CN104735063B - A kind of safe evaluating method for cloud infrastructure - Google Patents

A kind of safe evaluating method for cloud infrastructure Download PDF

Info

Publication number
CN104735063B
CN104735063B CN201510107604.0A CN201510107604A CN104735063B CN 104735063 B CN104735063 B CN 104735063B CN 201510107604 A CN201510107604 A CN 201510107604A CN 104735063 B CN104735063 B CN 104735063B
Authority
CN
China
Prior art keywords
test
appraisal
mirror image
resource
activity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510107604.0A
Other languages
Chinese (zh)
Other versions
CN104735063A (en
Inventor
王伟
岳强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Electronic Industry Institute Co Ltd
Original Assignee
Guangdong Electronic Industry Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Electronic Industry Institute Co Ltd filed Critical Guangdong Electronic Industry Institute Co Ltd
Priority to CN201510107604.0A priority Critical patent/CN104735063B/en
Publication of CN104735063A publication Critical patent/CN104735063A/en
Application granted granted Critical
Publication of CN104735063B publication Critical patent/CN104735063B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/50Testing arrangements

Abstract

The present invention relates to field of information security technology, especially a kind of safe evaluating method for cloud infrastructure.Described method is completed by the device of the module compositions such as scheduler module, test and evaluation software storehouse, test and appraisal mirror image, test and appraisal repository, evaluating result storehouse, analysis module, test and appraisal demand book, test and evaluation report;User is beforehand with the configuration work in test and evaluation software storehouse before test and appraisal;First the existing security evaluation software for cloud infrastructure of in the market, the test and evaluation software program independently write are uploaded in test and evaluation software storehouse;Then according to common classification:System safety, network security, data safety, behavior safety etc., these softwares are classified, be divided into different " test and evaluation software list ";Test and evaluation software storehouse can be continuously updated, it is ensured that advance, the maturity of test and evaluation software.The present invention solves the problems, such as that information security assessment method is adapted with cloud computing;It can be used for the Security Testing of cloud infrastructure.

Description

A kind of safe evaluating method for cloud infrastructure
Technical field
The present invention relates to field of information security technology, especially a kind of safe evaluating method for cloud infrastructure.
Background technology
Cloud infrastructure:Refer to the general designation of the software and hardware architecture to support various cloud computing services to build, its inclusion Manage infrastructure resources and Virtual base facility resource.Virtual base facility resource is on the basis of physical infrastructure resource The virtual resource built using virtualization technology, is related to a series of hardware and softwares such as operating system, storage, network and CPU Resource.
Information security subject:The different field being related to according to information system security, it is divided into system safety, behavior safety, number According to subjects such as safety, network security, terminal securities.
Information security is evaluated and tested:Using artificial, semi-automatic and automation tools to computer system carry out safety test and Evaluation, its object is to check whether to meet demand for security and understand fully expected result with testing the difference of actual result, so as to send out Safety problem existing for existing system.
Resource units:When being tested and assessed to cloud infrastructure, the set of physical resources such as the calculating that can quantify amount, storage are abstracted For one can independent operating entity.Realized especially by virtualization technology.
Test and appraisal mirror image:Resource units, test and evaluation software program etc. are packaged into a virtual machine image.
Test and appraisal activity:To specifying in scope or whole resources to carry out being mirrored to note from installation test and appraisal in cloud infrastructure Record the security evaluation process of evaluating result.
Test and appraisal demand book:A kind of document, its 62 key technology point that have recorded this test and appraisal activity, such as to much physics Cloud basis facilities and equipments in the range of network boundary are tested and assessed, test and appraisal personnel, the test and appraisal time and other relevant require.
Test and evaluation report:By analyzing data of testing and assessing, to different information security field and the general safety shapes of cloud infrastructure State is evaluated and provides the document of improving suggestions.
Polling dispatching algorithm:Algorithm principle is that requestor's device is distributed in the request from user in turn each time, is opened from 1 Begin, until N (requestor's number), then restart to circulate.The advantages of algorithm is its terseness and fairness, and it is without record The state of current all connections, so being stateless scheduling.
Cloud computing is as a kind of novel information technology that can provide resource-sharing, on-demand service, currently in electronics Government affairs, education, medical treatment etc. are interior in a big way to be popularized.Increasingly increased by the take the lead large-scale cloud infrastructure of construction of government, enterprise It is more.However, while enjoyment cloud computing brings convenient, easy extension calculating and storage capacity, because cloud computing is in network topology Structure, use pattern etc. all have huge difference with conventional computer system, and many conventional security safeguard procedures are in cloud meter Calculate and failed in environment, cloud infrastructure inherently safe is faced with huge challenge.Related information security accident often has in recent years Occur.
The security of assessment system is the important means and premise of research system safe condition.With for traditional computer system The Information Security Evaluation of system is the same, and the safety evaluation of cloud infrastructure needs to carry out Security Testing to it, and its object is to examine Test the demand for security for whether meeting cloud computing and understand fully the difference of expected result and test result, so as to find peace existing for system Full problem.
Through retrieval, inventor has found that mostly concerned document has with the application:
1st, CN2012101308311 (titles:A kind of cloud computing environment security quantification assessment system) Chinese patent application Disclose a kind of cloud computing environment security quantification assessment system.Described system is divided into three parts, is respectively:Information gathering mould Block, administrative analysis module and Web query module, the three zones module can mount mode and connect.The invention is based on cloud computing Environmental security quantitative evaluation index model, by the way of the diversified forms such as automation, semi-automatic, artificial interview are combined, Information security quantitative evaluation is carried out to all kinds of cloud computing environments.
2、《The access control evaluation and test technical research of cloud computing platform》(Li Wenxue, Harbin Institute of Technology, 2013, master Academic dissertation) design and Implement the system that can carry out automating evaluation and test to the access control safety of system.The system passes through Into examining system, embedded access control test interface, realization are remotely evaluated and tested to the access control safety of examining system. The evaluating system uses C/S frameworks, is broadly divided into two parts:Evaluating tool client and examining system.Evaluating tool client Function sub-modules include:Interface, test library, testing analysis module, Test cases technology module, testing execution module, test Results acquisition module, test result processing module and the test interface for being deployed in examining system.
3rd, CN201110316666.4 (titles:A kind of network safety pre-warning method towards cloud computing) Chinese patent Shen It please disclose network safety pre-warning method.In order to ensure the safe and reliable of cloud computing environment lower network communication, know dynamic realtime Not and various attack attempts and behavior under cloud computing environment are monitored, to provide real-time early warning towards various network attacks under cloud computing With the method for security protection.It mainly has security incident collector, Security incident handling device, safety state analysis device and network The parts such as safe early warning operation core form.Solves cloud computing environment by Agent technologies and Apriori association rule algorithms Lower network safe early warning problem.
Make a general survey of prior art and find the problem of following aspect be present:
1st, existing published data is that user oneself writes the safe condition that evaluation and test script goes test cloud infrastructure mostly, But be limited to technical merit, so may not can comprehensively and deep understanding cloud infrastructure safe condition.On the market There are full-featured, better performances the evaluating softwares much increased income, such as the Nessus of vulnerability scanning, the Snort of intrusion detection Deng can combine different evaluating softwares on demand completely, implement security state evaluation more comprehensively, deep to cloud infrastructure.
2nd, the thinking that prior art means follow substantially is:Installation agent on different main frames in cloud infrastructure Agent gathered datas, administrative analysis module is returned data to by network and analyzed and processed.This is still conventional information safety Protection theory, the imperfect shortcoming of resource allocation scalability be present.Specifically it is discussed below:
If the information data amount of multiple Agent collections is very big, analysis will be given to operations such as the duplicate removal of information, conversion, merger Processing module brings very high workload.But the rare architecture for discussing testing analysis module of existing open source information, i.e., Whether it is individual node to handle, if individual node is handled, then the problem of " C/S " framework can be absorbed in again, i.e., single section Point is easily trapped into the situation of load too high.If using multiserver or cluster, then collection terminal with storing two kinds of systems from the background Between magnanimity test and appraisal data importing, storage the problems such as deal with it is also more troublesome.And it is difficult to estimation in advance to calculating, depositing The demand of resource is stored up, may cause to find that existing resource does not catch up with actual demand in test process, be difficult to allocate when another, Influence evaluation and test process;Distributing excess resource also easily causes waste simultaneously, generally speaking underaction.
3rd, agent acquisition test and appraisal data are disposed in cloud infrastructure, and autonomous reported data to easily causing information from the background Between conflict mutually, so as to bring interference to the analyzing and processing work on backstage, influence test and appraisal conclusion.
Generally speaking, the information security assessment device and method for adapting to cloud computing feature are currently also lacked.
The content of the invention
Present invention solves the technical problem that it is to provide a kind of safe evaluating method for cloud infrastructure;It can be applicable In the cloud computing the characteristics of, information security situation is tested and assessed.
The present invention solve above-mentioned technical problem technical scheme be:
Described method is by scheduler module, test and evaluation software storehouse, test and appraisal mirror image, test and appraisal repository, evaluating result storehouse, analysis mould The device of the module compositions such as block, test and appraisal demand book, test and evaluation report is completed;
Before test and appraisal, test and evaluation software storehouse is configured by user;Then,
Scheduler module reads the test and appraisal demand book of this test and appraisal activity;The software required for this test and appraisal is determined, is restarted A certain test and appraisal mirror image, start to carry out security evaluation to a certain safe subject, write data into evaluating result storehouse;
In test and appraisal activity implementation procedure, the parameters such as required resource distribution, test and appraisal time are recorded;In this test and appraisal activity After end, in write-in test and appraisal repository, the reference such as configuration and execution is provided for test and appraisal activity next time;
Analysis module integrates all evaluating results, using Field Using Fuzzy Comprehensive Assessment, AHP evaluation assessments, gray theory, nerve net The integrated evaluating methods such as network method, the overall evaluation is provided to the safe condition of tested cloud infrastructure, and provide and be available for user The test and evaluation report of download;
Test and appraisal mirror image in each work periodically returns to its resource consumption situation;Scheduler module judges according to these information should The working condition of test and appraisal mirror image;Included in working condition set:" task failure ", " in tasks carrying " 2 kinds of states;
The test and appraisal mirror image terminated to task, carry out the recovery operation of resources of virtual machine;
To the test and appraisal mirror image in failure state, wake operation is carried out;If failing to wake up within the time of setting, enter Row virtual machine (vm) migration;To the test and appraisal mirror image in tasks carrying, according to according to polling dispatching algorithm, by the resource of recovery again Distribute to still in the mirror image of the task of execution.
User is beforehand with the configuration work in test and evaluation software storehouse before test and appraisal;First cloud infrastructure is directed in the market is existing Security evaluation software, the test and evaluation software program independently write is uploaded in test and evaluation software storehouse;Then according to common classification:System These softwares are classified, are divided into different " test and evaluation softwares by system safety, network security, data safety, behavior safety etc. List ";Test and evaluation software storehouse can be continuously updated, it is ensured that advance, the maturity of test and evaluation software.
The resources of virtual machine needed for it, i.e. resource units are distributed for every kind of test and evaluation software;Each test and evaluation software is installed on void In plan machine, a test and appraisal mirror image is packed into the lump with resources such as calculating, storage, networks;Start test and appraisal mirror image, carry out test and appraisal work It is dynamic, finally data are analyzed and processed, form test and appraisal conclusion.
Specifically process is:
(1) test and appraisal configuration library module, is accessed, the module records the configurations information for having former test and appraisal activity;Obtain with Resource units configuration status about test and appraisal activity when being tested and assessed toward the network security domain for same cloud infrastructure;Such as:For The test and appraisal activity is assigned with the resource situations such as how many CPU, internal memory;
(2), scheduler module reads the test and appraisal demand book of this test and appraisal activity, according to the different safe subjects of test and appraisal, accesses Test and evaluation software list in test and evaluation software storehouse, determine the software required for this test and appraisal;
(3) it is suitable so as to be distributed for this test and appraisal activity, according to the physical boundary scope of the cloud infrastructure of this test and appraisal Resource units;This is a kind of process of autonomous learning, such as last test and appraisal activity safe survey to 100 server implementations Comment, this needs to carry out security evaluation to 60 servers, it is contemplated that the redundancy of resource deals with the burst thing in assessment process The 60-70% of part, then physical resource needed for this sub-distribution resource desirable last time;
(4), by this test and assess needed for software, program with being packed for resource units of its distribution, form the test and appraisal that can run Mirror image;
(5), scheduler module starts a certain test and appraisal mirror image, initializes and obtains relevant control authority, gathered data, starts pair A certain field carries out security evaluation;
(6) mirror image of, testing and assessing performs test and appraisal activity;The operation such as changed, cleaned to initial data;This test and appraisal activity knot Shu Hou, processed evaluating result data are write in evaluating result storehouse;
(7), after all test and appraisal mirror images complete work, analysis module integrates all evaluating results;
(8), if being tested and assessed for the first time to the cloud infrastructure, then it can not be obtained from test and appraisal history library and be available for joining The configuration status examined;
If accessing test and appraisal repository, related test and appraisal configuration information is not read, or be directed to the cloud base for the first time Infrastructure implements test and appraisal activity, then no historical data can be used for reference;For such case, the daily fortune of the cloud infrastructure can use The most common resources of virtual machine configuring condition of row, the reference as a resource units distribution physical resource.
For the test and appraisal mirror image in tasks carrying, more multiple resource can be distributed for it according to actual conditions, it is complete to accelerate its Into test and appraisal task;Detailed process is as follows:
Provided with a test and appraisal mirror image C for performing taski, current CiTest and appraisal activity elapsed time is TC,;CiIt is expected that complete The time of test and appraisal activity is TF, new resource is from adding CiRequired time that can be used in testing and assessing is TPIf TF-TC< TP, then the resource reclaimed in the test and appraisal mirror image for being over test and appraisal activity is reallocated;Otherwise do not operate.
Specifically assigning process is:
Its resource consumption situation is periodically still each returned in the test and appraisal mirror image of work, scheduler module presses these test and appraisal mirror images The order of physical resource from high to low is consumed according to them, is generated to one " the resource consumption queue of test and appraisal mirror image ";Assuming that return Receive R resource units.According to the principle of " consumption is more, and distribution is more ", by this R resource units according to polling dispatching algorithm (Round-Robin Scheduling) distributes to resource consumption queue " in test and appraisal mirror image.
The information security evaluating apparatus that the present invention mentions is deployed in cloud infrastructure, is run with virtual machine state, is utilized The various resources of cloud infrastructure itself evaluate and test the safe condition of itself.Deployment is more flexible, can on demand combine and differently pacify Full test and evaluation software, there are good calculating and the flexible ability of storage, customer-centric can realize various demands.It is specific and Speech, the invention has the advantages that:
1st, possesses autonomous learning function, the level of resources utilization is higher.According to the requirement tested and assessed every time, test and appraisal repository is accessed Module, the configurations information of test and appraisal activities before obtaining, so as to resource units needed for calculating this test and appraisal activity, reduce because Tested and assessed caused by resource allocation deficiency time lengthening, decrease the unnecessary occupancy to spare resources.
2nd, according to common safe account classification, the existing security evaluation software for cloud infrastructure of in the market, The test and evaluation software program independently write is uploaded in test and evaluation software storehouse, and these softwares are classified, and is divided into different " survey Comment software matrix ".Test and evaluation software storehouse possesses the updating ability of the test and evaluation software stored to it, ensure that the advanced of test and evaluation software Property, maturity.
3rd, each Safety Section's purpose assessment work, including the flow such as data acquisition, pretreatment and analysis are transferred to test and appraisal Completed in mirror image, rather than focus on background analysis module, alleviate its workload.
4th, distribution is scheduled to the required resource in test and appraisal activity by scheduler module, using polling dispatching algorithm so that More equilibrium is loaded between test and appraisal mirror image in each work, test and appraisal activity execution can be accelerated.
5th, can build on demand specifically for a certain Safety Section's purpose security evaluation mirror image, also can multiple combinations collocation, survey Comment mirror image can complete independently to a certain Safety Section's purpose test and appraisal activity.
6th, can be professional security evaluation Integrated Simulation into test and appraisal mirror image, each software completes the work of specialty so that Evaluating result is more accurate, comprehensive and deep.
Brief description of the drawings
The present invention is further described below in conjunction with the accompanying drawings:
Fig. 1 is assessment device high-level schematic functional block diagram of the present invention;
Fig. 2 is test and evaluation software storehouse configuration flow figure of the present invention;
Fig. 3 is test and appraisal activity schematic flow sheet of the present invention;
Fig. 4 is the resource reclaim flow chart after present invention test and appraisal mirror image task terminates;
Fig. 5 is the process chart after present invention test and appraisal mirror image operational failure;
Fig. 6 is present invention Resource recovery scheduling flow figure.
Embodiment
As shown in Figure 1, the present invention carries out the device of Security Testing by scheduler module, test and evaluation software for cloud infrastructure The module compositions such as storehouse, test and appraisal mirror image, test and appraisal repository, evaluating result storehouse, analysis module, test and appraisal demand book, test and evaluation report.
User will do the configuration work in test and evaluation software storehouse in advance before test and appraisal;Idiographic flow is as shown in Figure 2.In the market Some is directed to the security evaluation software of cloud infrastructure, the test and evaluation software program independently write is uploaded in test and evaluation software storehouse.Press According to common classification:System safety, network security, data safety, behavior safety etc., these softwares are classified, are divided into Different " test and evaluation software lists ".Test and evaluation software storehouse can be continuously updated, it is ensured that advance, the maturity of test and evaluation software.
Once the complete procedure of test and appraisal activity includes following:According to test and assess every time requirement (such as this test and appraisal will be to this Which server in the range of cloud infrastructure is tested and assessed), the resources of virtual machine needed for it is distributed for every kind of test and evaluation software, i.e., Resource units.Each test and evaluation software is installed in virtual machine, and a survey is packed into the lump with resources such as calculating, storage, networks Comment mirror image.Start test and appraisal mirror image, carry out test and appraisal activity, finally data are analyzed and processed, form test and appraisal conclusion.
In order to which problem is better described, the example of complete test and appraisal activity is set forth below once;Specifically as shown in Figure 3.Assuming that Currently the network security subject in whole cloud infrastructure is tested and assessed, so as to learn the cloud infrastructure in this respect Safe condition.
1st, test and appraisal configuration library module is accessed, the module records the configurations information for having former test and appraisal activity.Obtain conventional For same cloud infrastructure network security domain test and assess when the resource units configuration status about test and appraisal activity.Such as:For this Test and appraisal activity is assigned with the resource situations such as how many CPU, internal memory.
2nd, after obtaining these configuring conditions, scheduler module reads the test and appraisal demand book of this test and appraisal activity, according to test and appraisal Different safe subjects, access the test and evaluation software list in test and evaluation software storehouse, determine the software required for this test and appraisal.
3rd, it is suitable so as to be distributed for this test and appraisal activity according to the physical boundary scope of the cloud infrastructure of this test and appraisal Resource units.This is a kind of process of autonomous learning, for example, last test and appraisal activity peace to 100 server implementations Full test and appraisal, this needs to carry out security evaluation to 60 servers, it is contemplated that the redundancy of resource is dealt with prominent in assessment process The 60-70% of hair event, then physical resource needed for this sub-distribution resource desirable last time.
4th, by this test and assess needed for software, program with being packed for resource units of its distribution, form the test and appraisal mirror that can run Picture.
5th, scheduler module starts a certain test and appraisal mirror image, initializes and obtains relevant control authority, gathered data, starts to certain One field carries out security evaluation.
6th, mirror image of testing and assessing performs test and appraisal activity.The operation such as changed, cleaned to initial data;This test and appraisal activity end Afterwards, processed evaluating result data are write in evaluating result storehouse.
7th, after all test and appraisal mirror images complete work, analysis module integrates all evaluating results.
Multiple Safety Section's purposes are assessed because the safe condition of cloud infrastructure is related to, are restricted by many factors Things.In order to make a totality, accurately assess, integrated evaluating method, including Field Using Fuzzy Comprehensive Assessment, layer can be used Fractional analysis (AHP, Analytic Hierarchy Process), gray theory, neural network etc..To tested cloud base The safe condition of Infrastructure provides the overall evaluation, and provides the test and evaluation report for being available for user to download.
8th, if being tested and assessed for the first time to the cloud infrastructure, then can not be obtained from test and appraisal history library can be for reference Configuration status.
If accessing test and appraisal repository, related test and appraisal configuration information is not read, or be directed to the cloud base for the first time Infrastructure implements test and appraisal activity, then no historical data can be used for reference.For such case, a kind of plain mode that can be taken It is:The most common resources of virtual machine configuring condition of the cloud infrastructure day-to-day operation is taken, physics is distributed as a resource units The reference of resource.
In this test and appraisal activity implementation procedure, the parameters such as required resource distribution, test and appraisal time are recorded.In this test and appraisal After activity end, in write-in test and appraisal repository, the reference such as configuration and execution is provided for test and appraisal activity next time.
Completing test and appraisal activity because the task amount of each test and appraisal mirror image is not quite similar, between each mirror image of testing and assessing has successively Sequentially;Simultaneously, it is also possible to hardware or software failure be present and cause test and appraisal mirror image operational failure.It is available for this several situation Scheduler module carries out the redistributing of resource, task adjustment.
As shown in Fig. 4,5, specific work process is as follows:
Test and appraisal mirror image in each work periodically returns to its resource consumption situation.Scheduler module judges according to these information should The working condition of test and appraisal mirror image.Included in working condition set:" task failure ", " in tasks carrying " 2 kinds of states.
At the end of the task of test and appraisal mirror image, scheduler module is notified, scheduler module carries out the recovery operation of resources of virtual machine.
To the test and appraisal mirror image in failure state, wake operation is carried out.If failing to wake up within the time of setting, enter Row virtual machine (vm) migration.
For the test and appraisal mirror image in tasks carrying, more multiple resource can be distributed for it according to actual conditions, it is complete to accelerate its Into test and appraisal task.Detailed process is as follows:
Provided with a test and appraisal mirror image C for performing taski, current CiTest and appraisal activity elapsed time is TC,;CiIt is expected that complete The time of test and appraisal activity is TF, new resource is from adding CiRequired time that can be used in testing and assessing is TPIf TF-TC< TP, then the resource reclaimed in the test and appraisal mirror image for being over test and appraisal activity is reallocated;Otherwise do not operate.
As shown in Figure 6, an example is set forth below and illustrates specific assigning process.
Its resource consumption situation is periodically still each returned in the test and appraisal mirror image of work, scheduler module presses these test and appraisal mirror images The order of physical resource from high to low is consumed according to them, is generated to one " the resource consumption queue of test and appraisal mirror image ".Assuming that return Receive R resource units.According to the principle of " consumption is more, and distribution is more ", by this R resource units according to polling dispatching algorithm (Round-Robin Scheduling) distributes to resource consumption queue " in test and appraisal mirror image.

Claims (6)

  1. A kind of 1. safe evaluating method for cloud infrastructure, it is characterised in that:Described method is soft by scheduler module, test and appraisal Part storehouse, test and appraisal mirror image, test and appraisal repository, evaluating result storehouse, analysis module, test and appraisal demand book, the dress of test and evaluation report module composition Put completion;
    Before test and appraisal, test and evaluation software storehouse is configured by user;Then, scheduler module reads the test and appraisal need of this test and appraisal activity Seek book;The software required for this test and appraisal is determined, restarts a certain test and appraisal mirror image, starts to carry out safe survey to a certain safe subject Comment, write data into evaluating result storehouse;
    In test and appraisal activity implementation procedure, required resource distribution, test and appraisal time are recorded;After this test and appraisal activity end, write Enter in repository of testing and assessing, provide configuration for test and appraisal activity next time and perform reference;
    Analysis module integrates all evaluating results, using Field Using Fuzzy Comprehensive Assessment, AHP evaluation assessments, gray theory, neutral net Method, the overall evaluation is provided to the safe condition of measured cloud infrastructure, and provide the test and evaluation report for being available for user to download;
    Test and appraisal mirror image in each work periodically returns to its resource consumption situation;Scheduler module judges the test and appraisal according to these information The working condition of mirror image;Included in working condition set:" task failure ", " in tasks carrying " 2 kinds of states;
    The test and appraisal mirror image terminated to task, carry out the recovery operation of resources of virtual machine;
    To the test and appraisal mirror image in failure state, wake operation is carried out;If failing to wake up within the time of setting, carry out empty Plan machine migrates;To the test and appraisal mirror image in tasks carrying, according to according to polling dispatching algorithm, the resource of recovery is redistributed To still in the mirror image of the task of execution;
    Specifically process is:
    (1) test and appraisal configuration library module, is accessed, the module records the configurations information for having former test and appraisal activity;Obtain conventional pin Resource units configuration status about test and appraisal activity when being tested and assessed to the network security domain of same cloud infrastructure;Including for the test and appraisal Activity is assigned with how many CPU, internal memory;
    (2), scheduler module reads the test and appraisal demand book of this test and appraisal activity, according to the different safe subjects of test and appraisal, accesses test and appraisal Test and evaluation software list in software library, determine the software required for this test and appraisal;
    (3), according to the physical boundary scope of the cloud infrastructure of this test and appraisal, so as to be the suitable money of this test and appraisal activity distribution Source unit;This is a kind of process of autonomous learning, when last test and appraisal activity to 100 server implementations security evaluation, this It is secondary to need to carry out security evaluation to 60 servers, it is contemplated that the redundancy of resource deals with the accident in assessment process, then The 60-70% of physics resource quantity needed for this sub-distribution resource desirable last time;
    (4), by this test and assess needed for software, program with being packed for resource units of its distribution, form the test and appraisal mirror image that can run;
    (5), scheduler module starts a certain test and appraisal mirror image, initializes and obtains relevant control authority, gathered data, starts to a certain Field carries out security evaluation;
    (6) mirror image of, testing and assessing performs test and appraisal activity;Initial data is changed, cleaning operation;After this test and appraisal activity end, By in processed evaluating result data write-in evaluating result storehouse;
    (7), after all test and appraisal mirror images complete work, analysis module integrates all evaluating results;
    (8), if testing and assessing for the first time to the cloud infrastructure, then can not be obtained from test and appraisal history library can be for reference Configuration status;
    If accessing test and appraisal repository, related test and appraisal configuration information is not read, or set for the first time for the cloud basis Apply and implement test and appraisal activity, then no historical data can be used for reference;For such case, the cloud infrastructure day-to-day operation can use most Universal resources of virtual machine configuring condition, the reference as a resource units distribution physical resource.
  2. 2. safe evaluating method according to claim 1, it is characterised in that:User is beforehand with test and evaluation software storehouse before test and appraisal Configuration work;First the existing security evaluation software for cloud infrastructure of in the market, the test and evaluation software journey independently write Sequence is uploaded in test and evaluation software storehouse;Then it is right according to system safety, network security, data safety, the criteria for classification of behavior safety These softwares are classified, and are divided into different " test and evaluation software list ";Test and evaluation software storehouse can be continuously updated, it is ensured that test and appraisal Advance, the maturity of software.
  3. 3. safe evaluating method according to claim 1, it is characterised in that:It is every kind of survey according to the requirement tested and assessed every time Comment resources of virtual machine of the software distribution needed for it, i.e. resource units;Each test and evaluation software is installed in virtual machine, with calculating, depositing Storage, Internet resources are packed into a test and appraisal mirror image in the lump;Start test and appraisal mirror image, carry out test and appraisal activity, finally data are carried out Analyzing and processing, form test and appraisal conclusion.
  4. 4. safe evaluating method according to claim 2, it is characterised in that:It is every kind of survey according to the requirement tested and assessed every time Comment resources of virtual machine of the software distribution needed for it, i.e. resource units;Each test and evaluation software is installed in virtual machine, with calculating, depositing Storage, Internet resources are packed into a test and appraisal mirror image in the lump;Start test and appraisal mirror image, carry out test and appraisal activity, finally data are carried out Analyzing and processing, form test and appraisal conclusion.
  5. 5. according to the safe evaluating method described in any one of Claims 1-4, it is characterised in that:For in tasks carrying Test and appraisal mirror image, can according to actual conditions for its distribute more multiple resource, accelerate its complete test and appraisal task;Detailed process is as follows:
    Provided with a test and appraisal mirror image C for performing taski, current CiTest and appraisal activity elapsed time is TC;CiLived it is expected that completing test and appraisal The dynamic time is TF, new resource is from adding CiRequired time that can be used in testing and assessing is TPIf TF-TC<TP, then by The resource reclaimed in test and appraisal mirror image through terminating test and appraisal activity is reallocated;Otherwise do not operate.
  6. 6. safe evaluating method according to claim 5, it is characterised in that:Specifically assigning process is:Each still working Test and appraisal mirror image periodically return to its resource consumption situation, scheduler module by these test and appraisal mirror images according to they consume physical resources from High to Low order, it is generated to one " the resource consumption queue of test and appraisal mirror image ";Assuming that R resource units are reclaimed;According to " disappearing Consumption it is more, distribution it is more " principle, this R resource units is distributed into resource consumption queue according to polling dispatching algorithm " in Test and appraisal mirror image.
CN201510107604.0A 2015-03-11 2015-03-11 A kind of safe evaluating method for cloud infrastructure Active CN104735063B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510107604.0A CN104735063B (en) 2015-03-11 2015-03-11 A kind of safe evaluating method for cloud infrastructure

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510107604.0A CN104735063B (en) 2015-03-11 2015-03-11 A kind of safe evaluating method for cloud infrastructure

Publications (2)

Publication Number Publication Date
CN104735063A CN104735063A (en) 2015-06-24
CN104735063B true CN104735063B (en) 2018-01-02

Family

ID=53458498

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510107604.0A Active CN104735063B (en) 2015-03-11 2015-03-11 A kind of safe evaluating method for cloud infrastructure

Country Status (1)

Country Link
CN (1) CN104735063B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106383735A (en) * 2016-09-21 2017-02-08 中科信息安全共性技术国家工程研究中心有限公司 System and method for monitoring host security of virtual machine in cloud environment in real time
CN107733895B (en) * 2017-10-19 2020-09-29 国云科技股份有限公司 Quantitative evaluation method for cloud computing platform security
CN108549934B (en) * 2018-04-25 2020-06-19 福州瑞芯微电子股份有限公司 Operation method and device based on automatic cluster neural network chipset
CN112052070A (en) * 2020-08-27 2020-12-08 亚信科技(南京)有限公司 Application containerization evaluation method and device, electronic equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102594617A (en) * 2012-01-12 2012-07-18 易云捷讯科技(北京)有限公司 System and method for evaluating cloud computing service
CN103902442A (en) * 2012-12-25 2014-07-02 中国移动通信集团公司 Method and system for evaluating cloud software health degree
CN104333488A (en) * 2014-11-04 2015-02-04 哈尔滨工业大学 Cloud service platform performance test method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110214124A1 (en) * 2010-02-26 2011-09-01 James Michael Ferris Systems and methods for generating cross-cloud computing appliances

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102594617A (en) * 2012-01-12 2012-07-18 易云捷讯科技(北京)有限公司 System and method for evaluating cloud computing service
CN103902442A (en) * 2012-12-25 2014-07-02 中国移动通信集团公司 Method and system for evaluating cloud software health degree
CN104333488A (en) * 2014-11-04 2015-02-04 哈尔滨工业大学 Cloud service platform performance test method

Also Published As

Publication number Publication date
CN104735063A (en) 2015-06-24

Similar Documents

Publication Publication Date Title
CN109918198B (en) Simulation cloud platform load scheduling system and method based on user characteristic prediction
Coutinho et al. Elasticity in cloud computing: a survey
Javadi et al. The Failure Trace Archive: Enabling the comparison of failure measurements and models of distributed systems
US9367601B2 (en) Cost-based optimization of configuration parameters and cluster sizing for hadoop
CN112685170B (en) Dynamic optimization of backup strategies
Kazman et al. Quantifying the costs and benefits of architectural decisions
Cheng et al. Evaluating the effectiveness of the rainbow self-adaptive system
US8261266B2 (en) Deploying a virtual machine having a virtual hardware configuration matching an improved hardware profile with respect to execution of an application
CN110290189A (en) A kind of container cluster management method, apparatus and system
Bautista Villalpando et al. Performance analysis model for big data applications in cloud computing
CN111124850A (en) MQTT server performance testing method, system, computer equipment and storage medium
Xiao et al. Achieving accountable MapReduce in cloud computing
CN104735063B (en) A kind of safe evaluating method for cloud infrastructure
Farias et al. Regression based performance modeling and provisioning for NoSQL cloud databases
CN109614227A (en) Task resource concocting method, device, electronic equipment and computer-readable medium
CN109062769B (en) Method, device and equipment for predicting IT system performance risk trend
Han et al. Refining microservices placement employing workload profiling over multiple kubernetes clusters
CN105553732B (en) A kind of distributed network analogy method and system
CN109902028A (en) Automated testing method, device, equipment and the storage medium of ACL characteristic
Bezemer et al. Performance optimization of deployed software-as-a-service applications
CN114780233A (en) Scheduling method and device based on microservice link analysis and reinforcement learning
Ullah et al. Evaluation of distributed data processing frameworks in hybrid clouds
Klinaku et al. Architecture-based evaluation of scaling policies for cloud applications
Bodik Automating datacenter operations using machine learning
Omoregbee et al. Performability requirements in making a rescaling decision for streaming applications

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant