CN115174148A - Cloud computing and information security oriented cloud service management method and artificial intelligence platform - Google Patents

Cloud computing and information security oriented cloud service management method and artificial intelligence platform Download PDF

Info

Publication number
CN115174148A
CN115174148A CN202210624082.1A CN202210624082A CN115174148A CN 115174148 A CN115174148 A CN 115174148A CN 202210624082 A CN202210624082 A CN 202210624082A CN 115174148 A CN115174148 A CN 115174148A
Authority
CN
China
Prior art keywords
target
cloud
data resource
performance
asset value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210624082.1A
Other languages
Chinese (zh)
Other versions
CN115174148B (en
Inventor
梁燕铃
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Youlai (Beijing) Technology Co.,Ltd.
Original Assignee
Shenzhen Zhongtiandi Network Communication Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Zhongtiandi Network Communication Technology Co ltd filed Critical Shenzhen Zhongtiandi Network Communication Technology Co ltd
Priority to CN202210624082.1A priority Critical patent/CN115174148B/en
Publication of CN115174148A publication Critical patent/CN115174148A/en
Application granted granted Critical
Publication of CN115174148B publication Critical patent/CN115174148B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention relates to the technical field of cloud computing, and discloses a cloud service management method facing to cloud computing and information security, which comprises the following steps: evaluating the value of original data resources to obtain an asset value grade, selecting a target cloud server according to the asset value grade, selecting a target service node by using a performance calculation formula, carrying out cloud calculation on the original data resources to obtain a target calculation data resource, carrying out cloud storage on the target calculation data resource to obtain a target storage data resource, receiving an access request, carrying out identity verification according to a request authority, judging whether the identity verification passes or not, if not, rejecting, and if so, allowing access. The invention also provides a cloud service management artificial intelligence platform, electronic equipment and a computer readable storage medium oriented to cloud computing and information security. The invention can solve the problems that the cloud service resources are unreasonably distributed and consume a large amount of manpower and material resources.

Description

Cloud computing and information security oriented cloud service management method and artificial intelligence platform
Technical Field
The invention relates to the technical field of cloud computing, in particular to a cloud service management method, an artificial intelligence platform, electronic equipment and a computer-readable storage medium oriented to cloud computing and information security.
Background
With the development of cloud computing technology, more and more enterprises and public institutions begin to deploy cloud computing information systems, information data of cloud computing has the characteristics of information exchange patterning, data storage clustering and the like, and the cloud computing achieves full sharing of network computing resources.
The current enterprise and public institution can further realize the functions of cloud computing, cloud storage, cloud transmission and the like of data by applying for services such as cloud computing and the like to a cloud service provider, but the cloud service provider does not mark out different cloud service safety levels according to the importance degree of the enterprise and public institution data applying for the cloud service, so that the phenomena of unreasonable cloud service resource allocation and large consumption of manpower and material resources are caused.
Disclosure of Invention
The invention provides a cloud service management method, an artificial intelligence platform and a computer readable storage medium for cloud computing and information security, and mainly aims to solve the problems that cloud service resources are unreasonably distributed and a large amount of manpower and material resources are consumed.
In order to achieve the above object, the cloud service management method facing cloud computing and information security provided by the present invention includes:
receiving a cloud service request sent by a user, and evaluating the value of original data resources of the user according to the cloud service request to obtain the asset value grade of the original data resources;
selecting a target cloud server in a pre-constructed server cluster according to the asset value grade of the original data resource;
selecting a target service node in the target server by utilizing a pre-constructed performance calculation formula according to the asset value grade of the original data resource;
carrying out cloud computing on the original data resources by using the target service node to obtain target computing data resources, and carrying out cloud storage on the target computing data resources according to the asset value grade to obtain target storage data resources;
receiving an access request of a user to the target storage data resource, and performing identity verification on the user according to the request permission of the access request;
judging whether the identity verification passes;
if the identity verification is not passed, rejecting the access request;
and if the identity verification is passed, allowing the user to access the target storage data resource, and completing the cloud service management.
Optionally, the performing value evaluation on the original data resource of the user according to the cloud service request to obtain an asset value level of the original data resource includes:
constructing a cloud data asset value evaluation table according to the dimension standards of credibility, confidentiality, integrity, availability and auditability of data resources;
according to the cloud service request, extracting credibility, confidentiality, integrity, availability and auditability of the original data resource;
and according to the cloud data asset value evaluation table, evaluating the value of the original data resource according to the credibility, confidentiality, integrity, availability and auditability of the original data resource to obtain the asset value grade of the original data resource.
Optionally, the selecting a target cloud server in a pre-built server cluster according to the asset value level of the original data resource includes:
acquiring the physical defense level of each server in the server cluster;
and according to the asset value grade of the original data resource, selecting a server with a corresponding physical defense grade from the server cluster to obtain the target cloud server.
Optionally, the selecting, according to the asset value level of the original data resource, a target service node in the target server by using a pre-constructed performance calculation formula includes:
extracting a node performance index value of each service node in the target server according to a preset node performance index;
establishing a node performance matrix according to the node performance index value of each service node in the target server;
normalizing the node performance matrix by using a pre-constructed normalization formula to obtain a normalization performance matrix;
determining the weight of each service node performance index to the original data resource according to the cloud service request;
calculating the comprehensive performance value of each service node in the target server for the original data resource by using the weight, the normalization performance matrix and the performance calculation formula;
and selecting a target service node in the target server according to the comprehensive performance value of each service node in the target server to the original data resource by using a pre-constructed performance selection formula.
Optionally, the normalization formula is as follows:
Figure BDA0003675944720000031
wherein, P i,j Represents the j performance index parameter, Q, of the normalized i service node i,j A jth performance indicator parameter representing an unnormalized ith service node,
Figure BDA0003675944720000032
represents the minimum value of the j-th performance index,
Figure BDA0003675944720000033
the maximum value of the j-th performance index is shown.
Optionally, the performance selection formula is as follows:
R best =R i ,i=d
wherein R is best Representing said target service node, R i The comprehensive performance value of the ith service node is represented, and d represents the asset value grade.
Optionally, the cloud storage of the target computing data resource according to the asset value class to obtain a target storage data resource includes:
selecting a target API management and interaction interface from pre-constructed API management and interaction interfaces with different security levels according to the asset value level;
storing the target calculation data resource into a pre-constructed database by using the target API management and interaction interface to obtain a data resource to be encrypted;
selecting a target password protection standard according to the asset value grade, encrypting the data resource to be encrypted by using the target password protection standard, and carrying out remote backup on the encrypted data resource to be encrypted to obtain an encrypted data resource;
and selecting a target mirror image snapshot verification period according to the asset value grade, and performing regular mirror image verification on the encrypted data resource according to the target mirror image snapshot verification period to obtain the target stored data resource.
Optionally, the receiving an access request of a user to the target storage data resource, and performing identity verification on the user according to a request permission of the access request includes:
setting access control standards with different complexity degrees according to the preset potential threat degree;
determining the potential threat degree of the access request according to the request authority of the access request;
selecting target access control criteria among the access control criteria of different complexity levels using the potential threat level of the access request;
and carrying out identity verification on the access request according to the target access control standard.
Optionally, after the user is allowed to access the target storage data resource if the identity check passes, the method further includes:
generating an access log according to the access operation of the user;
judging whether the target storage data resource needs to be cleared or not;
if the target storage data resource needs to be cleared, clearing the target storage data resource;
and if the target storage data resource does not need to be cleared, continuing to periodically perform mirror image verification on the target storage data resource according to the target mirror image snapshot verification period, and completing the access request.
In order to solve the above problems, the present invention further provides a cloud service management artificial intelligence platform oriented to cloud computing and information security, where the artificial intelligence platform includes:
the asset value grade evaluation module is used for receiving a cloud service request sent by a user, and evaluating the value of original data resources of the user according to the cloud service request to obtain the asset value grade of the original data resources;
the target cloud server selection module is used for selecting a target cloud server from the pre-constructed server cluster according to the asset value grade of the original data resource;
the target service node selection module is used for selecting a target service node in the target server by utilizing a pre-constructed performance calculation formula according to the asset value grade of the original data resource;
the target storage data resource acquisition module is used for carrying out cloud computing on the original data resources by using the target service node to obtain target computing data resources, and carrying out cloud storage on the target computing data resources according to the asset value grade to obtain target storage data resources;
the user identity verification module is used for receiving an access request of a user to the target storage data resource and verifying the identity of the user according to the request permission of the access request; judging whether the identity verification passes; if the identity verification is not passed, rejecting the access request; and if the identity verification is passed, allowing the user to access the target storage data resource.
In order to solve the above problem, the present invention also provides an electronic device, including:
at least one processor; and (c) a second step of,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor to implement the cloud service management method for cloud computing and information security.
In order to solve the above problem, the present invention further provides a computer-readable storage medium, where at least one instruction is stored, and the at least one instruction is executed by a processor in an electronic device to implement the cloud service management method for cloud computing and information security.
Compared with the background art: according to the method, a cloud service provider does not mark different cloud service safety levels according to the importance degree of enterprise and public institution unit data applying for cloud service, so that the phenomena that cloud service resources are unreasonably distributed and a large amount of manpower and material resources are consumed are caused. Therefore, the cloud service management method, the artificial intelligence platform, the electronic device and the computer readable storage medium facing to cloud computing and information security can solve the problems that cloud service resources are unreasonably distributed and a large amount of manpower and material resources are consumed.
Drawings
Fig. 1 is a schematic flowchart of a cloud service management method for cloud computing and information security according to an embodiment of the present invention;
FIG. 2 is a schematic flow chart showing a detailed implementation of one of the steps in FIG. 1;
FIG. 3 is a schematic flow chart showing another step of FIG. 1;
fig. 4 is a functional block diagram of a cloud service management artificial intelligence platform for cloud computing and information security according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device implementing the cloud service management method for cloud computing and information security according to an embodiment of the present invention.
The objects, features and advantages of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The embodiment of the application provides a cloud service management method facing cloud computing and information security. The executing subject of the cloud service management method facing the cloud computing and the information security includes, but is not limited to, at least one of electronic devices such as a server and a terminal that can be configured to execute the method provided by the embodiment of the present application. In other words, the cloud service management method for cloud computing and information security may be performed by software or hardware installed in a terminal device or a server device. The server includes but is not limited to: a single server, a server cluster, a cloud server or a cloud server cluster, and the like.
Example 1:
fig. 1 is a schematic flow chart of a cloud service management method for cloud computing and information security according to an embodiment of the present invention. In this embodiment, the cloud service management method facing cloud computing and information security includes:
s1, receiving a cloud service request sent by a user, and performing value evaluation on original data resources of the user according to the cloud service request to obtain an asset value grade of the original data resources.
By interpretation, the cloud service request refers to cloud data processing requests such as cloud computing, cloud storage and the like initiated by enterprises or individuals. The original data resource refers to a data resource which is required by an enterprise or an individual to perform cloud processing, such as operation data and archive files inside the enterprise. Data resources of different enterprises or individuals have different values, and therefore value evaluation of the data resources is required. The asset value grade refers to the value grade of the data resource obtained after the data resource is subjected to value evaluation, and the more important the data resource is, the higher the asset value grade is.
In detail, referring to fig. 2, the evaluating the value of the raw data resource of the user according to the cloud service request to obtain the asset value level of the raw data resource includes:
s11, establishing a cloud data asset value evaluation table according to the credibility, confidentiality, integrity, availability and auditability dimension standards of the data resources;
s12, extracting credibility, confidentiality, integrity, availability and auditability of the original data resources according to the cloud service request;
s13, according to the cloud data asset value evaluation table, according to the credibility, confidentiality, integrity, availability and auditability of the original data resources, carrying out value evaluation on the original data resources to obtain the asset value grade of the original data resources.
Optionally, the cloud data asset value evaluation table may divide asset value levels of data resources into 5 levels, where the 5 th level may be that the original data resources may be made public to the outside, integrity, credibility, and auditability values are extremely low, and availability exceeds 99.9%; the 4 th level can be that the product can be disclosed in a specific internal environment, the integrity, the credibility and the auditability are low, the usability reaches 90%, and if the product is diffused to the outside, the diffusion hazard is controllable; the 3 rd level can be general confidentiality, integrity, credibility and verifiability, the availability exceeds 70%, and if the data is diffused to the outside, the local damage is controllable; the level 2 can be important confidentiality, integrity, credibility and higher value of auditability, the availability is over 25 percent, and if the level is diffused to the outside, serious harm is caused; level 1 can be extremely confidential, with extremely high integrity, trustworthiness and auditability values, with availability below 25%, which if spread to the outside would result in catastrophic loss.
And S2, selecting a target cloud server from the pre-constructed server cluster according to the asset value grade of the original data resource.
It is understood that different servers in the server cluster may be placed in different physical environments for operational protection.
In detail, referring to fig. 3, the selecting a target cloud server in a pre-built server cluster according to the asset value level of the raw data resource includes:
s21, acquiring the physical defense level of each server in the server cluster;
s22, according to the asset value grade of the original data resource, selecting a server with a corresponding physical defense grade from the server cluster to obtain the target cloud server.
In detail, the physical defense level refers to a protection degree level of a protection server, such as: different physical defense levels vary in physical location of the server, physical access control, theft and damage prevention, lightning protection, fire protection, moisture and water protection, static protection, temperature and humidity control, power supply, and electromagnetic protection. The physical access control refers to the identification and recording of personnel entering the environment where the server such as a server room is located. Different physical defense levels require different input of manpower, material resources and financial resources, so that dynamic setting can be performed according to the asset value level of the original data resource.
And S3, selecting a target service node in the target server by using a pre-constructed performance calculation formula according to the asset value grade of the original data resource.
In detail, the performance calculation formula represents a formula for calculating the comprehensive performance of the selected target service node in the target server, as follows:
Figure BDA0003675944720000071
wherein R is i Represents the integrated performance value of the ith service node, n represents the number of node performance indexes, m represents the number of service nodes, P i,j J-th performance indicator parameter, W, representing the ith service node j Representing the weight of the j-th performance parameter.
Explicably, the node performance index may be a CPU remaining utilization, a memory free capacity (RAM), a bandwidth free capacity (BW), and the like of the service node. Since the emphasis of security services such as encryption, decryption, signature, and authentication of cloud services will be different for different cloud service requests, a weight corresponding to each performance index may be given according to the type of the cloud service request, but the weight should be 1. For example: when the cloud service requests a heavy computing function, the importance of the CPU residual utilization rate is higher, so that the weight of the CPU residual utilization rate is higher; when the cloud service request is an in-chip storage function, the importance of the memory free amount is higher, and therefore the weight of the memory free amount is higher. The CPU residual utilization rate refers to the ratio of the remaining data processing capacity of the CPU to the total data processing capacity of the CPU.
In the embodiment of the present invention, selecting a target service node in the target server by using a pre-established performance calculation formula according to the asset value level of the original data resource includes:
extracting a node performance index value of each service node in the target server according to a preset node performance index;
establishing a node performance matrix according to the node performance index value of each service node in the target server;
normalizing the node performance matrix by using a pre-constructed normalization formula to obtain a normalization performance matrix;
determining the weight of each service node performance index to the original data resource according to the cloud service request;
calculating the comprehensive performance value of each service node in the target server for the original data resource by using the weight, the normalization performance matrix and the performance calculation formula;
and selecting a target service node in the target server according to the comprehensive performance value of each service node in the target server to the original data resource by using a pre-constructed performance selection formula.
It should be understood that the normalization process refers to normalizing the same performance indicators for each column. Since the numerical expression difference of each node performance index is large and there is no uniform measurement standard, the node performance index value of the service node needs to be normalized. Normalization means that the performance index values of different service nodes in each node performance index are mapped to [0,1 ]]An interval. For example: when the CPU residual utilization rate Q of the first service node 11 0.3, the CPU residual utilization rate Q of the second service node 21 0.2, the CPU residual utilization rate Q of the third service node 31 0,4, the fourth service node, and the CPU residual utilization rate Q 41 The CPU residual utilization rate Q of the fifth service node is 0.8 51 1, the CPU residual utilization rate P of the first normalized service node 11 1/8 of the CPU residual utilization rate P of the second service node 21 0, the CPU residual utilization rate P of the third service node 31 The CPU residual utilization rate P of the fourth service node is 2/8 41 The CPU residual utilization rate P of the fifth service node is 6/8 51 Is 1.
Explicably, different rows of the node performance matrix may represent performance indicators for different service nodes, and different columns may represent different performance indicators. When the number of the service nodes is 5 and the number of the performance indexes is 4, the node performance matrix is a matrix with 5 rows and 4 columns, for example: the node performance matrix may be as follows:
Figure BDA0003675944720000091
wherein Q is s Representing the node performance matrix, Q 11 First representing a first service nodeIndividual performance index value, Q nn And the nth performance index value of the nth service node is represented.
In the embodiment of the present invention, the normalization formula is as follows:
Figure BDA0003675944720000092
wherein, P i,j Represents the j performance index parameter, Q, of the normalized i service node i,j A jth performance indicator parameter representing an unnormalized ith service node,
Figure BDA0003675944720000093
represents the minimum value of the j-th performance index,
Figure BDA0003675944720000094
the maximum value of the j-th performance index is shown.
It should be appreciated that the normalized performance matrix may be as follows:
Figure BDA0003675944720000095
wherein, P s Representing said normalized performance matrix, P 11 Representing a first value of a performance index, P, of the normalized first service node nn And the n-th performance index value of the n-th service node after normalization is represented.
In the embodiment of the present invention, the performance selection formula is as follows:
R best =R i ,i=d
wherein R is best Represents the target serving node, R i The comprehensive performance value of the ith service node is represented, and d represents the asset value grade. For example: and when the asset value grade is d =2, selecting a service node with the second comprehensive performance index from the service nodes.
And S4, carrying out cloud computing on the original data resources by using the target service node to obtain target computing data resources, and carrying out cloud storage on the target computing data resources according to the asset value grade to obtain target storage data resources.
In an embodiment of the present invention, the cloud storage of the target computing data resource according to the asset value class to obtain a target storage data resource includes:
selecting a target API management and interaction interface from pre-constructed API management and interaction interfaces with different security levels according to the asset value level;
storing the target calculation data resource into a pre-constructed database by using the target API management and interaction interface to obtain a data resource to be encrypted;
selecting a target password protection standard according to the asset value grade, encrypting the data resource to be encrypted by using the target password protection standard, and carrying out remote backup on the encrypted data resource to be encrypted to obtain an encrypted data resource;
and selecting a target mirror image snapshot verification period according to the asset value grade, and performing regular mirror image verification on the encrypted data resource according to the target mirror image snapshot verification period to obtain the target stored data resource.
Explainably, the API management and interaction interfaces of different security levels have different security protection capabilities, such as: monitoring capabilities for interface data traffic, etc.
Understandably, the API management and interaction interfaces with different security levels, the target password protection standard and the data protection capability of the target mirror image snapshot verification period are different, and the consumed manpower and material resources are also different, so that a proper data protection level can be selected according to the asset value level.
Understandably, the target password protection standard can be determined by the password length, the password replacement period, the encryption mode and the like.
S5, receiving an access request of a user to the target storage data resource, and carrying out identity verification on the user according to the request permission of the access request.
In detail, the request permission of the access request may be different permissions of acquiring administrator permission, acquiring user permission, unauthorized access, reading data, and the like, and different request permissions have different potential threat degrees. Where the potential threat of acquiring administrator privileges is greatest.
In the embodiment of the present invention, the receiving an access request of a user to the target storage data resource, and performing identity verification on the user according to a request permission of the access request includes:
setting access control standards with different complexity degrees according to the preset potential threat degree;
determining the potential threat degree of the access request according to the request authority of the access request;
selecting a target access control standard from the access control standards of different complexity degrees by using the potential threat degree of the access request;
and carrying out identity verification on the access request according to the target access control standard.
It should be appreciated that the access control criteria may limit how strict a user may access the target storage data resource, such as: the complexity of the user password, whether the user's IP address needs to be determined, the details of the user's own profile needs to be provided, etc. Generally, the greater the potential threat level of the access request, the more stringent the required target access control criteria.
And S6, judging whether the identity verification passes.
And if the identity verification is not passed, executing S7 and rejecting the access request.
In the embodiment of the invention, after the access request is rejected, the real user of the target storage data resource, the cloud service provider and other personnel are automatically reminded, and the protection level is enhanced.
And if the identity verification is passed, executing S8, allowing the user to access the target storage data resource, and completing the cloud service management.
In this embodiment of the present invention, after allowing the user to access the target storage data resource if the identity check passes, the method further includes:
generating an access log according to the access operation of the user;
judging whether the target storage data resource needs to be cleared or not;
if the target storage data resource needs to be cleared, clearing the target storage data resource;
and if the target storage data resource does not need to be cleared, continuing to periodically perform mirror image verification on the target storage data resource according to the target mirror image snapshot verification period, and completing the access request.
Compared with the background art: according to the method, a cloud service provider does not mark different cloud service safety levels according to the importance degree of enterprise and public institution unit data applying for cloud service, so that the phenomena that cloud service resources are unreasonably distributed and a large amount of manpower and material resources are consumed are caused. Therefore, the cloud service management method, the artificial intelligence platform, the electronic device and the computer readable storage medium facing to cloud computing and information security can solve the problems that cloud service resources are unreasonably distributed and a large amount of manpower and material resources are consumed.
Example 2:
fig. 4 is a functional block diagram of a cloud service management artificial intelligence platform for cloud computing and information security according to an embodiment of the present invention.
The cloud service management artificial intelligence platform 100 for cloud computing and information security can be installed in electronic equipment. According to the realized functions, the cloud computing and information security oriented cloud service management artificial intelligence platform 100 may include an asset value grade evaluation module 101, a target cloud server selection module 102, a target service node selection module 103, a target storage data resource acquisition module 104, and a user identity verification module 105. The module of the present invention, which may also be referred to as a unit, refers to a series of computer program segments that can be executed by a processor of an electronic device and that can perform a fixed function, and that are stored in a memory of the electronic device.
The asset value grade evaluation module 101 is configured to receive a cloud service request sent by a user, and perform value evaluation on original data resources of the user according to the cloud service request to obtain an asset value grade of the original data resources;
the target cloud server selection module 102 is configured to select a target cloud server in a pre-constructed server cluster according to the asset value level of the original data resource;
the target service node selection module 103 is configured to select a target service node in the target server according to the asset value level of the original data resource by using a pre-established performance calculation formula;
the target storage data resource obtaining module 104 is configured to perform cloud computing on the original data resources by using the target service node to obtain target computing data resources, and perform cloud storage on the target computing data resources according to the asset value level to obtain target storage data resources;
the user identity verification module 105 is configured to receive an access request of a user to the target storage data resource, and perform identity verification on the user according to a request permission of the access request; judging whether the identity verification passes; if the identity verification is not passed, rejecting the access request; and if the identity verification is passed, allowing the user to access the target storage data resource.
In detail, when the modules in the cloud service management artificial intelligence platform 100 for cloud computing and information security in the embodiment of the present invention are used, the same technical means as the cloud service management method for cloud computing and information security in fig. 1 described above are adopted, and the same technical effects can be produced, which is not described herein again.
Example 3:
fig. 5 is a schematic structural diagram of an electronic device implementing a cloud service management method for cloud computing and information security according to an embodiment of the present invention.
The electronic device 1 may include a processor 10, a memory 11, a bus 12, and a communication interface 13, and may further include a computer program, such as a cloud service management program oriented to cloud computing and information security, stored in the memory 11 and executable on the processor 10.
The memory 11 includes at least one type of readable storage medium, which includes flash memory, removable hard disk, multimedia card, card-type memory (e.g., SD or DX memory, etc.), magnetic memory, magnetic disk, optical disk, etc. The memory 11 may in some embodiments be an internal storage unit of the electronic device 1, such as a removable hard disk of the electronic device 1. The memory 11 may also be an external storage device of the electronic device 1 in other embodiments, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the electronic device 1. Further, the memory 11 may also include both an internal storage unit and an external storage device of the electronic device 1. The memory 11 may be used not only to store application software installed in the electronic device 1 and various types of data, such as codes of a cloud service management program for cloud computing and information security, but also to temporarily store data that has been output or is to be output.
The processor 10 may be composed of an integrated circuit in some embodiments, for example, a single packaged integrated circuit, or may be composed of a plurality of integrated circuits packaged with the same or different functions, including one or more Central Processing Units (CPUs), microprocessors, digital Processing chips, graphics processors, and combinations of various control chips. The processor 10 is a Control Unit (Control Unit) of the electronic device, connects various components of the whole electronic device by using various interfaces and lines, and executes various functions and processes data of the electronic device 1 by running or executing programs or modules (e.g., cloud service management programs for cloud computing and information security, etc.) stored in the memory 11 and calling data stored in the memory 11.
The bus may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. The bus is arranged to enable connection communication between the memory 11 and at least one processor 10 or the like.
Fig. 5 only shows an electronic device with components, and it will be understood by a person skilled in the art that the structure shown in fig. 5 does not constitute a limitation of the electronic device 1, and may comprise fewer or more components than shown, or a combination of certain components, or a different arrangement of components.
For example, although not shown, the electronic device 1 may further include a power supply (such as a battery) for supplying power to the various components, and preferably, the power supply may be logically connected to the at least one processor 10 through a power management artificial intelligence platform, so that functions of charge management, discharge management, power consumption management and the like are realized through the power management artificial intelligence platform. The power supply may also include any component of one or more dc or ac power sources, recharging artificial intelligence platforms, power failure detection circuitry, power converters or inverters, power status indicators, and the like. The electronic device 1 may further include various sensors, a bluetooth module, a Wi-Fi module, and the like, which are not described herein again.
Further, the electronic device 1 may further include a network interface, and optionally, the network interface may include a wired interface and/or a wireless interface (such as a WI-FI interface, a bluetooth interface, etc.), which are generally used to establish a communication connection between the electronic device 1 and another electronic device.
Optionally, the electronic device 1 may further comprise a user interface, which may be a Display (Display), an input unit (such as a Keyboard), and optionally a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch device, or the like. The display, which may also be referred to as a display screen or display unit, is suitable for displaying information processed in the electronic device 1 and for displaying a visualized user interface, among other things.
It is to be understood that the described embodiments are for purposes of illustration only and that the scope of the appended claims is not limited to such structures.
The cloud service management program for cloud computing and information security stored in the memory 11 of the electronic device 1 is a combination of a plurality of instructions, and when running in the processor 10, can implement:
receiving a cloud service request sent by a user, and performing value evaluation on original data resources of the user according to the cloud service request to obtain an asset value grade of the original data resources;
selecting a target cloud server from a pre-constructed server cluster according to the asset value grade of the original data resource;
selecting a target service node in the target server by utilizing a pre-constructed performance calculation formula according to the asset value grade of the original data resource;
carrying out cloud computing on the original data resources by using the target service node to obtain target computing data resources, and carrying out cloud storage on the target computing data resources according to the asset value grade to obtain target storage data resources;
receiving an access request of a user to the target storage data resource, and carrying out identity verification on the user according to the request permission of the access request;
judging whether the identity verification passes;
if the identity verification is not passed, rejecting the access request;
and if the identity verification is passed, allowing the user to access the target storage data resource to complete the cloud service management.
Specifically, the specific implementation method of the processor 10 for the instruction may refer to the description of the relevant steps in the embodiments corresponding to fig. 1 to fig. 4, which is not repeated herein.
Further, the integrated modules/units of the electronic device 1, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. The computer readable storage medium may be volatile or non-volatile. For example, the computer-readable medium may include: any physical or artificial intelligence platform, recording medium, usb-disk, removable hard disk, magnetic disk, optical disk, computer Memory, read-Only Memory (ROM), capable of carrying said computer program code.
The present invention also provides a computer-readable storage medium, storing a computer program which, when executed by a processor of an electronic device, may implement:
receiving a cloud service request sent by a user, and performing value evaluation on original data resources of the user according to the cloud service request to obtain an asset value grade of the original data resources;
selecting a target cloud server from a pre-constructed server cluster according to the asset value grade of the original data resource;
selecting a target service node in the target server by utilizing a pre-constructed performance calculation formula according to the asset value grade of the original data resource;
carrying out cloud computing on the original data resources by using the target service node to obtain target computing data resources, and carrying out cloud storage on the target computing data resources according to the asset value grade to obtain target storage data resources;
receiving an access request of a user to the target storage data resource, and carrying out identity verification on the user according to the request permission of the access request;
judging whether the identity verification passes;
if the identity verification is not passed, rejecting the access request;
and if the identity verification is passed, allowing the user to access the target storage data resource to complete the cloud service management.
In the embodiments provided by the present invention, it should be understood that the disclosed apparatus, artificial intelligence platform and method can be implemented in other ways. For example, the above-described artificial intelligence platform embodiment is merely illustrative, and for example, the division of the modules is only one logical function division, and there may be other division ways in actual implementation.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional module.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof.
Finally, it should be noted that the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting, and although the present invention is described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention.

Claims (10)

1. A cloud service management method facing cloud computing and information security is characterized by comprising the following steps:
receiving a cloud service request sent by a user, and performing value evaluation on original data resources of the user according to the cloud service request to obtain an asset value grade of the original data resources;
selecting a target cloud server from a pre-constructed server cluster according to the asset value grade of the original data resource;
selecting a target service node in the target server by utilizing a pre-constructed performance calculation formula according to the asset value grade of the original data resource, wherein the performance calculation formula is as follows:
Figure FDA0003675944710000011
wherein R is i Represents the integrated performance value of the ith service node, n represents the number of performance indexes, m represents the number of service nodes, P i,j J-th performance indicator parameter, W, representing the ith service node j A weight representing the jth performance parameter;
carrying out cloud computing on the original data resources by using the target service node to obtain target computing data resources, and carrying out cloud storage on the target computing data resources according to the asset value grade to obtain target storage data resources;
receiving an access request of a user to the target storage data resource, and performing identity verification on the user according to the request permission of the access request;
judging whether the identity verification passes;
if the identity verification is not passed, rejecting the access request;
and if the identity verification is passed, allowing the user to access the target storage data resource to complete the cloud service management.
2. The cloud computing and information security oriented cloud service management method of claim 1, wherein the performing a value assessment on the user's raw data resources according to the cloud service request to obtain an asset value rating of the raw data resources comprises:
constructing a cloud data asset value evaluation table according to dimension standards of credibility, confidentiality, integrity, availability and auditability of data resources;
according to the cloud service request, extracting credibility, confidentiality, integrity, availability and auditability of the original data resource;
and according to the cloud data asset value evaluation table, evaluating the value of the original data resource according to the credibility, confidentiality, integrity, availability and auditability of the original data resource to obtain the asset value grade of the original data resource.
3. The cloud computing and information security oriented cloud service management method of claim 2, wherein the selecting a target cloud server in a pre-built server cluster according to the asset value level of the raw data resource comprises:
acquiring the physical defense level of each server in the server cluster;
and according to the asset value grade of the original data resource, selecting a server with a corresponding physical defense grade from the server cluster to obtain the target cloud server.
4. The cloud service management method oriented to cloud computing and information security of claim 3, wherein the selecting a target service node in the target server according to the asset value level of the original data resource by using a pre-constructed performance calculation formula comprises:
extracting a node performance index value of each service node in the target server according to a preset node performance index;
establishing a node performance matrix according to the node performance index value of each service node in the target server;
normalizing the node performance matrix by using a pre-constructed normalization formula to obtain a normalization performance matrix;
determining the weight of each service node performance index to the original data resource according to the cloud service request;
calculating the comprehensive performance value of each service node in the target server for the original data resource by using the weight, the normalization performance matrix and the performance calculation formula;
and selecting a target service node in the target server according to the comprehensive performance value of each service node in the target server to the original data resource by using a pre-constructed performance selection formula.
5. The cloud computing and information security oriented cloud service management method of claim 4, wherein the normalization formula is as follows:
Figure FDA0003675944710000021
wherein, P i,j Represents the j performance index parameter, Q, of the normalized i service node i,j A jth performance indicator parameter representing an unnormalized ith service node,
Figure FDA0003675944710000022
represents the minimum value of the j-th performance index,
Figure FDA0003675944710000023
the maximum value of the j-th performance index is shown.
6. The cloud computing and information security oriented cloud service management method of claim 4, wherein the performance selection formula is as follows:
R best =R i ,i=d
wherein R is best Representing said target service node, R i The comprehensive performance value of the ith service node is represented, and d represents the asset value grade.
7. The cloud service management method oriented to cloud computing and information security of claim 2, wherein the cloud storage of the target computing data resource according to the asset value class to obtain a target storage data resource comprises:
selecting a target API management and interaction interface from pre-constructed API management and interaction interfaces with different security levels according to the asset value level;
storing the target calculation data resource into a pre-constructed database by using the target API management and interaction interface to obtain a data resource to be encrypted;
selecting a target password protection standard according to the asset value grade, encrypting the data resource to be encrypted by using the target password protection standard, and carrying out remote backup on the encrypted data resource to be encrypted to obtain an encrypted data resource;
and selecting a target mirror image snapshot verification period according to the asset value grade, and performing regular mirror image verification on the encrypted data resource according to the target mirror image snapshot verification period to obtain the target stored data resource.
8. The cloud service management method oriented to cloud computing and information security of claim 1, wherein the receiving of the access request of the user to the target storage data resource and the identity verification of the user according to the request authority of the access request comprise:
setting access control standards with different complexity degrees according to the preset potential threat degree;
determining the potential threat degree of the access request according to the request authority of the access request;
selecting a target access control standard from the access control standards of different complexity degrees by using the potential threat degree of the access request;
and carrying out identity verification on the access request according to the target access control standard.
9. The cloud computing and information security oriented cloud service management method of claim 8, wherein after allowing the user to access the target storage data resource if the identity check passes, the method further comprises:
generating an access log according to the access operation of the user;
judging whether the target storage data resource needs to be cleared or not;
if the target storage data resource needs to be cleared, clearing the target storage data resource;
and if the target storage data resource does not need to be cleared, continuing to periodically perform mirror image verification on the target storage data resource according to the target mirror image snapshot verification period, and completing the access request.
10. A cloud computing and information security oriented cloud service management artificial intelligence platform, the artificial intelligence platform comprising:
the asset value grade evaluation module is used for receiving a cloud service request sent by a user, and evaluating the value of original data resources of the user according to the cloud service request to obtain the asset value grade of the original data resources;
the target cloud server selection module is used for selecting a target cloud server from the pre-constructed server cluster according to the asset value grade of the original data resource;
the target service node selection module is used for selecting a target service node in the target server by utilizing a pre-constructed performance calculation formula according to the asset value grade of the original data resource;
the target storage data resource acquisition module is used for carrying out cloud computing on the original data resources by using the target service node to obtain target computing data resources, and carrying out cloud storage on the target computing data resources according to the asset value grade to obtain target storage data resources;
the user identity verification module is used for receiving an access request of a user to the target storage data resource and verifying the identity of the user according to the request permission of the access request; judging whether the identity verification passes; if the identity verification is not passed, rejecting the access request; and if the identity verification is passed, allowing the user to access the target storage data resource.
CN202210624082.1A 2022-06-02 2022-06-02 Cloud service management method and artificial intelligent platform for cloud computing and information security Active CN115174148B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210624082.1A CN115174148B (en) 2022-06-02 2022-06-02 Cloud service management method and artificial intelligent platform for cloud computing and information security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210624082.1A CN115174148B (en) 2022-06-02 2022-06-02 Cloud service management method and artificial intelligent platform for cloud computing and information security

Publications (2)

Publication Number Publication Date
CN115174148A true CN115174148A (en) 2022-10-11
CN115174148B CN115174148B (en) 2023-11-24

Family

ID=83483653

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210624082.1A Active CN115174148B (en) 2022-06-02 2022-06-02 Cloud service management method and artificial intelligent platform for cloud computing and information security

Country Status (1)

Country Link
CN (1) CN115174148B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116579022A (en) * 2023-07-12 2023-08-11 嘉联支付有限公司 Data security privacy protection method based on cloud service
CN117040935A (en) * 2023-10-10 2023-11-10 睿至科技集团有限公司 Cloud computing-based node data security transmission method and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103532981A (en) * 2013-10-31 2014-01-22 中国科学院信息工程研究所 Identity escrow and authentication cloud resource access control system and method for multiple tenants
US20140317263A1 (en) * 2013-04-17 2014-10-23 International Business Machines Corporation Identity management in a networked computing environment
CN109242487A (en) * 2018-09-26 2019-01-18 石帅 A kind of value assessment method of internet block chain environment lower network domain name
CN110147915A (en) * 2018-02-11 2019-08-20 陕西爱尚物联科技有限公司 A kind of method and its system of resource distribution
CN112291232A (en) * 2020-10-27 2021-01-29 中国联合网络通信有限公司深圳市分公司 Safety capability and safety service chain management platform based on tenants

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140317263A1 (en) * 2013-04-17 2014-10-23 International Business Machines Corporation Identity management in a networked computing environment
CN103532981A (en) * 2013-10-31 2014-01-22 中国科学院信息工程研究所 Identity escrow and authentication cloud resource access control system and method for multiple tenants
CN110147915A (en) * 2018-02-11 2019-08-20 陕西爱尚物联科技有限公司 A kind of method and its system of resource distribution
CN109242487A (en) * 2018-09-26 2019-01-18 石帅 A kind of value assessment method of internet block chain environment lower network domain name
CN112291232A (en) * 2020-10-27 2021-01-29 中国联合网络通信有限公司深圳市分公司 Safety capability and safety service chain management platform based on tenants

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116579022A (en) * 2023-07-12 2023-08-11 嘉联支付有限公司 Data security privacy protection method based on cloud service
CN117040935A (en) * 2023-10-10 2023-11-10 睿至科技集团有限公司 Cloud computing-based node data security transmission method and system
CN117040935B (en) * 2023-10-10 2024-01-23 睿至科技集团有限公司 Cloud computing-based node data security transmission method and system

Also Published As

Publication number Publication date
CN115174148B (en) 2023-11-24

Similar Documents

Publication Publication Date Title
US11675915B2 (en) Protecting data based on a sensitivity level for the data
US10140453B1 (en) Vulnerability management using taxonomy-based normalization
CN115174148B (en) Cloud service management method and artificial intelligent platform for cloud computing and information security
US11301578B2 (en) Protecting data based on a sensitivity level for the data
US11386224B2 (en) Method and system for managing personal digital identifiers of a user in a plurality of data elements
US20200151351A1 (en) Verification of Privacy in a Shared Resource Environment
CN103414585A (en) Method and device for building safety baselines of service system
CN113364753B (en) Anti-crawler method and device, electronic equipment and computer readable storage medium
CN111552973A (en) Method and device for risk assessment of equipment, electronic equipment and medium
CN112446022A (en) Data authority control method and device, electronic equipment and storage medium
CN114186275A (en) Privacy protection method and device, computer equipment and storage medium
CN115081016A (en) Log desensitization method and device, electronic equipment and storage medium
CN114697132B (en) Method, device, equipment and storage medium for intercepting repeated access request attack
CN111030997A (en) Method and device for monitoring and filtering internal and external network flow, electronic equipment and storage medium
CN115571533A (en) Confidential archive storage management method, device, equipment and readable storage medium
CN113190200A (en) Exhibition data security protection method and device
CN115296901B (en) Rights management method based on artificial intelligence and related equipment
Bala Cloud computing and database security
CN117195297B (en) ERP-based data security and privacy protection system and method
Rajadorai et al. Data Protection and Data Privacy Act for BIG DATA Governance
CN112988888B (en) Key management method, device, electronic equipment and storage medium
CN116418580B (en) Data integrity protection detection method and device for local area network and electronic equipment
CN113343288B (en) Block chain intelligent contract security management system based on TEE
Gialinou et al. Study and analysis of a ‘disaster recovery’information system using cloud-computing technology
Deepa et al. Data Deduplication on Multi-domain Big Data to Overcome Communication Overheads

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20231102

Address after: Room 604, Building A, Changjiang New Village, Gulou District, Nanjing City, Jiangsu Province, 210000

Applicant after: YuWen Daojing

Address before: 518130 521, Mintai building, Minkang intersection, Minzhi street, Longhua New District, Shenzhen, Guangdong Province

Applicant before: Shenzhen zhongtiandi Network Communication Technology Co.,Ltd.

GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20231220

Address after: 520, 5th Floor, Building 3, No. 2 Binyu East Road, Tongzhou District, Beijing, 100000 RMB

Patentee after: Youlai (Beijing) Technology Co.,Ltd.

Address before: Room 604, Building A, Changjiang New Village, Gulou District, Nanjing City, Jiangsu Province, 210000

Patentee before: YuWen Daojing