A safe operation method of paas platform and paas platform

A technology for safe operation and platform, applied in computer security devices, instruments, electrical digital data processing and other directions, can solve application node security issues, application security issues, security issues and other issues

Active Publication Date: 2015-10-21
BEIJING SOHU NEW MEDIA INFORMATION TECH
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For the PaaS platform, the application nodes of the PaaS platform are usually multi-tenant, that is to say, the application nodes of the PaaS platform will receive applications uploaded from various clients, and these uploaded applications Programs may not only cause security problems to the application nodes running these applications on the PaaS platform, but also cause security problems to other applications deployed on the application nodes, and even, in some cases, these uploaded applications The program may cause security issues to other application nodes in the PaaS platform through the application node. series of security questions
However, the existing Java security sandbox can only guarantee the security of the application program from the language itself, but cannot avoid the above security problems in the PaaS platform

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A safe operation method of paas platform and paas platform
  • A safe operation method of paas platform and paas platform
  • A safe operation method of paas platform and paas platform

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0033] see figure 1 , which is a flowchart of a PaaS platform security operation method disclosed in Embodiment 1 of the present invention, the method includes the following steps:

[0034] Step 101: the management server obtains the application program code;

[0035] For example, the client can directly upload the application code to the management server, or submit the application code to the code version control repository, and then the management server obtains the application program code from the code version control repository. These application codes obtained by the management server are basically completely untrustworthy in the PaaS platform. It may be malicious code uploaded by hackers and attack the PaaS platform, bringing various security risks to the PaaS platform.

[0036] Step 102: the management server allocates application program nodes and logical isolation modes for the application program code scheduling;

[0037] After the management server obtains the a...

Embodiment 2

[0069] see figure 2 , which is a flow chart of a safe operation method for a PaaS platform disclosed in Embodiment 2 of the present invention. In this embodiment, application nodes are further physically isolated, and the method includes the following steps:

[0070] Step 201: the management server divides all application program nodes in the PaaS platform into multiple physical groups in advance, wherein each physical group includes multiple application program nodes, and each application program node is used to run at least one application program;

[0071] Through the above methods, such as image 3 As shown, the multiple application nodes inside the oval circle (i.e. image 3 AppNode) form a physical group, and the management server can only schedule and allocate application nodes for the application within this physical group, that is, the application code can only be deployed, scheduled, and migrated within this physical group. In this way, a physical isolation is for...

Embodiment 3

[0082] Corresponding to the above safe operation method of a PaaS platform, an embodiment of the present invention further provides a PaaS platform. see Figure 4 , which is a structural diagram of a PaaS platform disclosed in Embodiment 3 of the present invention, the PaaS platform includes a management server 401 and at least one application node 402 ( Figure 4 Only one application node is shown in ), where the management server 401 includes an acquisition module 4011 , a scheduling assignment module 4022 , and the application node 402 includes a download module 4021 , an interception module 4022 , an isolation module 4023 and a restriction shielding module 4024 . The following will further introduce its internal structure and connection relationship in combination with the working principle of the platform.

[0083] An acquisition module 4011, configured to acquire application program codes;

[0084] A scheduling allocation module 4012, configured to schedule and allocat...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

An embodiment of the invention discloses a PaaS (platform as a service) platform and a safe operation method thereof. The method includes: a management server acquires an application code; the management server schedules and distributes an application node and a logical isolation manner for the application code; the application node downloads the application code and the logical isolation manner from the management server; the application node intercepts a Java code through Java instrumentation when the Java code enters a Java virtual machine; the application node mutually isolates the application code and a service program code included in the Java code through a Java class loader; and application node limits and shields the isolated application code in the logical isolation manner through byte code enhancement. Safety problems of the PaaS cloud platform caused by applications uploaded by a client can be avoided.

Description

technical field [0001] The present invention relates to the field of computer application technology, in particular to a PaaS platform safe operation method and the PaaS platform. Background technique [0002] With the rapid development of IT technology and the in-depth application of cloud computing technology and concepts, cloud security has increasingly become the focus of the security industry. On the one hand, the borderless and fluid characteristics of cloud computing applications have caused many new security issues. On the other hand, cloud computing technology and concepts have also had a profound impact on traditional security technologies and applications. [0003] According to different service types, cloud computing technology is divided into SaaS (Soft as a Service, software as a service), PaaS (Platform as a Service, platform as a service) and IaaS (Infrastructure as a Service, infrastructure as a service). Among them, PaaS is the application infrastructure s...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/51
Inventor 刘冲
Owner BEIJING SOHU NEW MEDIA INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap