CN107733895A - A kind of method for quantitatively evaluating of cloud computing platform safety - Google Patents
A kind of method for quantitatively evaluating of cloud computing platform safety Download PDFInfo
- Publication number
- CN107733895A CN107733895A CN201710980250.XA CN201710980250A CN107733895A CN 107733895 A CN107733895 A CN 107733895A CN 201710980250 A CN201710980250 A CN 201710980250A CN 107733895 A CN107733895 A CN 107733895A
- Authority
- CN
- China
- Prior art keywords
- safety
- security
- cloud
- platform
- resource
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to cloud computing security technology area, particularly a kind of method for quantitatively evaluating of cloud computing platform safety.The method of the present invention is to obtain cloud platform relevant information by cloud computing platform security quantification evaluation unit to carry out quantitatively evaluating to it;Cloud computing platform security quantification evaluation unit includes evaluation security sweep engine, security quantification evaluation model, from calculating safety set, the set of storage safety, network security set, O&M set, the method that aspect defines secure item set that needs check and quantitatively evaluating using safe set safely;Each set after security sweep engine acquisition interface relevant information to user is scanned, serial or parallel inspection corresponds to the different safety inspection item of resource, and according to the running status of resource, to one specific score value of each check item of each resource, the quantitative evaluation result of the overall security of cloud platform is aggregated to form.The present invention solves cloud computing platform security quantification evaluation problem.
Description
Technical field
The present invention relates to cloud computing security technology area, particularly a kind of method for quantitatively evaluating of cloud computing platform safety.
Background technology
Cloud computing platform as a kind of brand-new calculating, storage, network capabilities offer pattern by numerous IT companies,
Government department is received.Currently there are numerous government departments, company to establish the public cloud of oneself or privately owned cloud platform, it is original
Non- cloud application also progressively to migrating in cloud platform, makes the scale rapid growth of cloud platform.
The extensive use of cloud computing technology, also information security issue is passed through from triangular web, single one physical machine to whole cloud
Platform extends.There is the wooden horse or virus for such as OPENSTACK, VCLOUD cloud platform, by permeating certain on cloud
One calculates, stores, Internet resources, the control ability of whole cloud platform is obtained, so as to kidnap the resource in whole cloud platform.
Therefore the security needs of cloud platform are from overall consideration, for calculating, storing, network, the equiprobable leak item of O&M
Unified scanning one by one is carried out, and an objective appraisal is carried out to possible security threat.That the user of cloud can access
It is a part for cloud platform resource, the security situation for how accessing it resource quantifies, and provides the user with one intuitively
Impression, still lack unified model and mechanism.
The content of the invention
Present invention solves the technical problem that being to provide a kind of method for quantitatively evaluating of cloud computing platform safety, pacify from calculating
Entirely, storage safety, network security, O&M are safe, the secure item set for needing to check is defined using safety etc., and quantify
Evaluation Strategy.Checked by a pair resource collection for cloud resource view corresponding with user by secure item set, form user
Yunan County's full view;By collecting to Yunan County's full view, the amount of cloud platform resource as corresponding to preset strategy forms user
Change evaluation.
The present invention solve above-mentioned technical problem technical scheme be:
Described method is to obtain cloud platform relevant information to its amount of progress by cloud computing platform security quantification evaluation unit
Change evaluation;
Described cloud computing platform security quantification evaluation unit specifically includes evaluation security sweep engine, security quantification evaluation
Model;
The security quantification evaluation model is safe from the set of calculating safety, the set of storage safety, network security set, O&M
The method of set, the secure item set checked using safe set aspect definition needs and quantitatively evaluating;
Calculating after security sweep engine acquisition interface relevant information to user is gathered safely, storage safety is gathered, network
Safety set, O&M are gathered safely, are scanned using safety set, and serial or parallel inspection corresponds to the different safety inspection of resource
A Pij is looked into, and according to the running status of resource, to one specific score value of each check item of each resource, is aggregated to form cloud
The quantitative evaluation result of the overall security of platform.
Described cloud computing platform security quantification evaluation unit includes safety and repairs engine, when user selects to repair safety leakage
During hole, call repair engine the secure item Pij to go wrong is found according to evaluation result corresponding to restorative procedure Oij go guiding use
Repair the security breaches of platform in family;
The method that each restorative procedure O ij correspond to the reparation of security breaches, including:Download patch, change configuration;
Safety repair engine can automatic patching bugs, or using interface alternation guiding user change cloud platform configuration;
Complete after repairing, the evaluation result of each safety inspection item of platform can be counted again, show that new security quantification is commented
Valency result.
It is safe, attached that described calculating safety set includes server system safety, dummy machine system safety, containment system
Expansion equipment safety;
Storage safety set includes physical machine storage safety, virtual machine storage safety and network share storage safety;
Network security set includes network configuration, network behavior daily record, the network equipment system information of whole cloud platform;
Set mainly includes governing plan formulation, the distribution of personnel's authority of office, performs delivery rate inspection project O&M safely;
Mainly include access control, system journal, the behavior auditing information of application using safety set.
Described security sweep engine is by calling related plug-in unit, the security first to the file system of each storage device
Checked, it is ensured that storage system safety;Each system file is scanned again, by by file eigenvalue and virus base and wood
Horse library file feature is scanned, it is ensured that the security of each file;
Security sweep engine, which to the network configuration of whole cloud platform check item by item, determines its security, then again to each
The system and its configuration information of equipment are checked, determine its security;Security sweep engine is also to the open-ended of each equipment
Behavior, flow service condition etc. are checked, it is ensured that its security;
Security sweep engine is by calling operation management module or the third party's O&M system of cloud operating system/cloud management platform
The information of system, foundation and the implementation status of whole cloud platform operation and maintenance system are checked, is checked with reference to systems such as ITIL and ITSS;
Security sweep engine should by the monitoring management module or third party's fortune for calling cloud operating system/cloud management platform 02
Api interface obtains information, checks the security of a certain application and potential security threat.
Described cloud computing platform security quantification evaluation unit includes model building module and model maintenance module;
Described cloud computing platform Model for Safety Evaluation is established by model building module, is carried out by model maintenance module
Safeguard;
Described model is established to be established by platform software provider or safety guarantee provider, a specifically safety evaluation
The set P={ P1, P2, P3, P4 ..., PN } of element;Each set Pi needs the direction or field of safety evaluation with cloud platform
Corresponding, the safe set of corresponding calculating, the safe set of storage, network security set, O&M safety are gathered, using safe collection respectively
Close;
For each Pi in set P, and different exercisable safety inspection item Pij is corresponded to respectively, including server
The list of the leak of operating system, VME operating system, container etc., all safety inspection items constitute set Pi, Pi=
{Pi1,Pi2,Pi3,Pij,…,PiM};
Each check item Pij according to the no danger classes that leak or leak be present of platform distribute a triple [Sij,
Lij, Oij], its Sij is safe highest score, and Lij is leak grade, while includes the leakage that a link Oij points to safety
Hole is repaired or the method for lifting;Lij can be divided into multiple grades, can be that two grades are typically represented with 1 under the conditions of simple, sternly
0 is reused to represent;
Each Pi corresponding score value a Si, all Si score value sum are maximum MAX;
Si is usually fixed value, i.e., by safety, storage safety, network security, O&M safety and application safety is calculated, presets
One fixed value;Then the Sij of each check item, then regarding weight and check item quantity assignment;
Si can also need the Number dynamics tax depending on its check item quantity or core security check item that include according to system
Value.
Described cloud computing platform security quantification evaluation unit defines the cloud resource that cloud user can be accessed by platform mandate
Collection is combined into:
UP=UP1, UP2, UP3, UP4 ..., UPN };
UPi and Pi is corresponded, and Pi defines the safety inspection item to be carried out to UPi;
The resource of each user is shown using resource view;All it is a subset of cloud platform Global Resource Picture;Possess
The view of the keeper of highest authority is Global Resource Picture;
The resource view for the cloud platform that scanning engine can access according to user and cloud computing platform security quantification evaluation are single
Member, serial or parallel inspection correspond to the different safety inspection item Pij of resource, and according to the running status of resource, to each resource
The specific score value USij of each check item one;The score value USi of some safety inspection item;
The resource view that user can access is corresponding, can form Yunan County corresponding with user full view, can comprising user
With the security information of all resources of access;Wherein Yunan County's global view is the secured views of the visible cloud of keeper, and it is included
The detailed scoring situation of each resource of cloud platform;Based on user security view, the safety for collecting each safety evaluation key element is examined
The overall quantization scoring of the visible cloud security of user can be drawn by looking into the evaluation result of item;Summarized manner can use the side of average
Formula, i.e., similar resource is by the way of average, then weighted sum;The pattern using " veto by one vote " can also be combined, i.e., it is each
If there is high-level leak in Pi, Lij 0, then whole USi is just 0;
T is the overall safety evaluation score for the cloud platform resource that user can access.
The described calculating platform security quantification evaluation unit plug-in unit independent as one or module insertion cloud operating system,
Cloud management platform, third party software;Obtain relevant information.
Described cloud computing platform security quantification evaluation unit includes evaluation visualization model, is shown in a manner of patterned
Go out the details and summarized results of safe quantitatively evaluating, include the distribution situation and explanation of security breaches.
The present invention considers from the entirety of cloud computing platform, and to calculating, storing, network, the equiprobable leak item of O&M are carried out
Unified scanning one by one;Checked by a pair resource collection for cloud resource view corresponding with user by secure item set, shape
Into Yunan County's full view of user;By collecting to Yunan County's full view, the cloud platform money as corresponding to preset strategy forms user
The quantitatively evaluating in source.One is provided the user with intuitively to experience.
Brief description of the drawings
The present invention is further described below in conjunction with the accompanying drawings:
Fig. 1 is cloud computing platform security quantification evaluation unit of the present invention and cloud operating system/cloud management platform graph of a relation;
Fig. 2 is cloud computing platform security quantification evaluation unit composition figure of the present invention;
Fig. 3 is cloud computing platform security quantification appraisement system figure of the present invention;
Fig. 4 is cloud computing platform user resources view of the present invention;
Fig. 5 is cloud platform user security view of the present invention.
Embodiment
1st, cloud computing platform security quantification evaluation unit and its composition
One cloud computing platform security quantification evaluation unit 01 is the executor of security quantification evaluation method, as shown in Figure 1
It can be independent as one plug-in unit or module insertion cloud operating system or cloud management platform 02, as OPENSTACK,
In CLOUDSTACK or the cloud operating system product of enterprise, by calling its opening API interface to obtain cloud platform relevant information,
Can access the api interface for the O&M software that third party software 03 such as extends, obtain relevant information, with to cloud operating system or
Cloud management platform carries out quantitatively evaluating and the leak reparation of safety.Cloud computing platform security quantification evaluation unit 01 is by difference
The cloud operating system of model or the support of cloud management platform product, ensure its compatibility and opening.
As shown in Fig. 2 a cloud computing platform security quantification evaluation unit 01, which specifically includes evaluation, visualizes module
001st, security sweep engine 002, safety repair engine 003, security quantification evaluation model 004, model building module 005, model
Maintenance module 006.
2nd, security quantification evaluation model and its composition
As shown in figure 3, security quantification evaluation model 004 gathers 101, storage safety set 102, network peace from safety is calculated
Universal class 103, O&M gather safely 104, define the secure item set for needing to check and amount using safety set 105 etc.
Change the method for evaluation.
Wherein calculate safety set 101 include server system safety, dummy machine system safety, containment system safety,
Attached expansion equipment safety etc., security sweep engine 002 by invoking server system, dummy machine system, containment system value
The form and each system interaction for keeping client, service, plug-in unit or api interface start built-in security scanning program, obtain these
The relevant information of system, such as internal memory, boot section, the security information and isolation information cached;Attached expansion equipment includes logical
Cross USB, PCI-E or the relevant device of network extension access, such as softdog, house dog, extension disk.
Storage safety set 102 includes physical machine storage safety, virtual machine storage safety and network share storage safety etc.;
Security sweep engine is checked the security of the file system of each storage device first by calling related plug-in unit, it is ensured that
Storage system safety;Each system file is scanned again, by by file eigenvalue and virus base and wooden horse library file feature
It is scanned, it is ensured that the security of each file.
Network security set 103 includes network configuration, network behavior daily record, the network equipment system information of whole cloud platform
Deng;Security sweep engine 002 carries out checking its security of determination item by item to the network configuration of whole cloud platform first, then again
The system and its configuration information of each equipment are checked, determine its security;Security sweep engine 002 is also to the port of each equipment
Open behavior, flow service condition etc. are checked, it is ensured that its security;
Set 104 mainly includes governing plan formulation, the distribution of personnel's authority of office, performs the check items such as delivery rate O&M safely
Mesh.Security sweep engine 002 is by calling operation management module or the third party's O&M system of cloud operating system/cloud management platform 02
The information of system, foundation and the implementation status of whole cloud platform operation and maintenance system are checked, is checked with reference to systems such as ITIL and ITSS.
Using information such as access control of the safety set 105 mainly including application, system journal, behavior auditings.Safety is swept
Retouch the api interface that engine 002 transports application by the monitoring management module or third party of calling cloud operating system/cloud management platform 02
Information is obtained, checks the security of a certain application and potential security threat.
3rd, security quantification evaluation rubric and algorithmic descriptions
In actual applications, by security sweep engine 002 to it is each calculating safety set 101, storage safety set 102,
Network security set 103, O&M are gathered 104 safely, are scanned using safety set 105, and items press predefined evaluation plan
Slightly it is aggregated to form the quantitative evaluation result of the overall security of cloud platform, specific result is such as (0 to MAX) score value, such as
MAX can be 10 or 100, so that user has a quantization to get information about to platform security, and guide user to repair in time
The security breaches of duplicatus platform.
(1) foundation and maintenance of Model for Safety Evaluation
1) Model for Safety Evaluation is established by platform software provider or safety guarantee provider, a specifically safety evaluation
The set of element, such as P={ P1, P2, P3, P4 ..., PN }.Each set Pi and cloud platform need safety evaluation direction or
Field is corresponding, such as corresponds to respectively and calculates safety set 101, storage safety set 102, network security set 103, O&M safe collection
Close 104, using safety set 105 etc..
2) for each Pi in P, and different exercisable safety inspection item Pij, such as server operation are corresponded to respectively
List of the leak of system, VME operating system, container etc. etc., all safety inspection items constitute set Pi.Pi=
{Pi1,Pi2,Pi3,Pij,…,PiM}。
3) each check item Pij is according to the concrete condition of platform safety, such as whether leak be present, or the danger classes of leak
A triple [Sij, Lij, Oij] is distributed, its Sij is safe highest score, and Lij is leak grade, while includes one
Link Oij and point to method of leak reparation or lifting of safety etc..Lij can be divided into multiple grades, can be two under the conditions of simple
Individual grade is typically represented with 1, is seriously represented with 0.
4) each Pi corresponding score value Si, all Si score value sum is MAX (such as 100 or other highest score).
Si is usually fixed value, i.e., by the directions such as safety, storage safety, network security are calculated, presets a fixed value.So
The Sij of each check item afterwards, then regarding weight and check item quantity assignment.
Si can also need the Number dynamics tax depending on its check item quantity or core security check item that include according to system
Value.
(2) application of Model for Safety Evaluation
1) the cloud resource collection that defining cloud user can be accessed by platform mandate is combined into
UP=UP1, UP2, UP3, UP4 ..., UPN }.
UPi and Pi is corresponded, and Pi defines the safety inspection item to be carried out to UPi.
As shown in figure 4, the resource view of each user is a subset of cloud platform Global Resource Picture 3001.Possess
The view of the keeper of highest authority is Global Resource Picture.
2) resource view and cloud computing platform for the cloud platform that the engine of cloud platform security sweep 002 can access according to user
Model for Safety Evaluation, serial or parallel inspection correspond to the different safety inspection item Pij of resource, and according to the running status of resource,
The specific score value USij of each check item one to each resource.
3) it is as shown in figure 5, corresponding with the resource view that user can access, cloud security corresponding with user can be formed and regarded
Figure, contain the security information for all resources that user can access.Wherein Yunan County's global view 4001 is that keeper is visible
The secured views of cloud, it comprises the detailed scoring situation of each resource of cloud platform.
4) user security view is based on, collecting the evaluation result of the safety inspection item of each safety evaluation key element can draw
The overall quantization scoring of the visible cloud security of user.Summarized manner can be by the way of average, i.e., similar resource uses average
Mode, then weighted sum;The pattern using " veto by one vote " can also be combined, i.e., if there is high-level leakage in each Pi
Hole, Lij 0, then whole USi is just 0.
T is the overall safety evaluation result for the cloud platform resource that user can access.
5) visualization model 001 is evaluated, the details of safe quantitatively evaluating is shown in a manner of patterned and collects knot
Fruit, include the distribution situation and explanation of security breaches.
(3) reparation of security breaches
When user selects to repair security breaches, repair engine 003 and check that the secure item Pij to spring a leak is corresponding by calling
Restorative procedure Oij, leak is repaired one by one, to cloud computing platform carry out security hardening.
1) cloud platform keeper or cloud user have drawn the quantitative evaluation result T of its resource that can be managed, and call and repair
Engine 003 the secure item Pij to go wrong is found according to evaluation result corresponding to O ij go guide user repair platform safety
Leak.
2) method that each O ij have corresponded to the reparation of security breaches, patch, change configuration etc. are such as downloaded;Repair engine
003 can remove automatic patching bugs, or the configuration of cloud platform is changed using interface alternation guiding user.
3) repair engine 003 to complete after repairing, count the evaluation result of each safety inspection item of platform again, draw new peace
Full quantitative evaluation result.
Claims (10)
- A kind of 1. method for quantitatively evaluating of cloud computing platform safety, it is characterised in that:Described method is pacified by cloud computing platform Full dose evaluation unit obtains cloud platform relevant information and carries out quantitatively evaluating to it;Described cloud computing platform security quantification evaluation unit specifically includes evaluation security sweep engine, security quantification evaluation mould Type;The security quantification evaluation model is gathered from calculating safety, stores safety set, network security set, O&M safe collection Close, using the secure item set and the method for quantitatively evaluating that definition needs check in terms of safe set;Calculating after security sweep engine acquisition interface relevant information to user is gathered safely, storage safety is gathered, network security Set, O&M are gathered safely, are scanned using safety set, and serial or parallel inspection corresponds to the different safety inspection item of resource Pij, and according to the running status of resource, to one specific score value of each check item of each resource, it is aggregated to form cloud platform Overall security quantitative evaluation result.
- 2. according to the method for claim 1, it is characterised in that:Described cloud computing platform security quantification evaluation unit includes Safety repairs engine, and when user selects to repair security breaches, calling repairs engine and finds what is gone wrong according to evaluation result Restorative procedure Oij corresponding to secure item Pij goes the security breaches for guiding user to repair platform;The method that each restorative procedure Oij corresponds to the reparation of security breaches, including:Download patch, change configuration;Safety repair engine can automatic patching bugs, or using interface alternation guiding user change cloud platform configuration;Complete after repairing, the evaluation result of each safety inspection item of platform can be counted again, draw new security quantification evaluation knot Fruit.
- 3. according to the method for claim 1, it is characterised in that:DescribedCalculating safety set includes server system safety, dummy machine system safety, containment system safety, attached expansion equipment peace Entirely;Storage safety set includes physical machine storage safety, virtual machine storage safety and network share storage safety;Network security set includes network configuration, network behavior daily record, the network equipment system information of whole cloud platform;Set mainly includes governing plan formulation, the distribution of personnel's authority of office, performs delivery rate inspection project O&M safely;Mainly include access control, system journal, the behavior auditing information of application using safety set.
- 4. according to the method for claim 2, it is characterised in that:DescribedCalculating safety set includes server system safety, dummy machine system safety, containment system safety, attached expansion equipment peace Entirely;Storage safety set includes physical machine storage safety, virtual machine storage safety and network share storage safety;Network security set includes network configuration, network behavior daily record, the network equipment system information of whole cloud platform;Set mainly includes governing plan formulation, the distribution of personnel's authority of office, performs delivery rate inspection project O&M safely;Mainly include access control, system journal, the behavior auditing information of application using safety set.
- 5. according to the method for claim 4, it is characterised in that:DescribedSecurity sweep engine checked the security of the file system of each storage device by calling related plug-in unit first, Ensure storage system safety;Each system file is scanned again, by by file eigenvalue and virus base and wooden horse library file Feature is scanned, it is ensured that the security of each file;Security sweep engine, which to the network configuration of whole cloud platform check item by item, determines its security, then again to each equipment System and its configuration information checked, determine its security;Security sweep engine also the open-ended behavior to each equipment, Flow service condition etc. is checked, it is ensured that its security;Security sweep engine is by calling the operation management module or third party's operational system of cloud operating system/cloud management platform Information, foundation and the implementation status of whole cloud platform operation and maintenance system are checked, is checked with reference to systems such as ITIL and ITSS;Security sweep engine transports application by the monitoring management module or third party for calling cloud operating system/cloud management platform 02 Api interface obtains information, checks the security of a certain application and potential security threat.
- 6. according to the method described in any one of claim 1 to 5, it is characterised in that:Described cloud computing platform security quantification is commented Valency unit includes model building module and model maintenance module;Described cloud computing platform Model for Safety Evaluation is established by model building module, is tieed up by model maintenance module Shield;Described model is established to be established by platform software provider or safety guarantee provider, a specifically safety evaluation element Set P={ P1, P2, P3, P4 ..., PN };Each set Pi needs the direction or field pair of safety evaluation with cloud platform Should, the safe set of corresponding calculating, the safe set of storage, network security set, O&M safety are gathered, using safe set respectively;For each Pi in set P, and different exercisable safety inspection item Pij is corresponded to respectively, including server operation The list of the leak of system, VME operating system, container etc., all safety inspection items constitute set Pi, Pi=Pi1, Pi2, Pi3, Pij ..., PiM };Each check item Pij according to the no danger classes that leak or leak be present of platform distribute a triple [Sij, Lij, Oij], its Sij is safe highest score, and Lij is leak grade, while includes the leak that a link Oij points to safety and repair Multiple or lifting method;Lij can be divided into multiple grades, can be that two grades are typically represented with 1 under the conditions of simple, serious to use 0 represents;Each Pi corresponding score value a Si, all Si score value sum are maximum MAX;<mrow> <mi>S</mi> <mi>i</mi> <mo>=</mo> <munderover> <mo>&Sigma;</mo> <mrow> <mi>i</mi> <mo>=</mo> <mn>1</mn> </mrow> <mi>M</mi> </munderover> <mi>S</mi> <mi>i</mi> <mi>j</mi> <mo>,</mo> <mi>M</mi> <mi>A</mi> <mi>X</mi> <mo>=</mo> <munderover> <mo>&Sigma;</mo> <mrow> <mi>i</mi> <mo>=</mo> <mn>1</mn> </mrow> <mi>N</mi> </munderover> <mi>S</mi> <mi>i</mi> <mo>;</mo> </mrow>Si is usually fixed value, i.e., by safety, storage safety, network security, O&M safety and application safety is calculated, presets one Fixed value;Then the Sij of each check item, then regarding weight and check item quantity assignment;Si can also need the Number dynamics assignment of the check item quantity or core security check item included depending on it according to system.
- 7. according to the method for claim 6, it is characterised in that:Described cloud computing platform security quantification evaluation unit definition The cloud resource collection that cloud user can be accessed by platform mandate is combined into:UP={ UP1, UP2, UP3, UP4 ..., UPN };UPi and Pi is corresponded, and Pi defines the safety inspection item to be carried out to UPi;The resource of each user is shown using resource view;All it is a subset of cloud platform Global Resource Picture;Possess highest The view of the keeper of authority is Global Resource Picture;The resource view and cloud computing platform security quantification evaluation unit for the cloud platform that scanning engine can access according to user, string Row or the parallel safety inspection item Pij for checking that corresponding resource is different, and according to the running status of resource, to each of each resource The specific score value USij of check item one;The score value USi of some safety inspection item;<mrow> <mi>U</mi> <mi>S</mi> <mi>i</mi> <mo>=</mo> <munderover> <mo>&Sigma;</mo> <mrow> <mi>i</mi> <mo>=</mo> <mn>1</mn> </mrow> <mi>M</mi> </munderover> <mi>U</mi> <mi>S</mi> <mi>i</mi> <mi>j</mi> <mo>;</mo> </mrow>The resource view that user can access is corresponding, can form Yunan County corresponding with user full view, can be visited comprising user The security information for all resources asked;Wherein Yunan County's global view is the secured views of the visible cloud of keeper, and it comprises cloud The detailed scoring situation of each resource of platform;Based on user security view, collect the safety inspection item of each safety evaluation key element Evaluation result can draw the visible cloud security of user overall quantization scoring;Summarized manner can by the way of average, I.e. similar resource is by the way of average, then weighted sum;The pattern using " veto by one vote " can also be combined, i.e., in each Pi If there is high-level leak, Lij 0, then whole USi is just 0;<mrow> <mi>T</mi> <mo>=</mo> <munderover> <mo>&Sigma;</mo> <mrow> <mi>i</mi> <mo>=</mo> <mn>1</mn> </mrow> <mi>N</mi> </munderover> <mi>U</mi> <mi>S</mi> <mi>i</mi> </mrow>T is the overall safety evaluation score for the cloud platform resource that user can access.
- 8. according to the method for claim 7, it is characterised in that:Described calculating platform security quantification evaluation unit is as one Individual independent plug-in unit or module insertion cloud operating system, cloud management platform, third party software;Obtain relevant information.
- 9. according to the method for claim 7, it is characterised in that:Described cloud computing platform security quantification evaluation unit includes Visualization model is evaluated, the details and summarized results of safe quantitatively evaluating are shown in a manner of patterned, including leak safely The distribution situation and explanation in hole.
- 10. according to the method for claim 8, it is characterised in that:Described cloud computing platform security quantification evaluation unit bag Evaluation visualization model is included, the details and summarized results of safe quantitatively evaluating, including safety are shown in a manner of patterned The distribution situation and explanation of leak.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710980250.XA CN107733895B (en) | 2017-10-19 | 2017-10-19 | Quantitative evaluation method for cloud computing platform security |
PCT/CN2017/109496 WO2019075795A1 (en) | 2017-10-19 | 2017-11-06 | Method for evaluating security of cloud computing platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710980250.XA CN107733895B (en) | 2017-10-19 | 2017-10-19 | Quantitative evaluation method for cloud computing platform security |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107733895A true CN107733895A (en) | 2018-02-23 |
CN107733895B CN107733895B (en) | 2020-09-29 |
Family
ID=61212195
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710980250.XA Active CN107733895B (en) | 2017-10-19 | 2017-10-19 | Quantitative evaluation method for cloud computing platform security |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN107733895B (en) |
WO (1) | WO2019075795A1 (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109743203A (en) * | 2018-12-28 | 2019-05-10 | 西安电子科技大学 | A kind of Distributed Services security combination system and method based on quantitative information stream |
CN111404743A (en) * | 2020-03-13 | 2020-07-10 | 黄东 | General evaluation system for cloud resource service capability |
CN111885191A (en) * | 2020-07-30 | 2020-11-03 | 西安电子科技大学 | Computer network communication system |
CN112199127A (en) * | 2020-10-10 | 2021-01-08 | Oppo(重庆)智能科技有限公司 | Image data processing method and device, mobile terminal and storage medium |
CN114157572A (en) * | 2021-11-29 | 2022-03-08 | 中国光大银行股份有限公司 | Security configuration checking system and method |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US12015630B1 (en) * | 2020-04-08 | 2024-06-18 | Wells Fargo Bank, N.A. | Security model utilizing multi-channel data with vulnerability remediation circuitry |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103379112A (en) * | 2012-04-30 | 2013-10-30 | 刘宝旭 | Cloud computing environment safety quantitative evaluating system |
CN104883369A (en) * | 2015-05-29 | 2015-09-02 | 天津大学 | Cloud configuration safety assessment method |
CN105487936A (en) * | 2015-11-30 | 2016-04-13 | 中国航天科工集团第二研究院七〇六所 | Information system security evaluation method for classified protection under cloud environment |
CN106131004A (en) * | 2016-07-04 | 2016-11-16 | 福州大学 | A kind of method for the assessment of cloud computing security intensity |
US20160337316A1 (en) * | 2014-04-30 | 2016-11-17 | Fortinet, Inc. | Filtering hidden data embedded in media files |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2015103212A (en) * | 2013-11-28 | 2015-06-04 | 株式会社日立製作所 | Security evaluation system and security evaluation method |
KR101591910B1 (en) * | 2014-02-24 | 2016-02-18 | 경희대학교 산학협력단 | Apparatus and method for evaluating security risks in cloud computing and method of recommendation about cloud service provider using result of evaluation of security risks |
CN104735063B (en) * | 2015-03-11 | 2018-01-02 | 广东电子工业研究院有限公司 | A kind of safe evaluating method for cloud infrastructure |
US9762616B2 (en) * | 2015-08-08 | 2017-09-12 | International Business Machines Corporation | Application-based security rights in cloud environments |
CN106713267A (en) * | 2016-11-16 | 2017-05-24 | 湖南优图信息技术有限公司 | Network security assessment method and system |
CN106487810B (en) * | 2016-11-25 | 2019-10-18 | 中国科学院信息工程研究所 | A kind of cloud platform security postures cognitive method |
-
2017
- 2017-10-19 CN CN201710980250.XA patent/CN107733895B/en active Active
- 2017-11-06 WO PCT/CN2017/109496 patent/WO2019075795A1/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103379112A (en) * | 2012-04-30 | 2013-10-30 | 刘宝旭 | Cloud computing environment safety quantitative evaluating system |
US20160337316A1 (en) * | 2014-04-30 | 2016-11-17 | Fortinet, Inc. | Filtering hidden data embedded in media files |
CN104883369A (en) * | 2015-05-29 | 2015-09-02 | 天津大学 | Cloud configuration safety assessment method |
CN105487936A (en) * | 2015-11-30 | 2016-04-13 | 中国航天科工集团第二研究院七〇六所 | Information system security evaluation method for classified protection under cloud environment |
CN106131004A (en) * | 2016-07-04 | 2016-11-16 | 福州大学 | A kind of method for the assessment of cloud computing security intensity |
Non-Patent Citations (1)
Title |
---|
黄肖滢: "《云计算平台安全评估指标模型研究》", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109743203A (en) * | 2018-12-28 | 2019-05-10 | 西安电子科技大学 | A kind of Distributed Services security combination system and method based on quantitative information stream |
CN111404743A (en) * | 2020-03-13 | 2020-07-10 | 黄东 | General evaluation system for cloud resource service capability |
CN111885191A (en) * | 2020-07-30 | 2020-11-03 | 西安电子科技大学 | Computer network communication system |
CN111885191B (en) * | 2020-07-30 | 2021-08-17 | 西安电子科技大学 | Computer network communication system |
CN112199127A (en) * | 2020-10-10 | 2021-01-08 | Oppo(重庆)智能科技有限公司 | Image data processing method and device, mobile terminal and storage medium |
CN114157572A (en) * | 2021-11-29 | 2022-03-08 | 中国光大银行股份有限公司 | Security configuration checking system and method |
Also Published As
Publication number | Publication date |
---|---|
WO2019075795A1 (en) | 2019-04-25 |
CN107733895B (en) | 2020-09-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107733895A (en) | A kind of method for quantitatively evaluating of cloud computing platform safety | |
CN113641658B (en) | Forest and grass comprehensive monitoring and evaluation pattern spot monitoring and updating method and system and cloud platform | |
US8032557B1 (en) | Model driven compliance management system and method | |
Leibold et al. | Coherence, species turnover, and boundary clumping: elements of meta‐community structure | |
US7949628B1 (en) | Information technology configuration management | |
CN106534362B (en) | Software resource sharing method and device based on cloud platform | |
EP2407917B1 (en) | Method and system for evaluating events | |
CN109446817A (en) | A kind of detection of big data and auditing system | |
US20080275714A1 (en) | Computerized requirement management system | |
US8676962B2 (en) | Methods, systems, and computer program products for implementing data asset management activities | |
CN105978894A (en) | Network security monitoring management system based on security vulnerability scanning cloud platform | |
CN108171050A (en) | The fine granularity sandbox strategy method for digging of linux container | |
CN105867951A (en) | Data processing method and device as well as screen designer | |
Mostafavi et al. | Assessment of the productivity of nighttime asphalt paving operations | |
Schwertner et al. | Digital technologies of industry 4.0 in management of natural disasters | |
Schanz et al. | Object oriented design pattern decay: a taxonomy | |
Kreibich et al. | HOWAS21, the German flood damage database | |
CN110490722A (en) | A kind of tax risk monitoring method and system based on big data | |
CN110287551A (en) | A kind of agriculture Internet of Things entity description model modelling approach based on ontology | |
Flood et al. | The performance of approximations of farm contiguity compared to contiguity defined using detailed geographical information in two sample areas in Scotland: implications for foot-and-mouth disease modelling | |
Koç | A study on some parameters which can affect project irrigation efficiency in irrigation networks | |
Phelps et al. | The Alberta Wildland Fuels Inventory Program (AWFIP): data description and reference tables | |
Lee et al. | Streamlining urban forest monitoring based on a large-scale tree survey: a case study of highway vegetation in Hong Kong | |
CN107885655A (en) | A kind of running software effectiveness synthesis analyzing detecting method | |
CN106504080A (en) | A kind of preferential monitoring method of small-sized slight diarrhea enterprise tax and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP02 | Change in the address of a patent holder | ||
CP02 | Change in the address of a patent holder |
Address after: 523808 19th floor, Cloud Computing Center, Chinese Academy of Sciences, No.1 Kehui Road, Songshanhu high tech Industrial Development Zone, Dongguan City, Guangdong Province Patentee after: G-CLOUD TECHNOLOGY Co.,Ltd. Address before: 523808 No. 14 Building, Songke Garden, Songshan Lake Science and Technology Industrial Park, Dongguan City, Guangdong Province Patentee before: G-CLOUD TECHNOLOGY Co.,Ltd. |