, the received access request may be compared with the set determination standard, and the identification and determination of the illegal access request may be implemented according to a comparison result.
Wherein, the judgment standard of the illegal access request can be set according to the access address.
For example, the target access address in the access request and the secure access address field corresponding to the target request processing partition corresponding to the access request may be obtained, and whether the access request is an illegal access request may be determined according to a relationship between the target access address and the secure access address field.
And determining that the access request is a safe access request in response to the target access address belonging to the safe access address field of the target request processing partition.
It can be understood that, when the target access address belongs to an access address in the secure access address field, it may be determined that the target access address is a secure access address of the target object, and an access request initiated for the target object based on the target access address does not affect information security of the target object, so that the access request carrying the target access address may be determined as a secure access request.
Accordingly, in response to the target access address not belonging to the secure access address segment of the target request processing partition, the access request is determined to be an illegal access request.
It can be understood that, when the target access address does not belong to the secure access address segment corresponding to the target request processing partition, it may be determined that the target access address is an abnormal access address of the target object, and when the target object is accessed based on the target access address, there is a possibility that an influence may be exerted on information security of the target object, and therefore, the access request carrying the target access address may be determined as an illegal access request.
S203, in response to the fact that the access request is identified as an illegal access request, intercepting the illegal access request.
In order to avoid the influence of the illegal access request on the information security of the target object, the firewall can intercept the determined illegal access request to avoid the access of the illegal access request to the target object, so that the security protection of the target object is realized.
For example, the secure access address segment of the target request processing partition a corresponding to the access request is set to be a1 to a8, and when the target access address carried by the access request is a3, it can be determined that the target access address a3 belongs to the secure access address segment of the target request processing partition a, and the access request is not an illegal access request.
Correspondingly, when the target access address carried by the access request is a9, it can be determined that the target access address a9 does not belong to the secure access address segment of the target request processing partition a, and the access request can be determined to be an illegal access request and intercepted.
The access request processing method obtains a target access address of an access request for accessing a target object, obtains a safety access address segment of a target request processing partition corresponding to the access request, and judges whether the access request is an illegal access request according to the target access address and the safety access address segment. Further, when the access request is determined to be an illegal access request, the access request is intercepted. According to the method and the device, the access request of the target object is identified and intercepted through the firewall, the safe access of the target object is realized, the access request is processed through the candidate request processing subarea in the firewall, the processing efficiency of the firewall on the access request is improved, the set proportion of the illegal access request received by the access request is controlled, the effective verification on the performance of the firewall is further realized, and the verification method and the verification effect are optimized.
In the foregoing embodiment, regarding determination of a target request processing partition, as can be further understood with reference to fig. 3, fig. 3 is a schematic flowchart of a processing method of an access request according to another embodiment of the present application, and as shown in fig. 3, the method includes:
s301, obtaining the identifier corresponding relation between the area identifier of the candidate request processing partition and the device identifier of the test device, wherein the test device is used for initiating an access request to the target object.
In some implementations, corresponding access request initiating devices may be configured for the firewall and the target object configured with the firewall, and the initiating of the access request to the target object may be implemented by controlling the part of devices.
In order to implement the manageability and control of the performance verification of the firewall, the device attribute information matched with the area attribute information inside the firewall may be configured for the part of access request initiating devices, so that the access request initiating devices have corresponding candidate request processing partitions inside the firewall.
Further, the device that initiates the access request may be determined to be a firewall and a testing device configured with performance verification of the target object of the firewall.
Optionally, the initiation of the access request by the testing device to the target object may be controlled by a test stimulus generator in the verification environment. The test excitation generator may process the area attribute information configured by the partition according to the candidate request in the firewall, generate a test excitation sequence corresponding to the test device, and configure each item of information required to initiate an access request for the corresponding test device through the test excitation sequence.
Therefore, the test device and the candidate request processing partition in the firewall have a set corresponding relationship.
In the embodiment of the application, the test device has the corresponding device identifier, and the candidate request processing partition has the corresponding area identifier, so that the corresponding relationship between the test device and the candidate request processing partition can be determined by acquiring the corresponding relationship between the device identifier and the area identifier, and the corresponding target request processing partition is determined for the access request initiated by the test device.
Alternatively, the area identification information of the candidate request processing partition may be configured when configuring the area attribute information of the candidate request processing partition divided inside the firewall. The identification information may be a number or other identification information, and is not limited herein.
Correspondingly, the test equipment has a corresponding equipment identifier, related identifier information can be set for each test equipment through a set method, and the identifier information corresponding to each equipment is determined as the equipment identifier of the test equipment.
It should be noted that the device identifier of the test device and/or the area identifier of the candidate request processing partition have uniqueness, and the device identifier of the test device and the area identifier of the candidate request processing partition are in one-to-one correspondence.
For example, if a set correspondence relationship exists between the test device D and the candidate request processing partition F inside the firewall, the access request initiated by the test device D may use the candidate request processing partition F as its corresponding target request processing partition.
That is, after the association relationship between the test device and the candidate request processing partition is established according to the set method, the target request processing partition corresponding to any access request initiated by the test device is the candidate request processing partition having the association relationship with the test device.
Alternatively, the correspondence between the device identification of the test device and the area identification of the candidate request processing partition may be constructed based on the set conditions.
The device identifier and the area identifier having the same digital information may be determined as the device identifier and the area identifier having a correspondence relationship.
For example, the device identifiers of the test devices are set as D1, D2, D3, … … and Dn, the region identifiers of the candidate request processing partitions are set as F1, F2, F3, … … and Fn, a corresponding relationship exists between the device identifier D1 and the region identifier F1, a corresponding relationship exists between the device identifier D2 and the region identifier F2, a corresponding relationship exists between the device identifier D3 and the region identifier F3, and a corresponding relationship exists between the device identifier Dn and the region identifier Fn.
Further, the correspondence may be determined as an identification correspondence between the device identification of the test device and the area identification of the candidate request processing partition.
S302, determining the target equipment identification of the target test equipment initiating the access request from the information carried by the access request.
In the embodiment of the application, the detailed information carried in the access request may include device identification information of the test device initiating the access request, and the firewall may obtain the relevant information carried in the access request and about the test device initiating the access request by reading the information of the access request.
The test device initiating the access request may be determined as a target test device of the access request, and when the access request is initiated, the target device identification information of the target test device may be carried by the access request and received and read by the firewall.
S303, according to the identifier corresponding relation, determining a target area identifier corresponding to the target device identifier, and determining the candidate request processing partition corresponding to the target area identifier as a target request processing partition for processing the access request.
In the embodiment of the present application, the area identifier having a corresponding relationship with the target device identifier may be determined as the target area identifier.
Further, according to the identifier correspondence between the target device identifier and the target area identifier, it may be determined that a correspondence exists between the test device corresponding to the target device identifier and the candidate request processing partition corresponding to the target area identifier.
Therefore, it can be determined that the access request initiated by the target test device can be processed by the candidate request processing partition corresponding to the target area identifier, such as recognition and judgment.
Further, the candidate request processing partition corresponding to the target area identifier may be determined as a target request processing partition corresponding to an access request carrying a target access address.
According to the access request processing method, the identification corresponding relation between the equipment identification of the test equipment and the area identification of the candidate request processing partition is obtained. And acquiring a target device identifier of the target test device initiating the access request from the received access request, determining a corresponding target area identifier according to the identifier corresponding relation, and determining a target request processing partition corresponding to the access request according to the target area identifier. In the application, the corresponding relation exists between the equipment identifier and the area identifier, the target request processing partition of the access request is determined according to the corresponding relation of the identifiers, and the confirmation method of the target request processing partition is optimized, so that the access request initiated by the test equipment can have the corresponding request processing partition in the firewall, the shunting processing of the access request is realized, and the processing efficiency of the access request is improved.
Further, as to the performance of the firewall and the performance verification analysis of the target object configured with the firewall, it can be understood with reference to fig. 4 that fig. 4 is a schematic flowchart of a processing method of an access request according to another embodiment of the present application, and as shown in fig. 4, the method includes:
s401, performance evaluation is performed on the firewall and the target object, and a first performance evaluation result of the firewall and a second performance evaluation result of the target object are respectively obtained.
In the embodiment of the application, a system composed of the firewall and the target object can be determined as the target system, and the performance evaluation of the target system composed of the firewall and the target object is realized by performing the individual performance evaluation on the firewall and the individual performance evaluation on the target object.
Alternatively, the performance evaluation of the firewall may be achieved by the result of the firewall's identification and interception of an illegal one of the access requests.
Wherein, the initiation ratio of illegal access request can be determined from the initiation amount of access request.
In some implementations, through the test stimulus sequence generated by the test stimulus generator, the relevant information for initiating the access request can be configured for the test device, and the test device is controlled to initiate the access request to the target object.
Optionally, in the control process, the test stimulus generator may control the proportion of the illegal access addresses carried in the test stimulus sequence to realize the proportion control of the illegal access requests in the initiation amount of the access requests.
Wherein the information about the proportion of illegal access requests in the total access request initiation amount can be configured in the test stimulus generator before the performance verification is started.
For example, if the launch percentage of all the access requests for which an illegal access request is launched is set to 10%, the data may be configured in the test stimulus generator before performance verification is started. When the test excitation generator generates the test excitation sequence, the corresponding proportion of the excitation sequence carrying the illegal access address can be generated, and the illegal access request with the corresponding initiation ratio can be generated based on the part of the excitation sequence carrying the illegal access address.
Alternatively, the launch proportion of the illegal access request configured therein in the launch amount of all access requests may be acquired from the relevant data storage area of the test stimulus generator.
Further, the interception amount of the firewall to the illegal access request can be monitored, and the interception ratio of the interception amount in the receiving amount of the access request can be obtained.
Optionally, a corresponding interception code may be hooked at a port of a firewall access port, so as to implement interception of an illegal access request by the firewall.
As a possible implementation manner, a setting code for performing quantity statistics on the illegal access requests intercepted by the firewall may be hooked on a path port of the firewall, and monitoring of the interception amount of the illegal access requests is realized through operation of the setting code.
Further, according to the counted interception amount of the illegal access requests and the receiving amount of the firewall to the access requests, the interception ratio corresponding to the illegal access requests in all the access requests received by the firewall is determined.
As another possible implementation manner, a set code for performing quantity statistics on the security access requests passed by the firewall may be hooked at the access port of the firewall, and the throughput statistics on the security access requests may be implemented by running the set code.
Furthermore, according to the counted throughput and the receiving amount of the firewall to the access requests, determining the passing ratio corresponding to the security access requests in all the access requests received by the firewall, and further determining the interception ratio corresponding to the illegal access requests.
And evaluating the performance of the firewall according to the initiating occupation ratio and the intercepting occupation ratio so as to obtain a first performance evaluation result of the firewall.
In the embodiment of the application, the obtained initiating proportion and the obtained intercepting proportion can be compared, and the performance evaluation of the firewall is realized according to the comparison result.
The first performance evaluation result may be determined as an evaluation result obtained by evaluating the performance of the firewall.
As a possible implementation manner, the interception ratio and the initiation ratio may be calculated by a setting algorithm, and an error value between the interception ratio and the initiation ratio is obtained.
Further, a set error range corresponding to the error value is obtained, and when the obtained error value belongs to the set error range, the performance evaluation of the firewall on the interception processing of the illegal access request can be judged to be qualified.
As shown in table 1, the target object is set to be the storage system on the SOC chip, wherein the launch ratio corresponding to the read illegal access request is 10% in all read access requests initiated by the test device to the storage system, and correspondingly, the launch ratio corresponding to the write illegal access request is 10% in all write access requests initiated by the test device to the storage system.
Further, as shown in table 1, the interception ratio of the firewall to the read illegal access request and the interception ratio of the firewall to the write illegal request are respectively obtained, so as to realize performance evaluation of the firewall and obtain a first evaluation result of the firewall performance evaluation.
Table 1:
as can be seen from table 1, the read illegal access request interception ratio and the write illegal access request interception ratio are both 10.05%.
Further, an error value 1 between 10% of the initiation ratio of the read illegal access request in the read access request and 10.05% of the interception ratio of the read illegal access request in all read access requests received by the firewall and an error value 2 between 10% of the initiation ratio of the illegal write access request in the write access request and 10.05% of the interception ratio of the write illegal access request in all write access requests received by the firewall are obtained.
If both the error value 1 and the error value 2 belong to the set error range, the performance of the firewall can meet the requirement of practical application in the scenario that the interception performance of the firewall against the illegal access request is as shown in table 1, and it may be determined that the first performance evaluation result of the firewall evaluation is qualified.
Further, after the firewall intercepts and filters the access request, the performance evaluation of the target object can be realized according to the relevant response information of the target object to the access request which is not intercepted by the firewall. The response delay time of the target object to the access request which is not intercepted by the firewall can be obtained.
Optionally, when the target object responds to the access request that is not intercepted by the firewall, the response delay time of the target object is monitored, so as to obtain the response delay time of the target object to the access request that is not intercepted by the firewall.
Further, the performance of the target object is evaluated according to the response delay time to obtain a second performance evaluation result of the target object.
As a possible implementation manner, the response delay time of the target object not configured with the firewall to the access request and the response delay time of the target object configured with the firewall to the access request not intercepted by the firewall may be obtained, so as to evaluate the target object, and further obtain a second performance evaluation result of the performance evaluation of the target object.
As another possible implementation manner, a threshold time corresponding to the response delay time may be obtained, the obtained response delay time is compared with the threshold time, and when the response delay time is less than or equal to the threshold time, it may be determined that the response delay of the target object currently configured with the firewall does not affect the normal operation performance of the target object, so that it may be determined that the second performance evaluation result of the target object in the scene is qualified.
As shown in table 2, setting the target object as the storage system, statistics may be performed on the initiation speed and the response speed of the storage system for the read access request and the initiation speed and the response speed of the write access request, respectively, so as to obtain the information about the response delay time of the storage system for the read access request and the information about the response delay time of the storage system for the write access request.
As shown in table 2, the information about the response delay time of the storage system to the read access request may include a maximum delay time, a minimum delay time, and an average delay time of the storage system to the read access request, and the information about the response delay time of the storage system to the write access request may include a maximum delay time, a minimum delay time, and an average delay time of the storage system to the write access request.
Further, according to the information about the response speed and the response time shown in table 2, the performance of the storage system is evaluated, so that the storage system shown in table 2 is determined, after the firewall is configured, the performance of the storage system can still meet the actual requirement, and further, the second performance evaluation result of the target object configured with the firewall can be determined to be qualified.
Table 2:
s402, evaluating the performance of the target system according to the first performance evaluation result and the second performance evaluation result.
In the embodiment of the application, the performance evaluation of the target system can be realized according to the detailed contents of the first performance evaluation result and the second performance evaluation result.
Optionally, in response to the first performance evaluation result indicating that the firewall performance is qualified and the second performance evaluation result indicating that the target object performance is qualified, the target system performance evaluation result is determined to be qualified.
When the first performance evaluation result indicates that the firewall performance is qualified, it can be determined that the interception performance of the firewall for the illegal access request can meet the actual requirement. Accordingly, when the second performance evaluation result indicates that the performance of the target object is appropriate, it may be determined that the performance of the response of the current target object to the access request may satisfy the actual need, and therefore, in this scenario, it may be determined that the target system composed of the firewall and the target object may satisfy the actual application need.
Further, the performance evaluation result of the target system may be determined to be qualified.
According to the access request processing method, performance evaluation is conducted on the firewall to obtain a first performance evaluation result, performance evaluation is conducted on the target object to obtain a corresponding second performance evaluation result, and performance evaluation on the target system is achieved according to the first performance evaluation result and the second performance evaluation result. According to the method and the device, the performance evaluation of the target system composed of the firewall and the target object is realized through the performance evaluation of the firewall and the target object, the evaluation of the performance influence degree of the firewall on the target object is configured, and the performance verification of the safety and the stability of the target system composed of the firewall and the target object is realized.
In accordance with the processing methods of the access requests proposed by the above-mentioned several embodiments, an embodiment of the present application further proposes a processing apparatus of the access request, and since the processing apparatus of the access request proposed by the embodiment of the present application corresponds to the processing methods of the access requests proposed by the above-mentioned several embodiments, the embodiments of the processing method of the access request are also applicable to the processing apparatus of the access request proposed by the embodiment of the present application, and will not be described in detail in the following embodiments.
Fig. 5 is a schematic structural diagram of an access request processing apparatus according to an embodiment of the present application, and as shown in fig. 5, the access request processing apparatus 500 includes a receiving module 51, a determining module 52, a processing module 53, and an evaluating module 54, where:
a receiving module 51, configured to receive an access request for accessing a target object;
a determining module 52, configured to determine, from multiple candidate request processing partitions inside the firewall, a target request processing partition corresponding to the access request;
and the processing module 53 is configured to obtain a security access address field of the target request processing partition, and intercept the access request according to the security access address field.
In this embodiment of the application, the processing module 53 is further configured to: acquiring a target access address of an access request to a target object; identifying whether the access request is an illegal access request or not according to the safe access address field and the target access address; and in response to the fact that the access request is identified as an illegal access request, intercepting the illegal access request.
In this embodiment of the application, the processing module 53 is further configured to: responding to the target access address belonging to the safe access address field of the target request processing partition, and determining that the access request is a safe access request; and in response to the target access address not belonging to the secure access address field of the target request processing partition, determining that the access request is an illegal access request.
In this embodiment of the application, the determining module 52 is further configured to: acquiring an identification corresponding relation between an area identification of a candidate request processing partition and an equipment identification of test equipment, wherein the test equipment is used for initiating an access request to a target object; determining the target equipment identification of the target test equipment initiating the access request from the information carried by the access request; and determining a target area identifier corresponding to the target equipment identifier according to the identifier corresponding relation, and determining a candidate request processing partition corresponding to the target area identifier as a target request processing partition for processing the access request.
In the embodiment of the present application, the apparatus further includes an evaluation module 54, configured to: performing performance evaluation on the firewall and the target object, and respectively acquiring a first performance evaluation result of the firewall and a second performance evaluation result of the target object; and evaluating the performance of the target system according to the first performance evaluation result and the second performance evaluation result.
In this embodiment, the evaluating module 54 is further configured to: determining the initiation ratio of illegal access requests from the initiation amount of the access requests; monitoring the interception amount of the firewall to the illegal access request, and acquiring the interception ratio of the interception amount in the receiving amount of the access request; and evaluating the performance of the firewall according to the initiating occupation ratio and the intercepting occupation ratio so as to obtain a first performance evaluation result of the firewall.
In this embodiment, the evaluating module 54 is further configured to: obtaining the error values of the initiating occupation ratio and the intercepting occupation ratio; and determining that the first performance evaluation result of the firewall is qualified in response to the error value belonging to the set error range.
In this embodiment of the application, the evaluation module 54 is further configured to: obtaining the response delay time of a target object to an access request which is not intercepted by a firewall; and evaluating the performance of the target object according to the response delay time to obtain a second performance evaluation result of the target object.
In this embodiment, the evaluating module 54 is further configured to: acquiring the threshold time of response delay of a target object; and in response to the response delay time being less than or equal to the threshold time, determining that the second performance evaluation result of the target object is qualified.
In this embodiment of the application, the evaluation module 54 is further configured to: and judging that the target system performance evaluation result is qualified in response to the first performance evaluation result indicating that the firewall performance is qualified and the second performance evaluation result indicating that the target object performance is qualified.
The access request processing device receives an access request of a target object, determines a target request processing partition corresponding to the access request from a plurality of candidate request processing partitions divided inside a firewall, further identifies and judges the access request according to a safe access address field of the target request processing partition, and intercepts the access request which is determined to carry a non-safe access address. In the application, the access request of the target object is identified and intercepted through the firewall, the safe access to the target object is realized, the interior of the firewall is divided into a plurality of candidate request processing partitions, the access request is divided, the processing efficiency of the firewall on the access request is improved, the verification analysis efficiency of the performance of the firewall is further improved, the manageability of the performance verification of the firewall is realized, and the verification method and the verification effect are optimized.
To achieve the above embodiments, the present application also proposes an electronic device, a computer-readable storage medium, and a computer program product.
Fig. 6 is a block diagram of an electronic device according to an embodiment of the present application, and a processing method for executing an access request according to the embodiment of fig. 1 to 4 may be implemented by the electronic device shown in fig. 6.
In order to implement the above embodiments, the present application also proposes a non-transitory computer-readable storage medium storing computer instructions for causing a computer to execute the processing method of an access request of the embodiments of fig. 1 to 4.
In order to implement the foregoing embodiments, the present application also proposes a computer program product, which when executed by an instruction processor in the computer program product, performs the processing method of the access request of the embodiments of fig. 1 to fig. 4.
In the description herein, reference to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present application, "plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing steps of a custom logic function or process, and alternate implementations are included within the scope of the preferred embodiment of the present application in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present application.
The logic and/or steps represented in the flowcharts or otherwise described herein, e.g., an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present application may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. If implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present application may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a separate product, may also be stored in a computer-readable storage medium.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc. Although embodiments of the present application have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present application, and that variations, modifications, substitutions and alterations may be made to the above embodiments by those of ordinary skill in the art within the scope of the present application.
Claims (22)
1. A method for processing an access request, the method comprising:
receiving an access request for accessing a target object;
determining a target request processing partition corresponding to the access request from a plurality of candidate request processing partitions in the firewall;
and acquiring a security access address field of the target request processing partition, and intercepting the access request according to the security access address field.
2. The method of claim 1, wherein intercepting the access request according to the secure access address segment comprises:
acquiring a target access address of the access request to the target object;
identifying whether the access request is an illegal access request or not according to the safe access address field and the target access address;
and intercepting the illegal access request in response to identifying that the access request is an illegal access request.
3. The method of claim 2, wherein said identifying whether the access request is an illegal access request based on the secure access address field and the target access address comprises:
determining that the access request is a secure access request in response to the target access address belonging to the secure access address segment of the target request processing partition;
determining that the access request is the illegal access request in response to the target access address not belonging to the secure access address segment of the target request processing partition.
4. The method of claim 1, wherein determining a target request processing partition for the access request from a plurality of candidate request processing partitions inside a firewall comprises:
acquiring an identification corresponding relation between the area identification of the candidate request processing partition and the equipment identification of the test equipment, wherein the test equipment is used for initiating an access request to the target object;
determining the target equipment identification of the target test equipment initiating the access request from the information carried by the access request;
and determining a target area identifier corresponding to the target equipment identifier according to the identifier corresponding relation, and determining a candidate request processing partition corresponding to the target area identifier as a target request processing partition for processing the access request.
5. The method of claim 1, further comprising:
performing performance evaluation on the firewall and the target object, and respectively acquiring a first performance evaluation result of the firewall and a second performance evaluation result of the target object;
and evaluating the performance of the target system according to the first performance evaluation result and the second performance evaluation result.
6. The method of claim 5, wherein obtaining the first performance assessment result of the firewall comprises:
determining the initiation ratio of the illegal access request from the initiation amount of the access request;
monitoring the interception amount of the firewall to the illegal access request, and acquiring the interception ratio of the interception amount in the receiving amount of the access request;
and evaluating the performance of the firewall according to the initiating proportion and the intercepting proportion to obtain the first performance evaluation result of the firewall.
7. The method according to claim 6, wherein the evaluating the performance of the firewall according to the initiating proportion and the intercepting proportion to obtain the first performance evaluation result of the firewall comprises:
obtaining an error value of the initiating ratio and the intercepting ratio;
and determining that the first performance evaluation result of the firewall is qualified in response to the error value belonging to a set error range.
8. The method of claim 5, wherein obtaining the second performance assessment result of the target object comprises:
obtaining the response delay time of the target object to the access request which is not intercepted by the firewall;
and evaluating the performance of the target object according to the response delay time to obtain a second performance evaluation result of the target object.
9. The method of claim 8, wherein the evaluating the performance of the target object according to the response delay time to obtain the second performance evaluation result of the target object comprises:
acquiring the threshold time of the response delay of the target object;
in response to the response delay time being less than or equal to the threshold time, determining that the second performance assessment result for the target object is qualified.
10. The method of claim 7 or 9, wherein said evaluating the performance of the target system based on the first performance evaluation result and the second performance evaluation result comprises:
and judging that the target system performance evaluation result is qualified in response to the first performance evaluation result indicating that the firewall performance is qualified and the second performance evaluation result indicating that the target object performance is qualified.
11. An apparatus for processing an access request, the apparatus comprising:
a receiving module for receiving an access request for accessing a target object;
the determining module is used for determining a target request processing partition corresponding to the access request from a plurality of candidate request processing partitions in the firewall;
and the processing module is used for acquiring the safe access address field of the target request processing partition and intercepting the access request according to the safe access address field.
12. The apparatus of claim 11, wherein the processing module is further configured to:
acquiring a target access address of the access request to the target object;
identifying whether the access request is an illegal access request or not according to the safe access address field and the target access address;
and responding to the condition that the access request is identified as an illegal access request, and intercepting the illegal access request.
13. The apparatus of claim 12, wherein the processing module is further configured to:
determining that the access request is a secure access request in response to the target access address belonging to the secure access address segment of the target request processing partition;
determining that the access request is the illegal access request in response to the target access address not belonging to the secure access address segment of the target request processing partition.
14. The apparatus of claim 11, wherein the determining module is further configured to:
acquiring an identification corresponding relation between the area identification of the candidate request processing partition and the equipment identification of the test equipment, wherein the test equipment is used for initiating an access request to the target object;
determining the target equipment identification of the target test equipment initiating the access request from the information carried by the access request;
and determining a target area identifier corresponding to the target equipment identifier according to the identifier corresponding relation, and determining a candidate request processing partition corresponding to the target area identifier as a target request processing partition for processing the access request.
15. The apparatus of claim 11, further comprising an evaluation module configured to:
performing performance evaluation on the firewall and the target object, and respectively acquiring a first performance evaluation result of the firewall and a second performance evaluation result of the target object;
and evaluating the performance of the target system according to the first performance evaluation result and the second performance evaluation result.
16. The apparatus of claim 15, wherein the evaluation module is further configured to:
determining the initiation ratio of the illegal access request from the initiation amount of the access request;
monitoring the interception amount of the firewall to the illegal access request, and acquiring the interception ratio of the interception amount in the receiving amount of the access request;
and evaluating the performance of the firewall according to the initiating proportion and the intercepting proportion to obtain the first performance evaluation result of the firewall.
17. The apparatus of claim 16, wherein the evaluation module is further configured to:
obtaining an error value of the initiating ratio and the intercepting ratio;
and determining that the first performance evaluation result of the firewall is qualified in response to the error value belonging to a set error range.
18. The apparatus of claim 15, wherein the evaluation module is further configured to:
obtaining the response delay time of the target object to the access request which is not intercepted by the firewall;
and evaluating the performance of the target object according to the response delay time to obtain a second performance evaluation result of the target object.
19. The apparatus of claim 18, wherein the evaluation module is further configured to:
acquiring the threshold time of the response delay of the target object;
and in response to the response delay time being less than or equal to the threshold time, determining that the second performance evaluation result of the target object is qualified.
20. The apparatus according to claim 17 or 19, wherein the evaluation module is further configured to:
and judging that the target system performance evaluation result is qualified in response to the first performance evaluation result indicating that the firewall performance is qualified and the second performance evaluation result indicating that the target object performance is qualified.
21. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-10.
22. A non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform the method of any one of claims 1-10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210669771.4A CN114944958A (en) | 2022-06-14 | 2022-06-14 | Processing method and device of access request and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210669771.4A CN114944958A (en) | 2022-06-14 | 2022-06-14 | Processing method and device of access request and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114944958A true CN114944958A (en) | 2022-08-26 |
Family
ID=82908844
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210669771.4A Pending CN114944958A (en) | 2022-06-14 | 2022-06-14 | Processing method and device of access request and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114944958A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117097576A (en) * | 2023-10-20 | 2023-11-21 | 北京凯芯微科技有限公司 | AXI bus firewall for functional safety |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5826014A (en) * | 1996-02-06 | 1998-10-20 | Network Engineering Software | Firewall system for protecting network elements connected to a public network |
| US20090083505A1 (en) * | 2007-09-26 | 2009-03-26 | Giles Chris M | System and Method for Achieving Protected Region Within Computer System |
| US20110252462A1 (en) * | 2010-04-07 | 2011-10-13 | International Business Machines Corporation | Authenticating a Remote Host to a Firewall |
| US20200213416A1 (en) * | 2019-01-02 | 2020-07-02 | Bank Of America Corporation | Entry point classification of requests requiring access to data |
| CN113014571A (en) * | 2021-02-22 | 2021-06-22 | 腾讯科技(深圳)有限公司 | Method, device and storage medium for processing access request |
-
2022
- 2022-06-14 CN CN202210669771.4A patent/CN114944958A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5826014A (en) * | 1996-02-06 | 1998-10-20 | Network Engineering Software | Firewall system for protecting network elements connected to a public network |
| US20050229248A1 (en) * | 1996-02-06 | 2005-10-13 | Coley Christopher D | Method for transparently managing outbound traffic from an internal user of a private network destined for a public network |
| US20090083505A1 (en) * | 2007-09-26 | 2009-03-26 | Giles Chris M | System and Method for Achieving Protected Region Within Computer System |
| US20110252462A1 (en) * | 2010-04-07 | 2011-10-13 | International Business Machines Corporation | Authenticating a Remote Host to a Firewall |
| US20200213416A1 (en) * | 2019-01-02 | 2020-07-02 | Bank Of America Corporation | Entry point classification of requests requiring access to data |
| CN113014571A (en) * | 2021-02-22 | 2021-06-22 | 腾讯科技(深圳)有限公司 | Method, device and storage medium for processing access request |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117097576A (en) * | 2023-10-20 | 2023-11-21 | 北京凯芯微科技有限公司 | AXI bus firewall for functional safety |
| CN117097576B (en) * | 2023-10-20 | 2024-01-02 | 北京凯芯微科技有限公司 | AXI bus firewall for functional safety |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110298188B (en) | Control method and system for dynamic access authority | |
| US5564040A (en) | Method and apparatus for providing a server function in a logically partitioned hardware machine | |
| US11947670B2 (en) | Malicious software detection based on API trust | |
| US8042190B2 (en) | Pre-boot protected memory channel | |
| US20210167960A1 (en) | Certifying Authenticity of Stored Code and Code Updates | |
| US11132467B2 (en) | Information processing device, information processing method, and computer program product | |
| CN111711546B (en) | Device throughput testing method, device, system and computer readable storage medium | |
| US20160267026A1 (en) | Method and apparatus for accessing physical resources | |
| KR20170043438A (en) | Method for capturing oprations for container-based virtualization system and apparatus | |
| US20160232379A1 (en) | Memory integrity checking | |
| CN108898012B (en) | Method and apparatus for detecting illegal program | |
| CN114944958A (en) | Processing method and device of access request and electronic equipment | |
| KR20190021673A (en) | Apparatus and method for preventing ransomware | |
| CN106980800B (en) | Measurement method and system for authentication partition of encrypted solid state disk | |
| US11880222B2 (en) | Method, apparatus, and device for erasing solid state disk, and storage medium | |
| US10809924B2 (en) | Executable memory protection | |
| US20230078249A1 (en) | Device for detecting zone parallelity of a solid state drive and operating method thereof | |
| CN114443147B (en) | Trusted hardware technology-based super monitoring type unmanned aerial vehicle trusted detection method | |
| CN112398964B (en) | Internet of things equipment processing method, device and equipment | |
| CN103366115A (en) | Safety detecting method and device | |
| CN110598378A (en) | Global offset table measuring method, dynamic measuring method, related device and equipment | |
| CN111427620A (en) | Starting method and device of embedded system | |
| KR102543663B1 (en) | Software verification method of electronic apparatus | |
| US11934857B2 (en) | Supporting execution of a computer program by using a memory page of another computer program | |
| KR102714421B1 (en) | Method, apparatus and computer-readable medium for admission control of container platform based on accessor role |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |