CN111506898A - Information service security evaluation method and device - Google Patents
Information service security evaluation method and device Download PDFInfo
- Publication number
- CN111506898A CN111506898A CN202010263607.4A CN202010263607A CN111506898A CN 111506898 A CN111506898 A CN 111506898A CN 202010263607 A CN202010263607 A CN 202010263607A CN 111506898 A CN111506898 A CN 111506898A
- Authority
- CN
- China
- Prior art keywords
- safety evaluation
- evaluation
- security
- message queue
- instance
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000011156 evaluation Methods 0.000 title claims abstract description 202
- 238000000034 method Methods 0.000 claims abstract description 36
- 238000012163 sequencing technique Methods 0.000 claims abstract description 7
- 238000004590 computer program Methods 0.000 claims description 5
- 238000004891 communication Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 239000002184 metal Substances 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 3
- 241000700605 Viruses Species 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002265 prevention Effects 0.000 description 2
- 238000004883 computer application Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000012854 evaluation process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The application provides an information service safety evaluation method and device, wherein the method comprises the following steps: combining the safety evaluation program and the configuration information of the information service system to be evaluated to form a plurality of safety evaluation examples; assigning a priority to each of the security assessment instances; adding the security evaluation instance as a message object into a message queue; sequencing the safety evaluation instances in the message queue according to the priority from high to low; and taking out the safety evaluation example from the message queue to execute and obtain a safety evaluation result. The method can realize the information service safety evaluation on the premise of easy use, high efficiency and low cost.
Description
Technical Field
The invention relates to the technical field of computer application, in particular to an information service safety evaluation method and device.
Background
With the rapid development of the cloud computing technology, more and more information service systems are deployed on the cloud computing platform, and because the cloud computing platform is based on the virtualization technology, resources such as computing, storage, network and the like can be dynamically allocated and recovered, and the information service systems can also be rapidly installed, deployed, operated and destroyed, the security of the information service systems on the cloud computing platform is also challenged.
In recent years, the security situation of an information service system on a cloud computing platform is becoming more severe, and new viruses and network attacks are emerging and may threaten the security of the information service system, so that not only basic network security equipment is required to resist, but also advance prevention is required. The safety condition of the information service system is evaluated so that the safety condition of the information service system can be known before the information service system is on-line operated, and the method is an important early prevention scheme and is a source of the evaluation system.
The traditional evaluation system mostly adopts a mode of directly operating a safety evaluation program for the safety evaluation of the information service system, a plurality of safety evaluation programs form a queue, then the safety evaluation programs are operated one by one and configuration information of the information service system to be evaluated is transmitted, and finally a safety evaluation result of the information service system to be evaluated is obtained.
Although the method can complete the safety evaluation work aiming at the information service system, the information service system can be quickly installed and deployed on the cloud computing platform, the number of the information service systems is very large, and in order to detect novel viruses and network attacks, the number of safety evaluation programs is very large and can be increased at any time, so that the traditional evaluation method and system have the defects of inconvenient use, low detection speed, high cost during large-scale quantity simultaneous detection and the like.
Disclosure of Invention
In view of this, the present application provides an information service security evaluation method and apparatus, which can implement information service security evaluation on the premise of easy use, high efficiency, and low cost.
In order to solve the technical problem, the technical scheme of the application is realized as follows:
in one embodiment, there is provided an information service security assessment method, the method comprising:
combining the safety evaluation program and the configuration information of the information service system to be evaluated to form a plurality of safety evaluation examples;
assigning a priority to the security assessment instance;
adding the security evaluation instance as a message object into a message queue;
sequencing the safety evaluation instances in the message queue according to the priority from high to low;
and taking out the safety evaluation example from the message queue to execute and obtain a safety evaluation result.
In another embodiment, there is provided an information service security assessment apparatus, the apparatus including: the system comprises a management unit, a joining unit, a distributing unit and an executing unit;
the management unit is used for combining the safety evaluation program and the configuration information of the information service system to be evaluated to form a plurality of safety evaluation examples; assigning a priority to the security assessment instance; acquiring a safety evaluation result of the execution unit executing the safety evaluation example;
the adding unit is used for adding the safety evaluation examples in the safety evaluation examples of which the priorities are distributed by the management unit into a message queue as message objects; sequencing the safety evaluation instances in the message queue according to the priority from high to low;
the distribution unit is used for taking out the security evaluation instance from the message queue and distributing the security evaluation instance to the execution unit;
the execution unit is used for executing the safety evaluation examples distributed by the distribution unit.
In another embodiment, an electronic device is provided, comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the information service security assessment method when executing the program.
In another embodiment, a computer-readable storage medium is provided, on which a computer program is stored which, when being executed by a processor, carries out the steps of the information service security assessment method.
According to the technical scheme, the safety evaluation program and the configuration information of the information service system to be evaluated are combined to form the safety evaluation example, and the safety evaluation example is subsequently taken as a unit to perform safety evaluation, so that the information service system can be quickly evaluated, the simultaneous execution of the safety evaluation programs of the large-scale information service system is supported, the performance and the efficiency of the evaluation system can be obviously improved, meanwhile, the safety evaluation program can be conveniently and dynamically expanded, the structure of the evaluation system does not need to be modified, the redevelopment is avoided, and the safety evaluation efficiency aiming at the information service system is improved.
And distributing priority to the safety evaluation examples, namely distributing high priority to the safety evaluation examples needing to be tested in priority according to actual needs so as to finish corresponding evaluation work quickly.
During specific implementation, the use of a message queue is introduced aiming at a security evaluation example, and decoupling, asynchronization and peak clipping of an evaluation system are realized through a mechanism of the message queue.
The information service safety evaluation scheme provided in the implementation of the application supports the characteristics of easiness in use, high efficiency and low cost under the scene that safety evaluation programs and information service systems under a cloud computing platform are very large in quantity.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive labor.
FIG. 1 is a schematic diagram of an information service security assessment process implemented in the present application;
FIG. 2 is a schematic diagram of an apparatus for implementing the above technique in an embodiment of the present application;
fig. 3 is a schematic physical structure diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprising" and "having," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements explicitly listed, but may include other steps or elements not explicitly listed or inherent to such process, method, article, or apparatus.
The technical solution of the present invention will be described in detail with specific examples. Several of the following embodiments may be combined with each other and some details of the same or similar concepts or processes may not be repeated in some embodiments.
The embodiment of the application provides an information service safety evaluation method, which is applied to an information service safety evaluation device and used for evaluating the safety of an information service system.
The information service safety evaluation device can be deployed on one device or server, and can also be deployed on a plurality of devices or servers.
The process of implementing the information service security evaluation according to the present application will be described in detail below with reference to the accompanying drawings.
Referring to fig. 1, fig. 1 is a schematic view of an information service security evaluation process in the implementation of the present application. The method comprises the following specific steps:
The safety evaluation program in this step is a program code written by a computer programming language, and includes but is not limited to being written by C, C + +, Java, Python, Shell and other computer programming languages.
The configuration information of the information service system to be evaluated in this step is related information about the information service system to be evaluated, which can be provided by the information service system to be evaluated, and includes, but is not limited to, an IP address, a port number, a service type, a service protocol, an API interface, and the like.
In the step, one or more safety evaluation programs can be provided, and one or more configuration information of the information service system to be evaluated can be provided;
therefore, in the process of one evaluation, not all the security evaluation programs and all the configuration information of the information service systems needing to be evaluated are necessarily combined into the security evaluation example, and the security evaluation example needing to be combined can be determined on the premise of meeting the requirement of the input parameters of the security evaluation program according to the evaluation target and/or the configuration information of the information service systems needing to be evaluated.
For example, a safety assessment program is: and remotely logging in the information service system to be evaluated and then executing the program.
When the configuration information of the corresponding information service system needing to be evaluated comprises: the IP address, the user name, the password or the key and the port number of the cloud host/server need to be evaluated; for logging on to the cloud host/server.
This configuration information may be combined with one of the security assessment programs described above to form a security assessment example, denoted as assessment example 1.
Another safety assessment program is: and monitoring information interacted in the information service system.
When the configuration information of the corresponding information service system needing to be evaluated comprises: a sensitive word; for monitoring sensitive information.
This configuration information may be combined with another security assessment program as described above to form a security assessment instance, such as assessment instance 2.
And 102, distributing priority to the safety evaluation examples.
When the priority is allocated to the safety evaluation example in the embodiment of the application, the priority can be allocated to the safety evaluation example according to the time required by executing the safety evaluation example; if the safety evaluation instances with long required execution time are distributed with relatively high priority, the safety evaluation instances with short required execution time are distributed with relatively low priority;
during specific implementation, the grade number of the distributed priority can be selected according to actual needs, and the grade number of each priority corresponds to an execution time interval; if three priority levels, namely a first priority level, a second priority level and a third priority level are divided; the priority of the first priority level is higher than that of the second priority level, and the priority of the second priority level is higher than that of the third priority level; the first priority level corresponds to a first execution time interval (e.g., greater than 1 hour), the second priority level corresponds to a second execution time interval (e.g., greater than 30 minutes and not greater than 1 hour), and the third priority level corresponds to a third execution time interval (e.g., not greater than 30 minutes).
The priority can be distributed to the safety evaluation example according to the importance of the configuration information in the safety evaluation example; if the security evaluation example containing the configuration information with high importance is assigned with high priority;
the priority can be distributed to the safety evaluation examples according to the sequence generated by the safety evaluation examples; assigning a high priority to the security assessment instance as previously generated;
any combination of the above implementations is also possible.
The above several implementation manners for assigning priorities are given by way of example only, and are not limited to the above manner for assigning priorities in specific implementation, and priorities are flexibly configured according to actual evaluation targets.
And 103, adding the security evaluation instance as a message object into a message queue.
And when the safety evaluation instances need to be executed, adding the safety evaluation instances into a message queue as message objects to wait for being executed.
And 104, sequencing the safety evaluation instances in the message queue according to the priority from high to low.
And 105, taking out the safety evaluation example from the message queue to execute and obtain a safety evaluation result.
Since the security evaluation instances in the message queue are sorted from high to low in priority, the security evaluation instance with high priority is preferentially taken out when the security evaluation instance is taken out from the message queue.
The technical scheme provided by the application combines the configuration information of the information service system and the corresponding safety evaluation program to form a safety evaluation example, the safety evaluation example is subsequently used as a unit for safety evaluation, the information service system can be quickly evaluated, the large-scale safety evaluation program of the information service system can be simultaneously executed, the performance and the efficiency of the evaluation system can be obviously improved, meanwhile, the safety evaluation program can be dynamically expanded conveniently, the structure of the evaluation system does not need to be modified, redevelopment is avoided, and the efficiency of the safety evaluation for the information service system is improved.
And distributing priority to the safety evaluation examples, namely distributing high priority to the safety evaluation examples needing to be tested in priority according to actual needs so as to finish corresponding evaluation work quickly.
During specific implementation, the use of a message queue is introduced aiming at a security evaluation example, and decoupling, asynchronization and peak clipping of an evaluation system are realized through a mechanism of the message queue.
In the embodiment of the present application, the evaluation may also be implemented by using a database temporary table scheme instead of the message queue.
The information service safety evaluation scheme provided in the implementation of the application supports the characteristics of easiness in use, high efficiency and low cost under the scene that safety evaluation programs and information service systems under a cloud computing platform are very large in quantity.
In the embodiment of the present application, the taking out of the security evaluation instance from the message queue for execution includes:
and if the number of the execution units executing the safety evaluation examples is multiple, taking out the safety evaluation examples from the message queue, distributing the safety evaluation examples to the multiple execution units according to a load balancing principle, and executing the safety evaluation examples through the multiple execution units.
The extracted safety evaluation examples are distributed to the execution units according to the principle of load sharing, namely, the execution tasks of the safety evaluation examples of the execution units are balanced in load.
The execution unit may be deployed on one device, one server, or multiple devices and multiple servers, which is not limited herein.
In the embodiment of the present application, when the security evaluation instance is taken out from the message queue and distributed to a plurality of the execution units according to the principle of load balancing, the following two specific implementation manners may be used, but are not limited to:
the first method comprises the following steps: and taking out and distributing the security evaluation instance with the highest priority in the message queue to an idle execution unit, if the idle execution unit does not exist, waiting until the idle execution unit exists in the plurality of execution units, and then distributing the security evaluation instance with the highest priority in the message queue to the currently idle execution unit.
When a plurality of idle execution units exist, one idle execution unit can be selected according to a preset selection rule to distribute the evaluation example; the preset selection rule may be selected randomly, or may be selected according to the number sequence of the execution units (e.g., the sequence from small to large, such as the sequence from large to small), and the like, and the specific selection manner is not limited.
When a plurality of security evaluation instances with the same priority exist, the security evaluation instances can be selected and distributed to the execution unit according to a preset distribution rule, wherein the preset distribution rule can be selected randomly, or can be selected according to the sequence of the security evaluation instances added into the message queue, and the like, and the specific distribution method is not limited.
And secondly, taking out the security evaluation instances in the message queue and distributing the security evaluation instances to the execution units in a polling mode.
If there are 6 security evaluation instances in the message queue, the security evaluation instances are arranged in the order of priority from high to low: a safety evaluation example 1, a safety evaluation example 2, a safety evaluation example 3, a safety evaluation example 4, a safety evaluation example 5, and a safety evaluation example 6;
the execution units are 4 in total and are respectively as follows: an execution unit 1, an execution unit 2, an execution unit 3, and an execution unit 4;
this embodiment takes sequential polling from execution unit 1 to execution unit 4 as an example: the process of distributing the security assessment instance to the execution unit is:
distributing the security evaluation example 1 to the execution unit 1, distributing the security evaluation example 2 to the execution unit 2, distributing the security evaluation example 3 to the execution unit 3, distributing the security evaluation example 4 to the execution unit 4, distributing the security evaluation example 5 to the execution unit 1, and distributing the security evaluation example 6 to the execution unit 2;
when the security evaluation instance 7 is newly added in the message queue, the security evaluation instance 7 is distributed to the execution unit 3.
Each execution unit preferentially executes the safety evaluation example which is firstly distributed to the execution unit, for example, the execution unit 1 firstly executes the safety evaluation example 1 and then executes the safety evaluation example 5.
The execution unit in the embodiment of the application may be a device capable of performing only a single thread, or may be a device capable of performing multiple threads, that is, multiple security evaluation instances may be simultaneously executed.
When a plurality of idle execution units exist, one idle execution unit can be selected according to a preset selection rule to distribute the evaluation example; the preset selection rule may be selected randomly, or may be selected according to the number sequence of the execution units (e.g., the sequence from small to large, such as the sequence from large to small), and the like, and the specific selection manner is not limited.
When a plurality of security evaluation instances with the same priority exist, the security evaluation instances can be selected and distributed to the execution unit according to a preset distribution rule, wherein the preset distribution rule can be selected randomly, or can be selected according to the sequence of the security evaluation instances added into the message queue, and the like, and the specific distribution method is not limited.
When the execution unit acquires the safety evaluation example, disassembling the safety evaluation example into a safety evaluation program and configuration information of an information service system needing to be evaluated; and then operating the safety evaluation program, and transmitting the configuration information to obtain a safety evaluation result.
The two examples provided in the embodiment of the application, which distribute the security evaluation examples to the execution units, can achieve load balance of each execution unit, improve execution efficiency and save resources; meanwhile, the load balance can also complete the execution of all safety evaluation instances on the premise of shortest total use time.
In the implementation of the application, when the information service system needs to be newly evaluated, the configuration information of the information service system needing to be evaluated and the existing safety evaluation program are combined to form a new safety evaluation example, the priority is distributed, and the new safety evaluation example is added into a message queue; no reconfiguration of the architecture is required.
In the implementation of the application, when the information service system needs to be newly evaluated, a new safety evaluation program and the configuration information of the existing information service system needing to be evaluated are combined to form a new safety evaluation example, the priority is distributed, and the new safety evaluation example is added into a message queue; no reconfiguration of the architecture is required.
Based on the same inventive concept, the embodiment of the application also provides an information service safety evaluation device. Referring to fig. 2, fig. 2 is a schematic structural diagram of an apparatus applied to the above technology in the embodiment of the present application. The device comprises: a management unit 201, a joining unit 202, a distribution unit 203, and an execution unit 204;
the management unit 201 is configured to combine the security evaluation program and the configuration information of the information service system to be evaluated to form a plurality of security evaluation instances; assigning a priority to the security assessment instance; acquiring a safety evaluation result of the execution unit 204 executing the safety evaluation example;
the adding unit 202 is used for adding the security evaluation instance in the security evaluation instance with the priority assigned by the management unit 201 into a message queue as a message object;
the distribution unit 203 is used for distributing the security evaluation instances added into the message queue by the adding unit 202 to the execution unit 204 from high to low in priority;
and the execution unit 204 is used for executing the security evaluation instance distributed by the distribution unit 203.
Preferably, the first and second electrodes are formed of a metal,
the management unit 201 is specifically configured to, when assigning a priority to the security evaluation instance, assign a priority to the security evaluation instance according to time required for executing the security evaluation instance.
Preferably, the first and second electrodes are formed of a metal,
the distributing unit 203 is specifically configured to, if there are multiple execution units 204 executing the security evaluation instances, take out the security evaluation instances from the message queue, distribute the security evaluation instances to the multiple execution units 204 according to a load balancing principle, and trigger the multiple execution units 204 to execute the security evaluation instances.
Preferably, the first and second electrodes are formed of a metal,
the distributing unit 203 is specifically configured to take out and distribute the security evaluation instance with the highest priority in the message queue to the idle execution unit 204, wait until the idle execution unit 204 exists in the plurality of execution units if the idle execution unit 204 does not exist, and then distribute the security evaluation instance with the highest priority in the message queue to the currently idle execution unit 204.
Preferably, the first and second electrodes are formed of a metal,
the distributing unit 203 is specifically configured to take out the security evaluation instances in the message queue and distribute the security evaluation instances to the executing unit 204 in a polling manner.
Preferably, the first and second electrodes are formed of a metal,
the safety evaluation programs are one or more;
the configuration information of the information service system needing to be evaluated is one or more.
In the execution mode, all execution units form an annular linked list, and a pointer is established to point to one execution unit in the annular linked list; the method comprises the steps of obtaining a safety evaluation example obtained by a subunit from the safety evaluation example, sending the safety evaluation example to an execution unit of which a pointer points to an annular linked list, and after the safety evaluation example is sent, pointing the pointer to the next execution unit of the annular linked list, and circulating continuously in the way to realize load balance of all the execution units.
The units of the above embodiments may be integrated into one body, or may be separately deployed; may be combined into one unit or further divided into a plurality of sub-units.
In another embodiment, an electronic device is further provided, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps of the information service security evaluation method when executing the program.
In another embodiment, a computer-readable storage medium is also provided, having stored thereon computer instructions, which when executed by a processor, may implement the steps in the information service security assessment method.
Fig. 3 is a schematic physical structure diagram of an electronic device according to an embodiment of the present invention. As shown in fig. 3, the electronic device may include: a Processor (Processor)310, a communication Interface (Communications Interface)320, a Memory (Memory)330 and a communication bus 340, wherein the Processor 310, the communication Interface 320 and the Memory 330 communicate with each other via the communication bus 340. The processor 310 may call logic instructions in the memory 330 to perform the following method:
combining the safety evaluation program and the configuration information of the information service system to be evaluated to form a plurality of safety evaluation examples;
assigning a priority to the security assessment instance;
adding the security evaluation instance as a message object into a message queue;
sequencing the safety evaluation instances in the message queue according to the priority from high to low;
and taking out the safety evaluation example from the message queue to execute and obtain a safety evaluation result.
In addition, the logic instructions in the memory 330 may be implemented in the form of software functional units and stored in a computer readable storage medium when the software functional units are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (10)
1. An information service security assessment method, characterized in that the method comprises:
combining the safety evaluation program and the configuration information of the information service system to be evaluated to form a plurality of safety evaluation examples;
assigning a priority to the security assessment instance;
adding the security evaluation instance as a message object into a message queue;
sequencing the safety evaluation instances in the message queue according to the priority from high to low;
and taking out the safety evaluation example from the message queue to execute and obtain a safety evaluation result.
2. The method of claim 1, wherein assigning a priority to the security assessment instance assigns a priority to the security assessment instance in accordance with a time required to execute the security assessment instance.
3. The method of claim 1, wherein said retrieving said security assessment instance from said message queue is performed by:
and if the number of the execution units executing the safety evaluation examples is multiple, taking out the safety evaluation examples from the message queue, distributing the safety evaluation examples to the multiple execution units according to a load balancing principle, and executing the safety evaluation examples through the multiple execution units.
4. The method of claim 3, wherein said fetching said security evaluation instance from said message queue for distribution to a plurality of said execution units on a load balancing basis comprises:
and taking out and distributing the security evaluation instance with the highest priority in the message queue to an idle execution unit, if the idle execution unit does not exist, waiting until the idle execution unit exists in the plurality of execution units, and then distributing the security evaluation instance with the highest priority in the message queue to the currently idle execution unit.
5. The method of claim 3, wherein said fetching said security evaluation instances from said message queue to distribute to said plurality of execution units on a load balancing basis comprises:
and taking out the security evaluation instances in the message queue and distributing the security evaluation instances to the execution units in a polling mode.
6. The method according to any one of claims 1 to 5,
the safety evaluation programs are one or more;
the configuration information of the information service system needing to be evaluated is one or more.
7. An information service security assessment apparatus, characterized in that the apparatus comprises: the system comprises a management unit, a joining unit, a distributing unit and an executing unit;
the management unit is used for combining the safety evaluation program and the configuration information of the information service system to be evaluated to form a plurality of safety evaluation examples; assigning a priority to the security assessment instance; acquiring a safety evaluation result of the execution unit executing the safety evaluation example;
the adding unit is used for adding the safety evaluation examples in the safety evaluation examples of which the priorities are distributed by the management unit into a message queue as message objects; sequencing the safety evaluation instances in the message queue according to the priority from high to low;
the distribution unit is used for taking out the security evaluation instance from the message queue and distributing the security evaluation instance to the execution unit;
the execution unit is used for executing the safety evaluation examples distributed by the distribution unit.
8. The apparatus of claim 7,
the management unit is specifically configured to, when assigning a priority to the security evaluation instance, assign a priority to the security evaluation instance according to time required for executing the security evaluation instance.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method according to any of claims 1-6 when executing the program.
10. A computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, is adapted to carry out the method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010263607.4A CN111506898A (en) | 2020-04-07 | 2020-04-07 | Information service security evaluation method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010263607.4A CN111506898A (en) | 2020-04-07 | 2020-04-07 | Information service security evaluation method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111506898A true CN111506898A (en) | 2020-08-07 |
Family
ID=71867278
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010263607.4A Pending CN111506898A (en) | 2020-04-07 | 2020-04-07 | Information service security evaluation method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111506898A (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6763520B1 (en) * | 2000-08-24 | 2004-07-13 | Cognos Incorporated | Fair assignment of processing resources to queued requests |
| CN107153615A (en) * | 2017-05-19 | 2017-09-12 | 千寻位置网络有限公司 | The method and system of software test, service terminal |
| CN110210789A (en) * | 2019-06-17 | 2019-09-06 | 广东电网有限责任公司 | Resource distribution dispatching method, the device, equipment of power grid test business |
-
2020
- 2020-04-07 CN CN202010263607.4A patent/CN111506898A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6763520B1 (en) * | 2000-08-24 | 2004-07-13 | Cognos Incorporated | Fair assignment of processing resources to queued requests |
| CN107153615A (en) * | 2017-05-19 | 2017-09-12 | 千寻位置网络有限公司 | The method and system of software test, service terminal |
| CN110210789A (en) * | 2019-06-17 | 2019-09-06 | 广东电网有限责任公司 | Resource distribution dispatching method, the device, equipment of power grid test business |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110535831B (en) | Kubernetes and network domain-based cluster security management method and device and storage medium | |
| US20170346927A1 (en) | Information processing method, client, server and computer-readable storage medium | |
| US8825750B2 (en) | Application server management system, application server management method, management apparatus, application server and computer program | |
| CN109800160B (en) | Cluster server fault testing method and related device in machine learning system | |
| CN106878045B (en) | Service calling method and device | |
| CN110287701A (en) | A kind of malicious file detection method, device, system and associated component | |
| CN107766730A (en) | A kind of method that leak early warning is carried out for extensive target | |
| CN112925651A (en) | Application resource deployment method, device, electronic equipment and medium | |
| CN107623731A (en) | A kind of method for scheduling task, client, service cluster and system | |
| CN111858083A (en) | Remote service calling method and device, electronic equipment and storage medium | |
| CN112925652A (en) | Application resource deployment method, device, electronic equipment and medium | |
| CN113626173B (en) | Scheduling method, scheduling device and storage medium | |
| WO2019062066A1 (en) | On-line task execution method for terminal device, server, and readable storage medium | |
| US10025646B2 (en) | Naming of nodes in NET framework | |
| CN111522744A (en) | Service testing method, device and computer readable storage medium | |
| CN112565225B (en) | Method and device for data transmission, electronic equipment and readable storage medium | |
| CN109918140A (en) | A kind of cloud application method of controlling operation thereof and device | |
| CN108667750B (en) | Virtual resource management method and device | |
| CN111770170B (en) | Request processing method, device, equipment and computer storage medium | |
| CN113608751A (en) | Operation method, device and equipment of reasoning service platform and storage medium | |
| CN112866036A (en) | Network flow simulation method and system of cloud computing platform and computer storage medium | |
| CN103034545B (en) | Communication means between communications framework based on ACE and method and functional module | |
| CN111008146A (en) | Method and system for testing safety of cloud host | |
| CN111506898A (en) | Information service security evaluation method and device | |
| CN116756282A (en) | Task processing method, server, language prediction system and man-machine interaction system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200807 |
|
| RJ01 | Rejection of invention patent application after publication |