CN114595455A - Block chain-based method and system for automatically generating inter-microservice access control strategy - Google Patents
Block chain-based method and system for automatically generating inter-microservice access control strategy Download PDFInfo
- Publication number
- CN114595455A CN114595455A CN202210264404.6A CN202210264404A CN114595455A CN 114595455 A CN114595455 A CN 114595455A CN 202210264404 A CN202210264404 A CN 202210264404A CN 114595455 A CN114595455 A CN 114595455A
- Authority
- CN
- China
- Prior art keywords
- service
- module
- authority
- micro
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 238000011217 control strategy Methods 0.000 title claims abstract description 13
- 238000004458 analytical method Methods 0.000 claims description 58
- 230000003068 static effect Effects 0.000 claims description 52
- 238000013475 authorization Methods 0.000 claims description 20
- 238000000605 extraction Methods 0.000 claims description 20
- 238000010586 diagram Methods 0.000 claims description 7
- 238000007726 management method Methods 0.000 description 14
- 230000007246 mechanism Effects 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Virology (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a block chain-based method and a block chain-based system for automatically generating an access control strategy between micro-services. The use of the blockchain in the invention guarantees confidentiality and non-tamper property for the access control strategy and the information of the related service.
Description
Technical Field
The invention belongs to the field of network security, and particularly relates to a block chain-based method and a block chain-based system for automatically generating an access control strategy between micro-services.
Background
The micro-service is a cloud native application, namely an application designed for 'cloud', after the cloud native technology is used, developers do not need to consider the technology implementation of the bottom layer, the elasticity and the distributed advantages of the cloud platform can be fully exerted, and rapid deployment, flexible on demand, non-stop delivery and the like are achieved. It advocates dividing a single application into a set of small services that are coordinated and coordinated to provide the final value to the user. Each service runs in an independent process, and the services communicate with each other by adopting a lightweight communication mechanism. It splits an application into multiple microservices running on different machines (or virtual machines and containers). Each microservice can be independently developed, deployed, upgraded and extended. Through lightweight network API calls, multiple services can be combined into a service chain to achieve complex functionality. The micro-service significantly improves the flexibility of the cloud application.
According to investigation, most of the micro-services are deployed in a third-party container, which brings risks to service deployment and invocation, and when the micro-services cooperate to complete complex functions, their natural mutual trust makes the whole application vulnerable to attack by a single damaged service. Inter-service access control mechanisms are particularly important.
Among the existing inter-service access control mechanisms, there are those implemented using NLP technology on the basis of existing documents, but due to the limitations of NLP, these methods are often coarse-grained and incomplete; and further based on inferring rule criteria and policy structure from traffic using collected log or historical data. Their effectiveness depends on the granularity and completeness of the trace, which is difficult to guarantee. Furthermore, they require applications to run ahead to collect data, which may lead to windows of attack; the corresponding security strategy is generated by a modeling method, but the modeling process is time-consuming and is not suitable for micro-services with small scale, low complexity and strong flexibility.
Disclosure of Invention
The invention aims to overcome the defects and provides a block chain-based method and a block chain-based system for automatically generating an access control strategy between micro services, so that the problems of risks brought to calling between the services and the judgment of calling authority between the micro services when the micro services are managed by a third-party platform are solved, and the services are prevented from being attacked and infected by malicious micro services.
In order to achieve the purpose, the automatic generation method of the access control strategy among the microservices based on the block chains comprises the following steps:
s1, extracting the newly added source code;
s2, performing static analysis on the source code, extracting a service request list, and generating a request topological graph;
s3, generating an authority relation graph corresponding to the micro service according to the request list and the stored access authority white list of each service manufacturer;
s4, comparing the request topological graph and the authority relation graph of the micro service and making a decision to generate a decision result;
and S5, deploying the service according to the source code and the decision result.
In S1, the specific method of extracting the source code is as follows:
s11, determining the programming language contained in the newly added source code, and selecting a corpus corresponding to the language;
and S12, identifying the statement which includes the request call in the source code through the semantic model in the corpus.
In S2, the specific method of extracting the service request list is as follows:
s21, marking according to the statement to generate a static analysis result;
s22, acquiring program slices of codes related to micro-service calling on the basis of the static analysis result;
and S23, combining program slicing and static analysis result reverse tracing to generate a list of the micro service requested to be called.
In S4, the specific method for making the comparison decision is as follows:
s41, generating a calling authority graph among the micro services according to the authority relation on the white list;
s42, comparing the authority calling graph with the received request topological graph; if the authority graph is a subgraph, the authority is approved and the authority graph is saved; if not, the micro service cannot obtain authorization;
and if the deployed service is an updated version, directly calling the micro-service permission diagram to make a decision according to the service name.
In S5, the specific method for deploying the service is as follows:
s51, generating a service configuration file and a deployment file according to the source code;
s52, receiving the decision result, and if the micro service authority passes, deploying the micro service according to the service configuration file and the deployment file; if the authority does not pass, the deployment is refused.
A block chain-based micro-service inter-access control strategy automatic generation system comprises:
the permission extraction module is used for performing static analysis on the newly added service source code and generating a request topological graph according to the result;
the authority decision module is used for judging the request topological graph and giving a decision result;
and the micro-service management platform is used for managing micro-services and executing the decision result of the permission decision module.
The authority extraction module comprises a static analysis submodule and a topology generation submodule;
the static analysis sub-module comprises a tool analysis module, a stain reverse tracking module and a list generation module;
the tool analysis module is used for performing static analysis on each language source code by using different language static analysis tools to generate a static analysis result;
the stain reverse tracking module is used for executing reverse pollution propagation according to the static analysis result so as to obtain a program slice corresponding to the service call;
the list generating module is used for generating a micro-service request list in a Json format by combining program slicing results;
the topology generation submodule comprises an information forwarding module and a request topological graph generation module;
the information forwarding module is used for sending the request list generated in the static analysis stage to the permission decision module;
and the request topological graph generating module is used for generating a request relation topological graph in the microservice according to the request list generated in the static analysis stage and sending the topological graph to the permission decision module.
The permission decision module comprises:
the white list storage module is used for storing a manufacturer access authority white list of the existing service on the platform on the authority block chain;
the authority graph generating module is used for extracting service manufacturer information of the required calling service according to the received request list of the authority extracting module, inquiring a white list of access authority of a corresponding manufacturer and generating a calling authority relation graph of the micro service according to the authority;
the permission decision submodule is used for comparing and judging the request topological graph generated by the permission extraction module with the generated permission relation graph, if the request topological graph is a subgraph of permission topology, the microservice obtains authorization and stores the service permission topological graph in a block chain, if the request topological graph is not a subgraph, the authorization is refused if the permission relation is not satisfied, and a decision result is sent to the microservice management platform;
and the authority updating module is used for searching the related generated authority graph and adding corresponding edges or nodes after the white list of a certain service manufacturer is updated.
The micro-service management platform comprises:
the system comprises a configuration file providing module, a permission extracting module and a service processing module, wherein the configuration file providing module is used for generating a corresponding deployment configuration file, the deployment configuration file comprises detailed information of the micro service on a platform and environment variables, and the permission extracting module is used for performing program slicing to provide information for generating a request list;
and the permission decision execution module is used for judging whether to obtain authorization according to the received decision result, deploying the micro service according to the deployment configuration file of the service if the authorization is obtained, and refusing to deploy the service if the authorization is not passed.
Compared with the prior art, the method provided by the invention combines an access control strategy generation management mechanism based on a request topological graph and an authority relation graph, realizes an authority decision mechanism for calling between services separated from a micro-service management platform or a framework, realizes authority verification on related calling services before service deployment, makes an authority decision separated from the service platform, and effectively avoids service risks brought by the platform and managers. The use of the blockchain in the invention guarantees confidentiality and non-tamper property for the access control strategy and the information of the related service.
The system of the invention ensures the non-tamper property and the confidentiality of the service authority by storing the service authority judgment and the service authority white list in the block chain of the authority decision module. Meanwhile, a decision mechanism of the permission decision module is separated from the service management platform, so that risks brought by the platform and managers are effectively avoided. And secondly, the authority judgment adopts a service calling authority graph judgment mode, so that the authority block chain and the platform data storage scale are effectively reduced, and the overall operation performance is improved to a certain extent.
Drawings
FIG. 1 is a block diagram of the present invention;
FIG. 2 is a flowchart of rights extraction in the present invention;
FIG. 3 is a flowchart of the permission decision in the present invention;
FIG. 4 is a flow chart of the service update authority determination of the present invention;
FIG. 5 is a diagram of a static analysis submodule according to the present invention;
FIG. 6 is a block diagram of a privilege decision module according to the present invention;
FIG. 7 is a block diagram of a microservice management platform of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
Referring to fig. 1, an automatic generation system for inter-microservice access control policy based on a blockchain includes:
the permission extraction module is used for performing static analysis on the newly added service source code and generating a request topological graph according to the result;
the authority decision module is used for judging the request topological graph and giving a decision result;
and the micro-service management platform is used for managing micro-services and executing the decision result of the permission decision module.
The authority extraction module comprises a static analysis submodule and a topology generation submodule; the authority extraction module consists of a static analysis submodule and a topology generation submodule, and the static analysis submodule realizes the extraction of calling information attributes in the micro-service source code; and the topology generation submodule realizes the generation of the micro-service calling relational topological graph.
Referring to fig. 5, the static analysis submodule includes a tool analysis module, a stain backtracking module, and a manifest generation module;
the tool analysis module is used for performing static analysis on each language source code by using different language static analysis tools to generate a static analysis result;
the stain reverse tracking module is used for executing reverse pollution propagation according to the static analysis result so as to obtain a program slice corresponding to the service call;
the list generating module is used for generating a micro-service request list in a Json format by combining program slicing results;
the static analysis submodule workflow is as follows:
after the micro-service source code is submitted to the authority extraction module by the micro-service management platform:
1) firstly submitting a source code to a static analysis module;
2) the static analysis module analyzes the adopted programming language of the source code;
3) constructing a corpus for the corresponding language;
4) marking statements containing request call in the source code by using a semantic model of a corresponding language;
5) static analysis is carried out by using a static analysis tool of a corresponding language to generate a control flow graph, a call graph of calling relationship among processes, a constant/variable table and the like which are executed by a corresponding program;
6) performing reverse tracking on taint according to the static analysis result and the source code and obtaining program slices related to service calling;
7) and reversely generating a final request list of the related information of the called micro-service by combining the program slicing and the static analysis result.
The topology generation submodule comprises an information forwarding module and a request topological graph generation module;
the information forwarding module is used for sending the request list generated in the static analysis stage to the permission decision module;
and the request topological graph generating module is used for generating a request relation topological graph in the microservice according to the request list generated in the static analysis stage and sending the topological graph to the permission decision module.
Referring to fig. 6, under the support of the block chain technology, a permission decision module between microservices is designed, which includes:
the white list storage module is used for storing a manufacturer access authority white list of the existing service on the platform on the authority block chain;
the authority graph generating module is used for extracting the service manufacturer information of the required calling service according to the received request list of the authority extracting module, inquiring a white list of access authority of a corresponding manufacturer and generating a calling authority relation graph of the microservice according to the authority;
the permission decision submodule is used for comparing and judging the request topological graph generated by the permission extraction module with the generated permission relation graph, if the request topological graph is a subgraph of permission topology, the microservice obtains authorization and stores the service permission topological graph in a block chain, if the request topological graph is not a subgraph, the authorization is refused if the permission relation is not satisfied, and a decision result is sent to the microservice management platform;
and the authority updating module is used for searching the related generated authority graph and adding corresponding edges or nodes after the white list of a certain service manufacturer is updated.
The authority decision module has the following working process:
after the permission decision module receives the request list and the request topological graph of the permission extraction module, the permission decision module firstly judges whether the service is deployed for the first time, if so, extracts the information of a service manufacturer needing to call the service according to the request list, inquires a white list of access permissions of corresponding manufacturers, and generates a callable permission relation graph of the micro-service according to the permissions; if the version of the micro service is updated, namely the micro service is not deployed for the first time, searching an access authority graph of the service in the authority block chain. Judging whether the micro service request topological graph generated by the permission extraction module is a subgraph of the access permission graph or not through an algorithm, if so, authorizing the micro service and storing the service permission topological graph in a block chain, otherwise, refusing authorization if the permission relation is not satisfied. And sending the decision result to the micro-service management platform.
Referring to fig. 7, under the support of cloud originality, a kubernets cluster is built for managing and operating micro services, and in the invention, a micro service management platform mainly functions to provide configuration files and authority decision execution, including:
the system comprises a configuration file providing module, a permission extracting module and a micro-service deployment module, wherein the configuration file providing module is used for generating a corresponding deployment configuration file, the deployment configuration file comprises detailed information and environment variables of the micro-service on a platform, and the permission extracting module is used for slicing a program to provide information for generating a request list;
and the permission decision execution module is used for judging whether to obtain authorization according to the received decision result, deploying the micro service according to the deployment configuration file of the service if the authorization is obtained, and refusing to deploy the service if the authorization is not passed.
Referring to fig. 1, a block chain-based method for automatically generating an access control policy between microservices includes the following steps:
s1, extracting the newly added source code;
s2, performing static analysis on the source code, extracting a service request list, and generating a request topological graph;
s3, generating an authority relation graph corresponding to the micro service according to the request list and the stored access authority white list of each service manufacturer;
s4, comparing the request topological graph and the authority relation graph of the micro service and making a decision to generate a decision result;
and S5, deploying the service according to the source code and the decision result.
Referring to fig. 2, the specific method of rights extraction is as follows:
s11, the permission extraction module receives the source code;
s12, identifying the programming language contained in the micro service, and selecting the corpus of the corresponding language;
s13, marking the statement which includes the request call in the source code by the semantic model of the corresponding programming language;
s14, firstly, generating a corresponding CFGS.cGS and a constant/variable table through a static analysis tool of a corresponding language;
s15, performing reverse pollution propagation on the basis of the static analysis result, and acquiring a program slice of codes related to micro-service call;
s16, generating a request list by combining the program slice and the static analysis result;
s17, sending the request list to the authority decision module;
and S18, the permission extraction module generates a request topological graph according to the request list and sends the request topological graph to the permission decision module.
The specific method for extracting the service request list is as follows:
s21, marking according to the statement to generate a static analysis result;
s22, acquiring program slices of codes related to micro-service calling on the basis of the static analysis result;
and S23, combining program slicing and static analysis result reverse tracing to generate a list of the micro service requested to be called.
Referring to fig. 3, a specific method for making a comparison decision is as follows:
s41, receiving the request list sent by the authority extraction module;
s42, if the service is deployed for the first time, extracting a manufacturer authority white list of the related calling service according to the request list, and generating a calling authority graph among the micro services according to the authority relationship on the white list;
s43, comparing the authority calling graph with the received request topological graph;
s44, if the sub-graph is the sub-graph, the authority is checked and the authority graph is stored, if the sub-graph is not the sub-graph, the micro-service cannot obtain the authorization;
s45, if the service deployed at this time is an updated version, the micro service permission diagram is directly called according to the service name for decision making;
and S46, sending the decision result to the micro service management platform.
The specific method for deploying the service is as follows:
s51, generating a service configuration file and a deployment file according to the source code;
s52, receiving the decision result, and if the micro service authority passes, deploying the micro service according to the service configuration file and the deployment file; if the authority does not pass, the deployment is refused.
Referring to fig. 4, the service update procedure includes the steps of:
s451, the authority extraction module generates a request topological graph according to the service source code;
s452, sending the authority topological graph to an authority decision module;
s453, the permission decision module searches the corresponding micro-service permission graph according to the service name, judges and generates an authorization result;
and S454, sending the result to the micro service management platform.
Claims (9)
1. A block chain-based method for automatically generating an access control strategy among micro services is characterized by comprising the following steps:
s1, extracting the newly added source code;
s2, performing static analysis on the source code, extracting a service request list, and generating a request topological graph;
s3, generating an authority relation graph corresponding to the micro service according to the request list and the stored access authority white list of each service manufacturer;
s4, comparing the request topological graph and the authority relation graph of the micro service and making a decision to generate a decision result;
and S5, deploying the service according to the source code and the decision result.
2. The method for automatically generating the inter-microservice access control policy based on the blockchain according to claim 1, wherein in S1, a specific method for extracting the source code is as follows:
s11, determining the programming language contained in the new source code, and selecting a corpus of the corresponding language;
and S12, identifying the statement which includes the request call in the source code through the semantic model in the corpus.
3. The method according to claim 1, wherein in S2, the specific method for extracting the service request list is as follows:
s21, marking according to the statement to generate a static analysis result;
s22, acquiring program slices of codes related to micro-service calling on the basis of the static analysis result;
and S23, combining program slicing and static analysis result reverse tracing to generate a list of the micro service requested to be called.
4. The method for automatically generating the inter-microservice access control policy based on the blockchain according to claim 1, wherein in S4, the specific method for making the comparison decision is as follows:
s41, generating a calling authority graph among the micro services according to the authority relationship on the white list;
s42, comparing the authority calling graph with the received request topological graph; if the authority graph is a subgraph, the authority is approved and the authority graph is saved; if not, the micro service cannot obtain authorization;
and if the deployed service is an updated version, directly calling the micro-service permission diagram to make a decision according to the service name.
5. The method for automatically generating the inter-microservice access control policy based on the blockchain according to claim 1, wherein in S5, a specific method for deploying the service is as follows:
s51, generating a service configuration file and a deployment file according to the source code;
s52, receiving the decision result, and if the micro service authority passes, deploying the micro service according to the service configuration file and the deployment file; if the authority does not pass, the deployment is refused.
6. An automatic generation system of an access control strategy between micro-services based on a block chain is characterized by comprising the following steps:
the permission extraction module is used for performing static analysis on the newly added service source code and generating a request topological graph according to the result;
the authority decision module is used for judging the request topological graph and giving a decision result;
and the micro-service management platform is used for managing micro-services and executing the decision result of the permission decision module.
7. The system for automatically generating the inter-microservice access control strategy based on the blockchain according to claim 6, wherein the authority extraction module comprises a static analysis submodule and a topology generation submodule;
the static analysis sub-module comprises a tool analysis module, a stain reverse tracking module and a list generation module;
the tool analysis module is used for performing static analysis on each language source code by using different language static analysis tools to generate a static analysis result;
the stain reverse tracking module is used for executing reverse pollution propagation according to the static analysis result so as to obtain a program slice corresponding to the service call;
the list generating module is used for generating a micro-service request list in a Json format by combining program slicing results;
the topology generation submodule comprises an information forwarding module and a request topological graph generation module;
the information forwarding module is used for sending the request list generated in the static analysis stage to the permission decision module;
and the request topological graph generating module is used for generating a request relation topological graph in the microservice according to the request list generated in the static analysis stage and sending the topological graph to the permission decision module.
8. The system of claim 6, wherein the permission decision module comprises:
the white list storage module is used for storing a manufacturer access authority white list of the existing service on the platform on the authority block chain;
the authority graph generating module is used for extracting the service manufacturer information of the required calling service according to the received request list of the authority extracting module, inquiring a white list of access authority of a corresponding manufacturer and generating a calling authority relation graph of the microservice according to the authority;
the permission decision submodule is used for comparing and judging the request topological graph generated by the permission extraction module with the generated permission relation graph, if the request topological graph is a subgraph of permission topology, the microservice obtains authorization and stores the service permission topological graph in a block chain, if the request topological graph is not a subgraph, the authorization is refused if the permission relation is not satisfied, and a decision result is sent to the microservice management platform;
and the authority updating module is used for searching the related generated authority graph and adding corresponding edges or nodes after the white list of a certain service manufacturer is updated.
9. The system of claim 6, wherein the microservice management platform comprises:
the system comprises a configuration file providing module, a permission extracting module and a micro-service deployment module, wherein the configuration file providing module is used for generating a corresponding deployment configuration file, the deployment configuration file comprises detailed information and environment variables of the micro-service on a platform, and the permission extracting module is used for slicing a program to provide information for generating a request list;
and the permission decision execution module is used for judging whether to obtain authorization according to the received decision result, deploying the micro service according to the deployment configuration file of the service if the authorization is obtained, and refusing to deploy the service if the authorization is not passed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210264404.6A CN114595455A (en) | 2022-03-17 | 2022-03-17 | Block chain-based method and system for automatically generating inter-microservice access control strategy |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210264404.6A CN114595455A (en) | 2022-03-17 | 2022-03-17 | Block chain-based method and system for automatically generating inter-microservice access control strategy |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114595455A true CN114595455A (en) | 2022-06-07 |
Family
ID=81810501
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210264404.6A Pending CN114595455A (en) | 2022-03-17 | 2022-03-17 | Block chain-based method and system for automatically generating inter-microservice access control strategy |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114595455A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115514586A (en) * | 2022-11-24 | 2022-12-23 | 河北纬坤电子科技有限公司 | Access control policy configuration method and electronic equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113098695A (en) * | 2021-04-21 | 2021-07-09 | 金陵科技学院 | Micro-service unified authority control method and system based on user attributes |
| CN113110914A (en) * | 2021-03-02 | 2021-07-13 | 西安电子科技大学 | Internet of things platform construction method based on micro-service architecture |
| CN113221138A (en) * | 2021-04-30 | 2021-08-06 | 中核武汉核电运行技术股份有限公司 | Authority management system |
| EP3913516A1 (en) * | 2019-03-22 | 2021-11-24 | Huawei Technologies Co., Ltd. | File access authority authentication method and electronic device |
-
2022
- 2022-03-17 CN CN202210264404.6A patent/CN114595455A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3913516A1 (en) * | 2019-03-22 | 2021-11-24 | Huawei Technologies Co., Ltd. | File access authority authentication method and electronic device |
| CN113110914A (en) * | 2021-03-02 | 2021-07-13 | 西安电子科技大学 | Internet of things platform construction method based on micro-service architecture |
| CN113098695A (en) * | 2021-04-21 | 2021-07-09 | 金陵科技学院 | Micro-service unified authority control method and system based on user attributes |
| CN113221138A (en) * | 2021-04-30 | 2021-08-06 | 中核武汉核电运行技术股份有限公司 | Authority management system |
Non-Patent Citations (1)
| Title |
|---|
| 沙杰;: "基于RBAC模型的云计算平台访问控制***设计研究", 信息与电脑(理论版), no. 03, 8 February 2017 (2017-02-08), pages 135 - 145 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115514586A (en) * | 2022-11-24 | 2022-12-23 | 河北纬坤电子科技有限公司 | Access control policy configuration method and electronic equipment |
| CN115514586B (en) * | 2022-11-24 | 2023-03-21 | 河北纬坤电子科技有限公司 | Access control policy configuration method and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9286189B2 (en) | Self-evolving computing service template translation | |
| CN111160749B (en) | Information quality assessment and information fusion method and device | |
| US10523569B2 (en) | Dynamic creation and management of ephemeral coordinated feedback instances | |
| US11487546B2 (en) | Change management of services deployed on datacenters configured in cloud platforms | |
| CN110650037B (en) | Heterogeneous network device configuration method and device | |
| CN113342323B (en) | Method and device for online development of software | |
| US20230273959A1 (en) | Computer-implemented methods, systems comprising computer-readable media, and electronic devices for narrative representation of a network computing environment | |
| US20230281249A1 (en) | Computer-implemented methods, systems comprising computer-readable media, and electronic devices for enabled intervention into a network computing environment | |
| CN114595455A (en) | Block chain-based method and system for automatically generating inter-microservice access control strategy | |
| CN115796041A (en) | Neural network model deployment method, system, device and storage medium | |
| US10656922B2 (en) | Systems and methods for providing an application transformation tool | |
| CN109784051A (en) | Protecting information safety method, device and equipment | |
| CN114693220B (en) | Algorithm warehouse management method and system based on digital twin DaaS platform | |
| Hagen et al. | Planning in the large: Efficient generation of it change plans on large infrastructures | |
| CN112632113B (en) | Operator management method and operator management system | |
| US20230105062A1 (en) | Enhancing applications based on effectiveness scores | |
| CN113031964B (en) | Big data application management method, device, equipment and storage medium | |
| CN115510449A (en) | Source code vulnerability detection method and device | |
| CN110096873A (en) | It is derived by the automatic bait that patch converts | |
| Yang et al. | Information flow analysis of scientific workflows | |
| WO2016161065A1 (en) | Ephemeral feedback instances | |
| US20240036929A1 (en) | Orchestration of operations on a cloud platform based on multiple version maps of services | |
| CN112053243B (en) | Method and device for upgrading intelligent contracts in block chain | |
| CN114115853B (en) | Method and system for dynamically controlling API (application program interface) access | |
| WO2022153121A1 (en) | Propagating placement and isolation constraints to network slice constituents |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |