CN114157580A

CN114157580A - Security audit method, device, system, electronic equipment and readable storage medium

Info

Publication number: CN114157580A
Application number: CN202111442589.7A
Authority: CN
Inventors: 周磊; 毛骏
Original assignee: Shanghai Changrong Information Technology Co ltd
Current assignee: Shanghai Changrong Information Technology Co ltd
Priority date: 2021-11-30
Filing date: 2021-11-30
Publication date: 2022-03-08

Abstract

The application discloses a security audit method, a device, a system, electronic equipment and a readable storage medium. The method comprises the steps that configuration parameter information of a security audit service and a business service is configured in advance according to corresponding configuration rules, operation request information is issued to the security audit service, and the security audit service intercepts operation log information of the business service. The method applicable to the microservice gateway comprises the following steps: when receiving operation request information of a service server, acquiring configuration parameter information of security audit service; obtaining safety audit information corresponding to the configuration parameter information from the operation request information; sending safety audit information to safety audit service, wherein the safety audit service stores the safety audit information according to a preset data format; therefore, the safety audit information of each micro service can be uniformly collected and processed, and the operation and maintenance cost of each micro service line is effectively reduced.

Description

Security audit method, device, system, electronic equipment and readable storage medium

Technical Field

The present application relates to the field of computer technologies, and in particular, to a security audit method, apparatus, system, electronic device, and readable storage medium.

Background

With the rapid development of internet computing and financial industry, users have higher and higher requirements on the security performance of a financial information system, such as the information security of the financial information system, security audit, security monitoring and the like of system user behaviors. Specifically, the confidentiality of the information is included, i.e., the information is not revealed to unauthorized persons; the integrity of the information, namely the information is protected to be correct, complete and not tampered; the information cannot be separated from the carrier and exist independently. From the perspective of a financial information system, information security includes four aspects of device security, data security, content security, and behavior security. In particular, the user generates a series of actions after operating the system, and the information is marked in the system.

In the whole financial information system, the security audit records the account resource operation of the business system, all operation records can be saved through the security audit, and the business system can realize behavior analysis, security analysis, resource change tracking and compliance audit. The secure audit collects API (Application Programming Interface) call records of the microservices, such as API call records triggered by the business system through the console, and then saves the operation records in the form of logs. Generally, after a service system initiates an operation call through a console or an App (application), a security audit transmits an operation record to a storage product designated by the service system within a certain time. The business system may view historical operating records through a security audit console or API.

In the related technology, each micro service independently records operation log information, and develops and maintains the audit service of the product of the micro service, so that each micro service line needs to invest a large amount of manpower to maintain the safety audit service, and performs version iteration and optimization, thereby causing high maintenance cost. When a business system wants to acquire safety audit information on micro-services, the business system needs to log in a control console of each micro-service line for acquisition, and because each micro-service line independently defines own safety audit style information, the contents of the safety audit information acquired by the business system are not uniform, the format is not standard, further carding and integration are needed, and the user experience is poor.

In view of this, how to implement unified collection and processing of security audit information of each microservice, and reduce operation and maintenance costs of each microservice line is a technical problem that needs to be solved by technical personnel in the field.

Disclosure of Invention

The application provides a security audit method, a device, a system, electronic equipment and a readable storage medium, which can realize unified collection and processing of security audit information of each micro service and effectively reduce operation and maintenance costs of each micro service line.

In order to solve the above technical problems, embodiments of the present invention provide the following technical solutions:

one aspect of the embodiments of the present invention provides a security audit method, applied to a micro service gateway, including:

when receiving operation request information of a service server, acquiring configuration parameter information of security audit service;

obtaining safety audit information corresponding to the configuration parameter information from the operation request information;

sending the safety audit information to the safety audit service so that the safety audit service stores the safety audit information according to a preset data format;

the configuration parameter information of the safety audit service and the business service is configured in advance according to corresponding configuration rules; and the operation request information is sent to the safety audit service, and the safety audit service intercepts operation log information of the service.

Optionally, after receiving the operation request information of the service server, the method includes:

judging whether a service server corresponding to the operation request information is an authorized user;

and if the service server corresponding to the operation request information is an authorized user, sending the operation request information to the corresponding micro service.

Optionally, the operation request information is request information issued by calling a target application program interface, and the obtaining, from the operation request information, security audit information corresponding to the configuration parameter information includes:

judging whether the configuration parameters of the target application program interface are acquired or not;

if the configuration parameters of the target application program interface are acquired, judging whether the state information of the safety audit service is in a starting state;

if the state information of the safety audit service is a starting state, carrying out data cleaning and combing on the operation request information;

and acquiring corresponding safety audit information from the operation request information according to the configuration parameter information.

Optionally, the storing the security audit information according to the preset data format includes:

and according to the type of the service system to which the service server side belongs and corresponding to the safety audit information, correspondingly storing the safety audit information according to a preset data classification storage format.

Optionally, after sending the security audit information to the security audit service, the method further includes:

distributing the received security audit query request of the service server to the security audit service;

and the safety audit service acquires target safety audit information according to the information screening condition carried by the safety audit query request and sends the target safety audit information to the service server.

Optionally, after obtaining the security audit information corresponding to the configuration parameter information, the method further includes:

judging whether the security audit information contains preset sensitive words or not;

if the safety audit information contains preset sensitive words, deleting each preset sensitive word from the safety audit information;

correspondingly, the sending of the security audit information to the security audit service is:

and sending the safety audit information of deleting each preset sensitive vocabulary to the safety audit service.

Another aspect of the embodiments of the present invention provides a security audit device, applied to a micro service gateway, including:

the configuration information acquisition module is used for acquiring configuration parameter information of the safety audit service when receiving operation request information of a service server; the configuration parameter information of the security audit service and the business service is configured in advance; the operation request information is issued to the security audit service, and the security audit service intercepts operation log information of the business service;

an audit information acquisition module, configured to acquire, from the operation request information, security audit information corresponding to the configuration parameter information;

and the audit information sending module is used for sending the safety audit information to the safety audit service so that the safety audit service stores the safety audit information according to a preset data format.

An embodiment of the present invention further provides an electronic device, including a processor, configured to implement the steps of the security audit method according to any one of the preceding items when executing the computer program stored in the memory.

An embodiment of the present invention further provides a readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the security audit method according to any one of the preceding claims.

The embodiment of the invention finally provides a safety audit system, which comprises a micro service gateway, a service server, a safety audit server and a configuration center platform;

the configuration center platform is used for configuring configuration parameter information of security audit service and business service in advance;

the microservice gateway, when executing a computer program stored in a memory, implements a security audit method as described in any one of the above;

the safety audit server is used for intercepting the operation log information of the business service and storing the safety audit information corresponding to the operation request information issued by the business server according to a preset data storage format.

Optionally, the security audit system is deployed on a target node of the virtualization cluster, and provides an interface for accessing the service system.

The technical scheme provided by the application has the advantages that the micro service gateway receives the operation request information of the service server, the micro service gateway obtains corresponding safety audit information in the operation request information through the pre-configured configuration information of the safety audit service, the safety audit service stores the safety audit information according to a uniform storage format, so that the uniform collection and processing of the safety audit information of each micro service are realized, the safety audit information obtained by a user is always in a fixed format, the combing and the integration are not needed, and the use experience of the user is improved. The safety audit service can uniformly manage the operation log information of the service server, and each micro service does not need to consume manpower to maintain the safety audit service, so that the operation and maintenance cost of each micro service line can be effectively reduced. Furthermore, the micro-service-based architecture not only can reduce the research and development cost, but also has low requirement on the professional skills of the developers and has stronger practicability.

In addition, the embodiment of the invention also provides a corresponding implementation device, a system, electronic equipment and a readable storage medium aiming at the security audit method, so that the method has higher practicability, and the device, the system, the electronic equipment and the readable storage medium have corresponding advantages.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions of the related art, the drawings required to be used in the description of the embodiments or the related art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.

FIG. 1 is a schematic flow chart of a security audit method in a first implementation manner according to an embodiment of the present invention;

FIG. 2 is a schematic flow chart of a security audit method in a second implementation manner according to an embodiment of the present invention;

FIG. 3 is a schematic flow chart of a security audit method in a third implementation manner according to an embodiment of the present invention;

FIG. 4 is a schematic flow chart of a security audit method in a fourth implementation manner according to an embodiment of the present invention;

FIG. 5 is a schematic flow chart of a security audit method in a fifth implementation manner according to an embodiment of the present invention;

FIG. 6 is a schematic flow chart of a security audit method in a sixth implementation manner according to an embodiment of the present invention;

FIG. 7 is a schematic flowchart of a security audit method in a seventh implementation manner according to an embodiment of the present invention;

FIG. 8 is a block diagram of a specific embodiment of a security audit device according to an embodiment of the present invention;

fig. 9 is a block diagram of an embodiment of an electronic device according to the present invention;

FIG. 10 is a block diagram of one embodiment of a security audit system according to an embodiment of the present invention;

fig. 11 is a block diagram of another specific implementation of the security audit system according to the embodiment of the present invention.

Detailed Description

In order that those skilled in the art will better understand the disclosure, the invention will be described in further detail with reference to the accompanying drawings and specific embodiments. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

The terms "first," "second," "third," "fourth," and the like in the description and claims of this application and in the above-described drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "comprising" and "having," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements but may include other steps or elements not expressly listed.

Having described the technical solutions of the embodiments of the present invention, various non-limiting embodiments of the present application are described in detail below.

Referring to fig. 1, fig. 1 is a schematic flow chart of a security audit method provided in an embodiment of the present invention, and the method is applied to a micro service gateway, where the embodiment of the present invention may include the following contents:

the embodiment relates to a business server, a micro-service gateway, a security audit server and a configuration center in the process of executing the security audit method. The micro service gateway is used for receiving, processing and forwarding request information of the service server, the gateway is a unified gateway system, and the gateway is based on a micro service mechanism. The security audit server is configured to store security audit information and uniformly manage service operation log information, and as shown in fig. 2, after the security audit server issues operation request information, the security audit server intercepts the service operation log information and records user operation. The configuration center is used for configuring the configuration parameter information of the security audit service and the business service in advance according to the corresponding configuration rule. The Configuration center may be, for example, nacos (dynamic Naming and Configuration service), which provides a set of simple and easy-to-use feature sets, and may quickly implement dynamic service discovery, service Configuration, service metadata, and traffic management.

S101: and when receiving the operation request information of the service server, acquiring the configuration parameter information of the security audit service.

The operation request information in this embodiment refers to a request for a service server to perform a certain operation on a certain microservice, where the operation includes, but is not limited to, creating, deleting, and changing a state, and the changing state may be, for example, a microservice power-on state or a microservice power-off state. The service server can issue the operation request information by calling the service interface API, and also can issue the operation request information by the console, which does not affect the implementation of the application. And the micro service gateway receives the operation request information sent by the service interface API and distributes the operation request information to the corresponding micro service. When the safety audit service receives operation request information sent by a business service interface API, business service operation log information is intercepted;

in this embodiment, before receiving the operation request information sent by the service interface API, the micro service gateway further needs to configure security audit services and service-related configuration parameters on a configuration center platform such as Nacos. Specifically, the configuration center platform or the configuration center end is a definition center of business services. When a service is defined on the configuration center platform, configuration parameters of the service need to be configured, and the configuration parameters of the service include, but are not limited to, the following parameters: service name, whether read-write, authentication mode, flow control mode, parameter information, whether parameter information is sensitive, back-end service and safety audit starting state information. When the security audit starting state corresponding to the business service is configured to be started on the configuration center platform, the configuration parameter information of the security audit information can be configured. The configuration parameter information of the security audit service comprises any one or any combination of the following items: account information, time information, operation object information, operation type information and operation result information. The state of starting the safety audit and the configuration parameter information of the safety audit information are configured on the configuration center platform, the micro service gateway collects and processes the safety audit information according to the configuration parameter information of the safety audit information under the state of starting the safety audit service, and each micro service line does not need to independently realize the safety audit service, so that each micro service line does not need to invest manpower to maintain the safety audit service, and the operation and maintenance cost of each micro service line is reduced.

S102: and obtaining safety audit information corresponding to the configuration parameter information from the operation request information.

The micro service gateway can obtain the safety audit information corresponding to the configuration parameter information from the operation request information of the service based on the safety audit configuration rule according to the configuration parameter information of the safety audit information when the safety audit service is in a starting state.

S103: and sending the safety audit information to the safety audit service so that the safety audit service stores the safety audit information according to a preset data format.

In order to realize the unification of the safety audit information and facilitate the use of the safety audit information by a user, the safety audit service of the embodiment stores the safety audit information according to a pre-specified data format after acquiring the safety audit information, the preset data format can be set according to an actual application scenario, and the application does not limit the safety audit information. Further, the security audit service may store the security audit information in a storage medium, which may provide a persistent storage service for storing information that needs to be persistently stored. As shown in fig. 3 and 4, the security audit information is secured.

In the technical scheme provided by the embodiment of the invention, the micro service gateway receives the operation request information of the service server, the micro service gateway acquires the corresponding safety audit information in the operation request information through the pre-configured configuration information of the safety audit service, and the safety audit service stores the safety audit information according to a uniform storage format, so that the uniform collection and processing of the safety audit information of each micro service are realized, the safety audit information acquired by a user is always in a fixed format, the carding and integration are not needed, and the use experience of the user is improved. The safety audit service can uniformly manage the operation log information of the service server, and each micro service does not need to consume manpower to maintain the safety audit service, so that the operation and maintenance cost of each micro service line can be effectively reduced.

In order to further improve the security performance of the security audit, the present application provides an authentication embodiment based on the foregoing embodiment, and after receiving the operation request information, the following contents may be included:

judging whether the service server corresponding to the operation request information is an authorized user;

In this embodiment, taking the micro service gateway as an example for receiving the operation request information sent by the API, all request messages for calling the API need to be routed and distributed through the gateway. The micro service gateway also provides services such as user authentication, signature verification and the like. When the service system initiates the operation trigger through the console, the authentication function of the present invention is shown in fig. 2. The user sends an Http or Http request at the client operating system, and if the Http request is used, the request header contains the user token. The user token consists of three parts of a header, a payload and a signature. The header contains the current basic information, i.e. type and signature algorithm. The payload contains deposit valid information, public claims, private claims. Valid information, namely, the claims registered in the standard, is deposited, participates in token verification, and includes iss (issuer), sub (description of current token), aud (receiving party), exp (expiration time), nbf (unusable until a certain time), iat (issuance time), and jti (unique identifier). Wherein jti is used as a one-time ticket to circumvent replay attacks. The expiration time must be greater than the issuance time. To facilitate the authentication process for the subsequent service, the token may be placed in the request header of the operation request message. If the http request is used, SSL (Secure Sockets Layer) or TLS (Transport Layer Security) should be included to provide processes such as encrypting data, verifying the identity of the other party, and protecting the integrity of data.

In the foregoing embodiment, how to perform step S102 is not limited, and an optional obtaining manner of the security audit information provided in this embodiment may include the following steps:

the operation request information is request information issued by calling a target application program interface, and whether the configuration parameters of the target application program interface are acquired is judged; if the configuration parameters of the target application program interface are acquired, judging whether the state information of the safety audit service is in a starting state; if the state information of the safety audit service is a starting state, carrying out data cleaning and combing on the operation request information; and acquiring corresponding safety audit information from the operation request information according to the configuration parameter information.

In this embodiment, in order to further determine the accuracy of the security audit information, after receiving the operation request information sent by the API, the micro service gateway needs to determine whether the API exists. Specifically, the micro service gateway may obtain configuration parameters of the service from the configuration center platform, and if the configuration parameters of the API can be obtained, determine that the API exists. And the micro service gateway judges whether the state information of the security audit service in the configuration parameters of the API is in a starting state. And when the state information of the safety audit service is in a starting state, the gateway acquires the safety audit information corresponding to the configuration parameter information from the operation request information according to the configuration parameter information of the safety audit information in the configuration parameters of the API.

Optionally, the micro service gateway may perform data cleaning and combing on the operation request information according to the configuration parameter information of the security audit service, for example, may perform uniform formatting and naming rule processing on data corresponding to the configuration parameter information of the security audit information in the operation request information, and then acquire corresponding security audit information from the operation request information after performing data cleaning and combing on the operation request information. As shown in fig. 5.

In the embodiment, the micro service gateway performs data cleaning and combing on the operation request information to obtain the security audit information corresponding to the configuration parameter information, so that the security audit information corresponding to the configuration parameter information of the security audit information obtained by the micro service gateway has a uniform format and a uniform field, thereby realizing uniform processing of the security audit information of each micro service and reducing the operation and maintenance cost of each micro service line.

In order to further manage the security audit information and facilitate the use of the user, the embodiment may further perform corresponding storage on the security audit information according to a preset data classification storage format according to the service system type to which the service server side corresponding to the security audit information belongs.

In this embodiment, the preset data classification storage format is a specific storage format of the preset data storage format, and is intended to perform data storage according to the service system type, that is, a service system type field may be added to the preset data storage format. Through the data storage mode provided by the embodiment, all the safety audit information belonging to the same service system type can be stored to the same position and adopt the same storage format, so that the query efficiency of the safety audit information can be improved, and the use experience of a user is further improved.

Inevitably, a user will inquire the security audit information, and based on this, the present application provides a security audit information inquiry embodiment based on the above embodiment, which may include the following: distributing the received security audit query request of the service end to security audit service;

In this embodiment, the screening conditions include at least one or any combination of the following: account information, time information, operation object information, operation type information and operation result information. The safety audit service receives inquiry request information sent by the business service, wherein the inquiry request information is used for requesting to inquire the safety audit information and comprises screening conditions; and the safety audit service acquires inquiry response information according to the screening condition, wherein the inquiry response information comprises safety audit information corresponding to the screening condition. The security audit service may receive query request information sent by the service through the console, or may receive query request information sent by the service through the call API, as shown in fig. 6. And the safety audit service receives the inquiry request information sent by the service system through the control console. And the service system triggers security audit call when initiating the operation of inquiring the security audit information through the control console, and the micro service gateway is used as an API (application programming interface) inlet, receives inquiry request information and distributes the inquiry request information to security audit service. And the safety audit service receives the query request information sent by the business system by calling the API. And the business system queries the safety audit information by calling the API, and the corresponding query request information is distributed to the safety audit service through the gateway. The safety audit service acquires the identification of the service system initiating the query request information from the query request information, acquires the corresponding safety audit information from the storage medium according to the identification of the service system and the screening condition in the query request information, and returns the response message to the service system.

According to the method and the system, the query request information sent by the business system is received through the security audit service, the security audit service acquires the query response information according to the screening conditions contained in the query request information, and the security audit information provided by the security audit service is comprehensive in data and has a uniform format and uniform fields, so that the business system does not need to sort and integrate the security audit information in the response information, the operation of acquiring the security audit information by the business system is simplified, and the user experience is improved.

For example, to further improve the security performance of the security audit, based on the above embodiment, the method may further include, after obtaining the security audit information corresponding to the configuration parameter information:

judging whether the security audit information contains preset sensitive words or not; if the safety audit information contains preset sensitive words, deleting each preset sensitive word from the safety audit information; correspondingly, sending the security audit information to the security audit service is as follows: and sending the safety audit information of deleting each preset sensitive vocabulary to a safety audit service.

As shown in fig. 7, in this embodiment, the microservice gateway may invoke a log tool class to perform sensitive vocabulary desensitization on the security audit information. Sensitive words include, for example, but are not limited to, account passwords, phone numbers, bank card numbers, identification numbers. And the micro service gateway determines the sensitive vocabulary of the security audit information according to whether the parameter information in the configuration parameters acquired from the configuration center platform is in the sensitive field or not. And if the value of the sensitive field of the parameter information is yes, the corresponding parameter is a sensitive vocabulary. The micro service gateway carries out sensitive vocabulary desensitization processing on the security audit information by using a predefined desensitization rule, and the specific desensitization rule can be preset. Then, the micro service gateway sends the security audit information after desensitization treatment to the security audit service.

In the embodiment, the micro service gateway performs desensitization processing on the sensitive words and phrases of the security audit information, and the security audit service finally stores the security audit information after desensitization processing, so that sensitive privacy data can be effectively protected, the security of data information is improved, and the operation and maintenance cost of each micro service line is reduced.

It should be noted that, in the present application, there is no strict sequential execution order among the steps, and as long as a logical order is met, the steps may be executed simultaneously or according to a certain preset order, and fig. 1 to fig. 7 are only schematic manners, and do not represent only such an execution order.

The embodiment of the invention also provides a corresponding device for the safety audit method, thereby further ensuring that the method has higher practicability. Wherein the means can be described separately from the functional module point of view and the hardware point of view. In the following, the security audit device provided by the embodiment of the present invention is introduced, and the security audit device described below and the security audit method described above may be referred to correspondingly.

Based on the angle of the functional module, referring to fig. 8, fig. 8 is a structural diagram of a security audit device provided in an embodiment of the present invention, in a specific implementation manner, and the security audit device is applied to a microservice gateway, and the security audit device may include:

a configuration information obtaining module 801, configured to obtain configuration parameter information of the security audit service when receiving operation request information of the service server; configuring the configuration parameter information of the security audit service and the business service in advance; and the operation request information is issued to the security audit service, and the security audit service intercepts the operation log information of the business service.

An audit information obtaining module 802, configured to obtain, from the operation request information, security audit information corresponding to the configuration parameter information;

and the audit information sending module 803 is configured to send the security audit information to the security audit service, so that the security audit service stores the security audit information according to a preset data format.

Optionally, in some embodiments of this embodiment, the apparatus may further include an authentication module, configured to determine whether a service server corresponding to the operation request information is an authorized user; and if the service server corresponding to the operation request information is an authorized user, sending the operation request information to the corresponding micro service.

As an optional implementation manner of this embodiment, the audit information obtaining module 802 may be further configured to: judging whether configuration parameters of a target application program interface are acquired or not; if the configuration parameters of the target application program interface are acquired, judging whether the state information of the safety audit service is in a starting state; if the state information of the safety audit service is a starting state, carrying out data cleaning and combing on the operation request information; and acquiring corresponding safety audit information from the operation request information according to the configuration parameter information.

As another optional implementation manner of this embodiment, the audit information sending module 803 may further be configured to: and the safety audit service correspondingly stores the safety audit information according to a preset data classification storage format according to the type of the service system to which the service server side belongs, which corresponds to the safety audit information.

Optionally, in another implementation manner of this embodiment, the apparatus may further include, for example, an inquiry module, configured to distribute the received security audit inquiry request of the service end to the security audit service; and the safety audit service acquires target safety audit information according to the information screening condition carried by the safety audit query request and sends the target safety audit information to the service server.

Optionally, in other embodiments of this embodiment, the apparatus may further include a desensitization processing module, for example, configured to determine whether the security audit information includes a preset sensitive vocabulary; and if the safety audit information contains preset sensitive words, deleting each preset sensitive word from the safety audit information. Correspondingly, the audit information sending module 803 is a module that sends the security audit information of deleting each preset sensitive vocabulary to the security audit service.

The functions of each functional module of the security audit device in the embodiments of the present invention may be specifically implemented according to the method in the above method embodiments, and the specific implementation process may refer to the related description of the above method embodiments, which is not described herein again.

Therefore, the embodiment of the invention realizes unified collection and processing of the safety audit information of each micro service, and effectively reduces the operation and maintenance cost of each micro service line.

The above mentioned security audit device is described from the perspective of functional modules, and further, the present application also provides an electronic device, which is described from the perspective of hardware. Fig. 9 is a schematic structural diagram of an electronic device according to an embodiment of the present application. As shown in fig. 9, the electronic device includes a memory 90 for storing a computer program; a processor 91, configured to implement the steps of the security audit method as mentioned in any of the above embodiments when executing the computer program.

The processor 91 may include one or more processing cores, such as a 4-core processor, an 8-core processor, and the processor 91 may also be a controller, a microcontroller, a microprocessor or other data processing chip, and the like. The processor 91 may be implemented in at least one hardware form of a DSP (Digital Signal Processing), an FPGA (Field-Programmable Gate Array), and a PLA (Programmable Logic Array). The processor 91 may also include a main processor and a coprocessor, the main processor is a processor for Processing data in an awake state, and is also called a Central Processing Unit (CPU); a coprocessor is a low power processor for processing data in a standby state. In some embodiments, the processor 91 may be integrated with a GPU (Graphics Processing Unit), which is responsible for rendering and drawing the content required to be displayed by the display screen. In some embodiments, the processor 91 may further include an AI (Artificial Intelligence) processor for processing computing operations related to machine learning.

The memory 90 may include one or more computer-readable storage media, which may be non-transitory. Memory 90 may also include high speed random access memory as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. The memory 90 may be an internal storage unit of the electronic device, such as a hard disk of a server, in some embodiments. The memory 90 may also be an external storage device of the electronic device in other embodiments, such as a plug-in hard disk provided on a server, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like. Further, the memory 90 may also include both an internal storage unit and an external storage device of the electronic device. The memory 90 can be used for storing various data and application software installed in the electronic device, such as: the code of the program that executes the vulnerability handling method, etc. may also be used to temporarily store data that has been output or is to be output. In this embodiment, the memory 90 is at least used for storing a computer program 901, wherein the computer program is loaded and executed by the processor 91, and then the relevant steps of the security audit method disclosed in any one of the foregoing embodiments can be implemented. In addition, the resources stored by the memory 90 may also include an operating system 902, data 903, and the like, and the storage may be transient storage or permanent storage. The operating system 902 may include Windows, Unix, Linux, etc. Data 903 may include, but is not limited to, data corresponding to security audit results, and the like.

In some embodiments, the electronic device may further include a display 92, an input/output interface 93, a communication interface 94 or network interface, a power source 95, and a communication bus 96. The display 92 and the input/output interface 93, such as a Keyboard (Keyboard), belong to a user interface, and the optional user interface may further include a standard wired interface, a wireless interface, and the like. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch device, or the like. The display, which may also be referred to as a display screen or display unit, as appropriate, is used for displaying information processed in the electronic device and for displaying a visualized user interface. The communication interface 94 may optionally include a wired interface and/or a wireless interface, such as a WI-FI interface, a bluetooth interface, etc., typically used to establish a communication connection between an electronic device and other electronic devices. The communication bus 96 may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 9, but this does not indicate only one bus or one type of bus.

Those skilled in the art will appreciate that the configuration shown in fig. 9 is not intended to be limiting of the electronic device and may include more or fewer components than those shown, such as a sensor 97 that performs various functions.

The functions of the functional modules of the electronic device according to the embodiments of the present invention may be specifically implemented according to the method in the above method embodiments, and the specific implementation process may refer to the description related to the above method embodiments, which is not described herein again.

It is understood that, if the security auditing method in the above embodiments is implemented in the form of software functional units and sold or used as a stand-alone product, it can be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the present application may be substantially or partially implemented in the form of a software product, which is stored in a storage medium and executes all or part of the steps of the methods of the embodiments of the present application, or all or part of the technical solutions. And the aforementioned storage medium includes: a U disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), an electrically erasable programmable ROM, a register, a hard disk, a multimedia card, a card type Memory (e.g., SD or DX Memory, etc.), a magnetic Memory, a removable magnetic disk, a CD-ROM, a magnetic or optical disk, and other various media capable of storing program codes.

Based on this, the embodiment of the present invention further provides a readable storage medium, which stores a computer program, and the computer program is executed by a processor, and the steps of the security audit method according to any one of the above embodiments are provided.

An embodiment of the present invention further provides a security audit system, referring to fig. 10, which may include:

for the traditional application development process, the code repetition rate is too high due to the traditional vertical architecture and product function development mode, and the code conflict is continuous, so that the whole application development efficiency is low. The code functions are coupled together, so that all the function modules are difficult to operate and maintain, the whole project is long in building time, the whole project must be rebuilt by any small modification, the whole development time is long, and the deployment is not flexible. In addition, the stability is not high, the service requirements under the high concurrency condition cannot be met, and the expansibility is poor. These all result in high development costs for conventional applications. Based on this, the whole security audit system of the application is based on a micro service architecture, and the security audit system may include a micro service gateway 101, a service server 102, a security audit server 103, and a configuration center platform 104. The service server 102 may be any client, the security audit server 103 is a client with a built-in security audit service, the configuration center platform 104 may be, for example, Nacos, and the structures of the micro service gateway 101, the Nacos, and the security audit server 103 may be as shown in fig. 11.

In this embodiment, the configuration center platform 104 is configured to pre-configure configuration parameter information of the security audit service and the business service; microservice gateway 101 when executing a memory-stored computer program implements the steps of any of the above-described security audit method embodiments; the security audit server 103 may be configured to intercept the service operation log information, and store security audit information corresponding to the operation request information issued by the service server according to a preset data storage format. The whole security audit system can be deployed on any one working node and provides an interface for accessing the service system, for example, the security audit system can be deployed on a target node of a virtualized cluster.

The embodiment can be realized by micro-services, complex services are extracted and simplified, and some functions are serviced, so that the method is technically friendly, easy to develop and maintain, shrink as required, easy to deploy local modification and the like. And a convenient and quick entry is provided for the butt joint of other service systems, and an exposed interface of the security audit system is called without secondary development and is directly used. The rules can be flexibly configured and modified, business personnel can quickly use and learn the rules, and the records of login information of each account, user role change and the like can be monitored in real time and overall. Aiming at the user login process, the user password rule configuration, the user data recording in the system, the data display and the data statistics, and the early warning processing is carried out on the information, such as: e-mail, short messages, etc. may be sent.

Further, the microservice is loosely-coupled, independent either during the development phase or the deployment phase. The method has the advantages of quick response, easy local modification and no influence on the whole application when one service is in a problem. Easy integration with third party application systems, support development using different languages, allow you to take advantage of the converged latest technologies. Each microservice is small enough to be cohesive, small enough that the code is easily understandable. The team can focus more on his work product and focus on the designated business function or business requirement. Therefore, one-time deployment is realized, and other service systems can be used. The embodiment can deploy the security audit platform on the target node of the virtualization cluster. Docker, as an open source application container engine, helps developers to package applications and dependencies into a portable container, facilitating deployment and expansion of applications. The resulting micro-container concept and micro-services are well complementary. The practice of the power-assisted microservice architecture in an enterprise application environment is realized through the characteristics of one-key deployment, horizontal expansion, continuous integration and the like. Specifically, the embodiment may perform virtualization cluster deployment through Docker. And operating a Docker cluster command to enable the Docker to enter a cluster mode, establishing a certain device as a cluster manager, and deploying the security audit platform in a certain cluster node to complete cluster deployment.

The functions of each functional module of the security audit system in the embodiment of the present invention may be specifically implemented according to the method in the above method embodiment, and the specific implementation process may refer to the related description of the above method embodiment, which is not described herein again.

The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. For hardware including devices and electronic equipment disclosed by the embodiment, the description is relatively simple because the hardware includes the devices and the electronic equipment correspond to the method disclosed by the embodiment, and the relevant points can be obtained by referring to the description of the method.

Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.

The security audit method, device, system, electronic device and readable storage medium provided by the present application are described in detail above. The principles and embodiments of the present invention are explained herein using specific examples, which are presented only to assist in understanding the method and its core concepts. It should be noted that, for those skilled in the art, it is possible to make various improvements and modifications to the present invention without departing from the principle of the present invention, and those improvements and modifications also fall within the scope of the claims of the present application.

Claims

1. A security audit method is applied to a microservice gateway and comprises the following steps:

2. The security audit method according to claim 1, wherein after receiving the operation request information of the service end, the method includes:

3. The security audit method of claim 1, wherein the operation request information is request information issued by calling a target application program interface, and the obtaining of the security audit information corresponding to the configuration parameter information from the operation request information includes:

4. The security audit method of claim 1, wherein the storing the security audit information to the predetermined data format includes:

5. The security audit method of any one of claims 1 to 4 wherein after sending the security audit information to the security audit service, further comprising:

6. The security audit method according to any one of claims 1 to 4, wherein after obtaining the security audit information corresponding to the configuration parameter information, further comprising:

7. A safety audit device is applied to a micro service gateway and comprises:

8. An electronic device comprising a processor and a memory, the processor being configured, when executing a computer program stored in the memory, to carry out the steps of the security audit method according to any one of claims 1 to 6.

9. A readable storage medium having stored thereon a computer program which, when executed by a processor, carries out the steps of the security audit method of any one of claims 1 to 6.

10. A safety audit system is characterized by comprising a micro service gateway, a service server, a safety audit server and a configuration center platform;

the microservice gateway, when executing a memory-stored computer program, implementing a security audit method as claimed in any one of claims 1 to 6;

11. The security audit system of claim 10 wherein the security audit system is deployed on a target node of a virtualized cluster and provides an external interface for accessing a business system.