CN113810371B - Safety management method for software and hardware decoupling platform - Google Patents
Safety management method for software and hardware decoupling platform Download PDFInfo
- Publication number
- CN113810371B CN113810371B CN202110892564.0A CN202110892564A CN113810371B CN 113810371 B CN113810371 B CN 113810371B CN 202110892564 A CN202110892564 A CN 202110892564A CN 113810371 B CN113810371 B CN 113810371B
- Authority
- CN
- China
- Prior art keywords
- safety
- software
- security
- network
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000007726 management method Methods 0.000 title claims abstract description 52
- 238000005111 flow chemistry technique Methods 0.000 claims abstract description 23
- 238000001914 filtration Methods 0.000 claims description 32
- 241000700605 Viruses Species 0.000 claims description 17
- 238000004891 communication Methods 0.000 claims description 14
- 238000000034 method Methods 0.000 claims description 13
- 238000012544 monitoring process Methods 0.000 claims description 12
- 230000008569 process Effects 0.000 claims description 12
- 230000005540 biological transmission Effects 0.000 claims description 11
- 238000012423 maintenance Methods 0.000 claims description 6
- 238000009430 construction management Methods 0.000 claims description 3
- 238000001514 detection method Methods 0.000 claims description 3
- 230000007246 mechanism Effects 0.000 claims description 3
- 238000012545 processing Methods 0.000 claims description 2
- 230000002155 anti-virotic effect Effects 0.000 description 7
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/34—Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Virology (AREA)
- Bioethics (AREA)
- Automation & Control Theory (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a safety management method of a software and hardware decoupling platform, which comprises the following steps: the software and hardware decoupling platform is connected with the safety function assembly through an interface, a universal flow processing bottom layer system is built in the safety function assembly, and the network element management system is downloaded according to the universal flow processing bottom layer system to receive the safety packet; according to the invention, a universal flow processing bottom layer system is built in the safety function assembly, and then a 3-level security tool with equal security standard is installed in the universal flow processing bottom layer system, so that only one assembly can achieve protection of 10 safety functions, thus resource occupation of the safety assembly is greatly reduced, efficiency is improved, the highest cost performance is achieved in the market, high-performance, universal, elastic and polymeric safety platforms and comprehensive virtual safety function VNF are realized by the building block type platform and the safety function assembly, and the applicability of a software and hardware decoupling platform is greatly improved.
Description
Technical Field
The invention relates to the technical field of software management, in particular to a safety management method of a software and hardware decoupling platform.
Background
The software and hardware decoupling platform can be flexibly expanded for user requirements, so that control units of software and hardware are relatively independent, data are safer, in order to guarantee the safety protection of the software and hardware decoupling platform on a target product, currently, 10 safety components are needed in the industry to realize the 3-level equal-protection standard of the software and hardware decoupling platform, the resource occupation of the safety components is greatly increased, the efficiency is reduced and improved, the applicability is poor, and the cost performance is low in the market.
Disclosure of Invention
The invention aims to provide a safety management method for a software and hardware decoupling platform, which solves the problems that the conventional software and hardware decoupling platform reaches a 3-level protection standard, needs more components, occupies more resources and has lower cost performance.
In order to achieve the purpose, the invention provides the following technical scheme: a safety management method for a software and hardware decoupling platform comprises the following steps:
step 1: the software and hardware decoupling platform is connected with the safety function assembly through an interface, and a universal flow processing bottom layer system is built in the safety function assembly;
step 2: downloading a network element management system according to a universal flow processing bottom layer system to receive a safety tool package, wherein a safety configuration file comprises safety configuration information, and each piece of safety configuration information corresponds to one safety tool in the safety tool package;
and step 3: selecting a network equipment safety configuration file, a network information safety configuration file and a network software safety configuration file according to the safety configuration information, and judging whether a corresponding safety tool is installed locally or not through the network equipment safety configuration file, the network information safety configuration file and the network software safety configuration file;
and 4, step 4: selecting network access control such as a firewall, spam filtering, webpage filtering, anti-virus and the like according to a network equipment safety tool, preventing viruses from invading a computer, filtering spam, filtering webpages to avoid bad information, and preventing attack of various viruses;
and 5: selecting a trusted third party according to a network information security tool, wherein the trusted third party is used for distributing secret information to two communication parties and carrying out arbitration when the two parties dispute, and the integrity security refers to that the information is not inserted, deleted, tampered, retransmitted and the like by unauthorized entities in the storage and transmission processes, and the content of the information is not changed;
step 6: and selecting authority management according to a network software safety tool, and enabling an administrator to identify whether the software is trusted or not through a file path, a file Hash value and a file certificate special extension file, wherein if the software is not trusted, the system refuses to execute.
Preferably, in step 5, a plurality of user interfaces are provided, and the management unit is respectively subjected to operation state monitoring, adding or deleting, communication state monitoring and layout.
Preferably, in step 6, the rights management includes: a VM process white list or a VM process blacklist, wherein the VM process white list is a list outside the set of VM process blacklists.
Preferably, in step 2, the traffic processing underlying system has ten functions of security physical environment detection, security network communication monitoring, security data application management, security computing environment maintenance, security management center, security management system, security management mechanism, security management personnel, security construction management, security operation and maintenance management, and the like after being loaded with the security configuration file.
Preferably, in step 5, the secure transmission of information comprises two basic parts: firstly, the transmitted information is safely converted; the second is to send some secret information shared by both parties, such as encryption key, which is kept secret from other users except the trusted third party.
Preferably, in step 4, a snmp server for monitoring network security devices may be used, which monitors a plurality of network security devices simultaneously, and has a log server for a special statistical security log.
Preferably, the software and hardware decoupling platform adopts an innovative 'cordwood-type' agile safety platform architecture of the cloud source.
Compared with the prior art, the invention has the beneficial effects that:
according to the invention, a universal flow processing bottom layer system is built in the safety function assembly, and then a 3-level security tool with equal security standard is installed in the universal flow processing bottom layer system, so that only one assembly can achieve protection of 10 safety functions, thus resource occupation of the safety assembly is greatly reduced, efficiency is improved, the highest cost performance is achieved in the market, high-performance, universal, elastic and aggregated safety platforms and comprehensive virtualized safety function VNF are realized by the building block type platform and the safety function assembly, and the applicability of a software and hardware decoupling platform is greatly improved.
Detailed description of the preferred embodiments
The present invention will now be described in more detail by way of examples, which are given by way of illustration only and are not intended to limit the scope of the present invention in any way.
The invention provides a technical scheme that: a safety management method for a software and hardware decoupling platform comprises the following steps:
step 1: the software and hardware decoupling platform is connected with the safety function assembly through an interface, and a universal flow processing bottom layer system is built in the safety function assembly;
step 2: downloading a network element management system according to a universal flow processing bottom layer system to receive a safety tool package, wherein a safety configuration file comprises safety configuration information, and each piece of safety configuration information corresponds to one safety tool in the safety tool package;
and step 3: selecting a network equipment security configuration file, a network information security configuration file and a network software security configuration file according to the security configuration information, and judging whether a corresponding security tool is installed locally or not through the network equipment security configuration file, the network information security configuration file and the network software security configuration file;
and 4, step 4: selecting network access control such as a firewall, spam filtering, webpage filtering, anti-virus and the like according to a network equipment safety tool, preventing viruses from invading a computer, filtering spam, filtering webpages to avoid bad information, and preventing attack of various viruses;
and 5: according to a network information security tool, a trusted third party is selected, which is responsible for distributing secret information to two communication parties and carrying out arbitration when the two parties dispute, and the integrity security refers to that the information is not inserted, deleted, tampered, retransmitted and the like by unauthorized entities in the storage and transmission processes, and the content of the information is not changed;
and 6: and selecting authority management according to a network software safety tool, and enabling an administrator to identify whether the software is trusted or not through a file path, a file Hash value and a file certificate special extension file, wherein if the software is not trusted, the system refuses to execute.
Examples
The software and hardware decoupling platform is connected with the safety function assembly through an interface, and a universal flow processing bottom layer system is built in the safety function assembly; downloading a network element management system according to a universal flow processing bottom layer system to receive a safety tool package, wherein a safety configuration file comprises safety configuration information, and each piece of safety configuration information corresponds to one safety tool in the safety tool package; selecting a network equipment security configuration file, a network information security configuration file and a network software security configuration file according to the security configuration information, and judging whether a corresponding security tool is installed locally or not through the network equipment security configuration file, the network information security configuration file and the network software security configuration file; selecting network access control such as a firewall, spam filtering, webpage filtering, anti-virus and the like according to a network equipment safety tool, preventing viruses from invading a computer, filtering spam, filtering webpages, avoiding bad information, and preventing attack of various viruses; according to a network information security tool, a trusted third party is selected, which is responsible for distributing secret information to two communication parties and carrying out arbitration when the two parties dispute, and the integrity security refers to that the information is not inserted, deleted, tampered, retransmitted and the like by unauthorized entities in the storage and transmission processes, and the content of the information is not changed; and selecting authority management according to a network software safety tool, and enabling an administrator to identify whether the software is trusted or not through a file path, a file Hash value and a file certificate special extension file, wherein if the software is not trusted, the system refuses to execute.
Examples
In the first embodiment, the following steps are added:
in step 1 and step 2, the flow processing bottom layer system has ten functions of safe physical environment detection, safe network communication monitoring, safe data application management, safe computing environment maintenance, a safe management center, a safe management system, a safe management mechanism, safe management personnel, safe construction management, safe operation and maintenance management and the like after being loaded with a safe configuration file, and the software and hardware decoupling platform adopts an innovative 'cordwood-block-type' flexible safe platform architecture of the cloud resources.
The software and hardware decoupling platform is connected with the safety function assembly through an interface, and a universal flow processing bottom layer system is built in the safety function assembly; downloading a network element management system according to a universal flow processing bottom layer system to receive a safety tool package, wherein a safety configuration file comprises safety configuration information, and each piece of safety configuration information corresponds to one safety tool in the safety tool package; selecting a network equipment safety configuration file, a network information safety configuration file and a network software safety configuration file according to the safety configuration information, and judging whether a corresponding safety tool is installed locally or not through the network equipment safety configuration file, the network information safety configuration file and the network software safety configuration file; selecting network access control such as a firewall, spam filtering, webpage filtering, anti-virus and the like according to a network equipment safety tool, preventing viruses from invading a computer, filtering spam, filtering webpages, avoiding bad information, and preventing attack of various viruses; according to a network information security tool, a trusted third party is selected, which is responsible for distributing secret information to two communication parties and carrying out arbitration when the two parties dispute, and the integrity security refers to that the information is not inserted, deleted, tampered, retransmitted and the like by unauthorized entities in the storage and transmission processes, and the content of the information is not changed; and selecting authority management according to a network software safety tool, and enabling an administrator to identify whether the software is trusted or not through a file path, a file Hash value and a file certificate special extension file, wherein if the software is not trusted, the system refuses to execute.
Examples
In the second embodiment, the following steps are added:
in step 4, the snmp server for monitoring the network security appliance can be used, which monitors a plurality of network security appliances at the same time, and there is a log server for counting the security logs.
The software and hardware decoupling platform is connected with the safety function assembly through an interface, and a universal flow processing bottom layer system is built in the safety function assembly; downloading a network element management system according to a universal flow processing bottom layer system to receive a safety tool package, wherein a safety configuration file comprises safety configuration information, and each piece of safety configuration information corresponds to one safety tool in the safety tool package; selecting a network equipment security configuration file, a network information security configuration file and a network software security configuration file according to the security configuration information, and judging whether a corresponding security tool is installed locally or not through the network equipment security configuration file, the network information security configuration file and the network software security configuration file; selecting network access control such as a firewall, spam filtering, webpage filtering, anti-virus and the like according to a network equipment safety tool, preventing viruses from invading a computer, filtering spam, filtering webpages to avoid bad information, and preventing attack of various viruses; selecting a trusted third party according to a network information security tool, wherein the trusted third party is used for distributing secret information to two communication parties and carrying out arbitration when the two parties dispute, and the integrity security refers to that the information is not inserted, deleted, tampered, retransmitted and the like by unauthorized entities in the storage and transmission processes, and the content of the information is not changed; and selecting authority management according to a network software safety tool, and enabling an administrator to identify whether the software is trusted or not through a file path, a file Hash value and a file certificate special extension file, wherein if the software is not trusted, the system refuses to execute.
Examples
In the third embodiment, the following steps are added:
in step 5, a plurality of user interfaces are set, and the management unit is respectively subjected to operation state monitoring, adding or deleting, communication state monitoring and layout, and in step 5, the information security transmission comprises two basic parts: firstly, the transmitted information is safely converted; and secondly, certain secret information shared by the two parties, such as an encryption key, is sent, and is kept secret from other users except a trusted third party.
The software and hardware decoupling platform is connected with the safety function assembly through an interface, and a universal flow processing bottom layer system is built in the safety function assembly; downloading a network element management system according to a universal flow processing bottom layer system to receive a safety tool package, wherein a safety configuration file comprises safety configuration information, and each piece of safety configuration information corresponds to one safety tool in the safety tool package; selecting a network equipment security configuration file, a network information security configuration file and a network software security configuration file according to the security configuration information, and judging whether a corresponding security tool is installed locally or not through the network equipment security configuration file, the network information security configuration file and the network software security configuration file; selecting network access control such as a firewall, spam filtering, webpage filtering, anti-virus and the like according to a network equipment safety tool, preventing viruses from invading a computer, filtering spam, filtering webpages to avoid bad information, and preventing attack of various viruses; according to a network information security tool, a trusted third party is selected, which is responsible for distributing secret information to two communication parties and carrying out arbitration when the two parties dispute, and the integrity security refers to that the information is not inserted, deleted, tampered, retransmitted and the like by unauthorized entities in the storage and transmission processes, and the content of the information is not changed; and selecting authority management according to a network software safety tool, and enabling an administrator to identify whether the software is trusted or not through a file path, a file Hash value and a file certificate special extension file, wherein if the software is not trusted, the system refuses to execute.
Examples
In the fourth example, the following steps were added:
in step 6, the rights management comprises: a VM process white list or a VM process blacklist, wherein the VM process white list is a list outside the set of VM process blacklists.
The software and hardware decoupling platform is connected with the safety function assembly through an interface, and a universal flow processing bottom layer system is built in the safety function assembly; downloading a network element management system according to a universal flow processing bottom layer system to receive a safety tool package, wherein a safety configuration file comprises safety configuration information, and each piece of safety configuration information corresponds to one safety tool in the safety tool package; selecting a network equipment security configuration file, a network information security configuration file and a network software security configuration file according to the security configuration information, and judging whether a corresponding security tool is installed locally or not through the network equipment security configuration file, the network information security configuration file and the network software security configuration file; selecting network access control such as a firewall, spam filtering, webpage filtering, anti-virus and the like according to a network equipment safety tool, preventing viruses from invading a computer, filtering spam, filtering webpages to avoid bad information, and preventing attack of various viruses; according to a network information security tool, a trusted third party is selected, which is responsible for distributing secret information to two communication parties and carrying out arbitration when the two parties dispute, and the integrity security refers to that the information is not inserted, deleted, tampered, retransmitted and the like by unauthorized entities in the storage and transmission processes, and the content of the information is not changed; and selecting authority management according to a network software safety tool, and enabling an administrator to identify whether the software is trusted or not through a file path, a file Hash value and a file certificate special extension file, wherein if the software is not trusted, the system refuses to execute.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (7)
1. A safety management method of a software and hardware decoupling platform is characterized by comprising the following steps: the method comprises the following steps:
step 1: the software and hardware decoupling platform is connected with the safety function assembly through an interface, and a universal flow processing bottom layer system is built in the safety function assembly;
step 2: downloading a network element management system according to a universal flow processing bottom layer system to receive a safety tool package, wherein a safety configuration file comprises safety configuration information, and each piece of safety configuration information corresponds to one safety tool in the safety tool package;
and step 3: selecting a network equipment security configuration file, a network information security configuration file and a network software security configuration file according to the security configuration information, and judging whether a corresponding security tool is installed locally or not through the network equipment security configuration file, the network information security configuration file and the network software security configuration file;
and 4, step 4: selecting a firewall, filtering junk mails, filtering web pages and network access control for preventing viruses according to a network equipment safety tool, preventing viruses from invading a computer, filtering the junk mails, filtering the web pages to avoid bad information and preventing attack of various viruses;
and 5: selecting a trusted third party according to a network information security tool, wherein the trusted third party is used for distributing secret information to two communication parties and carrying out arbitration when the two parties dispute, and the integrity security refers to that the information is not inserted, deleted, tampered and retransmitted by unauthorized entities in the storage and transmission processes, and the content of the information is not changed;
step 6: and selecting authority management according to a network software safety tool, and enabling an administrator to identify whether the software is trusted or not through a file path, a file Hash value, a file certificate and a special extension file, wherein if the software is not trusted, the system refuses to execute.
2. The security management method for the software and hardware decoupling platform according to claim 1, characterized in that: in the step 5, a plurality of user interfaces are set, and the management unit is respectively subjected to operation state monitoring, adding or deleting, communication state monitoring and layout.
3. The security management method for the software and hardware decoupling platform according to claim 1, characterized in that: in the step 6, the right management includes: a VM process white list or a VM process blacklist, wherein the VM process white list is a list outside the set of VM process blacklists.
4. The security management method for the software and hardware decoupling platform according to claim 1, characterized in that: in the step 2, the traffic processing bottom layer system has the functions of safe physical environment detection, safe network communication monitoring, safe data application management, safe computing environment maintenance, safe management center, safe management system, safe management mechanism, safe management personnel, safe construction management and safe operation and maintenance management after being loaded with the safe configuration file.
5. The security management method for the software and hardware decoupling platform according to claim 1, characterized in that: in said step 5, the secure transmission of information comprises two basic parts: firstly, the transmitted information is safely converted; and secondly, certain secret information shared by the two parties, such as an encryption key, is sent, and is kept secret from other users except a trusted third party.
6. The security management method for the software and hardware decoupling platform according to claim 1, characterized in that: in said step 4, a snmp server for monitoring network security devices may be used, which monitors a plurality of network security devices simultaneously, having a log server dedicated to statistical security logs.
7. The security management method for the software and hardware decoupling platform according to claim 1, characterized in that: the software and hardware decoupling platform adopts an innovative 'cordwood-type' agile safety platform framework of the cloud source.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110892564.0A CN113810371B (en) | 2021-08-04 | 2021-08-04 | Safety management method for software and hardware decoupling platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110892564.0A CN113810371B (en) | 2021-08-04 | 2021-08-04 | Safety management method for software and hardware decoupling platform |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113810371A CN113810371A (en) | 2021-12-17 |
CN113810371B true CN113810371B (en) | 2023-04-18 |
Family
ID=78893237
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110892564.0A Expired - Fee Related CN113810371B (en) | 2021-08-04 | 2021-08-04 | Safety management method for software and hardware decoupling platform |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113810371B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104346575A (en) * | 2014-10-24 | 2015-02-11 | 重庆邮电大学 | Software defined security architecture |
CN109743199A (en) * | 2018-12-25 | 2019-05-10 | 中国联合网络通信集团有限公司 | Containerization management system based on micro services |
CN109831327A (en) * | 2019-01-28 | 2019-05-31 | 国家电网有限公司信息通信分公司 | IMS full service network based on big data analysis monitors intelligent operation support system |
CN113034028A (en) * | 2021-04-13 | 2021-06-25 | 上海汉邦京泰数码技术有限公司 | Responsibility traceability confirmation system |
CN113132412A (en) * | 2021-04-30 | 2021-07-16 | 南京林业大学 | Computer network security test and inspection method |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102005014837B4 (en) * | 2004-08-02 | 2007-08-30 | Mahltig, Holger | Security module and method for controlling and controlling a data traffic of a personal computer |
CN100403706C (en) * | 2006-01-11 | 2008-07-16 | 西安电子科技大学 | Network security emulation system and its emulation method |
CN102340500B (en) * | 2011-07-13 | 2014-04-16 | 中国人民解放军海军计算技术研究所 | Security management system and method of dependable computing platform |
CN105138920A (en) * | 2015-07-30 | 2015-12-09 | 浪潮电子信息产业股份有限公司 | Method for realizing safety management of intranet terminal |
CN105141416A (en) * | 2015-10-14 | 2015-12-09 | 公安部第三研究所 | User authority distribution control system based on hardware chip and method thereof |
CN108494729B (en) * | 2018-02-07 | 2019-05-07 | 北京卓讯科信技术有限公司 | A kind of zero trust model realization system |
CN112583586A (en) * | 2020-12-09 | 2021-03-30 | 国网河北省电力有限公司电力科学研究院 | Network security information processing system |
-
2021
- 2021-08-04 CN CN202110892564.0A patent/CN113810371B/en not_active Expired - Fee Related
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104346575A (en) * | 2014-10-24 | 2015-02-11 | 重庆邮电大学 | Software defined security architecture |
CN109743199A (en) * | 2018-12-25 | 2019-05-10 | 中国联合网络通信集团有限公司 | Containerization management system based on micro services |
CN109831327A (en) * | 2019-01-28 | 2019-05-31 | 国家电网有限公司信息通信分公司 | IMS full service network based on big data analysis monitors intelligent operation support system |
CN113034028A (en) * | 2021-04-13 | 2021-06-25 | 上海汉邦京泰数码技术有限公司 | Responsibility traceability confirmation system |
CN113132412A (en) * | 2021-04-30 | 2021-07-16 | 南京林业大学 | Computer network security test and inspection method |
Also Published As
Publication number | Publication date |
---|---|
CN113810371A (en) | 2021-12-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9923909B2 (en) | System and method for providing a self-monitoring, self-reporting, and self-repairing virtual asset configured for extrusion and intrusion detection and threat scoring in a cloud computing environment | |
CN112073400B (en) | Access control method, system, device and computing equipment | |
CN110266639B (en) | System and method for endpoint hardware assisted network firewall in a secure environment | |
US10944720B2 (en) | Methods and systems for network security | |
US11252183B1 (en) | System and method for ransomware lateral movement protection in on-prem and cloud data center environments | |
US11863570B2 (en) | Blockchain-based network security system and processing method | |
US9928359B1 (en) | System and methods for providing security to an endpoint device | |
CN101018119A (en) | Hardware-based server network security centralized management system without relevance to the operation system | |
Denz et al. | A survey on securing the virtual cloud | |
US20130166677A1 (en) | Role-based access control method and apparatus in distribution system | |
CN110493192B (en) | Data security transmission system and method based on data gateway | |
Shaar et al. | DDoS attacks and impacts on various cloud computing components | |
CN113972992B (en) | Access method and device for SDP controller and computer storage medium | |
CN2337611Y (en) | Safety network computer capable of simultaneously connecting internal network and external network | |
CN112966260A (en) | Data security agent system and method based on domestic trusted computing platform | |
CN113810371B (en) | Safety management method for software and hardware decoupling platform | |
CN111641652A (en) | Application security service platform based on cloud computing | |
CN112087427A (en) | Communication verification method, electronic device, and storage medium | |
CN114598724B (en) | Security protection method, device, equipment and storage medium for electric power Internet of things | |
Hauser et al. | Intrusion detection in distributed systems, an approach based on taint marking | |
CN112751807B (en) | Secure communication method, device, system and storage medium | |
CN113965388A (en) | Safe transmission device for calculating check sum according to classification | |
CN114662080A (en) | Data protection method and device and desktop cloud system | |
CN117240621B (en) | Processing method and device of network request, computer readable medium and electronic equipment | |
Lin et al. | Research on the vulnerability of software defined network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20230418 |