CN111083088B - Cloud platform hierarchical management method and device based on multiple security domains - Google Patents
Cloud platform hierarchical management method and device based on multiple security domains Download PDFInfo
- Publication number
- CN111083088B CN111083088B CN201811220337.8A CN201811220337A CN111083088B CN 111083088 B CN111083088 B CN 111083088B CN 201811220337 A CN201811220337 A CN 201811220337A CN 111083088 B CN111083088 B CN 111083088B
- Authority
- CN
- China
- Prior art keywords
- security
- domain
- domains
- different
- security domains
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a cloud platform hierarchical management method and a cloud platform hierarchical management device based on multiple security domains, wherein the method comprises the following steps: determining the security level of an application system in a security-related information system according to security requirements in a cloud computing environment, dividing security domains of the application systems with different security levels in a physical isolation mode, and protecting according to the level of the security domains; network isolation is carried out on security domains with different security levels by adopting security protection equipment, and equipment level security protection is carried out on the security domains; safety isolation is carried out on security domains of the same security level according to service types, bottom infrastructure resources are shared among different service systems, and different virtual security domains are isolated in a virtual security domain mode; when the business system accesses across different security domains, the communication access between the security domains of all the cloud services performs data interaction with the core exchange domain set in the security domain of each cloud service through the data exchange domain.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a cloud platform hierarchical management method and device based on multiple security domains.
Background
The hierarchical protection of the application system is to divide security protection domains (security domains) of different levels according to the national security standard aiming at the actual security requirements of the application system related to national secrets. The application systems with different security levels are divided into different security domains, so that the application systems can be managed according to the security levels conveniently, and information exchange between different security levels is prevented to generate a security divulgence risk. The access control is carried out on the application with the cross-security domain access requirement, the resource to be protected can be separated from the visitor, and the secret-related information is guaranteed not to be leaked.
Application system hierarchical security domain partitioning:
the classified security domain division, firstly, determining the security level of an application system, and dividing the application system into different levels such as non-security level, secret level and secret level according to different security protection requirements; applications with different security levels need to be divided into different security domains, and applications with the same security level need to be divided into the same security domain according to the mutual trust degree, whether the applications have the same security access control and boundary control strategies and the like.
The multi-tenant resource isolation technology comprises the following steps:
the multi-tenant technology is also called as a multi-leasing technology, and is a software architecture technology, which is used for realizing how to share the same system or program components under a multi-user environment and ensuring the isolation of data among users. In the current cloud computing era, the multi-tenant technology provides services which are identical to most clients and even can be customized by a single system architecture domain service in a shared data center, and the data isolation of the clients can be guaranteed.
Hierarchical application cross-security domain interactive access:
two types of conditions mainly exist in cross-security domain interactive access of hierarchical application, one type is that the same user needs to access service systems with different security levels, and information related to the security level is forbidden when the operation of the security level needs to be guaranteed. The other type is that the application systems need to carry out cross-security level operation, the information interaction needs to be carried out in a cross-security level mode when the service systems are designed, the service crossing different-security level networks is bidirectional, and the key is to define the service safety control on the boundary.
Disclosure of Invention
The embodiment of the invention provides a cloud platform hierarchical management method and device based on multiple security domains, which are used for solving the problems in the prior art.
The embodiment of the invention provides a cloud platform hierarchical management method based on multiple security domains, which comprises the following steps:
determining the security level of an application system in a security-related information system according to security requirements in a cloud computing environment, dividing security domains of the application systems with different security levels in a physical isolation mode, and protecting according to the level of the security domains;
network isolation is carried out on security domains with different security levels by adopting security protection equipment, and equipment level security protection is carried out on the security domains; safety isolation is carried out on security domains of the same security level according to service types, bottom infrastructure resources are shared among different service systems, and different virtual security domains are isolated in a virtual security domain mode;
when the business system accesses across different security domains, the communication access between the security domains of all the cloud services performs data interaction with the core exchange domain set in the security domain of each cloud service through the data exchange domain.
Preferably, the protecting according to the level of the security domain specifically includes:
determining whether enhanced protection is selected or not according to the importance of a system using unit, the quantity and content of confidential information in the system, the importance degree of an information system and the dependence degree of the using unit on the information system;
adopting the same or different protective measures according to the risk analysis result for different security domains with the same security level in the confidential information system;
and the security domains of different security levels in the security-related information system are protected according to the protection requirements of corresponding levels.
Preferably, the isolating the different virtual security domains by using the virtual security domain method specifically includes:
the method comprises the steps that by means of Docker self-definition network functions, an Overlay type security domain, namely a virtual security domain, is created in a current security domain, so that a superposed virtualized network on the existing security domain network is realized, the superposed virtualized network adopts an internal IP mode, and service containers of the same service system are accessed into the network of the same virtual security domain, so that the secure access among the virtualized containers on different hosts in the security domain is ensured; all service containers of different service systems are accessed to the proprietary security domain network of the service system, so that the application containers are ensured to form a proprietary security domain subnet, and the isolation protection across security domains is achieved;
the tenant network resources are divided and managed through the virtual security domains, so that the networks among different virtual security domains cannot be accessed, and different virtualized hosts in the same security domain can normally communicate.
Preferably, the method further comprises:
setting a management domain, and creating and managing agent access software and agent access strategies through the management domain.
Preferably, when the business system accesses across different security domains, the communication access between the security domains of all the cloud services performs data interaction with the core exchange domain of the security domain of each cloud service through the data exchange domain specifically includes:
setting proxy access software in the data exchange domain;
when a business system accesses across different security domains, agent access software in a data exchange domain performs agent access on the security domains of cloud services with different security levels in the mutual communication process of the security domains, and when the agent access is performed, an agent access strategy is firstly obtained from a management domain, and data interaction of the security domains with different security levels is performed through the data exchange domain according to the agent access strategy.
The embodiment of the present invention further provides a cloud platform hierarchical management apparatus based on multiple security domains, including: a memory, a processor and a computer program stored on the memory and executable on the processor, the computer program implementing the steps of the above method when executed by the processor.
By adopting the embodiment of the invention, aiming at the level protection requirement of the application system, the cloud computing platform operated by the application system is combined, the cloud computing environment division management based on multiple security domains is implemented, a feasible solution is provided for the cloud platform to support the hierarchical management of the application system, the application systems and the confidential information services in different levels are ensured, the operation and maintenance convenience of the infrastructure in the full life cycle provided by the cloud platform is enjoyed, the operation range of the service system can be isolated, the complex security problem is solved into the security problem of a small area, and the application system based on the cloud computing platform meets the hierarchical protection requirement. The embodiment of the invention provides a solution for cross-domain access of an application system, and the access agent is deployed in an independent data exchange domain, so that independent interactive access monitoring management is facilitated. And the agent is used as an intermediate layer of cross-domain access, and the low-security level access and high-security level divulgence behavior is limited before the access request does not reach the target service, so that the cross-domain access is safe and controllable. The container is used as a deployment carrier of the agent, and is more suitable for a cloud computing platform environment with rapid deployment and updating requirements.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a schematic diagram of an implementation process of a multi-security domain-based cloud platform hierarchical management technology in an embodiment of the present invention;
FIG. 2 is a diagram illustrating application hierarchical security domain partitioning in a cloud computing environment according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a container-based cross-domain access flow in an embodiment of the invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
The cloud computing technology performs centralized management on infrastructure resources, tenant resource sharing is achieved through a virtualization mode, and the hierarchical protection requirement of an application system clearly indicates that different security applications need different levels of security protection measures, so that the hierarchical application based on the cloud computing platform needs to be managed by domain division, and specific security protection measures are implemented. Application hierarchy management is mainly concerned with the following problems.
On the basis of determining the security level of an application system, the multi-security domain division based on the cloud computing platform clearly defines the boundary range of the application security domain in a grading manner and determines the security-related grade of the security domain; aiming at the confidentiality requirements of different security level application systems, the resource isolation between different security level security domains on a cloud computing platform is controlled, and the application systems with the same security level can share, store and perform information interaction operation in the same domain; under the control of the security policy, the application systems of different levels can perform cross-domain access according to the requirements.
The cloud platform hierarchical management technology based on multiple security domains is realized, and the core of the technology is that platform tenants are mutually isolated from three types of infrastructures of computation, storage and network by combining all elements from network system planning design, deployment, maintenance management to operation in the life cycle of a cloud computing platform system, so that network isolation areas with the same security requirements are formed. The technology can be mainly divided into three parts of contents, namely hierarchical application multi-security domain division management, multi-security domain tenant resource isolation protection and container-based cross-domain agent access, so that the multi-security domain resource isolation and cross-domain access security of a cloud computing platform are guaranteed, and the implementation process of hierarchical protection is shown in fig. 1.
Hierarchical application multi-security domain partitioning management
Application hierarchical security domain division in a cloud computing environment is performed by fully combining an actual application environment on the basis of determining the boundary of an application system. Firstly, determining the security level of an application system, dividing the application system into different levels such as a secret level and a secret level according to different security requirements, then dividing the security domains of the application system with different security levels, definitely adopting a physical isolation mode, and dividing and uniformly managing equipment rooms of equipment such as calculation, storage and the like with different security levels. And determining whether to select the enhanced protection requirement according to factors such as the importance of a system using unit, the quantity and content of confidential information in the system, the importance degree of the information system, the dependence degree of the using unit on the information system and the like. Different security domains with the same grade in the confidential information system can adopt different protective measures according to the risk analysis result; security domains at different levels in the system should be protected according to the protection requirements of the corresponding level.
As shown in fig. 2, an example of hierarchical security domain partitioning for an application in a cloud computing environment. The cloud services are divided into different cloud service security domains according to different security levels, and the cloud service security domains can complete the isolation configuration of hardware resources through the cloud platform to form mutually independent and mutually isolated security domains of the classified cloud services. Each security level cloud service security domain provides services for various terminal domains through corresponding core exchange domains, and the exchange domains also ensure that service data between different security levels can span networks of different security levels through differentiating the security levels. The cloud platform opening management function is deployed in a unified management domain, and unified resource opening and safety management are performed on the whole network environment.
Multi-security domain tenant resource isolation protection
Isolation protection of tenant resources under multiple security domains is mainly divided into two types for implementation, one is isolation protection between security domains with different security levels, and the security protection adopts security protection equipment to carry out network isolation and implements equipment level security protection between different security domains. And secondly, in a security domain of the same security level, the application system needs to perform security isolation according to the service type, bottom infrastructure resources are shared among different service systems, and effective isolation among different virtual security domains is ensured by adopting a virtual security domain mode.
The virtual security domains are actually used for dividing and managing network resources of tenants, so that the networks among different virtual security domains cannot be accessed, and different virtualized hosts in the same security domain can normally communicate. By utilizing a Docker self-defined network function, an Overlay type security domain is quickly established in the current security domain, so that a superposed virtualized network on the existing security domain network is realized, the network adopts an internal IP mode, and for service containers of the same service system, the service containers are accessed into the same virtual security domain network, so that the secure access among the virtualized containers on different host machines in the security domain can be ensured; all service containers of different service systems are accessed to the special security domain network of the service system, so that the application containers can form a special security domain sub-network, and the isolation protection of crossing security domains is achieved. The Docker configures configuration codes of the Overlay virtual network (the etcd is adopted as a back-end configuration storage system):
dockerd
-H 0.0.0.0:4243
--cluster-advertise=<localIP>:4243
--cluster-store=etcd://etcdHost:2379
creating virtual security domain code:
Builder builder=NetworkConfig.builder();
builder=builder.driver(″overlay″);
builder=builder.name(″NetworkName″);
NetworkConfig config=builder.build();
String endpoint=″http://″+dockerHost+″:″+dockerPort;
DockerClient client=DefaultDockerClient.builder().uri(endpoint).build();
client.createNetwork(config);
container-based cross-domain proxy access
The hierarchical security domains enable cloud services in different security domains to be isolated from each other, communication access cannot be conducted, targeted processing needs to be conducted on complex application systems crossing different security classes, and the problem that a service system accesses across different security domains is solved. The container-based cross-domain access agent technology can meet the isolation requirement between security domains and solve the security problem with cross-domain access requirement. The operation and maintenance management platform based on the safety domain division places the set-up management functions of the cloud platform in the management domain, and the cloud services are respectively operated in the same-security-level safety domains which are independent of each other. The container-based cross-domain access agent technology requires that communication access between all cloud service security domains must pass through independently divided data exchange domains, the data exchange domains can be connected with core exchange domains of all cloud service security domains, and an agent access effect is achieved between two cloud service security domains needing cross-domain communication access.
As shown in fig. 3, in the mutual communication process of two cloud service security domains with different security levels, an intermediate data exchange domain performs proxy access, a proxy access policy is defined as secret level to secret level, cross-domain access is prohibited in the opposite direction, and otherwise, the two cloud service security domains do not meet the requirements of hierarchical protection security and confidentiality. The agent access software in the data exchange domain is established by the management domain of the cloud platform to be responsible for establishment and management, the agent access container can be quickly established by relying on the container platform at the bottom layer for agent access between the security domains, the strategy of the agent access is also obtained from the management domain, and the unified management of the security strategy is also ensured.
The embodiment of the invention has the following beneficial effects:
1. a security domain partitioning method based on a cloud computing platform is provided
The embodiment of the invention aims at the level protection requirement of the application system, combines the cloud computing platform operated by the application system, implements the cloud computing environment division management based on multiple security domains, provides a feasible solution for the cloud platform to support the hierarchical management of the application system, ensures the application systems and the confidential information services in different levels, can isolate the operation range of the service system and solve the complex security problem into the security problem of a small area while enjoying the convenience of the operation and the maintenance of the infrastructure in the full life cycle provided by the cloud platform, and ensures that the application system based on the cloud computing platform meets the hierarchical protection requirement.
2. Provides a solution for an application system with cross-domain access requirements
The container-based cross-domain access agent technology provides a solution for cross-domain access of an application system, and the access agent is deployed in an independent data exchange domain, so that independent interactive access monitoring management is facilitated. And the agent is used as an intermediate layer of cross-domain access, and the low-security level access and high-security level divulgence behavior is limited before the access request does not reach the target service, so that the cross-domain access is safe and controllable. The container is used as a deployment carrier of the agent, and is more suitable for a cloud computing platform environment with rapid deployment and updating requirements.
It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of multiple computing devices, and alternatively, they may be implemented by program code executable by a computing device, such that they may be stored in a storage device and executed by a computing device, and in some cases, the steps shown or described may be performed in an order different than that described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple ones of them may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (5)
1. A cloud platform hierarchical management method based on multiple security domains is characterized by comprising the following steps:
determining the security level of an application system in a security-related information system according to security requirements in a cloud computing environment, dividing security domains of the application systems with different security levels in a physical isolation mode, and protecting according to the level of the security domains;
network isolation is carried out on security domains with different security levels by adopting security protection equipment, and equipment level security protection is carried out on the security domains; safety isolation is carried out on security domains of the same security level according to service types, bottom infrastructure resources are shared among different service systems, and different virtual security domains are isolated in a virtual security domain mode;
when a service system accesses across different security domains, communication access between the security domains of all cloud services performs data interaction with a core exchange domain arranged in the security domain of each cloud service through a data exchange domain;
the isolating different virtual security domains by adopting the virtual security domain mode specifically comprises the following steps: the method comprises the steps that by means of Docker self-definition network functions, an Overlay type security domain, namely a virtual security domain, is created in a current security domain, so that a superposed virtualized network on the existing security domain network is realized, the superposed virtualized network adopts an internal IP mode, and service containers of the same service system are accessed into the network of the same virtual security domain, so that the secure access among the virtualized containers on different hosts in the security domain is ensured; all service containers of different service systems are accessed to the proprietary security domain network of the service system, so that the application containers are ensured to form a proprietary security domain subnet, and the isolation protection across security domains is achieved;
the tenant network resources are divided and managed through the virtual security domains, so that the networks among different virtual security domains cannot be accessed, and different virtualized hosts in the same security domain can normally communicate.
2. The method of claim 1, wherein said protecting according to a level of security domains specifically comprises: determining whether enhanced protection is selected or not according to the importance of a system using unit, the quantity and content of confidential information in the system, the importance degree of an information system and the dependence degree of the using unit on the information system;
adopting the same or different protective measures according to the risk analysis result for different security domains with the same security level in the confidential information system;
and the security domains of different security levels in the security-related information system are protected according to the protection requirements of corresponding levels.
3. The method of claim 1, wherein the method further comprises:
setting a management domain, and creating and managing agent access software and agent access strategies through the management domain.
4. The method of claim 3, wherein when the business system accesses across different security domains, the communication access between the security domains of all the cloud services performs data interaction with the core exchange domain of the security domain of each cloud service through the data exchange domain specifically comprises: setting proxy access software in the data exchange domain;
when a business system accesses across different security domains, agent access software in a data exchange domain performs agent access on the security domains of cloud services with different security levels in the mutual communication process of the security domains, and when the agent access is performed, an agent access strategy is firstly obtained from a management domain, and data interaction of the security domains with different security levels is performed through the data exchange domain according to the agent access strategy.
5. A cloud platform hierarchical management device based on multiple security domains is characterized by comprising: memory, a processor and a computer program stored on the memory and executable on the processor, the computer program when executed by the processor implementing the steps of the multi-security domain based cloud platform hierarchy management method according to any of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811220337.8A CN111083088B (en) | 2018-10-19 | 2018-10-19 | Cloud platform hierarchical management method and device based on multiple security domains |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811220337.8A CN111083088B (en) | 2018-10-19 | 2018-10-19 | Cloud platform hierarchical management method and device based on multiple security domains |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111083088A CN111083088A (en) | 2020-04-28 |
| CN111083088B true CN111083088B (en) | 2022-03-04 |
Family
ID=70309143
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811220337.8A Active CN111083088B (en) | 2018-10-19 | 2018-10-19 | Cloud platform hierarchical management method and device based on multiple security domains |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111083088B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112511618B (en) * | 2020-11-25 | 2023-03-24 | 全球能源互联网研究院有限公司 | Edge Internet of things agent protection method and power Internet of things dynamic security trusted system |
| CN113612762A (en) * | 2021-07-30 | 2021-11-05 | 上海帝焚思信息科技有限公司 | Safe one-way data transmission device for industrial internet |
| CN115550333B (en) * | 2022-12-02 | 2023-03-31 | 中国电子科技集团公司第十五研究所 | Web-based system and method for accessing application in multi-level multi-domain environment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103458003A (en) * | 2013-08-15 | 2013-12-18 | 中电长城网际系统应用有限公司 | Access control method and system of self-adaptation cloud computing environment virtual security domain |
| CN103581200A (en) * | 2013-11-15 | 2014-02-12 | 中国科学院信息工程研究所 | Method and system for achieving fast circulation of structural file among multiple levels of safety domains |
| CN104038444A (en) * | 2013-03-05 | 2014-09-10 | 中国移动通信集团山西有限公司 | Resource allocation method, equipment and system |
| US9021559B1 (en) * | 2011-05-18 | 2015-04-28 | Bluespace Software Corporation | Server-based architecture for securely providing multi-domain applications |
| CN107465681A (en) * | 2017-08-07 | 2017-12-12 | 成都汇智远景科技有限公司 | Cloud computing big data method for secret protection |
-
2018
- 2018-10-19 CN CN201811220337.8A patent/CN111083088B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9021559B1 (en) * | 2011-05-18 | 2015-04-28 | Bluespace Software Corporation | Server-based architecture for securely providing multi-domain applications |
| CN104038444A (en) * | 2013-03-05 | 2014-09-10 | 中国移动通信集团山西有限公司 | Resource allocation method, equipment and system |
| CN103458003A (en) * | 2013-08-15 | 2013-12-18 | 中电长城网际系统应用有限公司 | Access control method and system of self-adaptation cloud computing environment virtual security domain |
| CN103581200A (en) * | 2013-11-15 | 2014-02-12 | 中国科学院信息工程研究所 | Method and system for achieving fast circulation of structural file among multiple levels of safety domains |
| CN107465681A (en) * | 2017-08-07 | 2017-12-12 | 成都汇智远景科技有限公司 | Cloud computing big data method for secret protection |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111083088A (en) | 2020-04-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11575712B2 (en) | Automated enforcement of security policies in cloud and hybrid infrastructure environments | |
| US11290346B2 (en) | Providing mobile device management functionalities | |
| US11722465B2 (en) | Password encryption for hybrid cloud services | |
| US9501315B2 (en) | Management of unmanaged user accounts and tasks in a multi-account mobile application | |
| Pattaranantakul et al. | Secmano: Towards network functions virtualization (nfv) based security management and orchestration | |
| KR101738400B1 (en) | Mobile device locking with context | |
| Rahouti et al. | Secure software-defined networking communication systems for smart cities: current status, challenges, and trends | |
| US20190306196A1 (en) | Tag-based policy architecture | |
| US20150106946A1 (en) | Secure client drive mapping and file storage system for mobile device management type security | |
| CN111083088B (en) | Cloud platform hierarchical management method and device based on multiple security domains | |
| US20190034652A1 (en) | Scrubbing Log Files Using Scrubbing Engines | |
| AU2019356039B2 (en) | Local mapped accounts in virtual desktops | |
| EP3090338A2 (en) | Providing mobile device management functionalities | |
| Nguyen et al. | A cloud-oriented cross-domain security architecture | |
| US11924343B2 (en) | Mechanism for enabling cryptographic agility in legacy applications and services | |
| WO2015105499A1 (en) | Providing mobile application management functionalities | |
| Jhanjhi et al. | A canvass of 5G network slicing: Architecture and security concern | |
| He et al. | Dynamic secure interconnection for security enhancement in cloud computing | |
| CN113407941A (en) | Edge cloud node and terminal user security management method | |
| Vijaya Bharati et al. | Data storage security in cloud using a functional encryption algorithm | |
| Wu et al. | 5G Network Slicing Security | |
| Lad | Introduction: Dimensions of Cloud Security | |
| Mohammad et al. | Detailed quantum cryptographic service and data security in cloud computing | |
| Jayalakshmi et al. | A quantitative analysis of security issues in cloud computing | |
| Moreno Martín | Security in cloud computing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20200630 Address after: 100083 No. 211 middle Fourth Ring Road, Haidian District, Beijing Applicant after: CLP Taiji (Group) Co., Ltd Address before: No.211, Beisihuan Middle Road, Haidian District, Beijing 100080 Applicant before: NO.15 INSTITUTE OF CHINA ELECTRONICS TECHNOLOGY Group Corp. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |