Hongmeng System Overview (HarmonyOS)
We can give an overview from the following three main aspects:System definition, technical characteristics, system security.
Table of contents
Hongmeng System Overview (HarmonyOS)
system definition
System positioning
Technology Architecture
kernel layer
System service layer
Frame layer
Application layer
Technical characteristics
Hardware mutual assistance, resource sharing
Develop once and deploy on multiple terminals
Unified OS, flexible deployment
system security
right person
the right equipment
Use data correctly
system definition
System positioning
HarmonyOS is a brand new distributed operating system for the era of Internet of Everything.
Based on the traditional single-device system capabilities, HarmonyOS proposes a distributed concept based on the same system capabilities and adapted to multiple terminal forms. It can support mobile phones, tablets, smart wearables, smart screens, cars, PCs, smart speakers, A variety of terminal devices such as headsets and AR/VR glasses provide business capabilities in all scenarios (mobile office, sports and health, social communication, media entertainment, etc.).
HarmonyOS has three major features:
- Devices equipped with this operating system are integrated at the system level to form a super terminal, so that the hardware capabilities of the device can be flexibly expanded to realize hardware mutual assistance and resource sharing between devices (multiple devices can realize hardware mutual assistance and resource sharing, and rely on Key technologies include distributed soft bus, distributed device virtualization, distributed data management, distributed task scheduling, etc.).
- For developers, it realizes one-time development and multi-terminal deployment (HarmonyOS provides user program framework, Ability framework and UI framework, supports the reuse of multi-terminal business logic and interface logic in the application development process, and can realize one-time development and multi-terminal deployment of applications. , improving the development efficiency of cross-device applications.).
- An operating system can meet the needs of devices with different capabilities, achieving unified OS and flexible deployment.
HarmonyOS provides APIs that support multiple development languages for developers to develop applications. Supported development languages include ArkTS, JS (JavaScript), C/C++, and Java.
Technology Architecture
HarmonyOS overall follows a layered design, from bottom to top: kernel layer, system service layer, framework layer and application layer. System functions are expanded step by step according to "System > Subsystem > Function/Module". In a multi-device deployment scenario, some non-essential subsystems or functions/modules are supported according to actual needs.
The technical architecture of HarmonyOS is as follows:
kernel layer
- Kernel subsystem: HarmonyOS adopts a multi-core design to support the selection of appropriate OS kernels for different resource-constrained devices. Kernel Abstract Layer (KAL, Kernel Abstract Layer) provides basic kernel capabilities to the upper layer by shielding multi-core differences, including process/thread management, memory management, file system, network management and peripheral management, etc.
- Driver subsystem: Hardware Driver Foundation, Hardware Driver Framework (HDF), is used to provide unified peripheral access capabilities and driver development and management frameworks. It is the basis for the openness of the HarmonyOS hardware ecosystem and provides unified peripheral access capabilities and driver development and management frameworks. .
System service layer
The system service layer is HarmonyOS'score capability set, which provides services to applications through the framework layer. This layer contains the following parts:
- System basic capability subsystem set: Provides basic capabilities for the operation, scheduling, migration and other operations of distributed applications on HarmonyOS multiple devices. It consists of distributed soft bus, distributed data management, distributed task scheduling, and Ark multi-language runtime. , public basic library, multi-mode input, graphics, security, AI and other subsystems. Among them, the Ark runtime provides C/C++/JS multi-language runtime and basic system class libraries, and also provides static Java programs using the Ark compiler (that is, the parts of the application or framework layer developed using the Java language). Runtime.
- Basic software service subsystem set: Provides public and general software services for HarmonyOS, including event notification, telephone, multimedia, DFX (Design For X), MSDP It is composed of a>&DV and other subsystems.
- Enhanced software service subsystem set: Provides HarmonyOS with differentiated capability-enhanced software services for different devices, consisting of subsystems such as smart screen proprietary services, wearable proprietary services, and IoT proprietary services.
- Hardware service subsystem set: Provides hardware services for HarmonyOS, consisting of subsystems such as location services, biometric identification, wearable proprietary hardware services, and IoT proprietary hardware services.
MSDP
Mobile Sensing Development Platform, mobile sensing platform. The MSDP subsystem provides distributed fusion sensing capabilities. With the help of HarmonyOS distributed capabilities, it aggregates and fuses multiple sensing sources from multiple devices to accurately perceive the user's spatial status, movement status, gestures, sports health and other status to build a comprehensive Scene ubiquitous basic perception capabilities support new experiences in smart life.
DV
Device Virtualization, device virtualization, can realize the integration of capabilities and resources of different devices through virtualization technology.
According to the deployment environment of different device forms, the basic software service subsystem set, enhanced software service subsystem set, and hardware service subsystem set can be tailored according to subsystem granularity, and each subsystem can be tailored according to function granularity.
Frame layer
The framework layer provides multi-language user program frameworks such as ArkTS/JS/C/C++/Java for HarmonyOS application development. Two UI frameworks (including ArkUI for the ArkTS/JS language and Java for the Java language) UI framework), as well as multi-language framework APIs open to various software and hardware services. Depending on the degree of componentization of the system, the APIs supported by HarmonyOS devices will also vary.
Application layer
The application layer includes system applications and third-party non-system applications. HarmonyOS applications consist of one or more FA (Feature Ability) or PA (Particle Ability) composition. Among them, FA has a UI interface and provides the ability to interact with users; while PA has no UI interface and provides the ability to run tasks in the background and a unified data access abstraction. The background data access required by FA during user interaction also needs to be supported by the corresponding PA. Applications developed based on FA/PA can implement specific business functions, support cross-device scheduling and distribution, and provide users with a consistent and efficient application experience.
BUT
Feature Ability, meta-service, represents the Ability with an interface and is used to interact with users.
Well
Particle Ability, meta-ability, represents interface-less Ability and mainly provides support for Feature Ability, such as providing computing power as a background service, or providing data access capabilities as a data warehouse.
Technical characteristics
Hardware mutual assistance, resource sharing
Multiple devices can realize hardware mutual assistance and resource sharing, relying on key technologies including distributed soft bus, distributed device virtualization, distributed data management, distributed task scheduling, etc.
Distributed soft bus
The distributed soft bus is the communication base for distributed devices such as mobile phones, tablets, smart wearables, smart screens, and cars. It provides unified distributed communication capabilities for the interconnection and interoperability between devices, and provides a senseless discovery between devices. and zero-wait transmission conditions are created. Developers only need to focus on the implementation of business logic and do not need to pay attention to the networking method and underlying protocols.
Distributed soft busThe schematic diagram is as follows:
Examples of typical application scenarios:
- Smart home scene: When cooking, the mobile phone can be connected to the oven through touch, and will automatically set the cooking parameters according to the recipe and control the oven to make dishes. Similarly, food processors, range hoods, air purifiers, air conditioners, lights, curtains, etc. can all be displayed on the mobile phone and controlled through the mobile phone. Devices can be connected and used immediately without tedious configuration.
- Multi-screen linkage classroom: Teachers teach through smart screens, interact with students, and create a classroom atmosphere; students complete course learning and in-class questions and answers through tablets. The unified, fully connected logical network ensures high bandwidth, low latency, and high reliability of the transmission channel.
Distributed device virtualization
The distributed device virtualization platform can realize resource integration, device management, and data processing of different devices. Multiple devices together form oneSuper virtual device, super virtual terminal. For different types of tasks, we match and select execution hardware with appropriate capabilities for users, allowing services to flow continuously between different devices and giving full play to the capabilities and advantages of different devices, such as display capabilities, camera capabilities, audio capabilities, interaction capabilities, and sensor capabilities. wait.
Super virtual device, super virtual terminal
Also known as super terminal, it uses distributed technology to integrate the capabilities of multiple terminals and store them in a virtual hardware resource pool. It can uniformly manage and schedule terminal capabilities according to business needs to provide external services.
Schematic diagram of distributed device virtualization:
Examples of typical application scenarios:
- Video call scenario: When answering a video call while doing housework, you can connect your mobile phone to the smart screen, and virtualize the screen, camera, and speakers of the smart screen into local resources, replacing the screen, camera, earpiece, and speakers of the mobile phone itself. Do housework and make video calls through the smart screen and speakers.
- Game scene: When playing games on the smart screen, the mobile phone can be virtualized as a remote control, using the mobile phone's gravity sensor, acceleration sensor, and touch capabilities to provide players with a more convenient and smoother gaming experience.
Distributed data management
Distributed data management is based on the capabilities of distributed soft buses to achieve distributed management of application data and user data. User data is no longer bound to a single physical device, and business logic is separated from data storage. Cross-device data processing is as convenient and fast as local data processing, allowing developers to easily implement data storage, sharing and access in all scenarios and on multiple devices. , creating basic conditions for creating a consistent and smooth user experience.
Distributed data management diagram:
Examples of typical application scenarios:
- Collaborative office scenario: Project the document on the mobile phone to the smart screen, perform page turning, zooming, doodling and other operations on the document on the smart screen. The latest status of the document can be displayed simultaneously on the mobile phone.
- Photo sharing scenario: When traveling, photos taken with a mobile phone can be more conveniently browsed, collected, saved or edited on other devices logged in with the same account, such as a tablet, or the records can be shared with family members on a smart screen at home. The next happy moment.
Distributed task scheduling
Distributed task scheduling is based on technical features such as distributed soft bus, distributed data management, and distributed Profile to build a unified distributed service management (discovery, synchronization, registration, and invocation) mechanism to support remote startup of cross-device applications. Operations such as remote calling, remote connection, and migration can select appropriate devices to run distributed tasks based on the capabilities, locations, business operating status, resource usage, and user habits and intentions of different devices.
Taking application migration as an example, the distributed task scheduling capability is briefly demonstrated. As shown in the picture:
Distributed connectivity capabilities
The distributed connection capability provides the connection capability between the bottom layer and the application layer of smart terminals, sharing some hardware resources and software capabilities of the terminal through the USB interface. Based on distributed connection capabilities, developers can develop corresponding ecological products to provide consumers with a richer connection experience.
Schematic diagram of distributed connection capabilities:
Distributed connection capabilities include bottom layer capabilities (Connect Service) and application layer capabilities (AILife Client Service).
Develop once and deploy on multiple terminals
HarmonyOS provides user program framework, Ability framework and UI framework to support multi-terminal business logic and interface logic during application development. Reuse enables one-time development and multi-deployment of applications, improving the development efficiency of cross-device applications.
Ability
An important part of an application is the abstraction of its capabilities. Ability is divided into two types, Feature Ability and Particle Ability.
Among them, the UI framework supports development using ArkTS, JS, and Java languages, and provides a wealth of polymorphic controls that can display different UI effects on mobile phones, tablets, smart wearables, smart screens, and cars. Adopting the industry's mainstream design methods, it provides a variety of responsive layout solutions, supports grid layout, and meets the interface adaptability of different screens.
Schematic diagram of one-time development and multi-terminal deployment:
Unified OS, flexible deployment
Through design methods such as componentization and miniaturization, HarmonyOS supports on-demand flexible deployment of a variety of terminal devices and can adapt to different types of hardware resources and functional requirements. It supports the automatic generation of component dependencies through compilation chain relationships, forming a component tree dependency graph, supporting the convenient development of product systems and lowering the development threshold of hardware devices.
- Supports the selection of each component (components are optional): According to the form and requirements of the hardware, you can select the required components.
- Supports the configuration of function sets within components (components can be large or small): Based on the hardware resources and functional requirements, you can choose to configure the function sets in the components. For example, choose to configure some controls in the Graphics Frame component.
- Supports dependency relationships between components (the platform can be large or small): Based on the compilation chain relationship, componentized dependencies can be automatically generated. For example, selecting a graphics framework component will automatically select dependent graphics engine components, etc.
system security
On distributed terminals equipped with HarmonyOS, it can be guaranteed that "the right people, through the right equipment, use the data correctly".
right person
The "correct person" is ensured through "distributed multi-terminal collaborative identity authentication"; in the distributed terminal scenario, the "correct person" refers to data visitors and business operators who have passed identity authentication. "The right person" is a prerequisite to ensure that user data is not illegally accessed and user privacy is not leaked.
HarmonyOS implements collaborative identity authentication through the following three aspects:
- Zero trust model: HarmonyOS is based on the zero trust model to implement user authentication and data access control. When a user needs to access data resources across devices or initiate high-security business operations (for example, operations on security equipment), HarmonyOS will authenticate the user's identity to ensure the reliability of his or her identity.
- Multi-factor integrated authentication: HarmonyOS uses user identity management to associate authentication credentials that identify the same user on different devices to identify a user to improve the accuracy of authentication. .
- Collaborative and mutual assistance authentication: HarmonyOS realizes resource pooling of different devices by decoupling hardware and authentication capabilities (that is, information collection and authentication can be completed on different devices) As well as mutual assistance and sharing of capabilities, high-security level devices can assist low-security level devices in completing user identity authentication.
the right equipment
Ensure "correct equipment" by "building a trusted operating environment on distributed terminals". In a distributed terminal scenario, only by ensuring that the equipment used by users is safe and reliable can user data be effectively protected on the virtual terminal and user privacy leaked.
-
secure boot
Ensure that the system firmware and applications running on each virtual device at the source are intact and untampered with. Through secure boot, image packages from various device manufacturers are less likely to be illegally replaced with malicious programs, thereby protecting user data and privacy.
-
Trusted execution environment
Provides a hardware-based Trusted Execution Environment (TEE) to protect the storage and processing of users' personal sensitive data and ensure that data is not leaked. Due to the different security capabilities of distributed terminal hardware, users' sensitive personal data needs to be stored and processed using high-security devices. HarmonyOS uses a TEE microkernel based on mathematically provable formal development and verification, and has obtained a certification rating of CC EAL5+ for commercial OS kernels.
-
Device certificate authentication
Supports presetting device certificates for devices with trusted execution environments to prove their security capabilities to other virtual terminals. For devices with a TEE environment, pre-configured PKI (Public Key Infrastructure) device certificates are provided to prove the identity of the device to ensure that the device is legally manufactured. The device certificate is preset on the production line, and the private key of the device certificate is written and safely stored in the TEE environment of the device, and is only used within the TEE. When the user's sensitive data (such as keys, encrypted biometrics, etc.) must be transmitted, a secure channel is established from the TEE of one device to the TEE of another device after using the device certificate for security environment verification. Achieve secure transmission.
Device certificate usage diagram:
Use data correctly
Through "classification and hierarchical management of data in the process of distributed data flowing across terminals" to ensure "correct use of data"; in distributed terminal scenarios, it is necessary to ensure that users can use data correctly**. **HarmonyOS implements full life cycle protection around data generation, storage, use, transmission and destruction processes to ensure that personal data and privacy, as well as system confidential data (such as keys) are not leaked.
-
Data generation: Classify the data according to the laws, regulations and standards of the country or organization where the data is located, and set the corresponding protection level according to the classification. From the moment data is generated, data of each protection level needs to be provided with different strengths of security protection according to the corresponding security policies throughout its entire life cycle of storage, use, and transmission. The access control system of virtual hyperterminal supports tag-based access control policies to ensure that data can only be stored, used and transmitted between virtual terminals that can provide sufficient security protection.
-
**Data storage: **HarmonyOS securely protects data by distinguishing the security level of data and storing it in partitions with different security protection capabilities, and provides seamless cross-device flow and cross-device key access control throughout the key life cycle. capabilities to support distributed identity authentication collaboration, distributed data sharing and other services.
-
**Data Usage:** HarmonyOS provides a trusted execution environment for devices through hardware. Users' personal sensitive data are only used in the trusted execution environment of distributed virtual terminals to ensure that the security and privacy of user data are not leaked.
-
**Data transmission:** In order to ensure the safe flow of data between virtual hyper terminals, each device needs to be correct and trustworthy, establish a trust relationship (multiple devices establish a pairing relationship through Huawei accounts), and be able to verify the trust relationship. Finally, a secure connection channel is established to transmit data securely according to the rules of data flow. When communicating between devices, the device needs to be authenticated based on its identity credentials, and based on this, a secure encrypted transmission channel is established.
-
**Data destruction:** Destroying the key means destroying the data. The storage of data in virtual terminals is based on keys. When destroying data, only the corresponding key needs to be destroyed to complete the data destruction.
Detailed reference links are as follows
Document Center
Extra Topic
================================== ================================================== ================================================== ===========================================
People who are new to the computer industry orgraduates from universities with computer-related majors often encounter barriers to employment due to lack of practical experience. Let's take a look at two sets of data:
-
The number of college graduates nationwide in 2023 is expected to reach 11.58 million, and the employment situation is grim;
-
Data released during the National Cyber Security Awareness Week show that by 2027, the shortage of cyber security personnel in our country will reach 3.27 million.
On the one hand, the employment situation for fresh graduates is grim every year, and on the other hand, there is a shortage of one million cybersecurity talents.
On June 9, Max Research’s 2023 Employment Blue Book (including the “2023 China Undergraduate Employment Report” and “2023 China Higher Vocational Students Employment Report”) was officially released.
The top 10 majors with the highest monthly income for college graduates in 2022
Undergraduate computer majors and higher vocational automation majors have higher monthly incomes. The monthly incomes of the 2022 undergraduate computer majors and higher vocational automation majors are 6,863 yuan and 5,339 yuan respectively. Among them, the starting salary of undergraduate computer majors is basically the same as that of the 2021 class, and the monthly income of higher vocational automation majors has increased significantly. The 2022 class overtook the railway transportation major (5,295 yuan) to rank first.
Looking at the major specifically, the major with the highest monthly income for the 2022 undergraduate class is information security (7,579 yuan). Compared with the class of 2018, undergraduate majors related to artificial intelligence such as electronic science and technology and automation performed well, with starting salaries increasing by 19% compared to five years ago. Although data science and big data technology are new majors in recent years, they have performed well and have ranked among the top three majors with the highest monthly income for 2022 undergraduate graduates six months after graduation. French, the only humanities and social sciences major that entered the top 10 highest-paying undergraduates five years ago, has dropped out of the top 10.
“There is no national security without cybersecurity.” At present, network security has been elevated to the level of national strategy and has become one of the most important factors affecting national security and social stability.
Characteristics of the network security industry
1. The employment salary is very high and the salary increases quickly. In 2021, Liepin.com announced that the employment salary in the network security industry is the highest per capita of 337,700!
2. There is a large talent gap and many employment opportunities
On September 18, 2019, the official website of the "Central People's Government of the People's Republic of China" published: my country's demand for cyberspace security talents is 1.4 million, but major schools across the country train less than 1.5 million people every year. Liepin.com’s “Cybersecurity Report for the First Half of 2021” predicts that the demand for network security talents in 2027 will be 3 million. Currently, there are only 100,000 employees engaged in the network security industry.
The industry has huge room for development and there are many jobs
Since the establishment of the network security industry, dozens of new network security industry positions have been added: network security experts, network security analysts, security consultants, network security engineers, security architects, security operation and maintenance engineers, penetration engineers, information security management Officer, data security engineer, network security operations engineer, network security emergency response engineer, data appraiser, network security product manager, network security service engineer, network security trainer, network security auditor, threat intelligence analysis engineer, disaster recovery professional , Practical attack and defense professionals...
Great career value-added potential
The network security major has strong technical characteristics, especially mastering the core network architecture and security technologies at work, which has an irreplaceable competitive advantage in career development.
As personal abilities continue to improve, the professional value of the work they do will also increase with the enrichment of their experience and the maturity of project operations, and the room for appreciation will continue to increase. This is the main reason why it is popular with everyone.
To a certain extent, in the field of network security, just like the medical profession, the older you get, the more popular you become. Because the technology becomes more mature, your work will naturally be taken seriously, and promotion and salary increases will come naturally.
How to learn hacking & network security
As long as you like my article today, my private network security learning materials will be shared with you for free. Come and see what is available.
1. Learning roadmap
There are a lot of things to learn about attack and defense. I have written down the specific things you need to learn in the road map above. If you can complete them, you will have no problem getting a job or taking on a private job.
2. Video tutorial
Although there are many learning resources on the Internet, they are basically incomplete. This is an Internet security video tutorial I recorded myself. I have accompanying video explanations for every knowledge point in the roadmap above.
The content covers the study of network security laws, network security operations and other security assessments, penetration testing basics, detailed explanations of vulnerabilities, basic computer knowledge, etc. They are all must-know learning contents for getting started with network security.
(They are all packaged into one piece and cannot be expanded one by one. There are more than 300 episodes in total)
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.
3. Technical documents and e-books
I also compiled the technical documents myself, including my experience and technical points in participating in large-scale network security operations, CTF, and digging SRC vulnerabilities. There are more than 200 e-books. Due to the sensitivity of the content, I will not display them one by one.
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.
4. Toolkit, interview questions and source code
"If you want to do your job well, you must first sharpen your tools." I have summarized dozens of the most popular hacking tools for everyone. The scope of coverage mainly focuses on information collection, Android hacking tools, automation tools, phishing, etc. Interested students should not miss it.
There is also the case source code and corresponding toolkit mentioned in my video, which you can take away if needed.
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.
Finally, here are the interview questions about network security that I have compiled over the past few years. If you are looking for a job in network security, they will definitely help you a lot.
These questions are often encountered when interviewing Sangfor, Qi Anxin, Tencent or other major companies. If you have good questions or good insights, please share them.
Reference analysis: Sangfor official website, Qi’anxin official website, Freebuf, csdn, etc.
Content features: Clear organization and graphical representation to make it easier to understand.
Summary of content: Including intranet, operating system, protocol, penetration testing, security service, vulnerability, injection, XSS, CSRF, SSRF, file upload, file download, file inclusion, XXE, logical vulnerability, tools, SQLmap, NMAP, BP, MSF…
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.