CN112328579A - Method for customizing database security audit in cloud environment - Google Patents

Method for customizing database security audit in cloud environment Download PDF

Info

Publication number
CN112328579A
CN112328579A CN202011357325.7A CN202011357325A CN112328579A CN 112328579 A CN112328579 A CN 112328579A CN 202011357325 A CN202011357325 A CN 202011357325A CN 112328579 A CN112328579 A CN 112328579A
Authority
CN
China
Prior art keywords
tenant
information
cloud
auditing
database
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202011357325.7A
Other languages
Chinese (zh)
Inventor
王飞飞
范渊
刘博�
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Dbappsecurity Technology Co Ltd
Original Assignee
Hangzhou Dbappsecurity Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dbappsecurity Technology Co Ltd filed Critical Hangzhou Dbappsecurity Technology Co Ltd
Priority to CN202011357325.7A priority Critical patent/CN112328579A/en
Publication of CN112328579A publication Critical patent/CN112328579A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/21Design, administration or maintenance of databases
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/25Integrating or interfacing systems involving database management systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/28Databases characterised by their database models, e.g. relational or object models
    • G06F16/284Relational databases

Abstract

The application relates to a method, a device, computer equipment and a computer-readable storage medium for customizing database security audit in a cloud environment, wherein the method comprises the following steps: acquiring database traffic and cloud tenant information of a cloud tenant; obtaining log information and key-value pair information of the cloud tenant by analyzing the database traffic; according to the cloud tenant information, the tenant mark of the cloud tenant is added into the log information, and auditing is carried out on the log information based on the key value pair information and the log information with the tenant mark, so that an auditing result is obtained, the problem that the operation and maintenance cost of a database security auditing system in the related technology is high is solved, the cloud tenant does not need to employ security personnel to maintain the database auditing system, and the operation and maintenance cost is saved.

Description

Method for customizing database security audit in cloud environment
Technical Field
The application relates to the field of computers, in particular to a method and a device for safety audit of a customized database in a cloud environment, computer equipment and a computer readable storage medium.
Background
The Database security Audit System (DAS) is mainly used to monitor and record various operation behaviors on the Database server, analyze network data, intelligently analyze various operations on the Database server in real time, and record the operations into the Audit Database so as to perform querying, analyzing, and filtering in the future, thereby monitoring and auditing user operations of the target Database System.
In the related art, enterprises in need want to use the database security audit service, need to purchase a database security audit system of a security manufacturer, and need to purchase maintenance service of the security manufacturer and employ special security personnel, and the operation and maintenance cost is high.
At present, no effective solution is provided for the problems of correlation and high operation and maintenance cost of a security audit system of a database in the related technology.
Disclosure of Invention
The embodiment of the application provides a method and a device for customizing database security audit in a cloud environment, computer equipment and a computer readable storage medium, so as to at least solve the problem of high operation and maintenance cost of a database security audit system in the related technology.
In a first aspect, an embodiment of the present application provides a method for customizing security audit of a database in a cloud environment, where the method includes:
acquiring database traffic and cloud tenant information of a cloud tenant;
obtaining log information and key-value pair information of the cloud tenant by analyzing the database traffic;
and adding a tenant mark of the cloud tenant into the log information according to the cloud tenant information, and auditing the information and the log information with the tenant mark based on the key value to obtain an auditing result.
In one embodiment, the method further comprises:
and distributing computing resources for the cloud tenants according to the cloud tenant information.
In one embodiment, before the acquiring cloud tenant database traffic and cloud tenant information, the method further includes:
and installing proxy service at the client or the cloud.
In one embodiment, according to the cloud tenant information, adding a tenant flag of the cloud tenant into the log information, and performing audit based on the key-value pair information and the log information with the tenant flag to obtain an audit result, including:
and adding a tenant mark of the cloud tenant into a log based on the payment information in the cloud tenant information, and auditing the key value pair information and the log information with the tenant mark based on the payment information in the cloud tenant information and configured auditing rules to obtain an auditing result.
In a second aspect, the application provides a device for security audit of a customized database in a cloud environment, wherein the device comprises an acquisition module, an analysis module and an audit module;
the acquisition module is used for acquiring database traffic and cloud tenant information of the cloud tenant;
the analysis module is used for obtaining the log information and the key value pair information of the cloud tenant by analyzing the database traffic of the cloud tenant;
the auditing module is used for adding a tenant mark of the cloud tenant into the log information based on the cloud tenant information, auditing the information and the log information with the tenant mark based on the key value to obtain an auditing result.
In one embodiment, the auditing module is further configured to add a tenant flag of the cloud tenant into the log based on the payment information in the cloud tenant information, and audit the key value pair information and the log information with the tenant flag based on the payment information in the cloud tenant information and a configured auditing rule to obtain an auditing result.
In one embodiment, the apparatus is further configured to install a proxy service at the client or cloud.
In a third aspect, an embodiment of the present application provides a computer device, including a memory and a processor, where the memory stores a computer program, and the processor implements the following steps when executing the computer program:
and S1, acquiring the database traffic and cloud tenant information of the cloud tenant.
And S2, obtaining the log information and key-value pair information of the cloud tenant by analyzing the database flow.
S3, according to the cloud tenant information, adding a tenant mark of the cloud tenant into the log information, and auditing the log information with the tenant mark based on the key value pair information to obtain an auditing result.
In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the following steps:
and S1, acquiring the database traffic and cloud tenant information of the cloud tenant.
And S2, obtaining the log information and key-value pair information of the cloud tenant by analyzing the database flow.
S3, according to the cloud tenant information, adding a tenant mark of the cloud tenant into the log information, and auditing the log information with the tenant mark based on the key value pair information to obtain an auditing result.
The method, the device, the computer equipment and the computer readable storage medium for customizing the security audit of the database in the cloud environment are used for acquiring the database flow and the cloud tenant information of the cloud tenant; obtaining log information and key-value pair information of the cloud tenant by analyzing the database traffic; and adding a tenant mark of the cloud tenant into the log information according to the cloud tenant information, and auditing the information and the log information with the tenant mark based on the key value to obtain an auditing result. According to the method, after the cloud server side obtains the database flow and the cloud tenant information of the cloud tenant, the database flow is analyzed, log information and key value pair information required for database security audit are obtained, then the tenant mark is added into the log information, then the log information and the key value pair information with the tenant mark are audited, and an audit result is obtained.
The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below to provide a more thorough understanding of the application.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
FIG. 1 is a diagram of an application environment for a method for customizing database security audits in a cloud environment, according to an embodiment;
FIG. 2 is a flow diagram of a method for customizing database security audits in a cloud environment according to an embodiment of the application;
FIG. 3 is a flow diagram of a method for customized database security auditing in a cloud environment, according to another embodiment of the present application;
FIG. 4 is a block diagram of an apparatus for customized database security audit in a cloud environment according to an embodiment of the present application;
FIG. 5 is a block diagram of an apparatus for customized database security auditing in a cloud environment, according to another embodiment of the present application;
fig. 6 is a schematic structural diagram of a computer device for a method for customizing security audit of a database in a cloud environment according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be described and illustrated below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments provided in the present application without any inventive step are within the scope of protection of the present application.
It is obvious that the drawings in the following description are only examples or embodiments of the present application, and that it is also possible for a person skilled in the art to apply the present application to other similar contexts on the basis of these drawings without inventive effort. Moreover, it should be appreciated that in the development of any such actual implementation, as in any engineering or design project, numerous implementation-specific decisions must be made to achieve the developers' specific goals, such as compliance with system-related and business-related constraints, which may vary from one implementation to another.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the specification. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of ordinary skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments without conflict.
Unless defined otherwise, technical or scientific terms referred to herein shall have the ordinary meaning as understood by those of ordinary skill in the art to which this application belongs. Reference to "a," "an," "the," and similar words throughout this application are not to be construed as limiting in number, and may refer to the singular or the plural. The present application is directed to the use of the terms "including," "comprising," "having," and any variations thereof, which are intended to cover non-exclusive inclusions; for example, a process, method, system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to the listed steps or elements, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. Reference to "connected," "coupled," and the like in this application is not intended to be limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. The term "plurality" as referred to herein means two or more.
FIG. 1 is a diagram of an application environment of a method for customizing database security audits in a cloud environment, according to an embodiment. Referring to fig. 1, the method for customizing database security audit in cloud environment is applied to a device for customizing database security audit in cloud environment. The device for customizing the database security audit in the cloud environment comprises a terminal 102 and a server 104. The terminal 102 and the server 104 are connected via a network. The terminal 102 may be a desktop terminal or a mobile terminal, and the mobile terminal may be at least one of a mobile phone, a tablet computer, a notebook computer, and the like. The server 104 may be implemented as a stand-alone server or as a server cluster comprised of multiple servers.
In one embodiment, fig. 2 is a flowchart of a method for customizing database security auditing in a cloud environment according to an embodiment of the present application. As shown in fig. 2, a method for customizing database security audit in cloud environment is provided, which is exemplified by applying the method to the terminal and the server in fig. 1, and includes the following steps:
s201, obtaining database flow and cloud tenant information of a cloud tenant.
Specifically, the database traffic of the cloud tenant may be data generated by the cloud tenant at the terminal, and the cloud tenant information may be payment information of the cloud tenant with respect to the database auditing system in the cloud environment.
S202, obtaining the log information and key value pair information of the cloud tenant by analyzing the database flow.
Specifically, the analysis of the database traffic data first needs to load configuration information of the cloud tenant according to payment information in the cloud tenant information, and then analyzes log information and key value pair information of the cloud tenant.
The key-value pair information may be key-value pair information, and the configuration information includes an analysis protocol and an audit rule.
S203, according to the cloud tenant information, adding a tenant mark of the cloud tenant into the log information, and auditing the information and the log information with the tenant mark based on the key value to obtain an auditing result.
Specifically, after the log information has the tenant flag, the log information having the tenant flag and key value pair information are checked subsequently, where the key value pair information includes, but is not limited to, database operation time, database operation statements, and database operation results.
In the above S201 to S203, after obtaining the database traffic and the cloud tenant information of the cloud tenant, the cloud server analyzes the database traffic to obtain the log information and the key value pair information required for performing the database security audit, and then adds the tenant flag to the log information, and then audits the log information and the key value pair information with the tenant flag to obtain the audit result.
In some optional embodiments, the method for customizing database security audit in a cloud environment further includes:
and distributing computing resources for the cloud tenants according to the cloud tenant information.
Specifically, the payment information of the cloud tenant is obtained according to the cloud tenant information, and then the audit rule and the analysis protocol configured by the cloud tenant can be obtained according to the payment information, so that the computing resources are distributed according to the payment information of the user and the audit rule and the analysis protocol configured by the cloud tenant, and the payment information of the cloud tenant is distributed with the number of containers and the number of processes.
In some optional embodiments, the method for customizing the security audit of the database in the cloud environment,
and sending the audit result to a log storage end according to the tenant mark.
Specifically, after the audit result is obtained, the audit result of the cloud tenant is sent to a log storage end to be stored. It should be noted that the log storage end stores according to a tenant flag included in the log.
In some optional embodiments, before the acquiring cloud tenant database traffic and cloud tenant information, the method further includes:
and installing proxy service at the client or the cloud.
In particular, the proxy service is an interface.
As an alternative embodiment, if the proxy service is installed in the client, the registration information of the cloud tenant on the server may be placed in the client, but the client may communicate with the cloud server through the proxy service.
As an alternative embodiment, if the proxy service is installed in the cloud server, a remote access interface is provided, and the remote access interface can be used for cloud tenant registration, configuration information and management information.
In some optional embodiments, the adding, based on the cloud tenant information, a tenant flag of the cloud tenant into a log, and performing audit based on the key-value pair information and the log information with the tenant flag to obtain an audit result includes:
and adding a tenant mark of the cloud tenant into a log based on the payment information in the cloud tenant information, and auditing the key value pair information and the log information with the tenant mark based on the payment information in the cloud tenant information and configured auditing rules to obtain an auditing result.
Specifically, if the audit rules configured by each cloud tenant are different, the contents included in the corresponding key-value pair information are also different.
In one embodiment, fig. 3 is a flow diagram of a method for customizing database security auditing in a cloud environment according to another embodiment of the present application. As shown in fig. 2, a method for customizing database security audit in cloud environment is provided, which is exemplified by applying the method to the terminal and the server in fig. 1, and includes the following steps:
step S301, obtaining database traffic and cloud tenant information of the cloud tenant.
Specifically, the database traffic of the cloud tenant may be data generated by the cloud tenant at the terminal, and the cloud tenant information may be payment information of the cloud tenant with respect to the database auditing system in the cloud environment. Step S302, computing resources are distributed to the cloud tenants according to the cloud tenant information.
Specifically, payment information of the cloud tenant is obtained according to the cloud tenant information, and an audit rule and an analysis protocol configured by the cloud tenant can be obtained according to the payment information, so that computing resources are distributed according to the payment information of the user and the audit rule and the analysis protocol configured by the cloud tenant, and the payment information of the cloud tenant distributes the number of containers and the number of processes.
Step S303, obtaining the log information and key value pair information of the cloud tenant by analyzing the database flow.
Specifically, the analysis of the database traffic data first needs to load configuration information of the cloud tenant according to payment information in the cloud tenant information, and then analyzes log information and key value pair information of the cloud tenant.
The key-value pair information may be key-value pair information, and the configuration information includes an analysis protocol and an audit rule.
Step S304, according to the cloud tenant information, adding a tenant mark of the cloud tenant into the log information, and auditing the information and the log information with the tenant mark based on the key value to obtain an auditing result.
Specifically, after the log information is provided with the tenant flag, the log information provided with the tenant flag and the key value pair information are subsequently checked, wherein the key value pair information includes but is not limited to database operation time, database operation statements, and database operation results.
And step S305, sending the auditing result to a log storage end according to the tenant mark.
In particular, the proxy service is an interface.
As an alternative embodiment, if the proxy service is installed in the client, the registration information of the cloud tenant on the server may be placed in the client, but the client may communicate with the cloud server through the proxy service.
As an alternative embodiment, if the proxy service is installed in the cloud server, a remote access interface is provided, and the remote access interface can be used for cloud tenant registration, configuration information and management information.
In the steps S301 to S305, after the cloud server side obtains the database traffic and the cloud tenant information of the cloud tenant, the database traffic is analyzed, log information and key value pair information required for performing security audit of the database are obtained, a tenant flag is added to the log information, then, the log information and the key value pair information with the tenant flag are audited, and an audit result is obtained.
Based on the same inventive concept, the application also provides a device for customizing the security audit of the database in the cloud environment, and the device is used for realizing the embodiment and the optional implementation mode, and is not described again after being explained. As used hereinafter, the terms "module," "unit," "subunit," and the like may implement a combination of software and/or hardware for a predetermined function. While the system described in the embodiments below is preferably implemented in software, implementations in hardware, or a combination of software and hardware are also possible and contemplated.
In one embodiment, fig. 4 is a block diagram of an apparatus for customized database security audit in a cloud environment according to an embodiment of the present application. As shown in fig. 4, an apparatus for customizing security audit of a database in a cloud environment is provided, which includes an obtaining module 41, a parsing module 42, and an auditing module 43.
The obtaining module 41 is configured to obtain database traffic and cloud tenant information of a cloud tenant.
The analysis module 42 is configured to obtain log information and key-value pair information of the cloud tenant by analyzing the database traffic of the cloud tenant.
The auditing module 43 adds the tenant flag of the cloud tenant into the log information based on the cloud tenant information, and audits the log information with the tenant flag based on the key value pair information to obtain an auditing result.
In some optional embodiments, the auditing module 43 is further configured to add a tenant flag of the cloud tenant into the log based on the payment information in the cloud tenant information, and audit the key value pair information and the log information with the tenant flag based on the payment information in the cloud tenant information and a configured auditing rule to obtain an auditing result.
In some optional embodiments, the apparatus is further configured to install a proxy service at the client or cloud.
In one embodiment, fig. 5 is a block diagram of an apparatus for customized database security audit in a cloud environment according to an embodiment of the present application. As shown in fig. 5, an apparatus for customizing security audit of a database in a cloud environment is provided, which includes an obtaining module 51, an allocating module 52, a parsing module 53, an auditing module 54, and a storing module 55.
The obtaining module 51 is configured to obtain database traffic and cloud tenant information of a cloud tenant.
The allocating module 52 is configured to allocate computing resources to the cloud tenant according to the cloud tenant information.
The analysis module 53 is configured to obtain the log information and the key-value pair information of the cloud tenant by analyzing the database traffic.
The auditing module 54 is configured to add a tenant flag of the cloud tenant into the log information according to the cloud tenant information, and audit the log information with the tenant flag based on the key value pair information to obtain an auditing result.
And the storage module 55 sends the audit result to a log storage end according to the tenant flag.
In one embodiment, a computer device is provided, and fig. 6 is a schematic structural diagram of a computer device according to a method for customizing security audit of a database in a cloud environment in an embodiment of the present invention, where the computer device may be a server, and an internal structural diagram of the computer device may be as shown in fig. 6. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing data. The network interface of the computer device is used for communicating with an external terminal through a network connection. When the processor executes the computer program, the method for customizing the security audit of the database in the cloud environment is realized, and the method comprises the following steps:
and S1, acquiring the database traffic and cloud tenant information of the cloud tenant.
And S2, obtaining the log information and key-value pair information of the cloud tenant by analyzing the database flow.
S3, according to the cloud tenant information, adding a tenant mark of the cloud tenant into the log information, and auditing the log information with the tenant mark based on the key value pair information to obtain an auditing result.
As an implementation, the method further includes:
and distributing computing resources for the cloud tenants according to the cloud tenant information.
As an implementation, the method further includes:
and sending the audit result to a log storage end according to the tenant mark.
As an implementable manner, before the obtaining cloud tenant database traffic and cloud tenant information, the method further includes:
and installing proxy service at the client or the cloud.
As an implementation manner, in the above S3, according to the cloud tenant information, adding the tenant flag of the cloud tenant into the log information, and performing audit based on the key value pair information and the log information with the tenant flag to obtain an audit result, which may be implemented by the following manners:
and adding a tenant mark of the cloud tenant into a log based on the payment information in the cloud tenant information, and auditing the key value pair information and the log information with the tenant mark based on the payment information in the cloud tenant information and configured auditing rules to obtain an auditing result.
An embodiment of the present application further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements a method for customizing security audit of a database in a cloud environment, and the method includes the following steps:
and S1, acquiring the database traffic and cloud tenant information of the cloud tenant.
And S2, obtaining the log information and key-value pair information of the cloud tenant by analyzing the database flow.
S3, according to the cloud tenant information, adding a tenant mark of the cloud tenant into the log information, and auditing the log information with the tenant mark based on the key value pair information to obtain an auditing result.
As an implementation, the method further includes:
and distributing computing resources for the cloud tenants according to the cloud tenant information.
As an implementation, the method further includes:
and sending the audit result to a log storage end according to the tenant mark.
As an implementable manner, before the obtaining cloud tenant database traffic and cloud tenant information, the method further includes:
and installing proxy service at the client or the cloud.
As an implementation manner, in the above S3, according to the cloud tenant information, adding the tenant flag of the cloud tenant into the log information, and performing audit based on the key value pair information and the log information with the tenant flag to obtain an audit result, which may be implemented by the following manners:
and adding a tenant mark of the cloud tenant into a log based on the payment information in the cloud tenant information, and auditing the key value pair information and the log information with the tenant mark based on the payment information in the cloud tenant information and configured auditing rules to obtain an auditing result.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. A method for customizing database security audit in a cloud environment is characterized by comprising the following steps:
acquiring database traffic and cloud tenant information of a cloud tenant;
obtaining log information and key-value pair information of the cloud tenant by analyzing the database traffic;
and adding a tenant mark of the cloud tenant into the log information according to the cloud tenant information, and auditing the information and the log information with the tenant mark based on the key value to obtain an auditing result.
2. The method of claim 1, further comprising:
and distributing computing resources for the cloud tenants according to the cloud tenant information.
3. The method of claim 1, further comprising:
and sending the audit result to a log storage end according to the tenant mark.
4. The method of claim 1, prior to the obtaining cloud tenant database traffic and cloud tenant information, further comprising:
and installing proxy service at the client or the cloud.
5. The method according to claim 1, wherein the adding a tenant flag of the cloud tenant into a log based on the cloud tenant information, and auditing the log information with the tenant flag based on the key-value pair information to obtain an auditing result includes:
and adding a tenant mark of the cloud tenant into a log based on the payment information in the cloud tenant information, and auditing the key value pair information and the log information with the tenant mark based on the payment information in the cloud tenant information and configured auditing rules to obtain an auditing result.
6. The device for customizing the security audit of the database in the cloud environment is characterized by comprising an acquisition module, an analysis module and an audit module;
the acquisition module is used for acquiring database traffic and cloud tenant information of the cloud tenant;
the analysis module is used for obtaining the log information and the key value pair information of the cloud tenant by analyzing the database traffic of the cloud tenant;
the auditing module is used for adding a tenant mark of the cloud tenant into the log information based on the cloud tenant information, auditing the information and the log information with the tenant mark based on the key value to obtain an auditing result.
7. The apparatus of claim 6, wherein the auditing module is further configured to add a tenant flag of the cloud tenant into the log based on payment information in the cloud tenant information, and audit the key-value pair information and the log information with the tenant flag based on the payment information in the cloud tenant information and configured auditing rules to obtain an auditing result.
8. The apparatus of claim 7, further configured to install a proxy service at a client or cloud.
9. A computer device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor when executing the computer program implements a method for customized database security auditing in a cloud environment as claimed in any one of claims 1 to 5.
10. A computer-readable storage medium having stored thereon a computer program, which when executed by a processor implements a method for customized database security auditing in a cloud environment according to any one of claims 1 to 5.
CN202011357325.7A 2020-11-27 2020-11-27 Method for customizing database security audit in cloud environment Withdrawn CN112328579A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011357325.7A CN112328579A (en) 2020-11-27 2020-11-27 Method for customizing database security audit in cloud environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011357325.7A CN112328579A (en) 2020-11-27 2020-11-27 Method for customizing database security audit in cloud environment

Publications (1)

Publication Number Publication Date
CN112328579A true CN112328579A (en) 2021-02-05

Family

ID=74308653

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011357325.7A Withdrawn CN112328579A (en) 2020-11-27 2020-11-27 Method for customizing database security audit in cloud environment

Country Status (1)

Country Link
CN (1) CN112328579A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103329129A (en) * 2011-01-12 2013-09-25 国际商业机器公司 Multi-tenant audit awareness in support of cloud environments
CN103428177A (en) * 2012-05-18 2013-12-04 中兴通讯股份有限公司 Configuration and generation method and device for cloud environment audit logs and/or security events
US20160056993A1 (en) * 2014-08-20 2016-02-25 International Business Machines Corporation Tenant-Specific Log for Events Related to a Cloud-Based Service
CN109729147A (en) * 2018-11-28 2019-05-07 国云科技股份有限公司 The auditing system and implementation method of multi-tenant are supported under a kind of cloud environment
CN110134653A (en) * 2019-05-17 2019-08-16 杭州安恒信息技术股份有限公司 It is a kind of to utilize log auxiliary data base auditing method and system
CN111988295A (en) * 2020-08-11 2020-11-24 程星星 Database auditing method and device, WEB server, database auditing system and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103329129A (en) * 2011-01-12 2013-09-25 国际商业机器公司 Multi-tenant audit awareness in support of cloud environments
CN103428177A (en) * 2012-05-18 2013-12-04 中兴通讯股份有限公司 Configuration and generation method and device for cloud environment audit logs and/or security events
US20160056993A1 (en) * 2014-08-20 2016-02-25 International Business Machines Corporation Tenant-Specific Log for Events Related to a Cloud-Based Service
CN109729147A (en) * 2018-11-28 2019-05-07 国云科技股份有限公司 The auditing system and implementation method of multi-tenant are supported under a kind of cloud environment
CN110134653A (en) * 2019-05-17 2019-08-16 杭州安恒信息技术股份有限公司 It is a kind of to utilize log auxiliary data base auditing method and system
CN111988295A (en) * 2020-08-11 2020-11-24 程星星 Database auditing method and device, WEB server, database auditing system and storage medium

Similar Documents

Publication Publication Date Title
CN108965381B (en) Nginx-based load balancing implementation method and device, computer equipment and medium
CN109766696B (en) Method and device for setting software permission, storage medium and electronic device
CN108256118B (en) Data processing method, device, system, computing equipment and storage medium
CN111193716B (en) Service data calling method and device, computer equipment and storage medium
CN112867988A (en) Implementing compliance settings by a mobile device to follow a configuration scenario
US8661456B2 (en) Extendable event processing through services
CN110620812A (en) Interactive information pushing method and device, computer equipment and storage medium
CN111143163A (en) Data monitoring method and device, computer equipment and storage medium
CN109543891B (en) Method and apparatus for establishing capacity prediction model, and computer-readable storage medium
CN110222535B (en) Processing device, method and storage medium for block chain configuration file
CN110661853A (en) Data proxy method, device, computer equipment and readable storage medium
US20200351293A1 (en) Out-of-band management security analysis and monitoring
CN112016122A (en) Webpage data processing method and device, computer equipment and storage medium
CN110531984B (en) Code compiling method, device, system, computer equipment and storage medium
CN109977644B (en) Hierarchical authority management method under Android platform
CN112019377B (en) Method, system, electronic device and storage medium for network user role identification
CN110968400B (en) Application program execution method and device, computer equipment and storage medium
CN109831521B (en) Cache instance management method and device, computer equipment and storage medium
CN110581849B (en) Method, device, equipment and storage medium for monitoring historical repaired bugs
US20210157949A1 (en) Event data tagged with consent records
CN111813627A (en) Application auditing method, device, terminal, system and readable storage medium
CN112328579A (en) Method for customizing database security audit in cloud environment
CN116049822A (en) Application program supervision method, system, electronic device and storage medium
CN105338058A (en) Application updating method and device
CN110889539B (en) Method, system and device for organizing spot market clearing cases based on cloud platform

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20210205