CN107919970A - A kind of log management realization method and system of safe O&M service cloud platform - Google Patents
A kind of log management realization method and system of safe O&M service cloud platform Download PDFInfo
- Publication number
- CN107919970A CN107919970A CN201610871735.0A CN201610871735A CN107919970A CN 107919970 A CN107919970 A CN 107919970A CN 201610871735 A CN201610871735 A CN 201610871735A CN 107919970 A CN107919970 A CN 107919970A
- Authority
- CN
- China
- Prior art keywords
- log
- cloud platform
- service cloud
- safe
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 21
- 238000002360 preparation method Methods 0.000 claims abstract description 6
- 238000012423 maintenance Methods 0.000 claims description 57
- 230000005540 biological transmission Effects 0.000 abstract description 6
- 238000012217 deletion Methods 0.000 abstract description 5
- 230000037430 deletion Effects 0.000 abstract description 4
- 238000007726 management method Methods 0.000 description 16
- 238000003860 storage Methods 0.000 description 8
- 238000004458 analytical method Methods 0.000 description 3
- 238000001514 detection method Methods 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000011084 recovery Methods 0.000 description 2
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 238000013070 change management Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011897 real-time detection Methods 0.000 description 1
- 238000012502 risk assessment Methods 0.000 description 1
- 238000005096 rolling process Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/0246—Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of log management realization method and system of safe O&M service cloud platform, the implementation method and device of massive logs data are safely transmitted and stored between a kind of safe O&M service cloud platform and each enterprise collection client, including(Daily record)Collection client,(Enterprise)O&M terminal and safe O&M service cloud platform, and journal file preparation module, upload tag generation module, uploading module and deletion and roll-back module.By the invention it is possible to so that log transmission between safe O&M service cloud platform and the collection client of each enterprise more safety and conveniently, also improves the core competitiveness of safe O&M service cloud platform.
Description
Technical Field
The invention relates to the technical field of information security and cloud computing application, in particular to a framework for constructing a rapid and efficient security operation and maintenance service cloud platform.
Background
The English abbreviation contained in the invention is as follows:
SOC: security Operation Center Security management Center
IDS: intrusion Detection system of Intrusion Detection system
SNMP: simple Network Management Protocol
CLF: common Log Format of Common Log Format
JSON: JavaScript Object Notification JAVA script Object Notation
HDFS (Hadoop distributed File System): hadoop distribution File system Hadoop distributed File system
Safety production always guarantees the orderly development of various works and is also a negative index for checking the leaders and the cadres at all levels. The network and information security operation and maintenance system is an important component of the security production work of various enterprises. The network and the information system are guaranteed to operate efficiently and stably, and the method is the basis for all market operation activities and normal operation of enterprises.
At present, enterprise IT systems deploy various different business systems and safety equipment to different degrees, effectively improve labor productivity, reduce operation cost, and become an indispensable link in important support and production links of enterprise high-efficiency operation. On one hand, once a network and each service system have a security event or fault, if the network and each service system cannot be found, processed and recovered in time, the operation of all services borne on the network and the normal operation order of an enterprise are influenced, the system related to a customer directly causes customer complaints, the satisfaction is reduced, the enterprise image is damaged, and the method is particularly important for security guarantee of the enterprise network; on the other hand, as various network attack technologies become more advanced and more popular, the network system of the enterprise faces the danger of being attacked at any time, often suffers from invasion and damage of different degrees, and seriously interferes with the normal operation of the enterprise network; the increasingly severe security threats force enterprises to have to strengthen the security protection of networks and business systems, continuously pursue a multi-level and three-dimensional security defense system, build a security operation and maintenance service cloud center, track system events in real time, detect various security attacks in real time, take corresponding control actions in time, eliminate or reduce the loss or damage caused by the attacks, and protect the normal operation of the enterprise networks and the business systems as much as possible.
However, as the size of the enterprise IT system is continuously enlarged, especially the variety and number of the devices, databases, middleware, operating systems, Web servers, and the like, used for performing the security operation and maintenance service task are undergoing a huge scale increase, so that log storage, log analysis, and problem tracking become more and more difficult. The massive increase of the log scale of the enterprise IT system forces a security operation and maintenance service provider to adopt a big data architecture such as Hadoop/Spark to perform centralized storage, centralized processing and log analysis on the log, perform real-time tracking on system events and perform real-time detection on security attacks.
Data transmission between the security operation and maintenance service cloud platform and the log data acquisition clients of all enterprises has many security holes. Existing data backup and recovery protocols are vulnerable to transmission of log messages and do not have any security mechanism to verify the trustworthiness and integrity of the received data. Sometimes log records need to be exposed to external auditors (because of the security audit of the log). Therefore, for data analysis, data recovery and data transmission security, it is necessary to buffer the log data and increase security during data transmission.
The adoption of the cloud to store logs provides a low-cost solution for enterprises. The main problem in cloud storage is the integrity and confidentiality of data. Currently, the method to deal with these problems is encryption to ensure data correctness, tamper resistance, confidentiality, and integrity.
The patent provides a new implementation method and a device for log security of logs stored in a security operation and maintenance service cloud platform. For this purpose, log data is divided into blocks, encrypted and stored. The main advantage of encrypting the log file is to make the analysis of the user's behavior inoperable by unauthorized users.
Therefore, how to improve the operation benefit of enterprises by using an informatization means and optimize an enterprise information system enables the enterprise information system to provide professional and high-cost-performance information security operation and maintenance service for various enterprises is an important subject which needs to be solved in the design of information security operation and maintenance management.
Disclosure of Invention
The invention provides a log management implementation method and system of a secure operation and maintenance service cloud platform, which are used for ensuring the correctness, tamper resistance, confidentiality and integrity of log data.
The log management implementation method and system of the security operation and maintenance service cloud platform are applied to the security operation and maintenance monitoring service platform which can provide various security services and operation and maintenance monitoring services for a plurality of enterprises.
The security services include configuration management, security risk assessment, threat detection, vulnerability scanning, anti-virus, and the like.
The operation and maintenance monitoring service comprises configuration management, fault management, performance management, problem management, change management and the like.
The method and the system comprise an operation and maintenance terminal, a (log) acquisition client, a safety operation and maintenance service cloud platform, an operation and maintenance terminal, network equipment and safety equipment.
The network equipment and the safety equipment generate logs and are interconnected and communicated with the log acquisition client of each enterprise through a wired or wireless network, and the log acquisition client is directly connected with the operation and maintenance terminal through a wireless or wired network. According to the actual situation, the acquisition client is connected to the safe operation and maintenance service cloud platform through an anonymous channel (or a safe channel or VPN).
Further, a log collection client deployment and log file operation preparation module, an uploading label generation module and an uploading module are adopted.
Further, the safe operation and maintenance service cloud platform deploys and runs the deleting and rollback module.
Further, the operation and maintenance terminal deploys and operates the uploading tag generation module.
The invention discloses a log management implementation method and a log management implementation system for a security operation and maintenance service cloud platform, and relates to an implementation method and a device for safely transmitting and storing mass log data between the security operation and maintenance service cloud platform and each enterprise acquisition client. The method and the system comprise a log acquisition client, an enterprise operation and maintenance terminal, a security operation and maintenance service cloud platform, a log file preparation module, an uploading tag generation module, an uploading module and a deleting and rollback module. By the method and the system, log transmission between the safe operation and maintenance service cloud platform and the acquisition client of each enterprise is safer and more convenient, and the core competitiveness of the safe operation and maintenance service cloud platform is improved.
Drawings
Fig. 1 is a schematic diagram of a log management implementation method and system for a security operation and maintenance service cloud platform according to the present invention;
Detailed Description
The invention is described in further detail below with reference to the figures and examples:
fig. 1 is a schematic diagram of an implementation method of log management of a secure operation and maintenance cloud service platform according to the present invention. The architecture comprises network equipment, safety equipment, an operation and maintenance terminal, a (log) acquisition client and a safety operation and maintenance service cloud platform. The network equipment and the safety equipment generate logs, the logs are interconnected and communicated with the acquisition client through a wired or wireless network, and the acquisition client is directly connected with the operation and maintenance terminal through the wireless or wired network. According to the actual situation, the acquisition client is connected to the safe operation and maintenance service cloud platform for storage through an anonymous channel (or a safe channel or VPN).
The (log) collecting client includes a server and a database for efficiently storing data (or enterprise log data).
The safety operation and maintenance service cloud platform is used as a huge storage medium and also provides a plurality of functions, such as accessibility anytime anywhere, data safety enhancement, faster deployment, low cost and the like; it also provides maintenance services for log data. Only those customers who have paid for and subscribed to the cloud storage service may upload the data. There are many enterprises as customers, greatly reducing the operating costs of service providers.
And the operation and maintenance terminal is responsible for the safe operation and maintenance management of the enterprise.
The implementation algorithm for the safe operation and maintenance service cloud platform log safety management comprises a log file preparation module, an uploading tag generation module, an uploading module and a deleting and rollback module.
And the log file preparation module is used for adding the encryption and message verification fields into log records to ensure the integrity of the forwarded log data before pushing the log files to the cloud storage of the safe operation and maintenance service platform. Three keys used in this work; where two keys are used for integrity and one key is used for privacy. The start field includes a timestamp, a special log initialization symbol, and a chunk size. The end field is the field where the log block ends. The steps of the algorithm are as follows:
step 1: generate 3 master keys:. Wherein,is a key used to verify the integrity of the log data,is a key used to verify the confidentiality of log data.
Step 2: generating an initial log fieldCalculating。
And step 3: recalculating keysDeletion, deletion,。
And 4, step 4: creating logs. Computing. Computing aggregations。
And 5: creating a Log end field,And uploading the blocks.
So far, the log file is ready to be uploaded to the secure operation and maintenance service cloud storage. The present algorithm is executed in the (log) collecting client module. The acquisition client module acquires original logs from the network equipment and the safety equipment for processing. Using this algorithm, the original log is converted into a secure sealed log file.
The uploading tag generation module is necessary to index the log blocks through a unique key value before uploading the log blocks to the security operation and maintenance service cloud platform in order to be able to retrieve the log blocks. However, the upload tag should be such that it cannot be traced back to the customer. In order to generate such a label, the patent uses Diffie Hellmen to generate a secret key, and then hashes (hash) the secret key to obtain the label, and the algorithm is executed in the (log) acquisition client and the operation and maintenance terminal respectively. The steps of the algorithm are as follows:
step 1: the log data is stored in the cloud and indexed using automatically generated tags.
Step 2: a generator and an original root P in a group are selected.
And step 3: the acquisition client A and the operation and maintenance terminal B generate random numbers rA and rB and keep secret.
And 4, step 4: gather client A computationAnd operation and maintenance terminal B calculatesExchange TA and TB.
And 5: computingDiffie Hellmen key.
Step 6: creating an ith upload ticket, using a key (m-i) in the Diffie Hellmen algorithm with a hash; for example,。
each upload tag is associated with a log group. The log groups (or log chunks) stored in the secure operation and maintenance service cloud platform can be retrieved using the upload tag.
The upload module, after generating the upload tag, is associated with a log chunk, which includes the encrypted log. Each log chunk is associated with a delete tag, which is generated by a strong cryptographic hash function using a pseudo-random number. The algorithm is executed in the (log) collecting client. The steps of the algorithm are as follows:
step 1: creatingFor each log block, it is generated by using a strong cryptographic hash function.
Step 2: public key of delete _ Tag passing through secure operation and maintenance service cloud platformEncryption is performed.
And step 3: logging data over anonymous channels and usage parametersAnd sending the data to the security operation and maintenance service cloud platform.
After the delete tag is generated, the log group (log block) is stored in the secure operation and maintenance service cloud platform of the log group (or log packet) corresponding to the tag.
And the deleting and rolling-back module is used for safely deleting and rolling back the log in the safe operation and maintenance cloud platform. The deletion and rollback of the log records can be realized only by authorized personnel. The entity requesting the deletion must therefore provide a proof that it is authorized to delete or rollback. The steps of the algorithm are as follows:
step 1: the relevant deleetag and UploadTag are obtained.
Step 2: check if the request is fulfilled。
And step 3: giving proof of authorization。
And 4, step 4: safety operation and maintenance service cloud platform inspectionIf the formula holds, the log is deleted or rolled back accordingly.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention; all equivalent changes and modifications made according to the present invention are considered to be covered by the scope of the present invention.
Claims (4)
1. The invention provides a log management implementation method and system for a security operation and maintenance service cloud platform.
2. The method and system for implementing log management of the cloud platform for security operation and maintenance service according to claim 1, wherein the log collection client comprises a log file deployment and operation preparation module, an upload tag generation module and an upload module.
3. The method and system for implementing log management of the cloud platform for security operation and maintenance service according to claim 1, wherein the (enterprise) operation and maintenance terminal deploys and runs the upload tag generation module.
4. The method and system for implementing log management of the cloud platform for security operation and maintenance service according to claim 1, wherein the cloud platform for security operation and maintenance service deploys and runs the deleting and rolling-back module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610871735.0A CN107919970A (en) | 2016-10-08 | 2016-10-08 | A kind of log management realization method and system of safe O&M service cloud platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610871735.0A CN107919970A (en) | 2016-10-08 | 2016-10-08 | A kind of log management realization method and system of safe O&M service cloud platform |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107919970A true CN107919970A (en) | 2018-04-17 |
Family
ID=61892035
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610871735.0A Pending CN107919970A (en) | 2016-10-08 | 2016-10-08 | A kind of log management realization method and system of safe O&M service cloud platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107919970A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109039749A (en) * | 2018-08-10 | 2018-12-18 | 广州天予智能科技有限公司 | A kind of acquisition of remote journal and encryption transmission system and method |
| CN110177024A (en) * | 2019-05-06 | 2019-08-27 | 北京奇安信科技有限公司 | Monitoring method and client, server-side, the system of hotspot device |
| CN111027722A (en) * | 2019-11-26 | 2020-04-17 | 常州工业职业技术学院 | Enterprise labeling operation and maintenance method |
| CN113487397A (en) * | 2021-05-13 | 2021-10-08 | 广州城建职业学院 | Automatic test operation and maintenance system of financial cloud platform |
| CN113553093A (en) * | 2020-04-24 | 2021-10-26 | 上海颢联数字科技有限公司 | Method and system for parallel acquisition and integration of multi-source transaction data |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101465765A (en) * | 2008-12-31 | 2009-06-24 | 东信和平智能卡股份有限公司 | Log system and use method thereof |
| CN104050268A (en) * | 2014-06-23 | 2014-09-17 | 西北工业大学 | Continuous data protection and recovery method with log space adjustable online |
| CN105099740A (en) * | 2014-05-15 | 2015-11-25 | 中国移动通信集团浙江有限公司 | Log management system and log collection method |
| CN105119750A (en) * | 2015-09-08 | 2015-12-02 | 南京联成科技发展有限公司 | Distributed information security operation and maintenance management platform based on massive data |
| US20160062732A1 (en) * | 2014-08-29 | 2016-03-03 | Samsung Electronics Co., Ltd. | Method for providing additional functions based on information |
| CN105765659A (en) * | 2013-10-30 | 2016-07-13 | 微软技术许可有限责任公司 | Data management for connected devices |
-
2016
- 2016-10-08 CN CN201610871735.0A patent/CN107919970A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101465765A (en) * | 2008-12-31 | 2009-06-24 | 东信和平智能卡股份有限公司 | Log system and use method thereof |
| CN105765659A (en) * | 2013-10-30 | 2016-07-13 | 微软技术许可有限责任公司 | Data management for connected devices |
| CN105099740A (en) * | 2014-05-15 | 2015-11-25 | 中国移动通信集团浙江有限公司 | Log management system and log collection method |
| CN104050268A (en) * | 2014-06-23 | 2014-09-17 | 西北工业大学 | Continuous data protection and recovery method with log space adjustable online |
| US20160062732A1 (en) * | 2014-08-29 | 2016-03-03 | Samsung Electronics Co., Ltd. | Method for providing additional functions based on information |
| CN105119750A (en) * | 2015-09-08 | 2015-12-02 | 南京联成科技发展有限公司 | Distributed information security operation and maintenance management platform based on massive data |
Non-Patent Citations (1)
| Title |
|---|
| 管小娟等: "智能电网信息内外网边界安全监测模型研究", 《电力信息与通信技术》 * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109039749A (en) * | 2018-08-10 | 2018-12-18 | 广州天予智能科技有限公司 | A kind of acquisition of remote journal and encryption transmission system and method |
| CN109039749B (en) * | 2018-08-10 | 2022-02-15 | 广州天予智能科技有限公司 | Remote log acquisition and encryption transmission system and method |
| CN110177024A (en) * | 2019-05-06 | 2019-08-27 | 北京奇安信科技有限公司 | Monitoring method and client, server-side, the system of hotspot device |
| CN111027722A (en) * | 2019-11-26 | 2020-04-17 | 常州工业职业技术学院 | Enterprise labeling operation and maintenance method |
| CN113553093A (en) * | 2020-04-24 | 2021-10-26 | 上海颢联数字科技有限公司 | Method and system for parallel acquisition and integration of multi-source transaction data |
| CN113553093B (en) * | 2020-04-24 | 2023-05-02 | 上海颢联数字科技有限公司 | Method and system for parallel acquisition and integration of multi-source transaction data |
| CN113487397A (en) * | 2021-05-13 | 2021-10-08 | 广州城建职业学院 | Automatic test operation and maintenance system of financial cloud platform |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Liang et al. | Provchain: A blockchain-based data provenance architecture in cloud environment with enhanced privacy and availability | |
| CN107919970A (en) | A kind of log management realization method and system of safe O&M service cloud platform | |
| Li et al. | Inspecting edge data integrity with aggregate signature in distributed edge computing environment | |
| Muthurajkumar et al. | Secured temporal log management techniques for cloud | |
| Yan et al. | Integrity audit of shared cloud data with identity tracking | |
| CN109951490A (en) | Webpage integrity assurance, system and electronic equipment based on block chain | |
| WO2024088082A1 (en) | Method and device for auditing data integrity, and storage medium | |
| Virvilis et al. | A cloud provider-agnostic secure storage protocol | |
| Kumar et al. | TPA auditing to enhance the privacy and security in cloud systems | |
| CN111769956B (en) | Service processing method, device, equipment and medium | |
| Wen et al. | Big data storage security | |
| CN114254269A (en) | System and method for determining rights of biological digital assets based on block chain technology | |
| CN118133312A (en) | Data transmission information safety protection method and system under big data platform | |
| CN111212026A (en) | Data processing method and device based on block chain and computer equipment | |
| CN116827821B (en) | Block chain cloud-based application program performance monitoring method | |
| Bakro et al. | Hybrid blockchain-enabled security in cloud storage infrastructure using ECC and AES algorithms | |
| Chen et al. | [Retracted] A System for Trusted Recovery of Data Based on Blockchain and Coding Techniques | |
| CN117439799A (en) | Anti-tampering method for http request data | |
| CN112564985A (en) | Safe operation and maintenance management method based on block chain | |
| CN115022044A (en) | Storage method and system based on multi-cloud architecture | |
| CN113360924A (en) | Data processing method, device, electronic equipment and medium | |
| Jain | Decentralize log file storage and integrity preservation using blockchain | |
| Sridevi et al. | Intrusion detection system using Wosad method | |
| Miyaho et al. | Study of a secure backup network mechanism for disaster recovery and practical network applications | |
| Stathopoulos et al. | Secure log management for privacy assurance in electronic communications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180417 |
|
| RJ01 | Rejection of invention patent application after publication |