Vehicle-mounted application deployment method and system based on containerization isolation and dynamic adaptation
By building standardized containers based on predictive algorithms and using sandbox control algorithms to calculate operational risk parameters in the deployment of in-vehicle applications, the problems of insufficient security and compatibility in existing technologies are solved. This enables secure sandbox deployment and risk-driven optimization of in-vehicle applications, reducing the risk of system failure.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- GUANGDONG XINGZHI INTERNET TECH CO LTD
- Filing Date
- 2026-03-23
- Publication Date
- 2026-06-19
AI Technical Summary
Existing technologies lack predictive algorithms for the dynamic construction of standardized containers and sandbox control algorithms for calculating and correcting operational risk parameters in vehicle application deployments, resulting in insufficient security and compatibility of application operation and making it prone to vehicle system failures.
By acquiring data on applications to be deployed, standardized containers are built based on predictive algorithms, and sandbox control algorithms are used to calculate operational risk parameters, correct container parameters to optimize the containers, and achieve secure sandbox deployment and risk-driven optimization.
It improves the safety and compatibility of in-vehicle applications and reduces the risk of in-vehicle system failures due to unassessed risks.
Smart Images

Figure CN122240131A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of data processing technology, and in particular to a method and system for deploying in-vehicle applications based on containerized isolation and dynamic adaptation. Background Technology
[0002] As in-vehicle applications become increasingly diverse, the demand for their deployment and risk control is also growing rapidly. Automotive companies and developers are placing greater emphasis on the secure operation of these applications, with mitigating the risk of system failures becoming a key technical challenge. Current technologies typically acquire application data for deployment in the in-vehicle environment, deploy applications using fixed container templates or simple sandbox isolation methods, and assess risks based on empirical rules to meet basic safety requirements. However, existing solutions lack predictive algorithms for the dynamic construction of standardized containers and sandbox control algorithms for calculating and correcting operational risk parameters. This makes it difficult to optimize container parameters based on risk and achieve risk-driven deployment, resulting in insufficient application security and compatibility. Failure to assess risks can easily lead to in-vehicle system failures, limiting the reliability of in-vehicle application deployment and overall system stability. Therefore, existing technologies have shortcomings that urgently need to be addressed. Summary of the Invention
[0003] The technical problem to be solved by the present invention is to provide a method and system for deploying in-vehicle applications based on containerized isolation and dynamic adaptation, so as to realize the secure sandbox deployment and risk-driven optimization of in-vehicle applications, improve the security and compatibility of application operation, and reduce the risk of in-vehicle system failure due to failure to assess risks.
[0004] To address the aforementioned technical problems, the first aspect of this invention discloses a method for deploying in-vehicle applications based on containerized isolation and dynamic adaptation, the method comprising: Acquire application data to be deployed to the vehicle environment; Based on the prediction algorithm, a standardized container corresponding to the application data is built. Based on the sandbox control algorithm, the operational risk parameters corresponding to the application data are calculated according to the standardized container. The parameters of the standardized container are modified according to the operational risk parameters to obtain an optimized container, and the application data is deployed in the optimized container; the optimized container establishes application layer communication with the vehicle environment.
[0005] As an optional implementation, in the first aspect of the present invention, the application data includes at least one of application communication protocol, application function description, application code, application interface information, and application historical work record.
[0006] As an optional implementation, in the first aspect of the present invention, the step of building a standardized container corresponding to the application data based on the prediction algorithm includes: The application data is input into the trained container prediction neural network to obtain the output container prediction parameters; Based on the container prediction parameters, multiple candidate standardized containers are matched in a preset standardized container library. Based on the multiple candidate standardized containers, construct the standardized container corresponding to the application data.
[0007] As an optional implementation, in the first aspect of the invention, the step of matching multiple candidate standardized containers in a preset standardized container library according to the container prediction parameters includes: For each preset container in the preset standardized container library, calculate the parameter similarity between the container parameters of the preset container and the container prediction parameters; Calculate the average data similarity between each historical application data and the application data in the historical application records of the preset container to obtain the data matching degree; Calculate the product of the parameter similarity and the data matching degree to obtain the container matching degree corresponding to the preset container; Based on the container matching degree, all the preset containers are sorted from high to low to obtain a container sequence; Containers that are selected from the first preset proportion of the container sequence and whose container matching degree is greater than a preset matching degree threshold are obtained to obtain multiple candidate standardized containers.
[0008] As an optional implementation, in the first aspect of the present invention, the step of constructing a standardized container corresponding to the application data based on the plurality of candidate standardized containers includes: For each preset parameter dimension, determine the container parameters of all the candidate standardized containers in that parameter dimension to obtain the container parameter set corresponding to that parameter dimension; Based on preset parameter contradiction rules, contradictory parameters in the container parameter set are randomly removed; Take a weighted sum and average of any two parameters of the same type in the container parameter set; The remaining parameters in the processed container parameter set are determined as the container parameters corresponding to that parameter dimension; All container parameters corresponding to the aforementioned parameter dimensions are defined as standardized parameters; Based on the standardized parameters, a standardized container corresponding to the application data is built according to the container building algorithm.
[0009] As an optional implementation, in the first aspect of the present invention, the step of calculating the operational risk parameters corresponding to the application data based on the sandbox control algorithm according to the standardized container includes: A sandbox environment is established based on the standardized container described above; Deploy the application data in the sandbox environment; The application data is controlled to run in the sandbox environment based on preset test rules and the running results are obtained; the running results include at least one of the following: running video, feedback from other software, running system records, and running data output; The operation results are analyzed to obtain the operation risk parameters corresponding to the application data.
[0010] As an optional implementation, in the first aspect of the present invention, the step of analyzing the running results to obtain the running risk parameters corresponding to the application data includes: The running results are input into the trained text recognition model to obtain the output running result text; the text recognition model is trained using a training dataset that includes multiple training running results and corresponding text annotations; The resulting text is input into a trained text analysis model to obtain output operational risk parameters; the operational risk parameters include at least one of communication risk, permission risk, failure risk, resource risk, and forgery risk.
[0011] As an optional implementation, in a first aspect of the invention, the step of modifying the parameters of the standardized container according to the operational risk parameters to obtain an optimized container includes: For each container parameter of the standardized container, the container parameter and the operational risk parameter are input into the trained risk correlation analysis model to obtain the output risk correlation parameter; Determine whether the risk association parameter is greater than a preset parameter threshold; If not, the container parameter is set as the correction parameter; If so, the container parameter is gradually adjusted based on the optimization direction corresponding to the parameter type of the container parameter, and the adjusted container parameter and the operation risk parameter are input into the risk correlation analysis model to obtain a new risk correlation parameter, until the new risk correlation parameter is lower than the parameter threshold, and the current adjusted container parameter is output as the correction parameter; Based on all the aforementioned modified parameters, an optimized container is built.
[0012] A second aspect of this invention discloses an in-vehicle application deployment system based on containerized isolation and dynamic adaptation, the system comprising: The acquisition module is used to acquire application data to be deployed to the vehicle environment. The determination module is used to build a standardized container corresponding to the application data based on the prediction algorithm; The calculation module is used to calculate the operational risk parameters corresponding to the application data based on the sandbox control algorithm and the standardized container. The deployment module is used to modify the parameters of the standardized container according to the operational risk parameters to obtain an optimized container, and deploy the application data in the optimized container; the optimized container establishes application layer communication with the vehicle environment.
[0013] As an optional implementation, in a second aspect of the present invention, the application data includes at least one of application communication protocols, application function descriptions, application code, application interface information, and application historical work records.
[0014] As an optional implementation, in the second aspect of the present invention, the specific method by which the determining module constructs the standardized container corresponding to the application data based on the prediction algorithm includes: The application data is input into the trained container prediction neural network to obtain the output container prediction parameters; Based on the container prediction parameters, multiple candidate standardized containers are matched in a preset standardized container library. Based on the multiple candidate standardized containers, construct the standardized container corresponding to the application data.
[0015] As an optional implementation, in a second aspect of the invention, the specific method by which the determining module matches multiple candidate standardized containers in a preset standardized container library based on the container prediction parameters includes: For each preset container in the preset standardized container library, calculate the parameter similarity between the container parameters of the preset container and the container prediction parameters; Calculate the average data similarity between each historical application data and the application data in the historical application records of the preset container to obtain the data matching degree; Calculate the product of the parameter similarity and the data matching degree to obtain the container matching degree corresponding to the preset container; Based on the container matching degree, all the preset containers are sorted from high to low to obtain a container sequence; Containers that are selected from the first preset proportion of the container sequence and whose container matching degree is greater than a preset matching degree threshold are obtained to obtain multiple candidate standardized containers.
[0016] As an optional implementation, in the second aspect of the present invention, the specific method by which the determining module constructs the standardized container corresponding to the application data based on the plurality of candidate standardized containers includes: For each preset parameter dimension, determine the container parameters of all the candidate standardized containers in that parameter dimension to obtain the container parameter set corresponding to that parameter dimension; Based on preset parameter contradiction rules, contradictory parameters in the container parameter set are randomly removed; Take a weighted sum and average of any two parameters of the same type in the container parameter set; The remaining parameters in the processed container parameter set are determined as the container parameters corresponding to that parameter dimension; All container parameters corresponding to the aforementioned parameter dimensions are defined as standardized parameters; Based on the standardized parameters, a standardized container corresponding to the application data is built according to the container building algorithm.
[0017] As an optional implementation, in the second aspect of the invention, the specific method by which the calculation module calculates the operational risk parameters corresponding to the application data based on the sandbox control algorithm and the standardized container includes: A sandbox environment is established based on the standardized container described above; Deploy the application data in the sandbox environment; The application data is controlled to run in the sandbox environment based on preset test rules and the running results are obtained; the running results include at least one of the following: running video, feedback from other software, running system records, and running data output; The operation results are analyzed to obtain the operation risk parameters corresponding to the application data.
[0018] As an optional implementation, in the second aspect of the present invention, the specific method by which the calculation module analyzes the running results to obtain the running risk parameters corresponding to the application data includes: The running results are input into the trained text recognition model to obtain the output running result text; the text recognition model is trained using a training dataset that includes multiple training running results and corresponding text annotations; The resulting text is input into a trained text analysis model to obtain output operational risk parameters; the operational risk parameters include at least one of communication risk, permission risk, failure risk, resource risk, and forgery risk.
[0019] As an optional implementation, in a second aspect of the invention, the deployment module modifies the parameters of the standardized container based on the operational risk parameters to obtain an optimized container, including: For each container parameter of the standardized container, the container parameter and the operational risk parameter are input into the trained risk correlation analysis model to obtain the output risk correlation parameter; Determine whether the risk association parameter is greater than a preset parameter threshold; If not, the container parameter is set as the correction parameter; If so, the container parameter is gradually adjusted based on the optimization direction corresponding to the parameter type of the container parameter, and the adjusted container parameter and the operation risk parameter are input into the risk correlation analysis model to obtain a new risk correlation parameter, until the new risk correlation parameter is lower than the parameter threshold, and the current adjusted container parameter is output as the correction parameter; Based on all the aforementioned modified parameters, an optimized container is built.
[0020] A third aspect of this invention discloses another in-vehicle application deployment system based on containerized isolation and dynamic adaptation, the system comprising: Memory containing executable program code; A processor coupled to the memory; The processor calls the executable program code stored in the memory to execute some or all of the steps in the in-vehicle application deployment method based on containerized isolation and dynamic adaptation disclosed in the first aspect of the present invention.
[0021] The fourth aspect of the present invention discloses a computer storage medium storing computer instructions, which, when invoked, are used to execute some or all of the steps in the vehicle application deployment method based on containerized isolation and dynamic adaptation disclosed in the first aspect of the present invention.
[0022] Compared with the prior art, the embodiments of the present invention have the following beneficial effects: This invention acquires application data to be deployed to the vehicle environment, builds standardized containers based on predictive algorithms, calculates operational risk parameters using sandbox control algorithms, and optimizes container parameters according to risks to obtain optimized containers and deploy application data. This enables secure sandbox deployment and risk-driven optimization of vehicle applications, improves the security and compatibility of application operation, and reduces the risk of vehicle system failures due to unassessed risks. Attached Figure Description
[0023] To more clearly illustrate the technical solutions in the embodiments of the present invention, the accompanying drawings used in the description of the embodiments will be briefly introduced below. Obviously, the accompanying drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0024] Figure 1 This is a flowchart illustrating a method for deploying in-vehicle applications based on containerized isolation and dynamic adaptation, as disclosed in an embodiment of the present invention.
[0025] Figure 2 This is a schematic diagram of the structure of an in-vehicle application deployment system based on containerized isolation and dynamic adaptation disclosed in an embodiment of the present invention.
[0026] Figure 3 This is a schematic diagram of another in-vehicle application deployment system based on containerized isolation and dynamic adaptation disclosed in an embodiment of the present invention. Detailed Implementation
[0027] To enable those skilled in the art to better understand the present invention, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings of the embodiments of the present invention. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.
[0028] The terms "first," "second," etc., used in the specification, claims, and accompanying drawings of this invention are used to distinguish different objects, not to describe a specific order. Furthermore, the terms "comprising" and "having," and any variations thereof, are intended to cover non-exclusive inclusion. For example, a process, method, apparatus, product, or device that includes a series of steps or units is not limited to the listed steps or units, but may optionally include steps or units not listed, or may optionally include other steps or units inherent to these processes, methods, products, or devices.
[0029] In this document, the term "embodiment" means that a particular feature, structure, or characteristic described in connection with an embodiment may be included in at least one embodiment of the invention. The appearance of this phrase in various places throughout the specification does not necessarily refer to the same embodiment, nor is it a separate or alternative embodiment mutually exclusive with other embodiments. It will be explicitly and implicitly understood by those skilled in the art that the embodiments described herein can be combined with other embodiments.
[0030] This invention discloses a method and system for deploying in-vehicle applications based on containerized isolation and dynamic adaptation. By acquiring application data to be deployed to the in-vehicle environment, a standardized container is built based on a predictive algorithm, and a sandbox control algorithm is used to calculate operational risk parameters. The container parameters are then adjusted according to the risks to obtain an optimized container, which is then used to deploy the application data. This achieves secure sandboxed deployment and risk-driven optimization of in-vehicle applications, improving application security and compatibility, and reducing the risk of in-vehicle system failures due to unassessed risks. Detailed explanations follow.
[0031] Example 1 Please see Figure 1 , Figure 1 This is a flowchart illustrating a method for deploying in-vehicle applications based on containerized isolation and dynamic adaptation, as disclosed in an embodiment of the present invention. Figure 1 The described containerized isolation and dynamic adaptation-based vehicle application deployment method can be applied to data processing systems / data processing devices / data processing servers (including local processing servers or cloud processing servers). Figure 1 As shown, this method for deploying in-vehicle applications based on containerized isolation and dynamic adaptation may include the following operations: 101. Obtain application data to be deployed to the vehicle environment.
[0032] Optionally, application data may include at least one of the following: application communication protocol, application function description, application code, application interface information, and application historical work records.
[0033] Optionally, the application data may be a third-party application package for an in-vehicle infotainment system (IVI), an algorithm image for an advanced driver assistance system (ADAS), an on-board diagnostic system (OBD) plugin, high-precision map update data, or vehicle-to-everything (V2X) communication firmware; this invention does not limit the scope of the application data.
[0034] Optionally, the application data can be obtained by downloading incremental update packages from the cloud (OTA) via the vehicle gateway, or by reading application image files from external storage media via a wired interface in the vehicle (such as USB or Ethernet). This invention does not limit the scope of the invention.
[0035] 102. Based on the prediction algorithm, build a standardized container for application data.
[0036] Optionally, the standardized container can be a Docker container, LXC (Linux Containers), Podman container, Kata Containers (a container based on a micro virtual machine), or an application sandbox based on the Android system; this invention does not limit the type of container.
[0037] Optionally, the prediction algorithm can be linear regression prediction, a resource estimation algorithm based on decision trees, or a configuration template matching algorithm based on expert systems; this invention does not limit the specific algorithm.
[0038] 103. Based on the sandbox control algorithm, calculate the corresponding operational risk parameters of the application data according to the standardized container.
[0039] Optionally, the sandbox control algorithm can be a namespace-based resource isolation algorithm, a cgroups-based resource quota limiting algorithm, a Seccomp-based system call filtering algorithm, or a permission management algorithm based on mandatory access control (MAC, such as AppArmor, SELinux). This invention does not limit the algorithm.
[0040] 104. Adjust the parameters of the standardized container according to the operational risk parameters to obtain the optimized container, and deploy application data in the optimized container.
[0041] Optionally, optimize the application-layer communication between the container and the vehicle environment.
[0042] Optionally, the application layer communication can be based on the SOME / IP protocol, DDS (Data Distribution Service) protocol, MQTT protocol, gRPC protocol or vehicle-specific CAN-TCP bridge protocol for data exchange, and the present invention does not limit it.
[0043] As can be seen, the above-described embodiments of the invention acquire application data to be deployed to the vehicle environment, build standardized containers based on prediction algorithms, calculate operational risk parameters using sandbox control algorithms, and optimize containers by correcting container parameters according to risks and deploying application data. This enables secure sandbox deployment and risk-driven optimization of vehicle applications, improves the security and compatibility of application operation, and reduces the risk of vehicle system failures due to failure to assess risks.
[0044] As an optional embodiment, the step above, building a standardized container for application data based on the prediction algorithm, includes: The application data is input into the trained container prediction neural network to obtain the output container prediction parameters; Based on the container prediction parameters, multiple candidate standardized containers are matched in the preset standardized container library; Based on multiple candidate standardized containers, build a standardized container corresponding to the application data.
[0045] Optionally, the container prediction neural network can be a multilayer perceptron (MLP), a convolutional neural network (CNN), a recurrent neural network (RNN), or a Transformer feature extraction network based on an attention mechanism; this invention does not impose any limitations.
[0046] Optionally, the container prediction parameters can be the estimated number of CPU cores allocated, memory reservation limit, disk I / O bandwidth limit, network QoS priority, or kernel parameter template, and this invention does not limit them.
[0047] Optionally, the standardized container library can be a predefined image repository stored in the vehicle's storage or a collection of Dockerfile configuration templates synchronized in the cloud; this invention does not limit this.
[0048] As can be seen, through the above optional embodiments, by inputting application data into the trained container prediction neural network to output container prediction parameters, matching multiple candidate standardized containers in the standardized container library and building standardized containers, accurate container candidate screening and construction based on model prediction is achieved, improving the targeting and efficiency of container construction, and reducing the risk of deployment failure due to incompatible container parameters.
[0049] As an optional embodiment, the step described above, matching multiple candidate standardized containers in a preset standardized container library based on container prediction parameters, includes: For each predefined container in the predefined standardized container library, calculate the parameter similarity between the container parameters and the container prediction parameters of the predefined container; Calculate the average data similarity between each historical application data and application data in the historical application records of the preset container to obtain the data matching degree; Calculate the product of parameter similarity and data matching degree to obtain the container matching degree corresponding to the preset container; The container sequence is obtained by sorting all preset containers from high to low based on their matching degree. Containers that are selected from the first preset proportion of container sequences and whose container matching degree is greater than a preset matching degree threshold are obtained, resulting in multiple candidate standardized containers.
[0050] Optionally, the similarity of the parameters and the similarity of the data can be calculated using Euclidean distance, cosine similarity, Manhattan distance, Hamming distance, or Jaccard similarity coefficient, and this invention does not limit the method.
[0051] As can be seen, through the above optional embodiments, the product of the similarity between the preset container and the container prediction parameters and the data matching degree of historical application records is used as the container matching degree. High matching degree candidate standardized containers are sorted and screened to achieve accurate container selection based on training and historical verification, improve the adaptation accuracy of standardized containers, and reduce the risk of container redundancy caused by matching degree calculation deviation.
[0052] As an optional embodiment, the step above, building a standardized container corresponding to the application data based on multiple candidate standardized containers, includes: For each preset parameter dimension, determine the container parameters of all candidate standardized containers in that parameter dimension, and obtain the set of container parameters corresponding to that parameter dimension; Based on preset parameter conflict rules, contradictory parameters in the container parameter set are randomly removed. Take a weighted average of any two parameters of the same type in the container parameter set; The remaining parameters in the processed container parameter set are determined as the container parameters corresponding to that parameter dimension; Define the container parameters corresponding to all parameter dimensions as standardized parameters; Based on standardized parameters and according to the container building algorithm, a standardized container corresponding to the application data is built.
[0053] Optionally, the parameter conflict rule can be a privileged mode mutual exclusion rule, a port conflict detection rule, a driver mount uniqueness rule, or a memory overflow constraint rule; this invention does not impose any limitations.
[0054] As can be seen, through the above optional embodiments, by filtering the candidate container parameter set according to parameter dimensions, removing contradictory parameters based on contradiction rules and obtaining standardized parameters by weighted average, a standardized container is built, realizing multi-dimensional parameter conflict handling and standardization integration, improving the consistency and rationality of container parameters, and reducing the risk of container construction instability caused by parameter contradictions.
[0055] As an optional embodiment, the above steps, based on the sandbox control algorithm, include calculating the operational risk parameters corresponding to the standardized container application data, including: Sandbox environments are built using standardized containers; Deploy application data in a sandbox environment; Based on preset test rules, the application data is controlled to run in a sandbox environment and the running results are obtained; The results of the operation are analyzed to obtain the operational risk parameters corresponding to the application data.
[0056] Optionally, the results may include at least one of the following: running video, feedback from other software, running system logs, and running data output.
[0057] Optionally, the system log can be kernel log (dmesg), system call trace (strace) data, memory leak detection report, or process scheduling delay record; this invention does not limit the log.
[0058] As can be seen, through the above optional embodiments, by deploying application data in a sandbox environment based on standardized containers, running and analyzing the results based on test rules, a quantitative risk assessment under an isolated sandbox can be achieved, improving the security verification capability and controllability of application deployment, and reducing the risk of system pollution caused by direct deployment.
[0059] As an optional embodiment, the step above, analyzing the running results to obtain the running risk parameters corresponding to the application data, includes: The results are input into the trained text recognition model to obtain the output text. The resulting text is input into the trained text analysis model to obtain the output operational risk parameters.
[0060] Optionally, the text recognition model is trained using a training dataset that includes multiple training run results and corresponding text annotations.
[0061] Optionally, the text recognition model can be a CRNN-based character recognition model, a BERT-based natural language extraction model, or a keyword filtering engine based on regular expressions; this invention does not limit the specific model.
[0062] Optionally, operational risk parameters include at least one of communication risk, access risk, failure risk, resource risk, and forgery risk.
[0063] Optionally, the communication risk could be unauthorized CAN ID access, high-frequency network broadcast storms, or illegal cross-domain requests; this invention does not limit such risks.
[0064] Optionally, the resource risk could be caused by prolonged high CPU usage affecting core security tasks, unexpected memory growth, or frequent flash memory write operations; this invention does not limit such risks.
[0065] As can be seen, through the above optional embodiments, by inputting the running results into the text recognition model to obtain the running result text, and then inputting it into the text analysis model to output the running risk parameters, accurate risk quantification based on text parsing and model analysis is achieved, improving the objectivity and comprehensiveness of risk assessment, and reducing the risk of risk omission due to unstructured running results.
[0066] As an optional embodiment, the step above, modifying the parameters of the standardized container based on operational risk parameters to obtain an optimized container, includes: For each container parameter of the standardized container, the container parameter and the operational risk parameter are input into the trained risk correlation analysis model to obtain the output risk correlation parameters; Determine whether the risk-related parameters are greater than the preset parameter threshold; If not, the container parameter is set as the correction parameter; If so, the container parameter is gradually adjusted based on the optimization direction corresponding to the parameter type of the container parameter, and the adjusted container parameter and the running risk parameter are input into the risk correlation analysis model to obtain the new risk correlation parameter output, until the new risk correlation parameter is lower than the parameter threshold, and the current adjusted container parameter is output as the correction parameter. Based on all the corrected parameters, build an optimized container.
[0067] Optionally, the risk association analysis model can be a statistical model based on Pearson correlation coefficient, a feature importance analysis model based on gradient boosting tree (GBDT), or a relationship evolution model based on graph neural network (GNN), and this invention does not limit it.
[0068] Optionally, this optimization direction can be to reduce CPU quota, revoke root privileges, enable read-only file system mapping, enable memory ballooning mechanism, or increase network traffic shaping limit; this invention does not limit these options.
[0069] As can be seen, through the above optional embodiments, risk correlation parameters are obtained by inputting each container parameter and the operational risk parameter into the risk correlation analysis model, the threshold is determined and the parameters are gradually adjusted until the risk is lower than the threshold to obtain the corrected parameters, and the optimized container is built based on the corrected parameters, thereby realizing risk-driven iterative correction of parameters, improving the security and adaptability of the optimized container, and reducing the application operation risk caused by unoptimized parameters.
[0070] Example 2 Please see Figure 2 , Figure 2 This is a schematic diagram of the structure of an in-vehicle application deployment system based on containerized isolation and dynamic adaptation, as disclosed in an embodiment of the present invention. Figure 2 The described containerized isolation and dynamic adaptation-based vehicle application deployment system can be applied to data processing systems / data processing devices / data processing servers (including local processing servers or cloud processing servers). For example... Figure 2 As shown, this in-vehicle application deployment system based on containerized isolation and dynamic adaptation may include: The acquisition module 201 is used to acquire application data to be deployed to the vehicle environment.
[0071] The determination module 202 is used to build a standardized container for application data based on the prediction algorithm.
[0072] The calculation module 203 is used to calculate the operational risk parameters corresponding to the application data based on the sandbox control algorithm and the standardized container.
[0073] Deployment module 204 is used to correct the parameters of the standardized container based on the runtime risk parameters to obtain an optimized container, and to deploy application data in the optimized container.
[0074] Optionally, optimize the application-layer communication between the container and the vehicle environment.
[0075] As can be seen, the above-described embodiments of the invention acquire application data to be deployed to the vehicle environment, build standardized containers based on prediction algorithms, calculate operational risk parameters using sandbox control algorithms, and optimize containers by correcting container parameters according to risks and deploying application data. This enables secure sandbox deployment and risk-driven optimization of vehicle applications, improves the security and compatibility of application operation, and reduces the risk of vehicle system failures due to failure to assess risks.
[0076] As an optional embodiment, the application data includes at least one of the following: application communication protocol, application function description, application code, application interface information, and application historical work records.
[0077] As can be seen, the above optional embodiments limit the details of the application data content to fully characterize the features of the application to be deployed, assist in the safe sandboxing deployment and risk-driven optimization of in-vehicle applications, and improve the security and compatibility of application operation.
[0078] As an optional embodiment, the specific method by which the module builds a standardized container corresponding to the application data based on the prediction algorithm includes: The application data is input into the trained container prediction neural network to obtain the output container prediction parameters; Based on the container prediction parameters, multiple candidate standardized containers are matched in the preset standardized container library; Based on multiple candidate standardized containers, build a standardized container corresponding to the application data.
[0079] As can be seen, through the above optional embodiments, by inputting application data into the trained container prediction neural network to output container prediction parameters, matching multiple candidate standardized containers in the standardized container library and building standardized containers, accurate container candidate screening and construction based on model prediction is achieved, improving the targeting and efficiency of container construction, and reducing the risk of deployment failure due to incompatible container parameters.
[0080] As an optional embodiment, the specific method by which the determining module matches multiple candidate standardized containers in a preset standardized container library based on container prediction parameters includes: For each predefined container in the predefined standardized container library, calculate the parameter similarity between the container parameters and the container prediction parameters of the predefined container; Calculate the average data similarity between each historical application data and application data in the historical application records of the preset container to obtain the data matching degree; Calculate the product of parameter similarity and data matching degree to obtain the container matching degree corresponding to the preset container; The container sequence is obtained by sorting all preset containers from high to low based on their matching degree. Containers that are selected from the first preset proportion of container sequences and whose container matching degree is greater than a preset matching degree threshold are obtained, resulting in multiple candidate standardized containers.
[0081] As can be seen, through the above optional embodiments, the product of the similarity between the preset container and the container prediction parameters and the data matching degree of historical application records is used as the container matching degree. High matching degree candidate standardized containers are sorted and screened to achieve accurate container selection based on training and historical verification, improve the adaptation accuracy of standardized containers, and reduce the risk of container redundancy caused by matching degree calculation deviation.
[0082] As an optional embodiment, the specific method by which the determining module builds the standardized container corresponding to the application data based on multiple candidate standardized containers includes: For each preset parameter dimension, determine the container parameters of all candidate standardized containers in that parameter dimension, and obtain the set of container parameters corresponding to that parameter dimension; Based on preset parameter conflict rules, contradictory parameters in the container parameter set are randomly removed. Take a weighted average of any two parameters of the same type in the container parameter set; The remaining parameters in the processed container parameter set are determined as the container parameters corresponding to that parameter dimension; Define the container parameters corresponding to all parameter dimensions as standardized parameters; Based on standardized parameters and according to the container building algorithm, a standardized container corresponding to the application data is built.
[0083] As can be seen, through the above optional embodiments, by filtering the candidate container parameter set according to parameter dimensions, removing contradictory parameters based on contradiction rules and obtaining standardized parameters by weighted average, a standardized container is built, realizing multi-dimensional parameter conflict handling and standardization integration, improving the consistency and rationality of container parameters, and reducing the risk of container construction instability caused by parameter contradictions.
[0084] As an optional implementation, the calculation module, based on a sandbox control algorithm, calculates the specific methods for operational risk parameters corresponding to standardized container application data, including: Sandbox environments are built using standardized containers; Deploy application data in a sandbox environment; The application data is controlled to run in a sandbox environment based on preset test rules and the running results are obtained; optionally, the running results include at least one of the following: running video, feedback from other software, running system records, and running data output; The results of the operation are analyzed to obtain the operational risk parameters corresponding to the application data.
[0085] As can be seen, through the above optional embodiments, by deploying application data in a sandbox environment based on standardized containers, running and analyzing the results based on test rules, a quantitative risk assessment under an isolated sandbox can be achieved, improving the security verification capability and controllability of application deployment, and reducing the risk of system pollution caused by direct deployment.
[0086] As an optional embodiment, the specific method by which the calculation module analyzes the running results to obtain the running risk parameters corresponding to the application data includes: The results of the operation are input into the trained text recognition model to obtain the output text; optionally, the text recognition model is trained using a training dataset that includes multiple training results and corresponding text annotations. The resulting text is input into the trained text analysis model to obtain the output operational risk parameters; the operational risk parameters include at least one of communication risk, permission risk, failure risk, resource risk, and forgery risk.
[0087] As can be seen, through the above optional embodiments, by inputting the running results into the text recognition model to obtain the running result text, and then inputting it into the text analysis model to output the running risk parameters, accurate risk quantification based on text parsing and model analysis is achieved, improving the objectivity and comprehensiveness of risk assessment, and reducing the risk of risk omission due to unstructured running results.
[0088] As an optional embodiment, the deployment module modifies the parameters of the standardized container based on operational risk parameters to obtain a specific way to optimize the container, including: For each container parameter of the standardized container, the container parameter and the operational risk parameter are input into the trained risk correlation analysis model to obtain the output risk correlation parameters; Determine whether the risk-related parameters are greater than the preset parameter threshold; If not, the container parameter is set as the correction parameter; If so, the container parameter is gradually adjusted based on the optimization direction corresponding to the parameter type of the container parameter, and the adjusted container parameter and the running risk parameter are input into the risk correlation analysis model to obtain the new risk correlation parameter output, until the new risk correlation parameter is lower than the parameter threshold, and the current adjusted container parameter is output as the correction parameter. Based on all the corrected parameters, build an optimized container.
[0089] As can be seen, through the above optional embodiments, risk correlation parameters are obtained by inputting each container parameter and the operational risk parameter into the risk correlation analysis model, the threshold is determined and the parameters are gradually adjusted until the risk is lower than the threshold to obtain the corrected parameters, and the optimized container is built based on the corrected parameters, thereby realizing risk-driven iterative correction of parameters, improving the security and adaptability of the optimized container, and reducing the application operation risk caused by unoptimized parameters.
[0090] Example 3 Please see Figure 3 , Figure 3 This is another vehicle application deployment system based on containerized isolation and dynamic adaptation disclosed in the embodiments of the present invention. Figure 3 The described containerized isolation and dynamic adaptation-based vehicle application deployment system is applied to data processing systems / data processing equipment / data processing servers (including local processing servers or cloud processing servers). For example... Figure 3 As shown, this in-vehicle application deployment system based on containerized isolation and dynamic adaptation may include: Memory 301 storing executable program code; Processor 302 coupled to memory 301; The processor 302 calls the executable program code stored in the memory 301 to execute the steps of the vehicle application deployment method based on containerized isolation and dynamic adaptation described in Embodiment 1.
[0091] Example 4 This invention discloses a computer read storage medium that stores a computer program for electronic data interchange, wherein the computer program causes a computer to execute the steps of the in-vehicle application deployment method based on containerized isolation and dynamic adaptation described in Embodiment 1.
[0092] Example 5 This invention discloses a computer program product, which includes a non-transitory computer-readable storage medium storing a computer program, and the computer program is operable to cause a computer to perform the steps of the in-vehicle application deployment method based on containerized isolation and dynamic adaptation described in Embodiment 1.
[0093] The foregoing has described specific embodiments of this specification; other embodiments are within the scope of the appended claims. In some cases, the actions or steps described in the claims may be performed in a different order than those shown in the embodiments and may still achieve the desired result. Furthermore, the processes depicted in the drawings do not necessarily have to follow the specific or sequential order shown to achieve the desired result. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
[0094] The systems, devices, modules, or units described in the above embodiments can be implemented by computer chips or entities, or by products with certain functions. A typical implementation device is a computer. Specifically, a computer can be, for example, a personal computer, laptop computer, cellular phone, camera phone, smartphone, personal digital assistant, media player, navigation device, email device, game console, tablet computer, wearable device, or any combination of these devices.
[0095] For ease of description, the above devices are described in terms of function, divided into various units. Of course, in implementing this specification, the functions of each unit can be implemented in one or more software and / or hardware components.
[0096] Those skilled in the art will understand that the embodiments of this specification can be provided as methods, systems, or computer program products. Therefore, the embodiments of this specification can take the form of a completely hardware embodiment, a completely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the embodiments of this specification can take the form of a computer program product implemented on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.
[0097] This specification is described with reference to flowchart illustrations and / or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of this specification. It will be understood that each block of the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, special-purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create a machine for implementing the flowchart illustrations and / or block diagrams. Figure 1 One or more processes and / or boxes Figure 1 A device that provides the functions specified in one or more boxes.
[0098] These computer program instructions may also be stored in a computer-readable storage medium that can direct a computer or other programmable data processing device to function in a particular manner, such that the instructions stored in the computer-readable storage medium produce an article of manufacture including instruction means, which are implemented in a process Figure 1 One or more processes and / or boxes Figure 1 The function specified in one or more boxes.
[0099] These computer program instructions may also be loaded onto a computer or other programmable data processing equipment to cause a series of operational steps to be performed on the computer or other programmable equipment to produce a computer-implemented process, thereby providing instructions that execute on the computer or other programmable equipment for implementing the process. Figure 1 One or more processes and / or boxes Figure 1 The steps of the function specified in one or more boxes.
[0100] In a typical configuration, a computing device includes one or more processors (CPU), input / output interfaces, network interfaces, and memory.
[0101] Memory may include non-persistent storage in computer-readable media, such as random access memory (RAM) and / or non-volatile memory, such as read-only memory (ROM) or flash RAM. Memory is an example of computer-readable media.
[0102] Computer-readable media includes both permanent and non-permanent, removable and non-removable media that can store information using any method or technology. Information can be computer-readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase-change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technologies, CD-ROM, digital versatile optical disc (DVD) or other optical storage, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transferable medium that can be used to store information accessible by a computing device. As defined herein, computer-readable media does not include transient computer-readable media, such as modulated data signals and carrier waves.
[0103] It should also be noted that the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes said element.
[0104] This specification can be described in the general context of computer-executable instructions that are executed by a computer, such as program modules. Generally, program modules include routines, programs, objects, components, data structures, etc., that perform a specific task or implement a specific abstract data type. This specification can also be practiced in distributed computing environments, where tasks are performed by remote processing devices connected via a communication network. In distributed computing environments, program modules can reside in local and remote computer storage media, including storage devices.
[0105] The various embodiments in this specification are described in a progressive manner. Similar or identical parts between embodiments can be referred to interchangeably. Each embodiment focuses on describing the differences from other embodiments. In particular, the system embodiments are basically similar to the method embodiments, so the description is relatively simple; relevant parts can be referred to the descriptions in the method embodiments.
[0106] Finally, it should be noted that the vehicle application deployment method and system based on containerized isolation and dynamic adaptation disclosed in the embodiments of the present invention are merely preferred embodiments of the present invention, and are only used to illustrate the technical solutions of the present invention, and not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that modifications can still be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some of the technical features; and these modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims
1. A method for deploying in-vehicle applications based on containerized isolation and dynamic adaptation, characterized in that, The method includes: Acquire application data to be deployed to the vehicle environment; Based on the prediction algorithm, a standardized container corresponding to the application data is built. Based on the sandbox control algorithm, the operational risk parameters corresponding to the application data are calculated according to the standardized container. The parameters of the standardized container are modified according to the operational risk parameters to obtain an optimized container, and the application data is deployed in the optimized container; the optimized container establishes application layer communication with the vehicle environment.
2. The method for deploying in-vehicle applications based on containerized isolation and dynamic adaptation according to claim 1, characterized in that, The application data includes at least one of the following: application communication protocol, application function description, application code, application interface information, and application historical work records.
3. The method for deploying in-vehicle applications based on containerized isolation and dynamic adaptation according to claim 1, characterized in that, The process of building a standardized container for the application data based on the prediction algorithm includes: The application data is input into the trained container prediction neural network to obtain the output container prediction parameters; Based on the container prediction parameters, multiple candidate standardized containers are matched in a preset standardized container library. Based on the multiple candidate standardized containers, construct the standardized container corresponding to the application data.
4. The method for deploying in-vehicle applications based on containerized isolation and dynamic adaptation according to claim 3, characterized in that, The step of matching multiple candidate standardized containers in a preset standardized container library based on the container prediction parameters includes: For each preset container in the preset standardized container library, calculate the parameter similarity between the container parameters of the preset container and the container prediction parameters; Calculate the average data similarity between each historical application data and the application data in the historical application records of the preset container to obtain the data matching degree; Calculate the product of the parameter similarity and the data matching degree to obtain the container matching degree corresponding to the preset container; Based on the container matching degree, all the preset containers are sorted from high to low to obtain a container sequence; Containers that are selected from the first preset proportion of the container sequence and whose container matching degree is greater than a preset matching degree threshold are obtained to obtain multiple candidate standardized containers.
5. The method for deploying in-vehicle applications based on containerized isolation and dynamic adaptation according to claim 3, characterized in that, The step of building a standardized container corresponding to the application data based on the multiple candidate standardized containers includes: For each preset parameter dimension, determine the container parameters of all the candidate standardized containers in that parameter dimension to obtain the container parameter set corresponding to that parameter dimension; Based on preset parameter contradiction rules, contradictory parameters in the container parameter set are randomly removed; Take a weighted sum and average of any two parameters of the same type in the container parameter set; The remaining parameters in the processed container parameter set are determined as the container parameters corresponding to that parameter dimension; All container parameters corresponding to the aforementioned parameter dimensions are defined as standardized parameters; Based on the standardized parameters, a standardized container corresponding to the application data is built according to the container building algorithm.
6. The method for deploying in-vehicle applications based on containerized isolation and dynamic adaptation according to claim 1, characterized in that, The sandbox-based control algorithm calculates the operational risk parameters corresponding to the application data based on the standardized container, including: A sandbox environment is established based on the standardized container described above; Deploy the application data in the sandbox environment; The application data is controlled to run in the sandbox environment based on preset test rules and the running results are obtained; the running results include at least one of the following: running video, feedback from other software, running system records, and running data output; The operation results are analyzed to obtain the operation risk parameters corresponding to the application data.
7. The method for deploying in-vehicle applications based on containerized isolation and dynamic adaptation according to claim 6, characterized in that, The analysis of the operation results to obtain the operation risk parameters corresponding to the application data includes: The running results are input into the trained text recognition model to obtain the output running result text; the text recognition model is trained using a training dataset that includes multiple training running results and corresponding text annotations; The resulting text is input into a trained text analysis model to obtain output operational risk parameters; the operational risk parameters include at least one of communication risk, permission risk, failure risk, resource risk, and forgery risk.
8. The method for deploying in-vehicle applications based on containerized isolation and dynamic adaptation according to claim 1, characterized in that, The step of modifying the parameters of the standardized container based on the operational risk parameters to obtain an optimized container includes: For each container parameter of the standardized container, the container parameter and the operational risk parameter are input into the trained risk correlation analysis model to obtain the output risk correlation parameter; Determine whether the risk association parameter is greater than a preset parameter threshold; If not, the container parameter is set as the correction parameter; If so, the container parameter is gradually adjusted based on the optimization direction corresponding to the parameter type of the container parameter, and the adjusted container parameter and the operation risk parameter are input into the risk correlation analysis model to obtain a new risk correlation parameter, until the new risk correlation parameter is lower than the parameter threshold, and the current adjusted container parameter is output as the correction parameter; Based on all the aforementioned modified parameters, an optimized container is built.
9. A vehicle application deployment system based on containerized isolation and dynamic adaptation, characterized in that, The system includes: The acquisition module is used to acquire application data to be deployed to the vehicle environment. The determination module is used to build a standardized container corresponding to the application data based on the prediction algorithm; The calculation module is used to calculate the operational risk parameters corresponding to the application data based on the sandbox control algorithm and the standardized container. The deployment module is used to modify the parameters of the standardized container according to the operational risk parameters to obtain an optimized container, and deploy the application data in the optimized container; the optimized container establishes application layer communication with the vehicle environment.
10. A vehicle application deployment system based on containerized isolation and dynamic adaptation, characterized in that, The system includes: Memory containing executable program code; A processor coupled to the memory; The processor calls the executable program code stored in the memory to execute the vehicle application deployment method based on containerized isolation and dynamic adaptation as described in any one of claims 1-8.