CN104735063A - Security evaluating and detecting method used for cloud infrastructure - Google Patents
Security evaluating and detecting method used for cloud infrastructure Download PDFInfo
- Publication number
- CN104735063A CN104735063A CN201510107604.0A CN201510107604A CN104735063A CN 104735063 A CN104735063 A CN 104735063A CN 201510107604 A CN201510107604 A CN 201510107604A CN 104735063 A CN104735063 A CN 104735063A
- Authority
- CN
- China
- Prior art keywords
- test
- appraisal
- mirror image
- resource
- activity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/28—Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
Abstract
The invention relates to the technical field of the information security, in particular to a security evaluating and detecting method used for a cloud infrastructure. The method is completed by a device formed by a dispatching module, a testing software library, a testing mirror, a testing configuration library, a testing result library, an analysis module, a testing requirement docment, a testing report and other modules. Configuration operating is carried out on the testing software library by a user in advance before testing; security testing software which exists in the market and aims at the cloud infrastructure and independently programmed testing software programs are uploaded to the testing software library; classification is carried out on the software according to the usual classification, namely the system security, the network security, the data security, the behavior security and the like, and the software is partitioned to different 'testing software lists'; the testing software library can be continuously updated, and the advancement and the maturity of the testing software are guaranteed. The problem of compatibility of the information security testing method and the cloud calculation is solved, and the method can be used for security evaluating and testing of the cloud infrastructure.
Description
Technical field
The present invention relates to field of information security technology, especially a kind of safe evaluating method for cloud infrastructure.
Background technology
Cloud infrastructure: refer to the general designation for supporting the software and hardware architecture that various cloud computing service builds, it comprises physics infrastructure resources and Virtual base facility resource.Virtual base facility resource is the virtual resource utilizing Intel Virtualization Technology to build on the basis of physical infrastructure resource, relates to a series of hardware and software resources such as operating system, storage, network and CPU.
Information security subject: the different field related to according to information system security, is divided into the subjects such as system safety, behavior safety, data security, network security, terminal security.
Information security is evaluated and tested: utilize artificial, semi-automatic and automation tools to carry out safety test and evaluation to computer system, its object is to check and whether meet demand for security and understand fully expected result and the difference of testing actual result, thus the safety problem that the system of discovery exists.
Resource units: when cloud infrastructure is tested and assessed, can quantize the set of physical resources such as the calculating of amount, storage abstract be one can the entity of independent operating.Realize especially by Intel Virtualization Technology.
Test and appraisal mirror image: resource units, test and evaluation software program etc. are packaged into a virtual machine image.
Test and appraisal activity: in specified scope in cloud infrastructure or all resource carry out the security evaluation process from installing test and appraisal and be mirrored to record evaluating result.
Test and appraisal demand book: a kind of document, its 62 key technology point that have recorded this test and appraisal activity, such as the cloud basis facilities and equipments in much physical network boundses are tested and assessed, test and appraisal personnel, test and appraisal time and other relevant requirements.
Test and evaluation report: by analyzing test and appraisal data, the different information security field of cloud infrastructure and general safety state are evaluated and provided the document of improving suggestions.
Polling dispatching algorithm: algorithm principle each time requestor's device is distributed in the request from user in turn, from 1, until N (requestor's number), then restarts circulation.The advantage of algorithm is its terseness and fairness, and it is without the need to recording the state of current all connections, so be stateless scheduling.
Cloud computing, as a kind of novel information technology that can provide resource-sharing, on-demand service, currently to be popularized in E-Government, education, medical treatment etc. in a big way.By government, enterprise take the lead build large-scale cloud infrastructure increasing.But, while enjoyment cloud computing brings convenient, easy expansion calculating and storage capacity, because cloud computing all has huge difference with conventional computer system in network topology structure, using forestland etc., many conventional security safeguard procedures lost efficacy in cloud computing environment, and cloud infrastructure inherently safe is faced with huge challenge.Information security accident relevant in recent years often has generation.
The fail safe of evaluating system is important means and the prerequisite of Study system safe condition.The same with the Information Security Evaluation for conventional computer system, the safety evaluation of cloud infrastructure needs to carry out Security Testing to it, its object is to check the demand for security that whether meets cloud computing and understand fully the difference of expected result and test result, thus the safety problem that the system of discovery exists.
Through retrieval, inventor finds, the document the most relevant to the application has:
1, the Chinese patent application of CN2012101308311 (title: a kind of cloud computing environment security quantification evaluating system) discloses a kind of cloud computing environment security quantification evaluating system.Described system is divided into three parts, is respectively: information acquisition module, administrative analysis module and Web enquiry module, and described three zones module can mount mode and connect.This invention is based on cloud computing environment security quantification evaluation index model, and the mode adopting the various ways such as automation, semi-automation, artificial interview to combine, carries out information security quantitative evaluation to all kinds of cloud computing environment.
2, " the access control evaluation and test technical research of cloud computing platform " (Li Wenxue, Harbin Institute of Technology, 2013, master thesis) has designed and Implemented the system carrying out automation evaluation and test to the access control safety of system.This system, by treating to embed access control test interface in examining system, realizing the long-range access control safety treating examining system and evaluating and testing.This evaluating system adopts C/S framework, is mainly divided into two parts: evaluating tool client and treat examining system.The function sub-modules of evaluating tool client comprises: interface, test library, testing analysis module, Test cases technology module, testing execution module, test result acquisition module, test result processing module and be deployed in the test interface treating examining system.
3, the Chinese patent application of CN201110316666.4 (title: the network safety pre-warning method that a kind of facing cloud calculates) discloses network safety pre-warning method.Safe and reliable in order to ensure that cloud computing environment lower network communicates, dynamic realtime ground identifies and various attack attempt and behavior under monitoring cloud computing environment, for facing cloud calculates the method that lower various network attack provides real-time early warning and security protection.It mainly contains the part compositions such as security incident collector, Security incident handling device, safety state analysis device and network safety pre-warning operation core.Cloud computing environment lower network safe early warning problem is solved by Agent technology and Apriori association rule algorithm.
Make a general survey of the problem that prior art finds to deposit in the following areas:
1, mostly existing published data is that user oneself writes the safe condition that evaluation and test script goes to test cloud infrastructure, but is limited to technical merit, the safe condition of understanding cloud infrastructure that like this may not be comprehensive and deep.Had on the market much increase income complete function, better performances evaluating software, the Nessus of such as vulnerability scanning, the Snort etc. of intrusion detection, can combine different evaluating softwares completely as required, implements more comprehensively, deep security state evaluation to cloud infrastructure.
2, the thinking that prior art means are followed substantially is: installation agent Agent image data on the different main frames in cloud infrastructure, carries out analyzing and processing by network return data to administrative analysis module.This is still conventional information security protection theory, there is the imperfect shortcoming of Resourse Distribute extensibility.Specifically be discussed below:
If the information data amount that multiple Agent gathers is very large, by analysis and processing module, very high operating load is brought to the operation such as duplicate removal, conversion, merger of information.But whether the architecture of the rare discussion testing analysis module of existing open source information, be namely that individual node processes, if individual node process, can be absorbed in so again the problem of " C/S " framework, namely individual node is easily absorbed in the situation of load too high.If adopt multiserver or cluster, then collection terminal and backstage store the test and assess issue handling such as importing, storage of data of magnanimity between two kinds of systems and get up and also comparatively bother.And be difficult in advance estimate the demand to calculating, storage resources, may cause finding that existing resource does not catch up with actual demand in evaluation and test process, be difficult to allotment time another, affect evaluation and test process; Distribute excess resource simultaneously and also easily cause waste, generally speaking underaction.
3, in cloud infrastructure, dispose agent acquisition test and appraisal data, and autonomous reported data easily causes between information to backstage and conflicts mutually, thus bring interference to the analyzing and processing work on backstage, impact test and appraisal conclusion.
Generally speaking, current information security assessment device and the method also lacking adaptation cloud computing feature.
Summary of the invention
The technical problem that the present invention solves is to provide a kind of safe evaluating method for cloud infrastructure; Go for the feature of cloud computing, information security situation is tested and assessed.
The technical scheme that the present invention solves the problems of the technologies described above is:
Described method is completed by the device of the module composition such as scheduler module, test and evaluation software storehouse, test and appraisal mirror image, test and appraisal repository, evaluating result storehouse, analysis module, test and appraisal demand book, test and evaluation report;
Before test and appraisal, by user, test and evaluation software storehouse is configured; Then,
Scheduler module reads the test and appraisal demand book of this test and appraisal activity; Determine this test and appraisal required for software, restart a certain test and appraisal mirror image, start to carry out security evaluation to a certain safe subject, data are write in evaluating result storehouse;
In test and appraisal activity implementation, the parameters such as the resource distribution needed for record, test and appraisal time; After this test and appraisal activity end, in write test and appraisal repository, provide the references such as configuration and execution for test and appraisal activity next time;
The comprehensive all evaluating results of analysis module, adopt the integrated evaluating methods such as Field Using Fuzzy Comprehensive Assessment, AHP evaluation assessment, gray theory, neural network, the overall evaluation is provided to the safe condition of tested cloud infrastructure, and provides the test and evaluation report can downloaded for user;
Test and appraisal mirror image in each work regularly returns its resource consumption situation; Scheduler module judges the operating state of this test and appraisal mirror image according to these information; Comprise in operating state set: " task inefficacy ", " in tasks carrying " 2 kinds of states;
To the test and appraisal mirror image that task terminates, carry out the recovery operation of resources of virtual machine;
To the test and appraisal mirror image being in failure state, carry out wake operation; If fail to wake up within the time of setting, then carry out virtual machine (vm) migration; To the test and appraisal mirror image be in tasks carrying, according to according to polling dispatching algorithm, the resource of recovery is reassigned to the mirror image of still executing the task.
Before test and appraisal, user is beforehand with the configuration effort in test and evaluation software storehouse; First the security evaluation software for cloud infrastructure existing on market, the test and evaluation software program of independently writing are uploaded in test and evaluation software storehouse; Then according to common classification: system safety, network security, data security, behavior safety etc., these softwares are classified, is divided into different " test and evaluation software list "; Test and evaluation software storehouse can constantly upgrade, and guarantees the advance of test and evaluation software, maturity.
For often kind of test and evaluation software distributes the resources of virtual machine needed for it, i.e. resource units; Each test and evaluation software is installed in virtual machine, with calculate, store, the formation one of packing in the lump of the resource such as network tests and assesses mirror image; Start test and appraisal mirror image, carry out test and appraisal activity, finally analyzing and processing is carried out to data, form test and appraisal conclusion.
Concrete process is:
(1), test and appraisal repository module is accessed, the configurations information of test and appraisal activity before this module records; About the resource units configuration status of test and appraisal activity when obtaining the network security territory test and appraisal in the past for same cloud infrastructure; Such as: for this test and appraisal activity is assigned with the resource situation such as how many CPU, internal memory;
(2), scheduler module reads the test and appraisal demand book of this test and appraisal activity, and according to the safe subject of difference of test and appraisal, the test and evaluation software list in access test and evaluation software storehouse, determines this software required for test and appraisal;
(3), according to the physical boundary scope of cloud infrastructure of these test and appraisal, thus suitable resource units is distributed for this test and appraisal activity; This is a kind of process of autonomous learning, as last time test and appraisal activity implements security evaluation to 100 station servers, this needs to carry out security evaluation to 60 station servers, consider that the redundancy of resource deals with the accident in assessment process, then the 60-70% of physical resource needed for this Resources allocation desirable last time;
(4), by the required software of these test and appraisal, program pack with for its resource units distributed, the test and appraisal mirror image that formation can run;
(5), scheduler module starts a certain test and appraisal mirror image, and initialization also obtains relevant control authority, image data, starts to carry out security evaluation to a certain field;
(6) mirror image of, testing and assessing performs test and appraisal activity; Initial data is changed, the operation such as cleaning; After this test and appraisal activity end, by processed evaluating result data write evaluating result storehouse;
(7), after all test and appraisal mirror images are finished the work, the comprehensive all evaluating results of analysis module;
(8) if first time tests and assesses to this cloud infrastructure, then configuration status that can be for reference cannot be obtained from test and appraisal history library;
If access test and appraisal repository, do not read relevant test and appraisal configuration information, or first time implements test and appraisal activity for this cloud infrastructure, then do not have historical data to use for reference; For this situation, the resources of virtual machine configuring condition that this cloud infrastructure day-to-day operation desirable is the most general, distributes the reference of physical resource as a resource units.
For the test and appraisal mirror image be in tasks carrying, according to actual conditions for it distributes more multiple resource, can be accelerated it and completes test and appraisal task; Detailed process is as follows:
Be provided with a test and appraisal mirror image C executed the task
i, current C
itest and appraisal activity elapsed time be T
c; C
iestimate that the time of test and appraisal activity is T
f, new resource is from adding C
ithe time that can be used in required for testing and assessing is T
pif, T
f-T
c< T
p, then the redistribute resources reclaimed in the test and appraisal mirror image of test and appraisal activity will be terminated; Otherwise do not operate.
Concrete assigning process is:
Eachly still regularly return its resource consumption situation at the test and appraisal mirror image of work, these test and appraisal mirror images are consumed physical resources orders from high to low according to them by scheduler module, are generated to one " the resource consumption queue of test and appraisal mirror image "; Suppose to reclaim R resource units.According to the principle of " consume more, distribute more ", this R resource units is distributed to resource consumption queue according to polling dispatching algorithm (Round-Robin Scheduling) " in test and appraisal mirror image.
The information security evaluating apparatus that the present invention mentions is deployed in cloud infrastructure, runs, utilize the various resources of cloud infrastructure self to evaluate and test the safe condition of self with virtual machine state.Dispose comparatively flexibly, can combine as required differently security evaluation software, have good calculating and store flexible ability, customer-centricly can realize various demand.Specifically, the present invention has following beneficial effect:
1, possess autonomous learning function, the level of resources utilization is higher.According to the requirement of each test and appraisal, access test and appraisal repository module, the configurations information of test and appraisal activity before obtaining, thus calculate this test and appraisal activity resource requirement unit, decrease the test and appraisal time lengthening because Resourse Distribute deficiency causes, decrease and the unnecessary of spare resources is taken.
2, according to common safe account classification, the security evaluation software for cloud infrastructure existing on market, the test and evaluation software program of independently writing are uploaded in test and evaluation software storehouse, and these softwares are classified, be divided into different " test and evaluation software list ".Test and evaluation software storehouse possesses the updating ability to the test and evaluation software that it stores, and ensure that the advance of test and evaluation software, maturity.
3, by each Safety Section object assessment work, comprise the flow processs such as data acquisition, preliminary treatment and analysis and transfer in test and appraisal mirror image and complete, instead of focus on background analysis module, alleviate its operating load.
4, by scheduler module, dispatching distribution is carried out to the resource requirement in test and appraisal activity, adopt polling dispatching algorithm, make load between the test and appraisal mirror image in each work comparatively balanced, test and appraisal activity can be accelerated and perform.
5, can build as required special in a certain Safety Section object security evaluation mirror image, also can multiple combination collocation, test and appraisal mirror image can complete independently to the object test and appraisal activity of a certain Safety Section.
6, can the security evaluation Integrated Simulation of specialty in test and appraisal mirror image, each software completes the work of specialty, makes evaluating result more accurately, comprehensively and deeply.
Accompanying drawing explanation
Below in conjunction with accompanying drawing, the present invention is further described:
Fig. 1 is assessment device high-level schematic functional block diagram of the present invention;
Fig. 2 is test and evaluation software storehouse configuration flow figure of the present invention;
Fig. 3 is test and appraisal activity schematic flow sheet of the present invention;
Fig. 4 be the present invention test and assess mirror image task terminate after resource reclaim flow chart;
Fig. 5 is that the present invention tests and assesses the process chart after mirror image operational failure;
Fig. 6 is the present invention Resource recovery scheduling flow figure.
Embodiment
As shown in Figure 1, the present invention is directed to cloud infrastructure and carry out the device of Security Testing by the module composition such as scheduler module, test and evaluation software storehouse, test and appraisal mirror image, test and appraisal repository, evaluating result storehouse, analysis module, test and appraisal demand book, test and evaluation report.
Before test and appraisal, user will do the configuration effort in test and evaluation software storehouse in advance; Idiographic flow as shown in Figure 2.The security evaluation software for cloud infrastructure existing on market, the test and evaluation software program of independently writing are uploaded in test and evaluation software storehouse.According to common classification: system safety, network security, data security, behavior safety etc., these softwares are classified, is divided into different " test and evaluation software list ".Test and evaluation software storehouse can constantly upgrade, and guarantees the advance of test and evaluation software, maturity.
Once the complete procedure of test and appraisal activity comprises following: according to the requirement (such as these test and appraisal to which server within the scope of this cloud infrastructure will be tested and assessed) of each test and appraisal, for often kind of test and evaluation software distributes the resources of virtual machine needed for it, i.e. resource units.Each test and evaluation software is installed in virtual machine, with calculate, store, the formation one of packing in the lump of the resource such as network tests and assesses mirror image.Start test and appraisal mirror image, carry out test and appraisal activity, finally analyzing and processing is carried out to data, form test and appraisal conclusion.
In order to describe the problem better, enumerate once the example of complete test and appraisal activity below; Specifically as shown in Figure 3.Suppose current will the network security subject in whole cloud infrastructure test and appraisal, thus learn this cloud infrastructure safe condition in this respect.
1, access test and appraisal repository module, the configurations information of test and appraisal activity before this module records.About the resource units configuration status of test and appraisal activity when obtaining the network security territory test and appraisal in the past for same cloud infrastructure.Such as: for this test and appraisal activity is assigned with the resource situation such as how many CPU, internal memory.
2, after obtaining these configuring conditions, scheduler module reads the test and appraisal demand book of this test and appraisal activity, according to test and appraisal the safe subject of difference, access test and evaluation software storehouse in test and evaluation software list, determine this test and appraisal required for software.
3, according to the physical boundary scope of the cloud infrastructure of these test and appraisal, thus suitable resource units is distributed for this test and appraisal activity.This is a kind of process of autonomous learning, for example, last test and appraisal activity implements security evaluation to 100 station servers, this needs to carry out security evaluation to 60 station servers, consider that the redundancy of resource deals with the accident in assessment process, then the 60-70% of physical resource needed for this Resources allocation desirable last time.
4, the required software of these test and appraisal, program are packed with for its resource units distributed, the test and appraisal mirror image that formation can run.
5, scheduler module starts a certain test and appraisal mirror image, and initialization also obtains relevant control authority, image data, starts to carry out security evaluation to a certain field.
6, mirror image of testing and assessing performs test and appraisal activity.Initial data is changed, the operation such as cleaning; After this test and appraisal activity end, by processed evaluating result data write evaluating result storehouse.
7, after all test and appraisal mirror images are finished the work, the comprehensive all evaluating results of analysis module.
Safe condition due to cloud infrastructure relates to the object assessment of multiple Safety Section, is the things being subject to many factors restriction.Totally, comparatively accurately assessing to make one, can integrated evaluating method be adopted, comprise Field Using Fuzzy Comprehensive Assessment, analytic hierarchy process (AHP) (AHP, Analytic Hierarchy Process), gray theory, neural network etc.The overall evaluation is provided to the safe condition of tested cloud infrastructure, and provides the test and evaluation report can downloaded for user.
8 if first time tests and assesses to this cloud infrastructure, then cannot obtain configuration status that can be for reference from test and appraisal history library.
If access test and appraisal repository, do not read relevant test and appraisal configuration information, or first time implements test and appraisal activity for this cloud infrastructure, then do not have historical data to use for reference.For this situation, a kind of plain mode that can take is: get the resources of virtual machine configuring condition that this cloud infrastructure day-to-day operation is the most general, distributes the reference of physical resource as a resource units.
In this test and appraisal activity implementation, the parameters such as the resource distribution needed for record, test and appraisal time.After this test and appraisal activity end, in write test and appraisal repository, provide the references such as configuration and execution for test and appraisal activity next time.
Because the task amount of each test and appraisal mirror image is not quite similar, completing test and appraisal activity between each test and appraisal mirror image has sequencing; Meanwhile, also may there is hardware or software failure and cause test and appraisal mirror image operational failure.For this several situation, scheduler module can be utilized to carry out the redistributing of resource, task adjustment.
See that, shown in Fig. 4,5, specific works process is as follows:
Test and appraisal mirror image in each work regularly returns its resource consumption situation.Scheduler module judges the operating state of this test and appraisal mirror image according to these information.Comprise in operating state set: " task inefficacy ", " in tasks carrying " 2 kinds of states.
At the end of the task of test and appraisal mirror image, notice scheduler module, scheduler module carries out the recovery operation of resources of virtual machine.
To the test and appraisal mirror image being in failure state, carry out wake operation.If fail to wake up within the time of setting, then carry out virtual machine (vm) migration.
For the test and appraisal mirror image be in tasks carrying, according to actual conditions for it distributes more multiple resource, can be accelerated it and completes test and appraisal task.Detailed process is as follows:
Be provided with a test and appraisal mirror image C executed the task
i, current C
itest and appraisal activity elapsed time be T
c; C
iestimate that the time of test and appraisal activity is T
f, new resource is from adding C
ithe time that can be used in required for testing and assessing is T
pif, T
f-T
c< T
p, then the redistribute resources reclaimed in the test and appraisal mirror image of test and appraisal activity will be terminated; Otherwise do not operate.
As shown in Figure 6, row cite an actual example and concrete assigning process are described below.
Eachly still regularly return its resource consumption situation at the test and appraisal mirror image of work, these test and appraisal mirror images are consumed physical resources orders from high to low according to them by scheduler module, are generated to one " the resource consumption queue of test and appraisal mirror image ".Suppose to reclaim R resource units.According to the principle of " consume more, distribute more ", this R resource units is distributed to resource consumption queue according to polling dispatching algorithm (Round-Robin Scheduling) " in test and appraisal mirror image.
Claims (7)
1. for a safe evaluating method for cloud infrastructure, it is characterized in that: described method is completed by the device of the module composition such as scheduler module, test and evaluation software storehouse, test and appraisal mirror image, test and appraisal repository, evaluating result storehouse, analysis module, test and appraisal demand book, test and evaluation report;
Before test and appraisal, by user, test and evaluation software storehouse is configured; Then, scheduler module reads the test and appraisal demand book of this test and appraisal activity; Determine this test and appraisal required for software, restart a certain test and appraisal mirror image, start to carry out security evaluation to a certain safe subject, data are write in evaluating result storehouse;
In test and appraisal activity implementation, the parameters such as the resource distribution needed for record, test and appraisal time; After this test and appraisal activity end, in write test and appraisal repository, provide the references such as configuration and execution for test and appraisal activity next time;
The comprehensive all evaluating results of analysis module, adopt the integrated evaluating methods such as Field Using Fuzzy Comprehensive Assessment, AHP evaluation assessment, gray theory, neural network, the overall evaluation is provided to the safe condition of measured cloud infrastructure, and provides the test and evaluation report can downloaded for user;
Test and appraisal mirror image in each work regularly returns its resource consumption situation; Scheduler module judges the operating state of this test and appraisal mirror image according to these information; Comprise in operating state set: " task inefficacy ", " in tasks carrying " 2 kinds of states;
To the test and appraisal mirror image that task terminates, carry out the recovery operation of resources of virtual machine;
To the test and appraisal mirror image being in failure state, carry out wake operation; If fail to wake up within the time of setting, then carry out virtual machine (vm) migration; To the test and appraisal mirror image be in tasks carrying, according to according to polling dispatching algorithm, the resource of recovery is reassigned to the mirror image of still executing the task.
2. safe evaluating method according to claim 1, is characterized in that: before test and appraisal, user is beforehand with the configuration effort in test and evaluation software storehouse; First the security evaluation software for cloud infrastructure existing on market, the test and evaluation software program of independently writing are uploaded in test and evaluation software storehouse; Then according to common classification: system safety, network security, data security, behavior safety etc., these softwares are classified, is divided into different " test and evaluation software list "; Test and evaluation software storehouse can constantly upgrade, and guarantees the advance of test and evaluation software, maturity.
3. safe evaluating method according to claim 1, is characterized in that: according to the requirement of each test and appraisal, for often kind of test and evaluation software distributes the resources of virtual machine needed for it, i.e. resource units; Each test and evaluation software is installed in virtual machine, with calculate, store, the formation one of packing in the lump of the resource such as network tests and assesses mirror image; Start test and appraisal mirror image, carry out test and appraisal activity, finally analyzing and processing is carried out to data, form test and appraisal conclusion.
4. safe evaluating method according to claim 2, is characterized in that: according to the requirement of each test and appraisal, for often kind of test and evaluation software distributes the resources of virtual machine needed for it, i.e. resource units; Each test and evaluation software is installed in virtual machine, with calculate, store, the formation one of packing in the lump of the resource such as network tests and assesses mirror image; Start test and appraisal mirror image, carry out test and appraisal activity, finally analyzing and processing is carried out to data, form test and appraisal conclusion.
5. the safe evaluating method according to any one of Claims 1-4, is characterized in that: concrete process is:
(1), test and appraisal repository module is accessed, the configurations information of test and appraisal activity before this module records; About the resource units configuration status of test and appraisal activity when obtaining the network security territory test and appraisal in the past for same cloud infrastructure; Such as: for this test and appraisal activity is assigned with the resource situation such as how many CPU, internal memory;
(2), scheduler module reads the test and appraisal demand book of this test and appraisal activity, and according to the safe subject of difference of test and appraisal, the test and evaluation software list in access test and evaluation software storehouse, determines this software required for test and appraisal;
(3), according to the physical boundary scope of cloud infrastructure of these test and appraisal, thus suitable resource units is distributed for this test and appraisal activity; This is a kind of process of autonomous learning, for example last test and appraisal activity implements security evaluation to 100 station servers, this needs to carry out security evaluation to 60 station servers, consider that the redundancy of resource deals with the accident in assessment process, then the 60-70% of physical resource quantity needed for this Resources allocation desirable last time;
(4), by the required software of these test and appraisal, program pack with for its resource units distributed, the test and appraisal mirror image that formation can run;
(5), scheduler module starts a certain test and appraisal mirror image, and initialization also obtains relevant control authority, image data, starts to carry out security evaluation to a certain field;
(6) mirror image of, testing and assessing performs test and appraisal activity; Initial data is changed, the operation such as cleaning; After this test and appraisal activity end, by processed evaluating result data write evaluating result storehouse;
(7), after all test and appraisal mirror images are finished the work, the comprehensive all evaluating results of analysis module;
(8) if first time tests and assesses to this cloud infrastructure, then configuration status that can be for reference cannot be obtained from test and appraisal history library;
If access test and appraisal repository, do not read relevant test and appraisal configuration information, or first time implements test and appraisal activity for this cloud infrastructure, then do not have historical data to use for reference; For this situation, the resources of virtual machine configuring condition that this cloud infrastructure day-to-day operation desirable is the most general, distributes the reference of physical resource as a resource units.
6. safe evaluating method according to claim 5, is characterized in that: for the test and appraisal mirror image be in tasks carrying, according to actual conditions for it distributes more multiple resource, can accelerate it and complete test and appraisal task; Detailed process is as follows:
Be provided with a test and appraisal mirror image C executed the task
i, current C
itest and appraisal activity elapsed time be T
c; C
iestimate that the time of test and appraisal activity is T
f, new resource is from adding C
ithe time that can be used in required for testing and assessing is T
pif, T
f-T
c< T
p, then the redistribute resources reclaimed in the test and appraisal mirror image of test and appraisal activity will be terminated; Otherwise do not operate.
7. safe evaluating method according to claim 6, it is characterized in that: concrete assigning process is: eachly still regularly return its resource consumption situation at the test and appraisal mirror image of work, these test and appraisal mirror images are consumed physical resource order from high to low according to them by scheduler module, are generated to one " the resource consumption queue of test and appraisal mirror image "; Suppose to reclaim R resource units.According to the principle of " consume more, distribute more ", by this R resource units according to polling dispatching algorithm assigns to resource consumption queue " in test and appraisal mirror image.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510107604.0A CN104735063B (en) | 2015-03-11 | 2015-03-11 | A kind of safe evaluating method for cloud infrastructure |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510107604.0A CN104735063B (en) | 2015-03-11 | 2015-03-11 | A kind of safe evaluating method for cloud infrastructure |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104735063A true CN104735063A (en) | 2015-06-24 |
| CN104735063B CN104735063B (en) | 2018-01-02 |
Family
ID=53458498
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510107604.0A Active CN104735063B (en) | 2015-03-11 | 2015-03-11 | A kind of safe evaluating method for cloud infrastructure |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104735063B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106383735A (en) * | 2016-09-21 | 2017-02-08 | 中科信息安全共性技术国家工程研究中心有限公司 | System and method for monitoring host security of virtual machine in cloud environment in real time |
| CN108549934A (en) * | 2018-04-25 | 2018-09-18 | 福州瑞芯微电子股份有限公司 | A kind of operation method and device based on automated cluster neural network chip group |
| WO2019075795A1 (en) * | 2017-10-19 | 2019-04-25 | 国云科技股份有限公司 | Method for evaluating security of cloud computing platform |
| CN112052070A (en) * | 2020-08-27 | 2020-12-08 | 亚信科技(南京)有限公司 | Application containerization evaluation method and device, electronic equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110214124A1 (en) * | 2010-02-26 | 2011-09-01 | James Michael Ferris | Systems and methods for generating cross-cloud computing appliances |
| CN102594617A (en) * | 2012-01-12 | 2012-07-18 | 易云捷讯科技(北京)有限公司 | System and method for evaluating cloud computing service |
| CN103902442A (en) * | 2012-12-25 | 2014-07-02 | ***通信集团公司 | Method and system for evaluating cloud software health degree |
| CN104333488A (en) * | 2014-11-04 | 2015-02-04 | 哈尔滨工业大学 | Cloud service platform performance test method |
-
2015
- 2015-03-11 CN CN201510107604.0A patent/CN104735063B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110214124A1 (en) * | 2010-02-26 | 2011-09-01 | James Michael Ferris | Systems and methods for generating cross-cloud computing appliances |
| CN102594617A (en) * | 2012-01-12 | 2012-07-18 | 易云捷讯科技(北京)有限公司 | System and method for evaluating cloud computing service |
| CN103902442A (en) * | 2012-12-25 | 2014-07-02 | ***通信集团公司 | Method and system for evaluating cloud software health degree |
| CN104333488A (en) * | 2014-11-04 | 2015-02-04 | 哈尔滨工业大学 | Cloud service platform performance test method |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106383735A (en) * | 2016-09-21 | 2017-02-08 | 中科信息安全共性技术国家工程研究中心有限公司 | System and method for monitoring host security of virtual machine in cloud environment in real time |
| WO2019075795A1 (en) * | 2017-10-19 | 2019-04-25 | 国云科技股份有限公司 | Method for evaluating security of cloud computing platform |
| CN108549934A (en) * | 2018-04-25 | 2018-09-18 | 福州瑞芯微电子股份有限公司 | A kind of operation method and device based on automated cluster neural network chip group |
| CN108549934B (en) * | 2018-04-25 | 2020-06-19 | 福州瑞芯微电子股份有限公司 | Operation method and device based on automatic cluster neural network chipset |
| CN112052070A (en) * | 2020-08-27 | 2020-12-08 | 亚信科技(南京)有限公司 | Application containerization evaluation method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104735063B (en) | 2018-01-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Nie et al. | Machine learning models for GPU error prediction in a large scale HPC system | |
| US8261266B2 (en) | Deploying a virtual machine having a virtual hardware configuration matching an improved hardware profile with respect to execution of an application | |
| CN112685170B (en) | Dynamic optimization of backup strategies | |
| CN106886485B (en) | System capacity analysis and prediction method and device | |
| McKenna et al. | Machine learning predictions of runtime and IO traffic on high-end clusters | |
| US9229838B2 (en) | Modeling and evaluating application performance in a new environment | |
| CN108521339B (en) | Feedback type node fault processing method and system based on cluster log | |
| Bovenzi et al. | Workload characterization for software aging analysis | |
| US10789146B2 (en) | Forecasting resource utilization | |
| CN104735063A (en) | Security evaluating and detecting method used for cloud infrastructure | |
| US10389823B2 (en) | Method and apparatus for detecting network service | |
| Caglar et al. | Intelligent, performance interference-aware resource management for iot cloud backends | |
| CN107861796A (en) | A kind of dispatching method of virtual machine for supporting cloud data center energy optimization | |
| CN112700131B (en) | AB test method and device based on artificial intelligence, computer equipment and medium | |
| Wang et al. | Lube: Mitigating bottlenecks in wide area data analytics | |
| CN106845215A (en) | Based on safety protecting method and device under virtualized environment | |
| Bezemer et al. | Performance optimization of deployed software-as-a-service applications | |
| Ferreira da Silva et al. | Accurately simulating energy consumption of I/O-intensive scientific workflows | |
| CN112580816A (en) | Machine learning training resource management | |
| CN107515779B (en) | Virtual machine performance interference measurement system and method based on detector | |
| CN105897841A (en) | Scheduling method, device and system for network resource processing and sub scheduler | |
| CN115543577A (en) | Kubernetes resource scheduling optimization method based on covariates, storage medium and equipment | |
| Umesh et al. | Optimum software aging prediction and rejuvenation model for virtualized environment | |
| CN104883273A (en) | Method and system for processing service influence model in virtualized service management platform | |
| Avritzer et al. | Software aging and rejuvenation for increased resilience: modeling, analysis and applications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |