Disclosure of Invention
The embodiment of the invention aims to provide a denial preventing method and device based on a cloud computing network and a readable storage medium, which can effectively improve the traceability of automatic network configuration and the safety of configuration records, so that the reliability of the automatic network configuration based on the cloud computing network is improved.
In order to achieve the above object, an embodiment of the present invention provides a denial preventing method based on a cloud computing network, including:
identifying a plurality of nodes in the cloud computing network; wherein the plurality of nodes comprises at least one recording node;
after any node completes network configuration according to an instruction sent by an SDN cloud network controller, storing a record of an encrypted network configuration state generated by the node and disclosed in the cloud computing network; the SDN cloud network controller sends an instruction comprising a network configuration command to each node so as to control each node to complete automatic network configuration;
and updating the record of the network configuration state of each node according to the encrypted record stored in the record node.
As an improvement of the above scheme, the recording node is selected by voting for the plurality of nodes.
As an improvement of the above scheme, after any of the nodes completes network configuration according to the SDN cloud network controller, network configuration information generated by the node and disclosed in the cloud computing network is saved in the logging node.
As an improvement of the above scheme, any two nodes communicate with each other, and when the communication between a non-recording node and the recording node is interrupted for more than a preset time, a new recording node is selected from the non-recording nodes in which the communication is interrupted.
As an improvement of the above scheme, network configuration information is obtained by encrypting the record of the network configuration state, and the encrypted record of the network configuration state is disclosed by disclosing the network configuration information to the cloud computing network.
As an improvement of the above scheme, the encryption method for encrypting the record of the network configuration state is to encrypt the record of the network configuration state by a hash algorithm.
As an improvement of the above solution, the process of generating the transaction information includes:
the node encrypts the record of the current network configuration state by using a private key of the node, generates the network configuration information, and stores a corresponding public key in the SDN cloud network controller.
The embodiment of the invention also provides a denial preventing device based on the cloud computing network, which comprises the following components:
a monitoring module to identify a plurality of nodes in the cloud computing network; wherein the plurality of nodes comprises at least one recording node;
the recording module is used for recording transaction information which is generated by any node and is disclosed in the cloud computing network after the node completes a transaction; wherein the transaction information is generated by encrypting a transaction record of the current transaction;
and the updating module is used for updating the information of each transaction block in the cloud computing network according to the transaction information stored in the recording node and the node corresponding to each transaction information.
The embodiment of the invention also provides an anti-denial device based on a cloud computing network, which comprises a processor, a memory and a computer program which is stored in the memory and configured to be executed by the processor, wherein when the processor executes the computer program, the anti-denial device based on the cloud computing network realizes the anti-denial method based on the cloud computing network.
The embodiment of the invention also provides a computer-readable storage medium, which includes a stored computer program, wherein when the computer program runs, the device where the computer-readable storage medium is located is controlled to execute any one of the above anti-denial methods based on the cloud computing network.
Compared with the prior art, the anti-repudiation method, the device and the readable storage medium based on the cloud computing network, disclosed by the invention, have the advantages that each node encrypts the record of the network configuration state of the device, the encrypted record of the network configuration state is disclosed in the cloud computing network, and the encrypted record is stored by the recording node, so that the reliability of the network configuration information is improved. Because the encrypted record is disclosed in the cloud computing network, the record of the network configuration state is difficult to be falsified due to a plurality of backups while the record of the network configuration state is prevented from being leaked, the authenticity of the record of the network configuration state is convenient to verify, and the traceability and the safety are greatly improved; because the record node saves all encrypted records in the cloud computing network, and because the authenticity of the network configuration information is convenient to verify, the tracing difficulty is greatly reduced, and the reliability of automatic network configuration is improved.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the embodiment of the present invention, the cloud computing network is a computer network including a virtual user access terminal, a physical network device, a virtual network router switch, and an SDN cloud network controller, where the physical network device may be an Openflow switch. In the cloud computing network, each node is the virtual user access terminal, and a user accesses the cloud computing network through the virtual network access terminal.
Fig. 1 is a schematic flow chart of an anti-denial method based on a cloud computing network according to embodiment 1 of the present invention. The denial preventing method provided in embodiment 1 of the present invention is applicable to a cloud computing network formed by an SDN cloud network controller and a plurality of nodes, and the method includes steps S110 to S130.
S110, confirming a plurality of nodes in the cloud computing network; wherein the plurality of nodes includes at least one recording node.
The recording node is used for storing a record of the network configuration state disclosed in the cloud computing network each time. Specifically, the plurality of nodes includes at least one recording node and a plurality of non-recording nodes; it is understood that the number of the recording nodes can be two or more, and the beneficial effects of the invention are not affected.
In advance, the plurality of nodes select one of the recording nodes by voting. Specifically, among the plurality of nodes, a node, for which the communication information of the recording node is not detected for a preset time period, automatically becomes a candidate node, and each non-candidate node votes for all the candidate nodes to select one of the candidate nodes to become the recording node. Preferably, two or two of the nodes are in communication, and when the communication interruption between a non-recording node and the recording node exceeds a preset time, a new recording node is selected from the non-recording nodes in which the communication interruption occurs. The preset value can be any time value, such as ten seconds or one minute, which does not affect the beneficial effects of the invention.
S120, after any node completes network configuration according to an instruction sent by the SDN cloud network controller, storing a record of the encrypted network configuration state generated by the node and disclosed in the cloud computing network; the SDN cloud network controller sends an instruction comprising a network configuration command to each node so as to control each node to complete automatic network configuration.
Specifically, network configuration information is obtained by encrypting the record of the network configuration state, and the encrypted record of the network configuration state is disclosed by disclosing the network configuration information to the cloud computing network. The encryption mode for encrypting the record of the network configuration state is to encrypt the record of the network configuration state through a hash algorithm. Preferably, the generating process of the network configuration information includes: the node encrypts the record of the current network configuration state by using a private key of the node, generates the network configuration information, and stores a corresponding public key in the SDN cloud network controller.
S130, updating the record of the network configuration state of each node according to the encrypted record stored in the record node.
Specifically, the record node receives and stores the record disclosed in the cloud computing network, obtains the record of the network configuration state of the corresponding node by obtaining the record from the record node, and more specifically, obtaining the network configuration information including the record, and obtaining the record of the network configuration state of the corresponding node by using the public key stored in the SDN cloud network controller, and updates the record of the network configuration state of the corresponding node in the cloud computing network.
Preferably, when a plurality of the recording nodes communicate with each other, a recording node selected later is changed to a non-recording node, and the own data is updated according to the transaction information stored in the recording node selected earlier.
In another preferred embodiment, the manner of selecting a new recording node may also be: in the non-recording nodes with the communication interruption, one node is randomly selected as the recording node according to the stock right certification value held by each node and the principle that the stock right certification value is in positive linear correlation with the probability of becoming the recording node; wherein the equity proof value of each node is the product of the value of the funds held by the node and the time of holding the funds.
The mode of selecting a new recording node may also be: each node votes for other nodes, and the N nodes before the votes are selected as witness nodes; wherein the specific numerical value of N is preset; and taking N witness nodes as recording nodes in turn.
As another embodiment, step S130 may also include steps S131 to S132.
S131, network configuration information stored in each node is obtained.
S132, when not more than half of the obtained network configuration information is the same as the network configuration information obtained from the record node, updating the record of the network configuration state of each node in the SDN cloud network controller according to the network configuration information stored in the record node.
In the anti-repudiation method based on the cloud computing network disclosed in embodiment 1 of the present invention, each node encrypts a record of a network configuration state of the local computer, and discloses the encrypted record of the network configuration state in the cloud computing network, and the record node stores the encrypted record, so as to improve reliability of network configuration information. Because the encrypted record is disclosed in the cloud computing network, the record of the network configuration state is difficult to be falsified due to a plurality of backups while the record of the network configuration state is prevented from being leaked, the authenticity of the record of the network configuration state is convenient to verify, and the traceability and the safety are greatly improved; because the record node saves all encrypted records in the cloud computing network, and because the authenticity of the network configuration information is convenient to verify, the tracing difficulty is greatly reduced, and the reliability of automatic network configuration is improved.
Fig. 2 is a schematic structural diagram of an anti-denial device based on a cloud computing network according to embodiment 2 of the present invention. The denial preventing device 20 provided in embodiment 2 of the present invention is suitable for a cloud computing network formed by an SDN cloud network controller and a plurality of nodes, and the denial preventing device 20 includes a monitoring module 21, a recording module 22, and an updating module 23.
The monitoring module 21 is configured to identify a plurality of nodes in the cloud computing network; wherein the plurality of nodes comprises at least one recording node; the recording module 22 is configured to, after any node completes network configuration according to the SDN cloud network controller, store network configuration information generated by the node and published in the cloud computing network; each node encrypts a record of the current network configuration state of the node to generate the network configuration information; the updating module 23 is configured to update the record of the network configuration state of each node according to the network configuration information stored in the recording node.
The operation process of the anti-denial device 20 is the same as that of the anti-denial method described in embodiment 1, and is not described herein again.
The anti-repudiation device based on the cloud computing network disclosed in embodiment 2 of the present invention encrypts the record of the network configuration state of the device by each node, and discloses the encrypted record of the network configuration state in the cloud computing network, and the record node stores the encrypted record, so as to improve the reliability of the network configuration information. Because the encrypted record is disclosed in the cloud computing network, the record of the network configuration state is difficult to be falsified due to a plurality of backups while the record of the network configuration state is prevented from being leaked, the authenticity of the record of the network configuration state is convenient to verify, and the traceability and the safety are greatly improved; because the record node saves all encrypted records in the cloud computing network, and because the authenticity of the network configuration information is convenient to verify, the tracing difficulty is greatly reduced, and the reliability of automatic network configuration is improved.
Referring to fig. 3, a schematic diagram of a denial preventing device 30 according to an embodiment of the present invention is shown. The anti-repudiation device 30 of this embodiment includes: a processor 31, a memory 32 and a computer program, such as an anti-repudiation program, stored in said memory 32 and executable on said processor. The processor 31, when executing the computer program, implements the steps in the above-mentioned embodiments of the anti-denial method, such as the step S120 shown in fig. 1. Alternatively, the processor implements the functions of the modules in the device embodiments described above when executing the computer program, for example, the anti-denial device described in embodiment 2.
Illustratively, the computer program may be divided into one or more modules, which are stored in the memory 32 and executed by the processor 31 to accomplish the present invention. The one or more modules may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution process of the computer program in the anti-repudiation device 30. For example, the computer program may be divided into a monitoring module, a recording module and an updating module, and each module has the following specific functions: the monitoring module is used for confirming a plurality of nodes in the cloud computing network; wherein the plurality of nodes comprises at least one recording node; the recording module is configured to store network configuration information generated by any node and disclosed in the cloud computing network after the node completes network configuration according to the SDN cloud network controller; each node encrypts a record of the current network configuration state of the node to generate the network configuration information; and the updating module is used for updating the record of the network configuration state of each node according to the network configuration information stored in the recording node.
The anti-repudiation device 30 may be a desktop computer, a notebook, a palm computer, a cloud server, or other computing device. The anti-repudiation device 30 may include, but is not limited to, a processor 31, a memory 32. It will be understood by those skilled in the art that the schematic diagram is merely an example of the anti-denial apparatus 30, and does not constitute a limitation of the anti-denial apparatus 30, and may include more or less components than those shown, or combine some components, or different components, for example, the anti-denial apparatus 30 may also include input/output devices, network access devices, buses, etc.
The Processor 31 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. The general purpose processor may be a microprocessor or the processor may be any conventional processor, etc., and the processor 31 is the control center of the anti-denial device 30 and connects the various parts of the entire anti-denial device 30 using various interfaces and lines.
The memory 32 can be used for storing the computer programs and/or modules, and the processor 31 can implement various functions of the anti-denial device 30 by running or executing the computer programs and/or modules stored in the memory 32 and calling the data stored in the memory 32. The memory 32 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. Further, the memory 32 may include high speed random access memory, and may also include non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), at least one magnetic disk storage device, a Flash memory device, or other volatile solid state storage device.
The modules integrated by the anti-denial device 30 can be stored in a computer readable storage medium if they are implemented in the form of software functional units and sold or used as independent products. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like.
In the anti-denial device and the readable storage medium based on the cloud computing network disclosed in embodiment 3 of the present invention, each node encrypts a record of a local network configuration state, and discloses the encrypted record of the network configuration state in the cloud computing network, and the record node stores the encrypted record, so as to improve reliability of network configuration information. Because the encrypted record is disclosed in the cloud computing network, the record of the network configuration state is difficult to be falsified due to a plurality of backups while the record of the network configuration state is prevented from being leaked, the authenticity of the record of the network configuration state is convenient to verify, and the traceability and the safety are greatly improved; because the record node saves all encrypted records in the cloud computing network, and because the authenticity of the network configuration information is convenient to verify, the tracing difficulty is greatly reduced, and the reliability of automatic network configuration is improved.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention.