[go: up one dir, main page]

CN120372600A - Application execution method and device - Google Patents

Application execution method and device

Info

Publication number
CN120372600A
CN120372600A CN202510437840.2A CN202510437840A CN120372600A CN 120372600 A CN120372600 A CN 120372600A CN 202510437840 A CN202510437840 A CN 202510437840A CN 120372600 A CN120372600 A CN 120372600A
Authority
CN
China
Prior art keywords
target
code set
decrypted
application
target code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202510437840.2A
Other languages
Chinese (zh)
Inventor
邓华
孙鸿达
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Imilab Technology Co Ltd
Original Assignee
Shanghai Imilab Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Imilab Technology Co Ltd filed Critical Shanghai Imilab Technology Co Ltd
Priority to CN202510437840.2A priority Critical patent/CN120372600A/en
Publication of CN120372600A publication Critical patent/CN120372600A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

本公开提供了一种应用执行的方法及装置,涉及计算机技术领域,尤其涉及应用安全、应用执行等技术领域。具体实现方案为:响应于接收到客户端发送的访问请求,确定所述访问请求访问的目标功能,其中,所述目标功能为第一应用的多个功能之一;在第一应用的加密的多个代码集合中,确定所述目标功能对应的加密的目标代码集合;对所述目标功能对应的加密的目标代码集合进行解密,得到所述目标功能对应的解密的目标代码集合;执行所述目标功能对应的解密的目标代码集合,得到所述解密的目标代码集合的执行结果,其中,所述解密的目标代码集合的执行结果用于在所述客户端展示所述目标功能对应的内容;向所述客户端发送所述解密的目标代码集合的执行结果。

The present disclosure provides a method and device for executing an application, which relates to the field of computer technology, and in particular to the technical fields of application security, application execution, etc. The specific implementation scheme is: in response to receiving an access request sent by a client, determining the target function accessed by the access request, wherein the target function is one of multiple functions of a first application; determining the encrypted target code set corresponding to the target function in multiple encrypted code sets of the first application; decrypting the encrypted target code set corresponding to the target function to obtain a decrypted target code set corresponding to the target function; executing the decrypted target code set corresponding to the target function to obtain an execution result of the decrypted target code set, wherein the execution result of the decrypted target code set is used to display the content corresponding to the target function on the client; and sending the execution result of the decrypted target code set to the client.

Description

Application execution method and device
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to the technical fields of application security, application execution, and the like.
Background
In the prior art, the backend code of an application is usually arranged in a server in a plaintext, and an access request of a client is executed through the backend code of the plaintext, so that the backend code of the application may be leaked or tampered with. Therefore, how to improve the security of the backend code applied in the server becomes a technical problem to be solved.
Disclosure of Invention
The disclosure provides a method and a server for executing an application.
According to an aspect of the present disclosure, there is provided a method for executing an application, applied to a server, including:
Determining a target function accessed by an access request sent by a client in response to the received access request, wherein the target function is one of a plurality of functions of a first application;
Determining an encrypted target code set corresponding to the target function from a plurality of encrypted code sets of the first application;
Decrypting the encrypted target code set corresponding to the target function to obtain a decrypted target code set corresponding to the target function;
executing the decrypted target code set corresponding to the target function to obtain an execution result of the decrypted target code set, wherein the execution result of the decrypted target code set is used for displaying content corresponding to the target function at the client;
and sending the execution result of the decrypted target code set to the client.
According to an aspect of the present disclosure, there is provided an application execution apparatus including:
The function determining module is used for determining a target function accessed by the access request in response to receiving the access request sent by the client, wherein the target function is one of a plurality of functions of the first application;
A code set determining module, configured to determine an encrypted target code set corresponding to the target function from among the encrypted plurality of code sets of the first application;
The decryption module is used for decrypting the encrypted target code set corresponding to the target function to obtain the decrypted target code set corresponding to the target function;
The code set executing module is used for executing the decrypted target code set corresponding to the target function to obtain an executing result of the decrypted target code set, wherein the executing result of the decrypted target code set is used for displaying the content corresponding to the target function at the client;
And the communication module is used for sending the execution result of the decrypted target code set to the client.
By adopting the embodiment, the encrypted target code set corresponding to the target function accessed by the access request is determined in the encrypted multiple code sets of the first application, wherein the target function is one of the multiple functions of the first application, the decrypted target code set is executed after decryption, an execution result of the decrypted target code set is obtained, and the execution result of the decrypted target code set is sent to the client, wherein the execution result of the decrypted target code set is used for displaying contents corresponding to the target function on the client. Therefore, a plurality of code sets for executing a plurality of functions of the first application can be encrypted and deployed on the server, the risk of leakage or tampering of the first application code is reduced, and the safety of the first application code is improved. In addition, only the code set corresponding to the target function accessed by the access request is decrypted and executed, so that the content corresponding to the target function accessed by the client can be obtained, and the execution efficiency of the first application is further improved.
It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the disclosure, nor is it intended to be used to limit the scope of the disclosure. Other features of the present disclosure will become apparent from the following specification.
Drawings
The drawings are for a better understanding of the present solution and are not to be construed as limiting the present disclosure. Wherein:
FIG. 1 is a flow diagram of a method of application execution according to an embodiment of the present disclosure;
FIG. 2 is a flow diagram of a method of application execution according to another embodiment of the present disclosure;
FIG. 3 is a flow diagram of a method of application execution according to yet another embodiment of the present disclosure;
FIG. 4 is a schematic block diagram of an application execution device according to an embodiment of the present disclosure;
FIG. 5 is a schematic block diagram of an application execution device according to another embodiment of the present disclosure;
fig. 6 is a block diagram of an electronic device used to implement an embodiment of the present disclosure.
Detailed Description
Exemplary embodiments of the present disclosure are described below in conjunction with the accompanying drawings, which include various details of the embodiments of the present disclosure to facilitate understanding, and should be considered as merely exemplary. Accordingly, one of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope of the present disclosure. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
Fig. 1 is a schematic flow chart of a method of application execution proposed by an embodiment of the present disclosure, comprising:
S110, determining a target function accessed by the access request in response to receiving the access request sent by the client, wherein the target function is one of a plurality of functions of the first application.
S120, determining an encrypted target code set corresponding to the target function from the encrypted multiple code sets of the first application.
S130, decrypting the encrypted target code set corresponding to the target function to obtain the decrypted target code set corresponding to the target function.
And S140, executing the decrypted target code set corresponding to the target function to obtain an execution result of the decrypted target code set, wherein the execution result of the decrypted target code set is used for displaying the content corresponding to the target function at the client.
S150, sending the execution result of the decrypted target code set to the client.
The method of application execution of the embodiments of the present disclosure may be performed by a server. The server may be a single physical server or may be one physical server in a cluster of servers.
By adopting the embodiment, the encrypted target code set corresponding to the target function accessed by the access request is determined in the encrypted multiple code sets of the first application, wherein the target function is one of the multiple functions of the first application, the decrypted target code set is executed after decryption, an execution result of the decrypted target code set is obtained, and the execution result of the decrypted target code set is sent to the client, wherein the execution result of the decrypted target code set is used for displaying contents corresponding to the target function on the client. Therefore, a plurality of code sets for executing a plurality of functions of the first application can be encrypted and deployed on the server, the risk of leakage or tampering of the first application code is reduced, and the safety of the first application code is improved. In addition, only the code set corresponding to the target function accessed by the access request is decrypted and executed, so that the content corresponding to the target function accessed by the client can be obtained, and the execution efficiency of the first application is further improved.
In one embodiment, before determining the target function accessed by the access request in response to receiving the access request sent by the client, the method further includes encrypting the plurality of code sets of the first application to obtain encrypted plurality of code sets of the first application, wherein different code sets in the plurality of code sets correspond to different functions in the plurality of functions of the first application.
The plurality of code sets of the first application may be one of a plurality of code sets of a back end of a software program (or referred to as a server end), a plurality of code sets of a back end of a website (or referred to as a server end), wherein the code may be one of PHP (Hypertext Preprocessor ) code, python code, java code, etc., which are not listed here for brevity.
Taking the ith code set in the multiple code sets of the first application as an example (i is a positive integer), wherein different code sets in the multiple code sets correspond to different functions in the multiple functions of the first application, the ith code set of the first application corresponds to the ith function of the first application, and the ith function can be one of a page showing function, a user login function, a user registration function, an API interface function and the like, which are not listed here one by one for brevity.
Taking the ith code set in the plurality of code sets of the first application as an example, encrypting the plurality of code sets of the first application to obtain the encrypted plurality of code sets of the first application, wherein the method comprises the steps of generating a first key corresponding to the ith code set in the plurality of code sets of the first application based on an ith first key generation algorithm, and encrypting the ith code set based on the ith first encryption algorithm and the first key corresponding to the ith code set to obtain the encrypted ith code set of the first application.
The ith first key generation algorithm may be one of a symmetric key generation algorithm including one of a DES (Data Encryption Standard ) algorithm, a 3DES (TRIPLE DATA Encryption Standard, triple data encryption standard) algorithm, an AES (Advanced Encryption Standard ) algorithm, and the like, an asymmetric key generation algorithm including one of an RSA algorithm, an ECC (Elliptic Curve Cryptography ) algorithm, a DSA (Digital Signature Algorithm, a digital signature algorithm), and the like. For brevity, no further description is provided here.
The ith first encryption algorithm may be one of a symmetric encryption algorithm in the case where the ith first key generation algorithm is a symmetric key generation algorithm and an asymmetric encryption algorithm in the case where the ith first key generation algorithm is an asymmetric key generation algorithm, wherein the symmetric encryption algorithm includes one of a DES algorithm, a 3DES algorithm, an AES algorithm, and the like, and the asymmetric encryption algorithm includes one of an RSA algorithm, an ECC algorithm, a DSA, and the like. For brevity, no further description is provided here.
Optionally, in the case that the ith first key generation algorithm is a symmetric key generation algorithm, generating the first key corresponding to the ith code set in the plurality of code sets of the first application based on the ith first key generation algorithm may include generating the symmetric key corresponding to the ith code set based on the ith first key generation algorithm, and using the symmetric key corresponding to the ith code set as the first key corresponding to the ith code set in the plurality of code sets of the first application.
Optionally, in the case that the ith first key generation algorithm is an asymmetric key generation algorithm, generating a first key corresponding to the ith code set in the plurality of code sets of the first application based on the ith first key generation algorithm may include generating a first public key and a first private key corresponding to the ith code set based on the ith first key generation algorithm, and using the first public key corresponding to the ith code set as the first key corresponding to the ith code set. The first private key corresponding to the ith code set is used for decrypting the encrypted ith code set.
The obtaining manner of each code set in the encrypted multiple code sets of the first application is the same as the obtaining manner of the encrypted ith code set of the first application, and is not described herein again. It should be emphasized that the first encryption algorithm for encrypting each code set may be the same or different, and the first key for encrypting each code set may be the same or different.
In this way, the plurality of code sets of the first application are respectively encrypted to obtain encrypted plurality of code sets of the first application, wherein different code sets in the plurality of code sets correspond to different functions in the plurality of functions of the first application. Therefore, the code set of each function of the first application can be independently encrypted, further, in the subsequent processing process, only the code set corresponding to the target function accessed by the access request is decrypted and executed, and the content corresponding to the target function accessed by the client can be obtained, so that the execution efficiency of the first application is improved.
In one embodiment, the server side executes the method, after encrypting the plurality of code sets of the first application respectively to obtain the encrypted plurality of code sets of the first application, and then creates a target container based on the encrypted plurality of code sets of the first application and a plurality of dependent packages corresponding to the plurality of code sets of the first application.
Creating a target container based on the encrypted code sets of the first application and the dependent packages corresponding to the code sets of the first application, wherein the method comprises the steps of obtaining an image of an operating environment required by the first application, adding a second key corresponding to each code set in the encrypted code sets of the first application and the encrypted code sets of the first application, the dependent packages corresponding to the code sets of the first application and the second application to the image of the operating environment required by the first application to obtain a target image, and creating the target container based on the target image.
The mirror image of the running environment required by the first application may include one of a Windows system environment mirror image, a Linux system environment mirror image, and other system environment mirror images, which are not described in detail herein for brevity.
The specific manner of obtaining the image of the running environment required by the first application is not limited to the present application, and may be obtained from another server, or may be created in advance in the server, for example.
The dependency package is at least one of a tool, a component, a file on which multiple code sets of the first application are executed, etc., and is not described in detail herein for brevity.
The second application is used for executing at least one of receiving an access request which is sent by a client and used for accessing a target function of the first application, sending the access request to the first application, receiving an execution result of a decrypted target code set which is sent by the first application, and sending the execution result of the decrypted target code set to the client. The second application may be one of an nglnx (reverse proxy service) application, HAProxy (High Availability Proxy, high availability proxy service) application, etc., and the second application may also be other proxy-enabled applications, which are not exhaustive.
Taking an ith code set in a plurality of code sets of the first application as an example, describing a second key corresponding to each code set in the plurality of code sets of the first application, wherein when the ith first key generation algorithm is a symmetric key generation algorithm, the second key corresponding to the ith code set is the same as the first key corresponding to the ith code set, and when the ith key generation algorithm is an asymmetric key generation algorithm, the second key corresponding to the ith code set is the first private key corresponding to the ith code set.
Wherein the second key corresponding to each code set may have a secure protection area of the target container, and the full protection area only allows access to the first application or only allows access to the first application and the target container.
The target container may be one of a Docker container, podman (Portable Docker Machine, portable Docker container), LXC (Linux Containers), kubernetes (Kubernetes) container, etc., which are not listed here for brevity. The containers can realize isolation of systems, for example, a plurality of containers can run on one physical server, each container has a separate system, the systems among the containers are isolated from each other, and the systems of the containers are isolated from the systems of the physical servers where the containers are located.
The specific manner of creating the target container based on the target image is not limited by the present application, and the target image may include a start instruction, and the creating the target container based on the target image may be that the start instruction in the target image is executed, and the target container is created on a server. In this way, the target image may be caused to run within the target container, thereby enabling deployment of the first application in the target container of the server.
It can be appreciated that the target container at least comprises a plurality of encrypted code sets of the first application, a second key corresponding to each code set in the plurality of encrypted code sets of the first application, a plurality of dependent packages corresponding to the plurality of code sets of the first application, a running environment required by the first application and a second application.
The method for receiving the access request sent by the client on the server side may include that the first application receives the access request sent by the client through a second application in the target container.
The method for receiving the access request sent by the client by the first application through the second application in the target container at the server side can comprise the steps that the server receives the access request sent by the client, the server sends the access request to the second application of the target container, the second application receives the access request, and the second application sends the access request to the first application.
Correspondingly, the operation executed on the client side comprises the step of responding to the triggering operation and sending an access request for accessing the target function of the first application to the server, wherein the access request at least comprises one of an access path of the target function of the first application and identification of the target function of the first application.
In the scene that the first application is the back end code of the website, the triggering operation comprises one of inputting an access path of the target function of the first application in a browser by a user and clicking a button of the target function of the first application in a current webpage in the browser by the user. Wherein the access path may be a URL (Uniform Resource Locator ) path.
In a scenario where the first application is the back-end code of a software program, the triggering operation includes clicking a button of the target function of the first application in a graphical user interface of the client.
In this way, the access request of the client is forwarded by the second application in the target container, so that the client can be restricted from directly accessing the first application in the target container, and the security of the first application is further enhanced.
Determining, at the server side, the target function accessed by the access request may include controlling, by the server, a first application in the target container to determine, based on an access path of the target function in the access request and/or an identification of the target function, the target function accessed by the access request.
The server side, in the encrypted multiple code sets of the first application, determines an encrypted target code set corresponding to the target function, and may include controlling the first application in the target container to execute a corresponding relation between each code set in the encrypted multiple code sets based on the first application and the target function by the server, and determining the encrypted target code set corresponding to the target function. The correspondence between each code set and the target function may be set according to actual situations, which is not limited by the present application.
Taking the combination of the target codes as an ith code set in the plurality of code sets as an example on the server side, decrypting the encrypted target code set corresponding to the target function to obtain a decrypted target code set corresponding to the target function, wherein the server can control a first application in the target container to execute a second key corresponding to the target code set based on an ith decryption algorithm and the encrypted target code set corresponding to the target function, and decrypting the encrypted target code set corresponding to the target function to obtain a decrypted target code set corresponding to the target function. The ith first decryption algorithm is the same as the ith first encryption algorithm, and is different from the ith first encryption algorithm in that the ith first encryption algorithm is used for encrypting the code set, and the ith first decryption algorithm is used for decrypting the code set.
And executing the decrypted target code set corresponding to the target function on the server side to obtain an execution result of the decrypted target code set, wherein the execution result of the decrypted target code set is obtained by executing the decrypted target code set corresponding to the target function based on the dependency package corresponding to the target code set.
The step of executing the decrypted target code set corresponding to the target function based on the dependency package corresponding to the target code set to obtain an execution result of the decrypted target code set may include the step of controlling a first application in the target container to execute the decrypted target code set corresponding to the target function based on the dependency package corresponding to the target code set to obtain an execution result of the decrypted target code set.
The dependency package corresponding to the target code set may be one or more dependency packages corresponding to the target code set among the multiple dependency packages corresponding to the multiple code sets of the first application. The correspondence between the object code set and one or more of the plurality of dependency packages may be set according to actual situations, which is not limited by the present application.
The server controlling the first application in the target container to execute the decrypted target code set corresponding to the target function based on the dependency package corresponding to the target code set to obtain an execution result of the decrypted target code set may include controlling the first application in the target container to execute the decrypted target code set corresponding to the target function, calling or loading the dependency package corresponding to the target code set by the first application in the target container in a process of executing the decrypted target code set corresponding to the target function by the first application in the target container, and obtaining an execution result of the decrypted target code set when the decrypted target code set corresponding to the target function is completed by the first application in the target container.
The specific manner in which the first application in the target container invokes or loads the dependency package corresponding to the target code set in the process that the first application in the target container executes the decrypted target code set corresponding to the target function may be set according to the actual situation, which is not limited by the present application.
The execution result of the decrypted target code set may be a code in which the client displays the content corresponding to the target function. The code of the content corresponding to the target function may be one of HTML (HyperText Markup Language ) code, XML (eXtensible Markup Language, extensible markup language) code, and the like, which are not listed here.
And executing the decrypted target code set corresponding to the target function based on the dependency package corresponding to the target code set to obtain an execution result of the decrypted target code set. In this way, the executability of the set of object code may be ensured.
And sending the execution result of the decrypted target code set to the client side at the server side, wherein the step of sending the execution result of the decrypted target code set to the client side by the first application in the target container through the second application in the target container comprises the step of sending the execution result of the decrypted target code set to the client side.
The method comprises the steps that a first application in a target container sends an execution result of a decrypted target code set to a client through a second application in the target container, the first application in the target container sends the execution result of the decrypted target code set to the second application, the second application receives the execution result of the decrypted target code set, the second application sends the execution result of the decrypted target code set to a server, the server receives the execution result of the decrypted target code set, and the server sends the execution result of the decrypted target code set to the client.
Correspondingly, the operation executed on the client side comprises the steps of receiving an execution result of the decrypted target code set sent by the server and displaying content corresponding to the target function based on the execution result of the decrypted target code set.
And displaying the content corresponding to the target function based on the execution result of the decrypted target code set, wherein the content can be set in actual conditions, and the method is not limited. For example, in a scenario where the first application is a back-end code of a website, the content corresponding to the target function may be displayed based on an execution result of the decrypted target code set, where the content corresponding to the target function is displayed in a browser after the browser compiles the execution result of the decrypted target code set. In the scenario where the first application is the back-end code of the software program, the content corresponding to the target function may be displayed based on the execution result of the decrypted target code set, for example, after the client compiles the execution result of the decrypted target code set, the content corresponding to the target function may be displayed in a graphical user interface of the client.
In one embodiment, the method executed at the server further includes encrypting a plurality of dependent packets corresponding to a plurality of code sets of the first application respectively to obtain encrypted plurality of dependent packets corresponding to the plurality of code sets before determining a target function accessed by the access request in response to receiving an access request sent by a client.
Taking the j-th dependent inclusion in the plurality of dependent packets as an example (j is a positive integer), encrypting the plurality of dependent packets corresponding to the plurality of code sets of the first application to obtain encrypted plurality of dependent packets corresponding to the plurality of code sets, where the method may include generating a third key corresponding to the j-th dependent packet in the plurality of dependent packets corresponding to the plurality of code sets of the first application based on a j-th second key generation algorithm, and encrypting the j-th dependent packet based on the j-th second encryption algorithm and the third key corresponding to the j-th dependent packet to obtain an encrypted j-th dependent packet corresponding to the plurality of code sets.
Wherein the j second key generation algorithm can be one of a symmetric key generation algorithm and an asymmetric key generation algorithm. The symmetric key generation algorithm and the asymmetric key generation algorithm are the same as those of the above embodiments, and will not be described herein.
The j-th second encryption algorithm may include one of a symmetric encryption algorithm in the case where the j-th second key generation algorithm is a symmetric key generation algorithm and an asymmetric encryption algorithm in the case where the j-th second key generation algorithm is an asymmetric key generation algorithm, where the symmetric encryption algorithm and the asymmetric encryption algorithm are the same as the above embodiments, and are not described here again.
Optionally, when the jth second key generation algorithm is a symmetric key generation algorithm, generating a third key corresponding to the jth dependent packet in the multiple dependent packets corresponding to the multiple code sets of the first application based on the jth key generation algorithm includes generating a symmetric key corresponding to the jth dependent packet in the multiple dependent packets corresponding to the multiple code sets of the first application based on the jth key generation algorithm, and using the symmetric key corresponding to the jth dependent packet as the third key corresponding to the jth dependent packet.
Optionally, in the case that the jth second key generation algorithm is an asymmetric key generation algorithm, generating a third key corresponding to the jth dependent packet in the plurality of dependent packets corresponding to the plurality of code sets of the first application based on the jth second key generation algorithm includes generating a second public key and a second private key corresponding to the jth dependent packet in the plurality of dependent packets corresponding to the plurality of code sets of the first application based on the jth second key generation algorithm, and using the second public key corresponding to the jth dependent packet as the third key corresponding to the jth dependent packet. And the second private key corresponding to the j-th dependent packet is used for decrypting the j-th dependent packet.
The obtaining manner of each of the plurality of dependent packets is the same as the obtaining manner of the jth dependent packet, and is not described herein. It should be emphasized that the second encryption algorithm for encrypting each dependent packet may be the same or different, and the third key for encrypting each dependent packet may be the same or different.
In this way, the plurality of dependent packets corresponding to the plurality of code sets of the first application are encrypted respectively, and the plurality of encrypted dependent packets corresponding to the plurality of code sets are obtained. Thus, the security of the first application can be further improved.
In this embodiment, the server side encrypts each of the plurality of dependent packets corresponding to the plurality of code sets of the first application to obtain the encrypted plurality of dependent packets corresponding to the plurality of code sets, and then creates a target container based on the encrypted plurality of code sets of the first application and the encrypted plurality of dependent packets corresponding to the plurality of code sets.
The method comprises the steps of creating a target container based on a plurality of encrypted code sets of a first application and a plurality of encrypted dependent packages corresponding to the plurality of code sets, obtaining an image of an operating environment required by the first application, adding a second key corresponding to each code set in the plurality of encrypted code sets of the first application, a plurality of encrypted dependent packages corresponding to the plurality of code sets, a fourth key corresponding to each dependent package in the plurality of dependent packages and an image of the operating environment required by the second application to the first application to obtain the target image, and creating the target container based on the target image.
The method for obtaining the image of the running environment required by the first application is the same as the above embodiment, and will not be described herein again. The encrypted multiple code sets of the first application and the second key corresponding to each code set in the encrypted multiple code sets of the first application are obtained in the same manner as the foregoing embodiments, and are not described herein again. The manner of creating the target container based on the target image is the same as that of the foregoing embodiment, and will not be described herein.
It is understood that the target container may include at least a plurality of encrypted code sets of the first application, a second key corresponding to each of the plurality of encrypted code sets of the first application, a plurality of encrypted dependent packages corresponding to the plurality of code sets, a fourth key corresponding to each of the plurality of dependent packages, a running environment required by the first application, and the second application.
Taking a j-th dependent package in the plurality of dependent packages as an example, describing a fourth key corresponding to each dependent package in the plurality of dependent packages, wherein when the j-th second key generation algorithm is a symmetric key generation algorithm, a third key corresponding to the j-th dependent package is the same as the fourth key corresponding to the j-th dependent package, and when the j-th second key generation algorithm is an asymmetric key generation algorithm, a second private key corresponding to the j-th dependent package is the fourth key corresponding to the j-th dependent package.
The fourth key corresponding to each of the plurality of dependent packets may be stored in a security protection area of the target container, where the security protection area only allows access to the first application, or the security protection area only allows access to the first application and the target container.
In this embodiment, the manner of receiving the access request sent by the client is the same as that of the above embodiment, and will not be described again. The method for determining the target function accessed by the access request is the same as the above embodiment, and will not be described again. Among the encrypted multiple code sets of the first application, the encrypted target code set corresponding to the target function is determined, which is the same as the above embodiment and will not be described again. Decrypting the encrypted target code set corresponding to the target function to obtain a decrypted target code set corresponding to the target function, which is the same as the above embodiment and will not be described again.
In this embodiment, on the server side, the executing the decrypted target code set corresponding to the target function obtains an execution result of the decrypted target code set, including obtaining a decrypted dependency packet corresponding to the target code set, and executing the decrypted target code set corresponding to the target function based on the decrypted dependency packet corresponding to the target code set, to obtain an execution result of the decrypted target code set.
The method comprises the steps of obtaining a decrypted dependent packet corresponding to the target code set, wherein the decrypted dependent packet corresponding to the target code set is decrypted under the condition that the decrypted dependent packet corresponding to the target code set does not exist in a cache, and the decrypted dependent packet corresponding to the target code set is obtained; and under the condition that the decrypted dependent packet corresponding to the target code set exists in the cache, acquiring the decrypted dependent packet corresponding to the target code set from the cache.
The method includes that when the decrypted dependent packet corresponding to the target code set does not exist in a cache, the encrypted dependent packet corresponding to the target code set is decrypted to obtain the decrypted dependent packet corresponding to the target code set, and the method includes that the server controls a first application in the target container to judge whether the decrypted dependent packet corresponding to the target code set exists in the cache of the target container, and when the decrypted dependent packet corresponding to the target code set does not exist in the cache of the target container, the first application in the target container decrypts the encrypted dependent packet corresponding to the target code set to obtain the decrypted dependent packet corresponding to the target code set.
Taking the j-th dependent packet in the plurality of encrypted dependent packets corresponding to the target code set as an example, the server controls the first application in the target container to decrypt the encrypted dependent packet corresponding to the target code set to obtain the decrypted dependent packet corresponding to the target code set, and the server controls the first application in the target container to decrypt the encrypted dependent packet corresponding to the target code set based on the j-th second decryption algorithm and the fourth key corresponding to the encrypted dependent packet corresponding to the target code set to obtain the decrypted dependent packet corresponding to the target code set. The j second decryption algorithm is the same as the j second encryption algorithm, and the difference is that the j second encryption algorithm is used for encrypting the dependent packet, and the j second decryption algorithm is used for decrypting the dependent packet.
At the server side, after the target container decrypts the encrypted dependent packet corresponding to the target code set to obtain the decrypted dependent packet corresponding to the target code set, the method further comprises the step that the target container stores the decrypted dependent packet corresponding to the target code set in a cache of the target container.
And on the server side, after the target container stores the decrypted dependent packets corresponding to the target code set in the cache of the target container, deleting the decrypted dependent packets corresponding to the target code set stored in the cache by the target container when the specified duration is reached. The specified duration may be set according to practical situations, and the present application is not limited, and may be, for example, 10 minutes, 20 minutes, 30 minutes, or longer or shorter.
In addition, when the decrypted dependent packet corresponding to the target code set exists in the cache of the target container, the decrypted dependent packet corresponding to the target code set is acquired from the cache of the target container.
The method for obtaining the execution result of the decrypted target code set by executing the decrypted target code set corresponding to the target function based on the decrypted dependency packet corresponding to the target code set is the same as the method for obtaining the execution result of the decrypted target code set by executing the decrypted target code set corresponding to the target function based on the dependency packet corresponding to the target code set, and is not described herein.
In this way, whether the decrypted dependent packet corresponding to the target code set exists in the cache is judged, the encrypted dependent packet corresponding to the target code set is decrypted under the condition that the decrypted dependent packet does not exist, and the decrypted dependent packet corresponding to the target code set is obtained from the cache under the condition that the decrypted dependent packet does not exist, so that repeated execution of the operation of decrypting the dependent packet can be avoided, and the execution efficiency of the first application is improved. Further, after the decrypted dependency package corresponding to the target code set is obtained, executing the decrypted target code set corresponding to the target function based on the decrypted dependency package corresponding to the target code set, so as to obtain an execution result of the decrypted target code set, and if the executable performance of the target code set can be ensured.
In this embodiment, the manner of sending the execution result of the decrypted target code set to the client is the same as that of the above embodiment, and will not be described again here.
In this embodiment, the operations performed by the client side are the same as those performed by the client in the above embodiment, and will not be described in detail here.
The method performed by the above application is exemplarily described with reference to fig. 2:
s201, the client side responds to the triggering operation and sends an access request for accessing the target function of the first application to the server.
S202 to S207 in fig. 2 are executed on the server side, specifically as follows:
S202, the server receives an access request sent by the client, the server sends the access request to a second application of the target container, the second application receives the access request, and the second application sends the access request to the first application.
S203, the first application determines the target function accessed by the access request based on the access path of the target function in the access request and/or the identification of the target function.
S204, the first application decrypts the encrypted target code set corresponding to the target function to obtain the decrypted target code set corresponding to the target function.
S205, the first application executes the decrypted target code set corresponding to the target function to obtain an execution result of the decrypted target code set.
Optionally, in the case that the target container includes a plurality of dependency packages corresponding to a plurality of code sets of the first application, the first application executes a decrypted target code set corresponding to the target function to obtain an execution result of the decrypted target code set, where the first application executes the decrypted target code set corresponding to the target function based on the dependency package corresponding to the target code set to obtain an execution result of the decrypted target code set.
Optionally, when the target container includes encrypted multiple dependency packages corresponding to the multiple code sets, the first application executes a decrypted target code set corresponding to the target function to obtain an execution result of the decrypted target code set, where the first application obtains the decrypted dependency package corresponding to the target code set, and executes the decrypted target code set corresponding to the target function based on the decrypted dependency package corresponding to the target code set to obtain the execution result of the decrypted target code set.
S206, the first application sends the execution result of the decrypted target code set to the second application.
S207, the second application receives the execution result of the decrypted target code set, the second application sends the execution result of the decrypted target code set to the server, the server receives the execution result of the decrypted target code set, and the server sends the execution result of the decrypted target code set to the client.
And S208, the client side receives the execution result of the decrypted target code set sent by the server and displays the content corresponding to the target function based on the execution result of the decrypted target code set.
In one example, the operations performed at the server side may further include the second application recording an access log of the first application, where the access log of the first application includes at least one of related information of each of the one or more access requests, and related information of each of the one or more execution results.
The one or more access requests include an access request sent by the client. The one or more execution results include the execution results of the decrypted set of object code.
The related information of each access request includes at least one of a receiving time of each access request, a transmitting time of each access request, an IP (Internet Protocol ) address of a client corresponding to each access request, and a parameter of each access request. The parameters of each access request may be set according to practical situations, and the application is not limited, for example, the parameters of each access request may include an access port of each access request, an identifier and/or a path of an access function of each access request, and the like.
The related information of each execution result includes at least one of a receiving time of each execution result, a transmitting time of each execution result, a parameter of each execution result, etc., wherein the parameter of each execution result can be set according to actual conditions, and the application is not limited. For example, parameters of any one execution result may include access success, or access failure, or login success, or login failure, etc.
In one example, the operations performed at the server side may further include the second application analyzing the access log of the first application, and sending an anomaly alarm notification to an administrator if the analysis result of the access log of the first application includes an anomaly access behavior. The abnormal access behaviors at least comprise frequently invalid access behaviors, violent cracking behaviors and the like.
The specific manner of analyzing the access log of the first application may be set according to actual situations, and the present application is not limited. For example, when the abnormal access behavior is frequently invalidated access behavior, it may be determined that there is frequently invalidated access behavior when the number of times of a plurality of access requests sent by a certain client is greater than a first threshold in an access log of the first application and parameters of execution results of code sets corresponding to functions accessed by the plurality of access requests are all access failures. For example, when the abnormal access behavior is a violent crack, the violent crack may be determined when the number of times of a plurality of access requests sent by a certain client is larger than a first threshold value in an access log of the first application, and parameters of execution results of a code set corresponding to functions accessed by the plurality of access requests are all login failures.
The sending of the abnormal alarm notification to the administrator may be sending an alarm mail or an alarm short message to a client held by the administrator. The administrator may be an operation and maintenance person of the server.
In one example, after sending the abnormal alarm notification to the administrator, the operation performed by the server side may further include that the second application refuses to receive the access request sent by the client corresponding to the abnormal access behavior. Specifically, the access request sent by the IP address of the client corresponding to the abnormal access behavior may be refused.
In this way, the access log of the first application is monitored by the second application, so that abnormal access behaviors can be timely found and prevented, and the security protection capability of the first application is improved.
The method performed by the above application is exemplarily described with reference to fig. 3:
S301, the server side encrypts the plurality of code sets of the first application respectively to obtain the encrypted plurality of code sets of the first application. S301, encrypting a plurality of dependent packets corresponding to a plurality of code sets of the first application respectively to obtain encrypted dependent packets corresponding to the plurality of code sets.
S302, creating a target container.
Optionally, the creating the target container may include creating the target container based on the encrypted plurality of code sets of the first application and a plurality of dependent packages corresponding to the plurality of code sets of the first application.
Optionally, the creating the target container may include creating the target container based on the encrypted plurality of code sets of the first application, and the encrypted plurality of dependent packages corresponding to the plurality of code sets.
S303, the client side responds to the triggering operation and sends an access request for accessing the target function of the first application to the server.
S304, the first application receives the access request sent by the client through the second application at the server side.
S305, the server side determines the target function accessed by the access request based on the access path of the target function in the access request and/or the identification of the target function.
S306, the first application decrypts the encrypted target code set corresponding to the target function to obtain the decrypted target code set corresponding to the target function.
S307, the server side executes the decrypted target code set corresponding to the target function by the first application to obtain an execution result of the decrypted target code set.
Optionally, in the case that the target container includes a plurality of dependency packages corresponding to a plurality of code sets of the first application, the first application executes a decrypted target code set corresponding to the target function to obtain an execution result of the decrypted target code set, where the first application executes the decrypted target code set corresponding to the target function based on the dependency package corresponding to the target code set to obtain an execution result of the decrypted target code set.
Optionally, when the target container includes encrypted multiple dependency packages corresponding to the multiple code sets, the first application executes a decrypted target code set corresponding to the target function to obtain an execution result of the decrypted target code set, where the first application obtains the decrypted dependency package corresponding to the target code set, and executes the decrypted target code set corresponding to the target function based on the decrypted dependency package corresponding to the target code set to obtain the execution result of the decrypted target code set.
S308, the first application sends the execution result of the decrypted target code set to the second application at the server side.
S309, on the server side, the second application records the access log of the first application.
Fig. 4 shows a schematic block diagram of an application execution apparatus provided by an embodiment of the present disclosure. As shown in fig. 4, includes:
A function determining module 401, configured to determine, in response to receiving an access request sent by a client, a target function accessed by the access request, where the target function is one of multiple functions of a first application;
a code set determining module 402, configured to determine an encrypted target code set corresponding to the target function from among the encrypted multiple code sets of the first application;
a decryption module 403, configured to decrypt the encrypted target code set corresponding to the target function, to obtain a decrypted target code set corresponding to the target function;
A code set executing module 404, configured to execute a decrypted target code set corresponding to the target function, to obtain an execution result of the decrypted target code set, where the execution result of the decrypted target code set is used to display content corresponding to the target function at the client;
and the communication module 405 is configured to send an execution result of the decrypted target code set to the client.
The code set executing module is used for executing the decrypted target code set corresponding to the target function based on the dependency package corresponding to the target code set to obtain an executing result of the decrypted target code set.
The code set executing module is used for acquiring the decrypted dependent packet corresponding to the target code set, and executing the decrypted target code set corresponding to the target function based on the decrypted dependent packet corresponding to the target code set to obtain the executing device of the decrypted target code set.
The code set executing module is used for executing one of the following steps of decrypting the encrypted dependent packet corresponding to the target code set to obtain the decrypted dependent packet corresponding to the target code set when the decrypted dependent packet corresponding to the target code set does not exist in the cache, and obtaining the decrypted dependent packet corresponding to the target code set from the cache when the decrypted dependent packet corresponding to the target code set exists in the cache.
As shown in fig. 5, the apparatus further includes:
The encryption module 501 is configured to encrypt the plurality of code sets of the first application, respectively, to obtain encrypted plurality of code sets of the first application, where different code sets in the plurality of code sets correspond to different functions in the plurality of functions of the first application.
The encryption module is configured to encrypt a plurality of dependency packages corresponding to a plurality of code sets of the first application, respectively, to obtain an encrypted plurality of dependency packages corresponding to the plurality of code sets.
For descriptions of specific functions and examples of each module and sub-module of the apparatus in the embodiments of the present disclosure, reference may be made to the related descriptions of corresponding steps in the foregoing method embodiments, which are not repeated herein.
In the technical scheme of the disclosure, the acquisition, storage, application and the like of the related user personal information all conform to the regulations of related laws and regulations, and the public sequence is not violated.
According to embodiments of the present disclosure, the present disclosure also provides an electronic device, a readable storage medium and a computer program product.
Fig. 6 illustrates a schematic block diagram of an example electronic device 600 that may be used to implement embodiments of the present disclosure. Servers are intended to represent various forms of digital computers, such as laptops, desktops, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The server may also represent various forms of mobile devices, such as personal digital assistants, cellular telephones, smartphones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
As shown in fig. 6, the electronic device 600 includes a computing unit 601 that can perform various appropriate actions and processes according to a computer program stored in a Read Only Memory (ROM) 602 or a computer program loaded from a storage unit 608 into a Random Access Memory (RAM) 603. In the RAM 603, various programs and data required for the operation of the electronic device 600 can also be stored. The computing unit 601, ROM 602, and RAM 603 are connected to each other by a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
Various components in the electronic device 600 are connected to the I/O interface 605, including an input unit 606, such as a keyboard, mouse, etc., an output unit 607, such as various types of displays, speakers, etc., a storage unit 608, such as a magnetic disk, optical disk, etc., and a communication unit 609, such as a network card, modem, wireless communication transceiver, etc. The communication unit 609 allows the electronic device 600 to exchange information/data with other devices through a computer network, such as the internet, and/or various telecommunication networks.
The computing unit 601 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of computing unit 601 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, etc. The computing unit 601 performs the various methods and processes described above. For example, in some embodiments, the methods described above may be implemented as a computer software program tangibly embodied on a machine-readable medium, such as storage unit 608. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 600 via the ROM602 and/or the communication unit 609. At least one step of the method described above may be performed when the computer program is loaded into RAM 603 and executed by the computing unit 601. Alternatively, in other embodiments, the computing unit 601 may be configured to perform the above-described methods by any other suitable means (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include being implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be a special or general purpose programmable processor, operable to receive data and instructions from, and to transmit data and instructions to, a storage system, at least one input device, and at least one output device.
Program code (or referred to as application code) for carrying out methods of the present disclosure may be written in any combination of at least one programming language. These program code may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus such that the program code, when executed by the processor or controller, causes the functions/operations specified in the flowchart and/or block diagram to be implemented. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. The machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include at least one wire-based electrical connection, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to the user and a keyboard and a pointing device (e.g., a mouse or a trackball) by which the user can provide input to the computer. Other types of devices may also be used to provide interaction with the user, for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback), and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include a Local Area Network (LAN), a Wide Area Network (WAN), and the Internet.
The computer system may include a client and a server. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server may be a cloud server, a server of a distributed system, or a server incorporating a blockchain.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps recited in the present disclosure may be performed in parallel, sequentially, or in a different order, provided that the desired results of the disclosed aspects are achieved, and are not limited herein.
The above detailed description should not be taken as limiting the scope of the present disclosure. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions, improvements, etc. that are within the principles of the present disclosure are intended to be included within the scope of the present disclosure.

Claims (12)

1. A method of application execution, comprising:
Determining a target function accessed by an access request sent by a client in response to the received access request, wherein the target function is one of a plurality of functions of a first application;
Determining an encrypted target code set corresponding to the target function from a plurality of encrypted code sets of the first application;
Decrypting the encrypted target code set corresponding to the target function to obtain a decrypted target code set corresponding to the target function;
executing the decrypted target code set corresponding to the target function to obtain an execution result of the decrypted target code set, wherein the execution result of the decrypted target code set is used for displaying content corresponding to the target function at the client;
and sending the execution result of the decrypted target code set to the client.
2. The method of claim 1, wherein the executing the decrypted set of target codes corresponding to the target function results in an execution result of the decrypted set of target codes, comprising:
and executing the decrypted target code set corresponding to the target function based on the dependency package corresponding to the target code set to obtain an execution result of the decrypted target code set.
3. The method of claim 1, wherein the executing the decrypted set of target codes corresponding to the target function results in an execution result of the decrypted set of target codes, comprising:
acquiring a decrypted dependent packet corresponding to the target code set;
And executing the decrypted target code set corresponding to the target function based on the decrypted dependent packet corresponding to the target code set to obtain an execution result of the decrypted target code set.
4. A method according to claim 3, wherein said obtaining a decrypted dependent packet corresponding to said set of object codes comprises one of:
Under the condition that the decrypted dependent packet corresponding to the target code set does not exist in the cache, decrypting the encrypted dependent packet corresponding to the target code set to obtain the decrypted dependent packet corresponding to the target code set;
And under the condition that the decrypted dependent packet corresponding to the target code set exists in the cache, acquiring the decrypted dependent packet corresponding to the target code set from the cache.
5. The method of any of claims 1-4, further comprising:
Encrypting the plurality of code sets of the first application respectively to obtain the encrypted plurality of code sets of the first application, wherein different code sets in the plurality of code sets correspond to different functions in the plurality of functions of the first application.
6. The method of claim 4, further comprising:
And encrypting a plurality of dependent packets corresponding to the plurality of code sets of the first application respectively to obtain the encrypted plurality of dependent packets corresponding to the plurality of code sets.
7. An apparatus for application execution, comprising:
The function determining module is used for determining a target function accessed by the access request in response to receiving the access request sent by the client, wherein the target function is one of a plurality of functions of the first application;
A code set determining module, configured to determine an encrypted target code set corresponding to the target function from among the encrypted plurality of code sets of the first application;
The decryption module is used for decrypting the encrypted target code set corresponding to the target function to obtain the decrypted target code set corresponding to the target function;
The code set executing module is used for executing the decrypted target code set corresponding to the target function to obtain an executing result of the decrypted target code set, wherein the executing result of the decrypted target code set is used for displaying the content corresponding to the target function at the client;
And the communication module is used for sending the execution result of the decrypted target code set to the client.
8. The apparatus of claim 7, wherein the code set execution module is configured to execute the decrypted target code set corresponding to the target function based on the dependency package corresponding to the target code set, to obtain an execution result of the decrypted target code set.
9. The device of claim 7, wherein the code set execution module is configured to obtain a decrypted dependency package corresponding to the target code set, and execute the decrypted target code set corresponding to the target function based on the decrypted dependency package corresponding to the target code set, to obtain the execution device of the decrypted target code set.
10. The apparatus of claim 9, wherein the code set execution module is to perform one of:
Under the condition that the decrypted dependent packet corresponding to the target code set does not exist in the cache, decrypting the encrypted dependent packet corresponding to the target code set to obtain the decrypted dependent packet corresponding to the target code set;
and under the condition that the decrypted dependent packet corresponding to the target code set exists in the cache, acquiring the decrypted dependent packet corresponding to the target code set from the cache.
11. The apparatus of any of claims 7-10, further comprising:
and the encryption module is used for encrypting the plurality of code sets of the first application respectively to obtain the encrypted plurality of code sets of the first application, wherein different code sets in the plurality of code sets correspond to different functions in the plurality of functions of the first application.
12. The apparatus of claim 11, wherein the encryption module is configured to encrypt a plurality of dependent packets corresponding to a plurality of code sets of the first application, respectively, to obtain the encrypted plurality of dependent packets corresponding to the plurality of code sets.
CN202510437840.2A 2025-04-08 2025-04-08 Application execution method and device Pending CN120372600A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202510437840.2A CN120372600A (en) 2025-04-08 2025-04-08 Application execution method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202510437840.2A CN120372600A (en) 2025-04-08 2025-04-08 Application execution method and device

Publications (1)

Publication Number Publication Date
CN120372600A true CN120372600A (en) 2025-07-25

Family

ID=96445760

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202510437840.2A Pending CN120372600A (en) 2025-04-08 2025-04-08 Application execution method and device

Country Status (1)

Country Link
CN (1) CN120372600A (en)

Similar Documents

Publication Publication Date Title
EP4097944B1 (en) Metadata-based detection and prevention of phishing attacks
CN109716343B (en) Enterprise graphic method for threat detection
US10270758B2 (en) Login method, server, and login system
US12284177B2 (en) Event-triggered reauthentication of at-risk and compromised systems and accounts
US12452307B2 (en) Advanced detection of identity-based attacks to assure identity fidelity in information technology environments
US10148693B2 (en) Exploit detection system
EP2996061A1 (en) System and method for monitoring data and providing alerts
US20130283335A1 (en) Systems and methods for applying policy wrappers to computer applications
US10778687B2 (en) Tracking and whitelisting third-party domains
KR20180120157A (en) Data set extraction based pattern matching
EP4205373B1 (en) Systems and methods for enhancing user privacy
CN102110207A (en) Cooperative malware detection and prevention on mobile devices
CN113630412B (en) Resource downloading method, resource downloading device, electronic equipment and storage medium
US20230113332A1 (en) Advanced detection of identity-based attacks to assure identity fidelity in information technology environments
US20230319071A1 (en) Systems and methods for automated generation of playbooks for responding to cyberattacks
US20220269749A1 (en) Web Browser Communication Validation Extension
CN113225348B (en) Request anti-replay verification method and device
US20230114298A1 (en) System and method for detecting malicious attempts to discover vulnerabilities in a web application
CN111831978B (en) A method and device for protecting configuration files
CN111209544B (en) Web application security protection method and device, electronic equipment and storage medium
CN120372600A (en) Application execution method and device
CN108848094B (en) Data security verification method, device, system, computer equipment and storage medium
CN109842587B (en) Method and device for monitoring system safety
US20150134747A1 (en) Managing a messaging queue in an asynchronous messaging system
CN113676482B (en) Data transmission system and method and data transmission system and method based on double-layer SSL

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination