CN116070201A - Data management method, system, electronic equipment and medium - Google Patents
Data management method, system, electronic equipment and medium Download PDFInfo
- Publication number
- CN116070201A CN116070201A CN202211656358.0A CN202211656358A CN116070201A CN 116070201 A CN116070201 A CN 116070201A CN 202211656358 A CN202211656358 A CN 202211656358A CN 116070201 A CN116070201 A CN 116070201A
- Authority
- CN
- China
- Prior art keywords
- file
- virtual machine
- access
- target object
- file system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 121
- 238000013523 data management Methods 0.000 title claims abstract description 24
- 238000007726 management method Methods 0.000 claims abstract description 14
- 238000012545 processing Methods 0.000 claims description 22
- 230000026676 system process Effects 0.000 claims description 6
- 230000002085 persistent effect Effects 0.000 claims description 5
- 238000001514 detection method Methods 0.000 claims description 4
- 239000000284 extract Substances 0.000 claims description 3
- 238000012795 verification Methods 0.000 claims description 3
- 238000002955 isolation Methods 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 11
- 238000013459 approach Methods 0.000 description 5
- 238000004590 computer program Methods 0.000 description 5
- 230000007246 mechanism Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000009434 installation Methods 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000004321 preservation Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000008094 contradictory effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a data management method, a data management system, electronic equipment and a medium. By applying the technical scheme, a file system for storing the objects generated by the running environment and the application program can be added in the running environment, so that configuration management of access rights and safe storage of each target object according to the use requirement is realized through the file with the access rights, object isolation and controlled collaboration among applications and between the applications and the running environment can be realized, and various storage modes of the objects can be specified.
Description
Technical Field
The present application relates to data processing technologies, and in particular, to a method, a system, an electronic device, and a medium for data management.
Background
In the related art, a Java programming environment has become very popular. The Java programming language is one of the languages executing on a computing device. A computer program written in the Java programming language may be compiled into a request suitable for execution of the application functions by the Java virtual machine.
Further, the running environment formed by the Java programming environment generally includes a virtual machine and a plurality of application programs. In order to avoid the problem of illegal data interaction between application programs, the related art uses a firewall to realize isolation and controlled collaboration between application programs.
However, the existing related art lacks a mechanism for unified management of access rights and storage modes of the objects created by the operating environment and the application program.
Disclosure of Invention
The embodiment of the application provides a data management method, a system, electronic equipment and a medium. The method and the device are used for solving the problem that in the related technology, the virtual machine in the running environment lacks of a unified management mechanism for the access rights and storage modes of the running environment and the objects created by the application programs.
According to one aspect of the embodiments of the present application, a method for data management is provided, where the method is applied to an operating environment including a virtual machine and at least one application program, and the operating environment further includes a file system, where the operating environment and the application program are execution entities that create objects, and where:
the virtual machine sends a storage request for storing a target object created by the execution entity to the file system, wherein the storage request carries file attributes corresponding to the target object;
after receiving the storage request, the file system creates a file with the file attribute, and stores the target object into the file, wherein the file attribute is used for determining the access authority, the storage attribute and the security attribute of the file; and the object returned by the virtual machine references the position information associated to the file.
When the file system subsequently receives a data access request sent by the virtual machine and used for accessing the target object, determining whether an execution entity of the current access object carried by the data access request is matched with the access authority of the file;
if so, the file system will allow the virtual machine to access the target object in the file.
Before the virtual machine sends the storage request for storing the target object to the file system, the method further comprises:
the virtual machine receives a creation request, wherein the object creation request is used for creating the corresponding target object for an execution entity, the target object comprises one of an array object and an instance object, and the object created by the virtual machine is owned by the current execution entity creating the object;
the virtual machine supports creation of the target object by different creation means.
The virtual machine supports creation of the target object by different creation means, including:
the virtual machine creates the target object in a standard mode provided by a programming language and designates the storage file attribute as a default file attribute;
or alternatively, the first and second heat exchangers may be,
The virtual machine creates the target object by providing a programming interface and includes a method parameter specification for characterizing storage file attributes of the accessible object.
The virtual machine provides a programming interface in which file attributes of a storage file of a created object can be modified.
When the running environment is initialized and each application program is installed in the running environment, the file system is requested to create a corresponding folder, and when the running environment and the application program are executed to create objects, the objects created by the file storage are required to be created under the corresponding folders.
Creating the file in the file system, wherein the file comprises a file header and a file body.
The file system stores all data in the target object into a file body of the file;
or alternatively, the first and second heat exchangers may be,
the file system stores management data in the target object into a file header of the file; and storing the user data in the target object into a file body of the file.
The virtual machine access object operation comprises a read object member, a write object member and an instance method for calling an object, wherein the read object member and the call object method need to read file contents, and the write object member needs to read and update the file contents; if the access object does not belong to the execution entity, the current execution entity is switched to the owner of the object when the instance method of the object is called, and after the method returns normally or exits abnormally, the execution entity before the restoration method is called is the current execution entity.
The file attribute is used for determining the access authority, the security attribute, the storage update attribute and the storage type of the file;
the access authority designates the authority of which operation is carried out on the file by the executing entity, wherein the operation comprises a reading operation, an updating operation and an executing method operation;
wherein the storage type includes persistent storage and random access storage;
the security attribute comprises an attribute of verifying whether the file content is tampered or not by adopting an error detection code and a content encryption attribute, wherein the content is encrypted when being written, and decrypted after being read;
the storage updating mode attribute comprises a write-once and read-many attribute, a frequent updating attribute and an atomic updating attribute;
the file access control attributes include concurrent access attributes and transport protocol selection attributes.
When reading an object, the file system returns the object information in the file to the virtual machine, and the method comprises the following steps:
and the file system processes the content of the file according to the file attribute of the file, wherein the processing comprises verification of an error check code and decryption of the file content, and if the processing does not have errors, the processing returns an array object stored in the file, otherwise, the processing returns an access object error message.
The object in the file of the file system is updated when the object is written, which comprises
And the file system processes the content update of the file according to the file update attribute of the file, wherein the processing comprises write-once and read-many, atomic update and frequent update, and if the processing has no error, the creation success message is returned.
After said storing said target object in said file, further comprising:
the virtual machine receives an object access request sent by an execution entity, wherein the access request is used for acquiring the target object, and the execution entity is any one application program or a running environment in the at least one application program;
the virtual machine generates a data access request for accessing the target object to the file system based on the data acquisition request, wherein the data access request carries the current access object for representing the target application program;
the virtual machine sends the data access request to the file system.
After the virtual machine sends the data access request to the file system, the method further comprises:
the file system extracts the current access object in the data access request; determining the file information of the target object;
The file system detects whether the executing entity has the authority to access the file;
and if so, the file system returns the target object information in the file to the virtual machine.
Optionally, in another embodiment of the method according to the present application, after storing the array object in the file created according to the preset file attribute, the method further includes:
creating a shadow array object of a designated array object through a programming interface, wherein the type and the size of the shadow array object are the same as those of a source array object, the storage positions of user data are the same, but the shadow array object and the source array object belong to different execution entities;
the file system creates a file sharing content with other application programs for the file of the storage array object of the application program, and transfers the stored target array object to the other application programs;
and the file system returns the target array object reference in the shared file to the virtual machine.
After determining whether the execution entity of the access object carried by the data access request matches the access authority of the file, the method further comprises:
if the file system determines that the access object does not have the right to access the target object, the file system returns a message for reflecting that the access object does not have the right to access the target object to the virtual machine.
After the file system stores the target object to the file, further comprising:
the file system sends a feedback message to the virtual machine reflecting that the object has been stored to the file.
According to another aspect of the embodiments of the present application, a system for data management is provided, which includes a virtual machine, at least one application program, and an operating environment of a file system, wherein:
the virtual machine is configured to send a storage request for storing a target object created by an execution entity to the file system; after receiving a data acquisition request of a target application program or an operating environment, sending a data access request for accessing the target object to the file system;
the file system is configured to create a file with file attributes after receiving the storage request, and store the target object into the file; after receiving the data access request sent by the virtual machine, if the current access object carried by the data access request is determined to be matched with the access authority of the file, returning the target object information in the file to the virtual machine;
The application or the running environment is configured to send a data acquisition request for acquiring the target object to the virtual machine.
According to still another aspect of the embodiments of the present application, there is provided an electronic device including:
a memory for storing executable requests;
according to yet another aspect of the embodiments of the present application, there is provided a computer-readable storage medium storing a computer-readable request, which when executed, performs the operations of any of the methods of data management described above.
In the application, a storage request for storing a target object created by an execution entity can be sent to a file system in a virtual machine, wherein the storage request carries file attributes of the target object; after receiving the storage request, the file system creates a file with the file attribute and stores the target object into the file, wherein the file attribute is used for determining the access right, the storage attribute and the security attribute of the file; when the file system subsequently receives a data access request sent by the virtual machine and used for accessing the target object, determining whether an access object carried by the data access request is matched with the access authority of the file or not; if so, the file system returns the target object information in the file to the virtual machine. By applying the technical scheme, a file system for storing the target objects created by the execution entity can be added in the running environment, so that the technical scheme is realized that each target object is managed through the file with the access authority so that the subsequent access object with the corresponding access authority can access the target object.
The technical scheme of the present application is described in further detail below through the accompanying drawings and examples.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the application and, together with the description, serve to explain the principles of the application.
The present application will be more clearly understood from the following detailed description with reference to the accompanying drawings, in which:
FIG. 1 is a schematic diagram of a general object management method according to an embodiment of the present application;
FIG. 2 is a schematic diagram illustrating a method for implementing a shadow array according to an embodiment of the present application;
FIG. 3a is a schematic diagram of an object creation process according to an embodiment of the present application;
FIG. 3b is a schematic diagram of an object access procedure according to an embodiment of the present application;
FIG. 4a is a schematic diagram of an object storage architecture according to an embodiment of the present application;
FIG. 4b is a schematic diagram of another object storage architecture according to an embodiment of the present application;
FIG. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure;
fig. 6 shows a schematic diagram of a storage medium according to an embodiment of the present application.
Detailed Description
Various exemplary embodiments of the present application will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present application unless it is specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective parts shown in the drawings are not drawn in actual scale for convenience of description.
The following description of at least one exemplary embodiment is merely exemplary in nature and is in no way intended to limit the application, its application, or uses.
Techniques, methods, and apparatus known to one of ordinary skill in the relevant art may not be discussed in detail, but are intended to be part of the specification where appropriate.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further discussion thereof is necessary in subsequent figures.
In addition, the technical solutions of the embodiments of the present application may be combined with each other, but it is necessary to be based on the fact that those skilled in the art can implement the technical solutions, and when the technical solutions are contradictory or cannot be implemented, the combination of the technical solutions should be considered to be absent, and is not within the scope of protection claimed in the present application.
It should be noted that all directional indicators (such as up, down, left, right, front, and rear … …) in the embodiments of the present application are merely used to explain the relative positional relationship, movement conditions, and the like between the components in a specific posture (as shown in the drawings), and if the specific posture is changed, the directional indicator is correspondingly changed accordingly.
A method for data management according to an exemplary embodiment of the present application is described below in conjunction with fig. 1-3. It should be noted that the following application scenario is only shown for the convenience of understanding the spirit and principles of the present application, and embodiments of the present application are not limited in any way in this respect. Rather, embodiments of the present application may be applied to any scenario where applicable.
The application also provides a data management method, a system, electronic equipment and a medium.
Fig. 1 schematically illustrates a flow diagram of a method of data management according to an embodiment of the present application, applied in a running environment comprising a virtual machine and at least one application, characterized in that the running environment further comprises a file system, wherein:
s101, the virtual machine sends a storage request for storing a target object created by an execution entity to a file system, wherein the storage request carries file attributes corresponding to the target object.
The virtual machine in the running environment proposed by the application is an abstracted computing device, which can be implemented by simulating various computer functions on an actual computer.
In one manner, the virtual machine may be a Java virtual machine, which may be understood to have a software architecture that is complete, such as a method area, a heap, a stack, a PC register, a local method stack, and the like, and a corresponding application management system to instruct each application in the operating environment to execute a corresponding function.
Furthermore, the Java virtual machine shields the information related to the specific operating system platform, so that the Java program can execute corresponding functions on the service operation platform only by generating corresponding target object data for operating the application program on the Java virtual machine.
In addition, the application in the running environment proposed in the present application may be an application for handling any service type. In one approach, the application may also be a Java application. It will be appreciated that the virtual machine may implement data interactions with the application program through an application program interface.
Wherein an application in a running environment typically needs to be generated with a corresponding target object. Including management data for characterizing application attribute information, user data for application business content, and the like.
In one approach, since the array type in the Java language specification is not a class, but the implementation of the target Object may specify an implementation-specific array type, the direct superclass of the type is an Object class, and the target Object typically needs to have an Object header for managing the Object as an instance Object, for recording the type and length of the array, and the Object body is for storing the values of the array members. By way of example, the object header of the target object is typically allocated in a persistent memory area (Flash or E2 PROM), while the object body of the target object may be allocated in a persistent memory area or RAM area of the runtime environment.
In one manner, the target object of the application program may be generated by a virtual machine, and in the related art, in order to avoid the problem of illegal interaction between application programs in the running environment, the running environment may set a firewall to implement isolation of the application creation object. However, the related art lacks a mechanism for flexibly managing access rights, storage types, and storage manners of objects created by a running environment or an application program.
Further, in order to solve the above-mentioned problems, the present application proposes a method for data management. After the virtual machine acquires the target objects of the application program, the target objects are stored in a preset file system, so that the technical scheme of managing each target object through the files with access rights is realized.
S102, after receiving the storage request, the file system creates a file with the file attribute, and stores a target object into the file, wherein the file attribute is used for determining the access right, the storage attribute and the security attribute of the file; the object returned by the virtual machine references the location information associated with the file.
In one mode, the file system proposed in the present application may be any file system. By way of example, it may be a file system as specified in the ISO/IEC 7816-4 standard. For the standard file system, the standard file system can access the content in the file under control according to the corresponding authority.
In one approach, a file system may typically create two types of files, the first type being directory files, known as private files (DF), and the second type consisting of files that hold user data, known as base files (EF). The DF serves as a folder in which other lower level DFs or EF that logically belong together are included, and the EF can be divided into external files (work EF) and files used by the operating system (internal EF).
Further, for private files, it may also contain an application-specific file ADF, where the application-specific file ADF may be selected using an appropriate mechanism, the application-specific file ADF combining the properties of DF and MF. In the embodiment of the application, the storage purpose of the target object can be realized by using the basic file.
It will be appreciated that, since the base files in the file system are provided with the access rights, the present application can use this feature to create a base file with preset access rights for a certain target object.
Wherein the access rights are used to define an access object that can access the target object. By way of example, when the access rights are all visible, then the access object of the target object is an entire application or runtime environment, for example. And when the access rights are partially visible, the access object of the target object is one or more designated application programs or running environments in the whole application programs. Similarly, if the access rights are all invisible, the access object of the target object is only the application program or the running environment of the target object.
S103, when the file system subsequently receives a data access request sent by the virtual machine and used for accessing the target object, determining whether an execution entity of the access object carried by the data access request is matched with the access authority of the basic file.
In this step, after the file system stores the target object in the base file, if there is a certain application program (for example, application program a) that wants to access the target object later, the application program a may first send a data acquisition request for accessing the target object to the virtual machine, and the virtual machine sends a data access request to the file system based on the acquisition request. So that the file system determines whether the application program a has the access right of the basic file according to the access object carried in the data access request.
It will be appreciated that if so, the target object is returned to the virtual machine so that the virtual machine returns it to application a. Otherwise, the reply message that the application program A does not have access to the target object can be disregarded or fed back to the virtual machine.
S104, if the file system has the authority, the file system allows the virtual machine to access the target object in the basic file.
In the application, a storage request for storing a target object created by an execution entity can be sent to a file system in a virtual machine, wherein the storage request carries file attributes of the target object; after receiving the storage request, the file system creates a basic file with the file attribute, and stores the target object into the basic file, wherein the file attribute is used for determining the access right, the storage attribute and the security attribute of the basic file; when the file system subsequently receives a data access request sent by the virtual machine and used for accessing the target object, determining whether an access object carried by the data access request is matched with the access authority of the basic file or not; if so, the file system returns the target object in the basic file to the virtual machine.
By applying the technical scheme, a file system for storing the target object corresponding to each application program can be added in the running environment, so that the technical scheme that each target object is managed through the basic file with the access authority so that the subsequent access object with the corresponding access authority can access the target object is realized.
Before the virtual machine sends the storage request for storing the target object to the file system, the method further includes:
the virtual machine receives a creation request, wherein the object creation request is used for creating a corresponding target object for an execution entity, the target object comprises one of an array object and an instance object, and the object created by the virtual machine is owned by the execution entity creating the object;
the virtual machine supports creation of target objects by different creation means.
The virtual machine supports creation of target objects by different creation means, including:
the virtual machine creates a target object in a standard request mode and designates the attribute of a storage file as a default file attribute;
or alternatively, the first and second heat exchangers may be,
the virtual machine provides a programming interface to create a target object and includes a method parameter specification for characterizing storage file attributes of the accessible object.
The virtual machine provides a programming interface manner by which file attributes of a storage file of a created object can be modified.
When the running environment is initialized and each application program is installed in the running environment, the file system is requested to create a corresponding folder, and when the running environment and the application program are executed to create objects, the objects created by the basic file storage are required to be created under the corresponding folders.
A base file is created in the file system, wherein the base file comprises a file header and a file body.
The file system stores all data in the target object into a file body of the basic file;
or alternatively, the first and second heat exchangers may be,
the file system stores the management data in the target object into the file header of the basic file; and storing the user data in the target object into a file body of the basic file.
The virtual machine access object operation comprises a read object member, a write object member and an instance method of a call object, wherein the read object member and the call object method need to read basic file contents, and the write object member needs to read and update the basic file contents;
if the access object does not belong to the execution entity, the current execution entity is switched to the owner of the object when the instance method of the object is called, and after the method returns normally or exits abnormally, the execution entity before the restoration method is called is the current execution entity.
The file attribute is used for determining the access authority, the security attribute, the storage update attribute and the storage type of the basic file;
the access authority designates the authority of which operation is carried out on the file by the executing entity, wherein the operation comprises a reading operation, an updating operation and an executing method operation;
Wherein the storage type comprises persistent storage and random access storage;
the security attribute comprises an error detection code to verify whether the file content is tampered or not, a content encryption attribute, a decryption attribute and a decryption attribute;
the storage update mode attribute comprises a write-once read-many attribute, a frequent update attribute and an atomic update attribute;
the file access control attributes include concurrent access attributes and transport protocol selection attributes.
When reading an object, the file system returns object information in the basic file to the virtual machine, and the method comprises the following steps:
the file system processes the content of the file according to the file attribute of the file, the processing comprises verification of an error check code and decryption of the file content, if the processing has no error, the processing returns an array object stored in the file, otherwise, the processing returns an object reading error message.
The object in the basic file of the file system is updated when the object is written, which comprises
The file system processes the content update of the file according to the file update attribute of the file, wherein the processing comprises write-once and read-many, atomic update and frequent update, and if the processing has no error, the creation success message is returned.
After storing the target object in the base file, further comprising:
the virtual machine receives an object access request sent by an execution entity, wherein the access request is used for acquiring a target object, and the execution entity is any one application program of at least one application program or an operating environment;
The virtual machine generates a data access request for accessing a target object to a file system based on the data acquisition request, wherein the data access request carries the current access object for characterizing the target application program;
the virtual machine sends a data access request to the file system.
After the virtual machine sends the data access request to the file system, the method further comprises:
the file system extracts the current access object in the data access request; determining basic file information of a target object;
the file system detects whether an executing entity has access to a basic file;
and if the file system has the access right, the file system returns the target object information in the basic file to the virtual machine.
Optionally, in another embodiment of the method according to the present application, after storing the array object in the basic file created according to the preset file attribute, the method further includes:
creating a shadow array object of the appointed array object through a programming interface, wherein the type and the size of the shadow array object are the same as those of the source array object, the storage positions of user data are the same, but the shadow array object and the source array object belong to different execution entities;
optionally, in another embodiment based on the above method of the present application, returning the target object in this document to the virtual machine includes:
The file system creates a basic file sharing content with other application programs for the basic file of the storage array object of the application program, and transfers the stored target array object to the other application programs;
the file system returns the target array object references in the shared file to the virtual machine.
After determining whether the execution entity of the access object carried by the data access request is matched with the access authority of the basic file, the method further comprises the following steps:
if the file system determines that the access object does not have access to the target object, the file system returns a reply message to the virtual machine reflecting that the access object does not have access to the target object.
After the file system stores the target object to the base file, further comprising:
the file system sends feedback messages to the virtual machine reflecting that the object has been stored to the base file.
Further, with reference to fig. 3a and 3b, the following specifically describes a method for data management proposed in the present application:
creating object flow
And a, an executing entity creates a target object request, wherein the object type can be an instance object or an array object, and the creation mode can be a keyword mode and a programming interface mode provided by a programming language.
The execution entity creates instance objects and group objects using new keywords provided in the Java language.
Because the array type in the Java language specification is not a class, but the implementation of the target Object can specify an implementation-specific array type, the direct superclass of the type is an Object class, the target Object and the instance Object generally need to have an Object header for managing the Object, for recording the type and length of the array, and the Object body is used for storing the values of the array members.
The execution entity creates an array object of a specified type using a programming interface, and the interface parameters may specify file attributes of the storage object.
And b, after receiving the object creation request sent by the execution entity, the virtual machine creates a corresponding target object for the execution entity and sends an object storage request to the file system.
Wherein the target object comprises management data and user data, and the storage request comprises the attributes of the execution entity information, the target object and the optional storage file.
And c, after the file system receives the storage request, creating a basic file with preset access rights.
The file system may create a unique corresponding application specific file ADF for each application, under which a base file may be created, wherein the internal base file may be used to store the target object such that the target object created by each application is saved to the base file under the application specific file ADF to which the application is uniquely associated.
That is, the file system establishes an association relationship between each target object and the corresponding base file, so that each target object is indirectly given access rights.
Further, the header of the basic file may record the access rights of the file. By way of example, the access rights may include all application accessible, specified application accessible (specified application may be specified by file identification of application specific file ADF), or specified extraction of specific access rights.
In one approach, the virtual machine operating environment may access its associated application specific file ADF, and all files under each application-associated application specific file ADF; and, each application can only access all basic files under the ADF of the associated application-specific files and the basic files which the running environment is allowed to access.
In addition, the runtime environment may create a base file that allows all applications or designated applications to access; the runtime environment may request that the runtime environment create a base file share under its application-specific file ADF to a specified other application access.
The file system stores the target object in the base file.
The basic file storage mode comprises the following two modes:
The file system stores all data in the target object into the file body of the base file.
In one manner, the embodiment of the application may store all the management data and the user data of the target object into the file body of the basic file, where the file header of the basic file may store the file attribute, the file data size, the storage data type, and so on. Thus, the association storage of the target object and the basic file is realized.
Or alternatively, the first and second heat exchangers may be,
the file system stores the management data in the target object into the file header of the basic file; and storing the user data in the target object into a file body of the basic file.
In another way, the storage mode of the target object is similar to the file storage mode of the file system, namely the target object is also composed of an object head for storing management data and an object body for storing user data.
Therefore, as shown in fig. 4a and fig. 4b, the embodiment of the present application may store the management data in the target object into the file header of the base file; and storing the user data in the target object into a file body of the basic file, thereby realizing the associated storage of the target object and the basic file.
The file system returns the basic file information of the successfully stored object to the virtual machine.
Access object flow
And a, an executing entity sends an object access request to the virtual machine through the object reference.
And b, analyzing the associated file identification information from the object reference by the virtual machine, acquiring the execution entity information, and sending a file access request to a file system.
The virtual machine receives a data acquisition request sent by an execution entity, wherein the data access request is used for acquiring a target object.
In one manner, after the target object is associated with the base file, the operation of accessing the target object becomes a file read-write operation, and the access control of the target object is determined by the access rights of the associated base file. In one approach, the access object may reference a file identifier of the base file for access.
And c, checking whether the executing entity has the authority for accessing the basic file by the file system, wherein the authority comprises read, write and calling method authorities, and if the executing entity has the corresponding access authority, allowing the virtual machine to access the basic file and returning an access result to the virtual machine.
And d, the virtual machine returns the access result to the execution entity.
In one mode, by applying the technical scheme of the application, the method and the device can be applied to the following application scenes:
Scene one
The application object realizes a callback method, and the running environment can call the callback method of the application object; the application class needs to realize an application installation method, and an application installation program realized by the running environment calls the application installation method of the application class to create an application class instance object and other objects needed to be created by application initialization.
An application installation program of the running environment calls an application installation method implemented by an application class to install an application, and if the ADF associated with the application does not exist, the ADF associated with the application is created through a programming interface; setting the ADF as the current ADF of the file system before newly creating the instance object, requesting the file system to create a basic file under the ADF of the application program by the virtual machine, storing the object in the basic file, realizing the application of the application object, setting the authority that the running environment can access the application class, and realizing the callback method for calling the application class by the running environment.
When the running environment calls the callback method of the application object, the current execution entity is switched into the application program, and after the callback method returns normally or exits abnormally, the running environment before the method call is restored to be the current execution entity.
Scene two
The system service object, the running environment creates a system object for providing service for the application, the system object realizes a system method, and all the applications can call the system method of the system object;
a new keyword is adopted to newly establish a system instance object of a system class, a virtual machine requests a file system to establish a basic file which can be accessed by only an operating environment entity, and the object is stored in the file, namely, the system object and the file establish an association relationship; through the programming interface, the access authority of the basic file associated with the object is modified, and the object can be accessed by other execution entities, namely, the application can call the system method realized by the system class.
When the application calls the system method of the system object, the current execution entity is switched into the running environment, and after the system method returns normally or exits abnormally, the application program before the method call is restored to be the current execution entity.
Scene three
An output service object through which an application can provide services to other applications, the application providing the services being referred to as an output service application, the output service object allowing a specified application to invoke an output method of the output service object. The output service application creates an output service object in a standard manner, invokes an application programming interface provided by the runtime environment to modify access rights attributes of an associated base file of the output service object, specifying one or more applications that can access the file.
When the client application calls the output method of the output service object, the current execution entity is switched from the client application to the output service application, and after the output method returns normally or exits abnormally, the client application program before the method call is restored to be the current execution entity.
Scene four
The global array object is actively created by the running environment or the application requests the running environment to be created by calling a method in an API provided by the running environment, namely, the global array object belongs to the running environment, but all applications can access the object. The running environment creates an array object in a programming interface mode, the method parameters specify the authority that all applications can access the file, the specified file is associated to the object, and the object reference is returned.
When the application calls the method of the global array object, the current execution entity is switched into the running environment, and after the array object method returns normally or exits abnormally, the application program before the method call is restored to be the current execution entity.
The associated programming interface method may specify the following parameters:
the access rights of the file can be public or accessible by a specific application;
associating the type and size of the array;
storage type, RAM or Flash of file body
Scene five
And (3) the security array, wherein the array object is stored, packaged based on a cryptographic algorithm and then stored in a basic file, and when the object is accessed, the content of the packaged array object is read out from the file, and is returned to the virtual machine in a plaintext mode after being unpacked. For cryptographic key data and PIN or password authentication for client identity, which typically require more demanding protection measures than common objects, such as additional enhanced protection measures like encryption preservation, redundancy preservation, and integrity requirements, the specific implementation depends on the implementation of the file system without requiring that each application layer implement one or more protection mechanisms separately.
Detailed description of the preferred embodiments
The method is created by the running environment or the application by calling the method in the API provided by the running environment, the security storage and other attributes of the basic file are specified by the parameters of the method, the specified file is associated to the array object, and the array object reference is returned.
createArray (File Attribute, storage type, array size)
The associated programming interface method may specify the following parameters:
the file attribute parameters include
Secure storage attributes of the file;
using error detection codes
Content encryption
Nonvolatile storage update mode attribute
Write once read many
Frequent updates
Atomic updates
Nonvolatile memory includes F l ash or E2PROM memory
Access control attributes
Concurrent access
Transport protocol selection
The storage type parameter of the array can be RAM or F l ash
Associating the type and size parameters of the array;
optionally, in another embodiment of the present application, a shadow array object of the array object is created, as shown in fig. 2, including a virtual machine, at least one application program, and a running environment of a file system, wherein:
a virtual machine configured to send a storage request for storing a target object of the application program to the file system; after receiving a data acquisition request of a target application program, sending a data access request for accessing the target object to the file system;
the file system is configured to create a basic file with preset access rights determined by the accessible object after receiving the storage request, and store the target object into the basic file; after receiving the data access request sent by the virtual machine, if the access object carried by the data access request is determined to be matched with the access authority of the basic file, returning the target object information in the basic file to the virtual machine;
And the application program is configured to send a data acquisition request for acquiring the target object to the virtual machine.
The data management system provided by the application can realize a data management method through the following steps:
step 1: the application creates a shadow array object specifying the array object through the programming interface.
The shadow array object can realize sharing data between two different applications, the types and the sizes of the shadow array object and the source array object are the same, the storage positions of user data are the same, but the shadow array object and the source data object belong to different application programs;
the associated programming interface method may specify the following parameters:
a source array object reference;
sharing information of an application;
step 2: the virtual machine receives a request sent by an application to create a shadow array object that specifies an array object.
1) Inquiring the basic file associated with the array object according to the source array object reference;
2) Inquiring the ADF corresponding to the target application according to the information of the sharing application;
3) Requesting the file system to create a shared file of the basic file and placing the shared file under the ADF of the target application;
step 3: the file system detects that the application program has the authority to access the basic file, creates a shared file for the target application, and returns the reference of the array object in the shared file to the virtual machine.
Step 4: the virtual machine returns a reference to the array object in the shared file to the application.
The embodiment of the application also provides electronic equipment for executing the data management method. Referring to fig. 5, a schematic diagram of an electronic device according to some embodiments of the present application is shown. As shown in fig. 5, the electronic apparatus 3 includes: a processor 300, a memory 301, a bus 302 and a communication interface 303, the processor 300, the communication interface 303 and the memory 301 being connected by the bus 302; the memory 301 stores a computer program executable on the processor 300, and the processor 300 executes the method for data management provided in any of the foregoing embodiments of the present application when the computer program is executed.
The memory 301 may include a high-speed random access memory (RAM: random Access Memory), and may further include a non-volatile memory (non-volatile memory), such as at least one magnetic disk memory. The communication connection between the system network element and at least one other network element is implemented via at least one communication interface 303 (which may be wired or wireless), the internet, a wide area network, a local network, a metropolitan area network, etc. may be used.
The processor 300 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in the processor 300 or by instructions in the form of software. The processor 300 may be a general-purpose processor, including a processor (Central Processing Unit, CPU for short), a network processor (Network Processor, NP for short), etc.; but may also be a Digital Signal Processor (DSP), application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components. The disclosed methods, steps, and logic blocks in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present application may be embodied directly in hardware, in a decoded processor, or in a combination of hardware and software modules in a decoded processor. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in the memory 301, and the processor 300 reads the information in the memory 301, and in combination with its hardware, performs the steps of the above method.
The electronic device provided by the embodiment of the application and the method for managing data provided by the embodiment of the application are the same in the invention conception, and have the same beneficial effects as the method adopted, operated or implemented by the electronic device.
The present application further provides a computer readable storage medium corresponding to the method for data management provided in the foregoing embodiments, referring to fig. 6, the computer readable storage medium is shown as an optical disc 40, on which a computer program (i.e. a program product) is stored, where the computer program, when executed by a processor, performs the method for data management provided in any of the foregoing embodiments.
It should be noted that examples of the computer readable storage medium may also include, but are not limited to, a phase change memory (PRAM), a Static Random Access Memory (SRAM), a Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a flash memory, or other optical or magnetic storage medium, which will not be described in detail herein.
The computer readable storage medium provided by the above embodiments of the present application and the method of data identification provided by the embodiments of the present application have the same advantageous effects as the method adopted, operated or implemented by the application program stored therein, for the same inventive concept.
It should be noted that:
in the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the present application may be practiced without these specific details. In some instances, well-known structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the application, various features of the application are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the application and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be construed as reflecting the following schematic diagram: i.e., the claimed application requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this application.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features but not others included in other embodiments, combinations of features of different embodiments are meant to be within the scope of the present application and form different embodiments. For example, in the following claims, any of the claimed embodiments can be used in any combination.
The foregoing is merely a preferred embodiment of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions easily contemplated by those skilled in the art within the technical scope of the present application should be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (18)
1. A method of data management for use in a runtime environment comprising a virtual machine and at least one application, the runtime environment further comprising a file system, the runtime environment and the application being an executing entity that creates objects, wherein:
the virtual machine sends a storage request for storing a target object created by the execution entity request to the file system, wherein the storage request carries file attributes corresponding to the target object;
After receiving the storage request, the file system creates a file with the file attribute, and stores the target object into the file, wherein the file attribute is used for determining the access authority, the storage attribute and the security attribute of the file; the object returned by the virtual machine references the position information associated to the file;
when the file system subsequently receives a data access request sent by the virtual machine and used for accessing the target object, determining whether a current execution entity of the current access object carried by the data access request is matched with the access authority of the file;
if so, the file system will allow the virtual machine to access the target object in the file.
2. The method of claim 1, wherein before the virtual machine sends a storage request to the file system for storing a target object, further comprising:
the virtual machine receives a creation request, wherein the object creation request is used for creating the corresponding target object for an execution entity, the target object comprises one of an array object and an instance object, and the object created by the virtual machine is owned by the execution entity creating the object;
The virtual machine supports creation of the target object by different creation means.
3. The method of claim 2, wherein the virtual machine support creates the target object by different creation means, comprising:
the virtual machine creates the target object in a programming language standard mode and designates the storage file attribute as a default file attribute;
or alternatively, the first and second heat exchangers may be,
the virtual machine provides a programming interface mode to create the target object and comprises a method parameter to specify the attribute of a storage file used for representing the accessible object;
the virtual machine provides a programming interface in which file attributes of a storage file of a created object can be modified.
4. The method of claim 1, wherein the operating environment, when initialized and when the operating environment installs each application, requests the file system to create a corresponding folder, and wherein the operating environment and the application create objects, when creating objects, require creating objects created by the file store under the corresponding folder.
5. The method of claim 4, wherein creating comprises the file in the file system, wherein the file comprises a header and a body;
The file system stores all data in the target object into a file body of the file;
or alternatively, the first and second heat exchangers may be,
the file system stores management data in the target object into a file header of the file; and storing the user data in the target object into a file body of the file.
6. The method of claim 1, wherein the virtual machine access object operations include a read object member, a write object member, and an instance method of a call object, wherein the read object member and the call object method require reading file content, and wherein the write object member requires reading and updating file content;
if the access object does not belong to the execution entity, the current execution entity is switched to the owner of the object when the instance method of the object is called, and after the method returns normally or exits abnormally, the execution entity before the restoration method is called is the current execution entity.
7. The method as claimed in claim 1, comprising:
the file attribute is used for determining the access authority, the security attribute, the storage update attribute and the storage type of the file;
the access authority designates the authority of which operation is carried out on the file by the executing entity, wherein the operation comprises a reading operation, an updating operation and an executing method operation;
Wherein the storage type includes persistent storage and random access storage;
the security attribute comprises an attribute of verifying whether the file content is tampered or not by adopting an error detection code and a content encryption attribute, wherein the content is encrypted when being written, and decrypted after being read;
the storage updating mode attribute comprises a write-once and read-many attribute, a frequent updating attribute and an atomic updating attribute;
the file access control attributes include concurrent access attributes and transport protocol selection attributes.
8. The method of claim 6, wherein the file system returning the object information in the file to the virtual machine when reading the object comprises:
and the file system processes the content of the file according to the file attribute of the file, wherein the processing comprises verification of an error check code and decryption of the file content, and if the processing does not have errors, the processing returns an object stored in the file, otherwise, the processing returns an access object error message.
9. The method of claim 1, wherein writing an object updates an object in the file of the file system, comprising
And the file system processes the content update of the file according to the file update attribute of the file, wherein the processing comprises write-once and read-many, atomic update and frequent update, and if the processing has no error, the processing returns an update success message.
10. The method of claim 1 or 8, further comprising, after said storing said target object in said file:
the virtual machine receives an object access request sent by an execution entity, wherein the access request is used for acquiring information of the target object, and the execution entity is any one application program or an operating environment in the at least one application program;
the virtual machine generates a data access request for accessing the target object to the file system based on the data acquisition request, wherein the data access request carries the current access object for representing the execution entity;
the virtual machine sends the data access request to the file system.
11. The method of claim 10, wherein after the virtual machine sends the data access request to the file system, further comprising:
the file system extracts the current access object in the data access request; determining the file where the target object is located;
the file system detects whether the executing entity has access rights for accessing the file;
And if the file system has the access right, returning the target object information in the file to the virtual machine by the file system.
12. The method of claim 1, further comprising, after storing the array object in the file created according to the preset file attribute:
and creating a shadow array object of the specified array object through a programming interface, wherein the types and the sizes of the shadow array object and the source array object are the same, the storage positions of the user data are the same, and the shadow array object and the source data object belong to different execution entities.
13. The method of claim 12, wherein,
the target object in this document is returned to the virtual machine, including:
the file system creates a file sharing content with other application programs for a storage array object file of the application program, and transfers the stored target array object to the other application programs;
and the file system returns the target array object reference in the shared file to the virtual machine.
14. The method of claim 1, further comprising, after said determining whether an executing entity of an access object carried by said data access request matches an access right of said file:
If the file system determines that the access object does not have the right to access the target object, the file system returns a message for reflecting that the access object does not have the right to access the target object to the virtual machine.
15. The method of claim 1, further comprising, after the file system stores the target object to the file:
the file system sends a feedback message to the virtual machine reflecting that the object has been stored to the file.
16. A system for data management, comprising a virtual machine, at least one application, and a file system, wherein:
the virtual machine is configured to send a storage request for storing a target object created by an execution entity to the file system; after receiving a data acquisition request of a target application program, sending a data access request for accessing the target object to the file system;
the file system is configured to create a file with file attributes after receiving the storage request, and store the target object into the file; after receiving the data access request sent by the virtual machine, if the current access object carried by the data access request is determined to be matched with the access authority of the file, returning the target object information in the file to the virtual machine;
The application and the running environment are configured to send a data acquisition request for acquiring the target object information to the virtual machine.
17. An electronic device, comprising:
a memory for storing executable instructions; the method comprises the steps of,
a processor for executing the executable instructions with the memory to perform the operations of the method of data management of any of claims 1-15.
18. A computer readable storage medium storing computer readable instructions which, when executed, perform the operations of the method of data management of any one of claims 1-15.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211656358.0A CN116070201B (en) | 2022-12-22 | 2022-12-22 | Data management method, system, electronic equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211656358.0A CN116070201B (en) | 2022-12-22 | 2022-12-22 | Data management method, system, electronic equipment and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116070201A true CN116070201A (en) | 2023-05-05 |
| CN116070201B CN116070201B (en) | 2024-07-05 |
Family
ID=86175405
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211656358.0A Active CN116070201B (en) | 2022-12-22 | 2022-12-22 | Data management method, system, electronic equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116070201B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116755845A (en) * | 2023-08-22 | 2023-09-15 | 北京中电华大电子设计有限责任公司 | Data processing method and device |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5504892A (en) * | 1994-09-08 | 1996-04-02 | Taligent, Inc. | Extensible object-oriented file system |
| CN105446794A (en) * | 2014-09-30 | 2016-03-30 | 北京金山云网络技术有限公司 | Disc operation method, apparatus and system based on virtual machine |
| US9569446B1 (en) * | 2010-06-08 | 2017-02-14 | Dell Software Inc. | Cataloging system for image-based backup |
| CN108427677A (en) * | 2017-02-13 | 2018-08-21 | 阿里巴巴集团控股有限公司 | A kind of object accesses method, apparatus and electronic equipment |
| US20190129743A1 (en) * | 2017-10-27 | 2019-05-02 | EMC IP Holding Company LLC | Method and apparatus for managing virtual machine |
| US20190138621A1 (en) * | 2017-11-07 | 2019-05-09 | FHOOSH, Inc. | High-speed secure virtual file system |
| CN111090544A (en) * | 2018-10-24 | 2020-05-01 | 伊姆西Ip控股有限责任公司 | Method, apparatus and computer program product for managing virtual machines |
| CN112765663A (en) * | 2021-01-25 | 2021-05-07 | 北京北信源信息安全技术有限公司 | File access control method, device, equipment, server and storage medium |
| CN113449327A (en) * | 2021-08-31 | 2021-09-28 | 统信软件技术有限公司 | File access control system and method and computing device |
| CN114238236A (en) * | 2021-12-20 | 2022-03-25 | 北京天融信网络安全技术有限公司 | Shared file access method, electronic device and computer readable storage medium |
| CN114385091A (en) * | 2022-03-24 | 2022-04-22 | 天津联想协同科技有限公司 | Method and device for realizing network disk drive character, network disk and storage medium |
| CN114417413A (en) * | 2022-01-20 | 2022-04-29 | 上海简苏网络科技有限公司 | File processing method, device, equipment and medium of block chain file system |
| CN114936188A (en) * | 2022-05-30 | 2022-08-23 | 重庆紫光华山智安科技有限公司 | Data processing method and device, electronic equipment and storage medium |
| CN115408099A (en) * | 2022-07-11 | 2022-11-29 | 北京握奇智能科技有限公司 | Virtual machine data access method, storage medium and device |
-
2022
- 2022-12-22 CN CN202211656358.0A patent/CN116070201B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5504892A (en) * | 1994-09-08 | 1996-04-02 | Taligent, Inc. | Extensible object-oriented file system |
| US9569446B1 (en) * | 2010-06-08 | 2017-02-14 | Dell Software Inc. | Cataloging system for image-based backup |
| CN105446794A (en) * | 2014-09-30 | 2016-03-30 | 北京金山云网络技术有限公司 | Disc operation method, apparatus and system based on virtual machine |
| CN108427677A (en) * | 2017-02-13 | 2018-08-21 | 阿里巴巴集团控股有限公司 | A kind of object accesses method, apparatus and electronic equipment |
| US20190129743A1 (en) * | 2017-10-27 | 2019-05-02 | EMC IP Holding Company LLC | Method and apparatus for managing virtual machine |
| US20190138621A1 (en) * | 2017-11-07 | 2019-05-09 | FHOOSH, Inc. | High-speed secure virtual file system |
| CN111090544A (en) * | 2018-10-24 | 2020-05-01 | 伊姆西Ip控股有限责任公司 | Method, apparatus and computer program product for managing virtual machines |
| CN112765663A (en) * | 2021-01-25 | 2021-05-07 | 北京北信源信息安全技术有限公司 | File access control method, device, equipment, server and storage medium |
| CN113449327A (en) * | 2021-08-31 | 2021-09-28 | 统信软件技术有限公司 | File access control system and method and computing device |
| CN114238236A (en) * | 2021-12-20 | 2022-03-25 | 北京天融信网络安全技术有限公司 | Shared file access method, electronic device and computer readable storage medium |
| CN114417413A (en) * | 2022-01-20 | 2022-04-29 | 上海简苏网络科技有限公司 | File processing method, device, equipment and medium of block chain file system |
| CN114385091A (en) * | 2022-03-24 | 2022-04-22 | 天津联想协同科技有限公司 | Method and device for realizing network disk drive character, network disk and storage medium |
| CN114936188A (en) * | 2022-05-30 | 2022-08-23 | 重庆紫光华山智安科技有限公司 | Data processing method and device, electronic equipment and storage medium |
| CN115408099A (en) * | 2022-07-11 | 2022-11-29 | 北京握奇智能科技有限公司 | Virtual machine data access method, storage medium and device |
Non-Patent Citations (1)
| Title |
|---|
| 肖达;舒继武;薛巍;刘志才;郑纬民;: "基于组密钥服务器的加密文件系统的设计和实现", 计算机学报, no. 04, 15 April 2008 (2008-04-15) * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116755845A (en) * | 2023-08-22 | 2023-09-15 | 北京中电华大电子设计有限责任公司 | Data processing method and device |
| CN116755845B (en) * | 2023-08-22 | 2023-11-14 | 北京中电华大电子设计有限责任公司 | Data processing method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116070201B (en) | 2024-07-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101196974B (en) | Method and system for auto-configuratoin of software application program | |
| US7690023B2 (en) | Software safety execution system | |
| US6834799B2 (en) | IC card with capability of having plurality of card managers installed | |
| US10114932B2 (en) | Adapting a mobile application to a partitioned environment | |
| US20080270806A1 (en) | Execution Device | |
| US10089371B2 (en) | Extensible extract, transform and load (ETL) framework | |
| US10528749B2 (en) | Methods and apparatus for containerized secure computing resources | |
| US10171502B2 (en) | Managed applications | |
| US20210306304A1 (en) | Method and apparatus for distributing confidential execution software | |
| CN108614702B (en) | Byte code optimization method and device | |
| CN114586010A (en) | On-demand execution of object filtering code in the output path of an object storage service | |
| US11163902B1 (en) | Systems and methods for encrypted container image management, deployment, and execution | |
| CN116070201B (en) | Data management method, system, electronic equipment and medium | |
| US20230050944A1 (en) | Container with encrypted software packages | |
| US10223526B2 (en) | Generating packages for managed applications | |
| EP3298534B1 (en) | Creating multiple workspaces in a device | |
| WO2020063002A1 (en) | Data management method and apparatus, and server | |
| CN110352411B (en) | Method and apparatus for controlling access to secure computing resources | |
| CN113239390A (en) | Program access authority control method and device, computing device and storage medium | |
| US6792596B2 (en) | Method and system for protecting resource central programs | |
| CN112152804B (en) | Method, device and system for dynamically configuring private key for cloud server | |
| WO2022019910A1 (en) | Read protection for uefi variables | |
| CN117094016B (en) | Encryption method and device based on Guomai Linux kernel file system data | |
| US11841962B1 (en) | Secure document management systems | |
| US11783095B2 (en) | System and method for managing secure files in memory |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |