CN115174148B - Cloud service management method and artificial intelligent platform for cloud computing and information security - Google Patents

Cloud service management method and artificial intelligent platform for cloud computing and information security Download PDF

Info

Publication number
CN115174148B
CN115174148B CN202210624082.1A CN202210624082A CN115174148B CN 115174148 B CN115174148 B CN 115174148B CN 202210624082 A CN202210624082 A CN 202210624082A CN 115174148 B CN115174148 B CN 115174148B
Authority
CN
China
Prior art keywords
target
cloud
data resource
performance
service node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210624082.1A
Other languages
Chinese (zh)
Other versions
CN115174148A (en
Inventor
梁燕铃
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Youlai (Beijing) Technology Co.,Ltd.
Original Assignee
Yuwen Daojing
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yuwen Daojing filed Critical Yuwen Daojing
Priority to CN202210624082.1A priority Critical patent/CN115174148B/en
Publication of CN115174148A publication Critical patent/CN115174148A/en
Application granted granted Critical
Publication of CN115174148B publication Critical patent/CN115174148B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Abstract

The invention relates to the technical field of cloud computing, and discloses a cloud service management method for cloud computing and information security, which comprises the following steps: performing value evaluation on the original data resources to obtain asset value grades, selecting a target cloud server according to the asset value grades, selecting a target service node by utilizing a performance calculation formula, performing cloud calculation on the original data resources to obtain target calculation data resources, performing cloud storage on the target calculation data resources to obtain target storage data resources, receiving an access request, performing identity verification according to request permission, judging whether the identity verification is passed or not, rejecting if not, and allowing access if so. The invention further provides a cloud service management artificial intelligent platform, electronic equipment and a computer readable storage medium for cloud computing and information security. The cloud service resource allocation method and the cloud service resource allocation system can solve the problems that cloud service resource allocation is unreasonable and a large amount of manpower and material resources are consumed.

Description

Cloud service management method and artificial intelligent platform for cloud computing and information security
Technical Field
The invention relates to the technical field of cloud computing, in particular to a cloud service management method, an artificial intelligent platform, electronic equipment and a computer readable storage medium for cloud computing and information security.
Background
With the development of cloud computing technology, more enterprises and public institutions begin to deploy cloud computing information systems, information data of cloud computing has the characteristics of information exchange modeling, data storage clustering and the like, and the cloud computing achieves full sharing of network computing resources.
At present, an enterprise and public institution can apply services such as cloud computing to a cloud service provider so as to realize functions such as cloud computing, cloud storage, cloud transmission and the like of data, but the cloud service provider does not divide different cloud service security levels according to the importance degree of enterprise and public institution data applying for cloud service, so that the cloud service resource allocation is unreasonable, and a large amount of manpower and material resources are consumed.
Disclosure of Invention
The invention provides a cloud service management method, an artificial intelligent platform and a computer readable storage medium for cloud computing and information security, and mainly aims to solve the problems that cloud service resources are unreasonably distributed and a large amount of manpower and material resources are consumed.
In order to achieve the above object, the present invention provides a cloud service management method for cloud computing and information security, including:
receiving a cloud service request sent by a user, and performing value evaluation on original data resources of the user according to the cloud service request to obtain asset value grades of the original data resources;
Selecting a target cloud server from a pre-constructed server cluster according to the asset value grade of the original data resource;
selecting a target service node in the target server by utilizing a pre-constructed performance calculation formula according to the asset value grade of the original data resource;
performing cloud computing on the original data resources by using the target service node to obtain target computing data resources, and performing cloud storage on the target computing data resources according to the asset value grade to obtain target storage data resources;
receiving an access request of a user to the target storage data resource, and performing identity verification on the user according to the request authority of the access request;
judging whether the identity verification is passed or not;
if the identity verification is not passed, rejecting the access request;
and if the identity verification is passed, allowing the user to access the target storage data resource, and completing the cloud service management.
Optionally, the evaluating the value of the original data resource of the user according to the cloud service request to obtain an asset value level of the original data resource includes:
Constructing a cloud data asset value evaluation table according to the credibility, confidentiality, integrity, availability and auditability dimension standard of the data resource;
extracting the credibility, confidentiality, integrity, availability and auditability of the original data resources according to the cloud service request;
and according to the cloud data asset value evaluation table, evaluating the value of the original data resource according to the credibility, confidentiality, integrity, availability and auditability of the original data resource, and obtaining the asset value grade of the original data resource.
Optionally, selecting a target cloud server from a pre-constructed server cluster according to the asset value level of the original data resource includes:
obtaining a physical defense level of each server in the server cluster;
and selecting a server with a corresponding physical defense level from the server cluster according to the asset value level of the original data resource to obtain the target cloud server.
Optionally, the selecting a target service node in the target server according to the asset value level of the original data resource by using a pre-constructed performance calculation formula includes:
Extracting a node performance index value of each service node in the target server according to a preset node performance index;
constructing a node performance matrix according to the node performance index value of each service node in the target server;
normalizing the node performance matrix by using a pre-constructed normalization formula to obtain a normalized performance matrix;
determining the weight of each service node performance index to the original data resource according to the cloud service request;
calculating the comprehensive performance value of each service node in the target server for the original data resource by using the weight, the normalized performance matrix and the performance calculation formula;
and selecting a target service node in the target server according to the comprehensive performance value of each service node in the target server for the original data resource by utilizing a pre-constructed performance selection formula.
Optionally, the normalization formula is as follows:
wherein P is i,j Representing normalized ith service sectionThe j-th performance index parameter of the point, Q i,j A j-th performance index parameter representing an unnormalized i-th service node,representing the minimum value of the j-th performance index,/- >The maximum value of the j-th performance index is represented.
Optionally, the performance selection formula is as follows:
R best =R i ,i=d
wherein R is best Representing the target service node, R i Representing the aggregate performance value of the ith service node and d representing the asset value level.
Optionally, the cloud storage of the target computing data resource according to the asset value level to obtain a target storage data resource includes:
selecting a target API management and interaction interface from the pre-constructed API management and interaction interfaces with different security levels according to the asset value level;
storing the target computing data resources into a pre-constructed database by using the target API management and interaction interface to obtain data resources to be encrypted;
selecting a target password protection standard according to the asset value grade, encrypting the data resources to be encrypted by using the target password protection standard, and carrying out remote backup on the encrypted data resources to be encrypted to obtain encrypted data resources;
and selecting a target image snapshot verification period according to the asset value grade, and performing regular image verification on the encrypted data resource according to the target image snapshot verification period to obtain the target storage data resource.
Optionally, the receiving the access request of the user to the target storage data resource, and performing identity verification on the user according to the request authority of the access request includes:
setting access control standards with different complexity degrees according to preset potential threat degrees;
determining the potential threat degree of the access request according to the request authority of the access request;
selecting a target access control standard from the access control standards with different complexity levels by utilizing the potential threat level of the access request;
and carrying out identity verification on the access request according to the target access control standard.
Optionally, after the user is allowed to access the target storage data resource if the identity verification passes, the method further includes:
generating an access log according to the access operation of the user;
judging whether the target storage data resource needs to be cleared or not;
if the target storage data resource needs to be cleared, clearing the target storage data resource;
and if the target storage data resource does not need to be cleared, continuing to regularly mirror and check the target storage data resource according to the target mirror snapshot check period, and completing the access request.
In order to solve the above problems, the present invention further provides a cloud service management artificial intelligence platform for cloud computing and information security, the artificial intelligence platform comprising:
the asset value grade evaluation module is used for receiving a cloud service request sent by a user, and evaluating the value of the original data resource of the user according to the cloud service request to obtain the asset value grade of the original data resource;
the target cloud server selection module is used for selecting a target cloud server from a pre-constructed server cluster according to the asset value grade of the original data resource;
the target service node selection module is used for selecting a target service node in the target server by utilizing a pre-constructed performance calculation formula according to the asset value grade of the original data resource;
the target storage data resource acquisition module is used for carrying out cloud computing on the original data resources by utilizing the target service node to obtain target computing data resources, and carrying out cloud storage on the target computing data resources according to the asset value grade to obtain target storage data resources;
the user identity verification module is used for receiving an access request of a user to the target storage data resource and verifying the identity of the user according to the request authority of the access request; judging whether the identity verification is passed or not; if the identity verification is not passed, rejecting the access request; and if the identity verification is passed, allowing the user to access the target storage data resource.
In order to solve the above-mentioned problems, the present invention also provides an electronic apparatus including:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to implement the cloud service management method for cloud computing and information security.
In order to solve the above problems, the present invention further provides a computer readable storage medium, in which at least one instruction is stored, the at least one instruction being executed by a processor in an electronic device to implement the cloud service management method for cloud computing and information security.
Compared with the background art, the method comprises the following steps: according to the embodiment of the invention, the asset value grade of the original data resource of the user is obtained by carrying out value evaluation on the original data resource of the user, so that the aim of carrying out data protection by adopting different protection grades according to the asset value grade can be fulfilled, firstly, a target cloud server can be selected according to the asset value grade, then, an optimal target service node is selected in the cloud server, and then, the target service node which is most suitable for the asset value grade can be calculated through the performance calculation formula, and then, the original data resource is cloud calculated and cloud stored by utilizing the target service node to obtain the target storage data resource. Therefore, the cloud service management method, the artificial intelligent platform, the electronic equipment and the computer readable storage medium for cloud computing and information security can solve the problems that cloud service resources are unreasonably distributed and a large amount of manpower and material resources are consumed.
Drawings
Fig. 1 is a schematic flow chart of a cloud service management method for cloud computing and information security according to an embodiment of the present application;
FIG. 2 is a detailed flow chart of one of the steps shown in FIG. 1;
FIG. 3 is a detailed flow chart of another step of FIG. 1;
FIG. 4 is a functional block diagram of an artificial intelligent platform for cloud service management for cloud computing and information security according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device for implementing the cloud service management method for cloud computing and information security according to an embodiment of the present application.
The achievement of the objects, functional features and advantages of the present application will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
The embodiment of the application provides a cloud service management method for cloud computing and information security. The execution main body of the cloud service management method facing the cloud computing and the information security comprises at least one of a server, a terminal and the like which can be configured to execute the method provided by the embodiment of the application. In other words, the cloud service management method facing the cloud computing and the information security may be performed by software or hardware installed in the terminal device or the server device. The service end includes but is not limited to: a single server, a server cluster, a cloud server or a cloud server cluster, and the like.
Example 1:
referring to fig. 1, a flow chart of a cloud service management method for cloud computing and information security according to an embodiment of the present invention is shown. In this embodiment, the cloud service management method facing to cloud computing and information security includes:
s1, receiving a cloud service request sent by a user, and performing value evaluation on original data resources of the user according to the cloud service request to obtain asset value grades of the original data resources.
The cloud service request can be interpreted to refer to cloud data processing requests such as cloud computing, cloud storage and the like initiated by enterprises or individuals. The original data resources refer to data resources, such as operation data and archive files inside an enterprise, which are required to be subjected to cloud processing by the enterprise or the individual. Data resources of different enterprises or individuals have different values, and thus, value evaluation of the data resources is required. The asset value grade refers to the value grade of the data resource obtained after the value evaluation of the data resource, and the more important the data resource is, the higher the asset value grade is.
In detail, referring to fig. 2, the evaluating the value of the original data resource of the user according to the cloud service request, to obtain the asset value level of the original data resource, includes:
S11, constructing a cloud data asset value evaluation table according to the dimension standards of credibility, confidentiality, integrity, availability and auditability of the data resources;
s12, extracting the credibility, confidentiality, integrity, availability and auditability of the original data resources according to the cloud service request;
and S13, performing value evaluation on the original data resources according to the credibility, confidentiality, integrity, availability and auditability of the original data resources according to the cloud data asset value evaluation table, and obtaining asset value grades of the original data resources.
Optionally, the cloud data asset value evaluation table may divide the asset value level of the data resource into 5 levels, where the 5 th level may be that the original data resource may be disclosed to the outside, and the integrity, the credibility and the auditability value are extremely low, and the availability is more than 99.9%; the 4 th level can be disclosed in a specific internal environment, the integrity, the credibility and the auditability value are low, the usability reaches 90 percent, and if the diffusion is carried out to the outside, the diffusion hazard is controllable; the 3 rd level can be general confidentiality, integrity, credibility and accessibility, the usability exceeds 70%, and if the information is diffused to the outside, the damage is locally controllable; the level 2 can be important confidentiality, integrity, credibility and high auditability value, the availability exceeds 25%, and serious harm is caused if the product is diffused to the outside; level 1 can be extremely important confidential, with extremely high values of integrity, trustworthiness, and auditability, availability below 25%, and catastrophic loss if disseminated to the outside world.
S2, selecting a target cloud server from the pre-constructed server cluster according to the asset value grade of the original data resource.
It is understood that different servers in the server cluster may be placed in different physical environments for operation protection.
In detail, referring to fig. 3, the selecting a target cloud server from a pre-constructed server cluster according to the asset value level of the original data resource includes:
s21, obtaining a physical defense level of each server in the server cluster;
s22, selecting servers with corresponding physical defense levels from the server clusters according to the asset value levels of the original data resources, and obtaining the target cloud server.
In detail, the physical defense level refers to a protection level of a protection server, for example: different physical defense levels are different for physical location, physical access control, theft and damage prevention, lightning strike prevention, fire prevention, water and moisture prevention, static electricity prevention, temperature and humidity control, power supply and electromagnetic protection degrees of the server. The physical access control refers to authentication and recording of personnel entering the server room and other environments where the server is located. Different physical defense levels require different manpower, material resources and financial resources, so that dynamic setting can be performed according to the asset value level of the original data resource.
S3, selecting a target service node in the target server by utilizing a pre-constructed performance calculation formula according to the asset value grade of the original data resource.
In detail, the performance calculation formula represents a formula for calculating the comprehensive performance of the selected target service node in the target server, as follows:
wherein R is i Represents the comprehensive performance value of the ith service node, n represents the node performance index number, m represents the number of service nodes and P i,j The j-th performance index parameter representing the i-th service node, W j The weight of the j-th performance parameter is represented.
The node performance index may be a CPU remaining utilization, a memory free amount (RAM), a bandwidth free amount (BW), etc. of the serving node. For different cloud service requests, the security services such as encryption, decryption, signature, authentication and the like of the cloud service have different emphasis, so that corresponding weight can be given to each performance index according to the category of the cloud service request, but the weight sum is 1. For example: when the cloud service requests a weight-bias calculation function, the importance of the residual utilization rate of the CPU is higher, so that the weight of the residual utilization rate of the CPU is higher; when the cloud service request is a storage function in a chip, the importance of the memory idle quantity is higher, so that the weight of the memory idle quantity is higher. The CPU residual utilization rate refers to the ratio of the remaining data processing capacity of the CPU to the total data processing capacity of the CPU.
In the embodiment of the present invention, the selecting, according to the asset value level of the original data resource, a target service node in the target server by using a pre-constructed performance calculation formula includes:
extracting a node performance index value of each service node in the target server according to a preset node performance index;
constructing a node performance matrix according to the node performance index value of each service node in the target server;
normalizing the node performance matrix by using a pre-constructed normalization formula to obtain a normalized performance matrix;
determining the weight of each service node performance index to the original data resource according to the cloud service request;
calculating the comprehensive performance value of each service node in the target server for the original data resource by using the weight, the normalized performance matrix and the performance calculation formula;
and selecting a target service node in the target server according to the comprehensive performance value of each service node in the target server for the original data resource by utilizing a pre-constructed performance selection formula.
It should be understood that the normalization refers to normalizing each column for the same performance index. Because the numerical expression of each node performance index has a large difference and has no unified measurement standard, the node performance index value of the service node needs to be normalized. Normalization refers to mapping the performance index value of different service nodes in the performance index of each node to [0,1 ] ]Interval. For example: when CPU residual utilization rate Q of first said service node 11 CPU remaining usage Q of 0.3, second said service node 21 CPU remainder for 0.2, third said service nodeResidual utilization rate Q 31 CPU remaining utilization Q of 0,4, fourth said service node 41 CPU remaining utilization Q of the fifth said service node of 0.8 51 1, the normalized CPU remaining utilization rate P of the first service node 11 CPU remaining usage P of 1/8, second said service node 21 CPU remaining usage P of 0, third said service node 31 CPU remaining usage P of 2/8, fourth said service node 41 CPU remaining usage P for 6/8, fifth said service node 51 1.
In an interpretable manner, different rows of the node performance matrix may represent performance metrics of different service nodes, and different columns may represent different performance metrics. When the number of service nodes is 5 and the performance index is 4, the node performance matrix is a matrix of 5 rows and 4 columns, for example: the node performance matrix may be as follows:
wherein Q is s Representing the node performance matrix, Q 11 A first performance index value, Q, representing a first service node nn An nth performance index value representing an nth service node.
In the embodiment of the present invention, the normalization formula is as follows:
wherein P is i,j The j-th performance index parameter of the i-th service node after normalization is represented, Q i,j A j-th performance index parameter representing an unnormalized i-th service node,representing the minimum value of the j-th performance index,/->The maximum value of the j-th performance index is represented.
It should be appreciated that the normalization performance matrix may be as follows:
wherein P is s Representing the normalized performance matrix, P 11 A first performance index value, P, representing a normalized first service node nn And the nth performance index value of the nth service node after normalization is represented.
In the embodiment of the present invention, the performance selection formula is as follows:
R best =R i ,i=d
wherein R is best Representing the target service node, R i Representing the aggregate performance value of the ith service node and d representing the asset value level. For example: and when the asset value grade is d=2, selecting a service node with a second comprehensive performance index row from the service nodes.
And S4, performing cloud computing on the original data resources by utilizing the target service node to obtain target computing data resources, and performing cloud storage on the target computing data resources according to the asset value grade to obtain target storage data resources.
In the embodiment of the present invention, cloud storage is performed on the target computing data resource according to the asset value level to obtain a target storage data resource, including:
selecting a target API management and interaction interface from the pre-constructed API management and interaction interfaces with different security levels according to the asset value level;
storing the target computing data resources into a pre-constructed database by using the target API management and interaction interface to obtain data resources to be encrypted;
selecting a target password protection standard according to the asset value grade, encrypting the data resources to be encrypted by using the target password protection standard, and carrying out remote backup on the encrypted data resources to be encrypted to obtain encrypted data resources;
and selecting a target image snapshot verification period according to the asset value grade, and performing regular image verification on the encrypted data resource according to the target image snapshot verification period to obtain the target storage data resource.
As can be explained, the API management and interaction interfaces of different security levels have different security protection capabilities, for example: monitoring capability for interface data traffic, etc.
It can be appreciated that the API management and interaction interfaces, the target password protection standard, and the data protection capability of the target image snapshot verification period of different security levels are different, and the consumed manpower and material resources will also be different, so that a suitable data protection level can be selected according to the asset value level.
It is understood that the target password protection criteria may be determined for password length, password replacement period, encryption mode, etc.
S5, receiving an access request of a user to the target storage data resource, and carrying out identity verification on the user according to the request authority of the access request.
In detail, the request authority of the access request can be different authorities such as acquiring administrator authorities, acquiring user authorities, unauthorized access, reading data and the like, and the different request authorities have different potential threat degrees. Wherein the potential threat level of acquiring administrator rights is greatest.
In the embodiment of the present invention, the receiving the access request of the user to the target storage data resource, and performing identity verification on the user according to the request authority of the access request includes:
setting access control standards with different complexity degrees according to preset potential threat degrees;
determining the potential threat degree of the access request according to the request authority of the access request;
selecting a target access control standard from the access control standards with different complexity levels by utilizing the potential threat level of the access request;
and carrying out identity verification on the access request according to the target access control standard.
It should be appreciated that the access control criteria may limit how tightly a user accesses the target storage data resource, such as: the complexity of the user password, whether the user's IP address needs to be determined, the details of the user's own profile needs to be provided, etc. Generally the greater the level of potential threat to the access request, the greater the level of stringency of the target access control criteria required.
S6, judging whether the identity verification is passed or not.
And if the identity verification is not passed, executing S7, and rejecting the access request.
In the embodiment of the invention, after the access request is refused, the real user of the target storage data resource, the cloud service provider and other personnel are automatically reminded, and the protection level is enhanced.
And if the identity verification is passed, executing S8, and allowing the user to access the target storage data resource to finish the cloud service management.
In the embodiment of the present invention, after the user is allowed to access the target storage data resource if the identity verification passes, the method further includes:
generating an access log according to the access operation of the user;
judging whether the target storage data resource needs to be cleared or not;
If the target storage data resource needs to be cleared, clearing the target storage data resource;
and if the target storage data resource does not need to be cleared, continuing to regularly mirror and check the target storage data resource according to the target mirror snapshot check period, and completing the access request.
Compared with the background art, the method comprises the following steps: according to the embodiment of the invention, the asset value grade of the original data resource of the user is obtained by carrying out value evaluation on the original data resource of the user, so that the aim of carrying out data protection by adopting different protection grades according to the asset value grade can be fulfilled, firstly, a target cloud server can be selected according to the asset value grade, then, an optimal target service node is selected in the cloud server, and then, the target service node which is most suitable for the asset value grade can be calculated through the performance calculation formula, and then, the original data resource is cloud calculated and cloud stored by utilizing the target service node to obtain the target storage data resource. Therefore, the cloud service management method, the artificial intelligent platform, the electronic equipment and the computer readable storage medium for cloud computing and information security can solve the problems that cloud service resources are unreasonably distributed and a large amount of manpower and material resources are consumed.
Example 2:
fig. 4 is a functional block diagram of an artificial intelligent platform for cloud service management for cloud computing and information security according to an embodiment of the present invention.
The cloud service management artificial intelligence platform 100 for cloud computing and information security can be installed in electronic equipment. Depending on the implementation function, the cloud service management artificial intelligence platform 100 facing to cloud computing and information security may include an asset value level evaluation module 101, a target cloud server selection module 102, a target service node selection module 103, a target storage data resource acquisition module 104, and a user identity verification module 105. The module of the invention, which may also be referred to as a unit, refers to a series of computer program segments, which are stored in the memory of the electronic device, capable of being executed by the processor of the electronic device and of performing a fixed function.
The asset value grade evaluation module 101 is configured to receive a cloud service request sent by a user, evaluate the value of an original data resource of the user according to the cloud service request, and obtain an asset value grade of the original data resource;
the target cloud server selection module 102 is configured to select a target cloud server from a pre-constructed server cluster according to the asset value level of the original data resource;
The target service node selection module 103 is configured to select a target service node in the target server according to the asset value level of the original data resource by using a pre-constructed performance calculation formula;
the target storage data resource obtaining module 104 is configured to perform cloud computing on the original data resource by using the target service node to obtain a target computing data resource, and perform cloud storage on the target computing data resource according to the asset value level to obtain a target storage data resource;
the user identity verification module 105 is configured to receive an access request of a user to the target storage data resource, and perform identity verification on the user according to a request authority of the access request; judging whether the identity verification is passed or not; if the identity verification is not passed, rejecting the access request; and if the identity verification is passed, allowing the user to access the target storage data resource.
In detail, the modules in the cloud service management artificial intelligent platform 100 for cloud computing and information security in the embodiment of the present invention use the same technical means as the cloud service management method for cloud computing and information security described in fig. 1, and can produce the same technical effects, which are not described herein.
Example 3:
fig. 5 is a schematic structural diagram of an electronic device for implementing a cloud service management method for cloud computing and information security according to an embodiment of the present invention.
The electronic device 1 may comprise a processor 10, a memory 11, a bus 12 and a communication interface 13, and may further comprise a computer program stored in the memory 11 and executable on the processor 10, such as a cloud service manager for cloud computing and information security.
The memory 11 includes at least one type of readable storage medium, including flash memory, a mobile hard disk, a multimedia card, a card memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, etc. The memory 11 may in some embodiments be an internal storage unit of the electronic device 1, such as a removable hard disk of the electronic device 1. The memory 11 may in other embodiments also be an external storage device of the electronic device 1, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like, which are provided on the electronic device 1. Further, the memory 11 may also include both an internal storage unit and an external storage device of the electronic device 1. The memory 11 may be used not only for storing application software installed in the electronic device 1 and various types of data, such as codes of cloud service management programs for cloud computing and information security, but also for temporarily storing data that has been output or is to be output.
The processor 10 may be comprised of integrated circuits in some embodiments, for example, a single packaged integrated circuit, or may be comprised of multiple integrated circuits packaged with the same or different functions, including one or more central processing units (Central Processing unit, CPU), microprocessors, digital processing chips, graphics processors, combinations of various control chips, and the like. The processor 10 is a Control Unit (Control Unit) of the electronic device, connects respective components of the entire electronic device using various interfaces and lines, executes or executes programs or modules (e.g., cloud service management program for cloud computing and information security, etc.) stored in the memory 11, and invokes data stored in the memory 11 to perform various functions of the electronic device 1 and process the data.
The bus may be a peripheral component interconnect standard (peripheral component interconnect, PCI) bus or an extended industry standard architecture (extended industry standard architecture, EISA) bus, among others. The bus may be classified as an address bus, a data bus, a control bus, etc. The bus is arranged to enable a connection communication between the memory 11 and at least one processor 10 etc.
Fig. 5 shows only an electronic device with components, it being understood by a person skilled in the art that the structure shown in fig. 5 does not constitute a limitation of the electronic device 1, and may comprise fewer or more components than shown, or may combine certain components, or may be arranged in different components.
For example, although not shown, the electronic device 1 may further include a power source (such as a battery) for powering the respective components, and the power source may be logically connected to the at least one processor 10 through a power management artificial intelligence platform, so as to perform functions of charge management, discharge management, and power consumption management through the power management artificial intelligence platform. The power supply may also include one or more of any components, such as a direct current or alternating current power supply, a recharging artificial intelligence platform, a power failure detection circuit, a power converter or inverter, a power status indicator, and the like. The electronic device 1 may further include various sensors, bluetooth modules, wi-Fi modules, etc., which will not be described herein.
Further, the electronic device 1 may also comprise a network interface, optionally the network interface may comprise a wired interface and/or a wireless interface (e.g. WI-FI interface, bluetooth interface, etc.), typically used for establishing a communication connection between the electronic device 1 and other electronic devices.
The electronic device 1 may optionally further comprise a user interface, which may be a Display, an input unit, such as a Keyboard (Keyboard), or a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch, or the like. The display may also be referred to as a display screen or display unit, as appropriate, for displaying information processed in the electronic device 1 and for displaying a visual user interface.
It should be understood that the embodiments described are for illustrative purposes only and are not limited to this configuration in the scope of the patent application.
The cloud service management program for cloud computing and information security stored in the memory 11 of the electronic device 1 is a combination of a plurality of instructions, and when running in the processor 10, it can be implemented:
receiving a cloud service request sent by a user, and performing value evaluation on original data resources of the user according to the cloud service request to obtain asset value grades of the original data resources;
Selecting a target cloud server from a pre-constructed server cluster according to the asset value grade of the original data resource;
selecting a target service node in the target server by utilizing a pre-constructed performance calculation formula according to the asset value grade of the original data resource;
performing cloud computing on the original data resources by using the target service node to obtain target computing data resources, and performing cloud storage on the target computing data resources according to the asset value grade to obtain target storage data resources;
receiving an access request of a user to the target storage data resource, and performing identity verification on the user according to the request authority of the access request;
judging whether the identity verification is passed or not;
if the identity verification is not passed, rejecting the access request;
and if the identity verification is passed, allowing the user to access the target storage data resource, and completing the cloud service management.
Specifically, the specific implementation method of the above instruction by the processor 10 may refer to descriptions of related steps in the corresponding embodiments of fig. 1 to 4, which are not repeated herein.
Further, the modules/units integrated in the electronic device 1 may be stored in a computer readable storage medium if implemented in the form of software functional units and sold or used as separate products. The computer readable storage medium may be volatile or nonvolatile. For example, the computer readable medium may include: any entity or artificial intelligence platform, recording medium, USB flash disk, removable hard disk, magnetic disk, optical disk, computer Memory, read-Only Memory (ROM) capable of carrying the computer program code.
The present invention also provides a computer readable storage medium storing a computer program which, when executed by a processor of an electronic device, can implement:
receiving a cloud service request sent by a user, and performing value evaluation on original data resources of the user according to the cloud service request to obtain asset value grades of the original data resources;
selecting a target cloud server from a pre-constructed server cluster according to the asset value grade of the original data resource;
selecting a target service node in the target server by utilizing a pre-constructed performance calculation formula according to the asset value grade of the original data resource;
performing cloud computing on the original data resources by using the target service node to obtain target computing data resources, and performing cloud storage on the target computing data resources according to the asset value grade to obtain target storage data resources;
receiving an access request of a user to the target storage data resource, and performing identity verification on the user according to the request authority of the access request;
judging whether the identity verification is passed or not;
If the identity verification is not passed, rejecting the access request;
and if the identity verification is passed, allowing the user to access the target storage data resource, and completing the cloud service management.
In several embodiments provided by the present invention, it should be understood that the disclosed apparatus, artificial intelligence platform and method may be implemented in other ways. For example, the artificial intelligence platform embodiments described above are merely illustrative, e.g., the division of the modules is merely a logical functional division, and there may be additional divisions when actually implemented.
The modules described as separate components may or may not be physically separate, and components shown as modules may or may not be physical units, may be located in one place, or may be distributed over multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional module in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units can be realized in a form of hardware or a form of hardware and a form of software functional modules.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof.
Finally, it should be noted that the above-mentioned embodiments are merely for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications and equivalents may be made to the technical solution of the present invention without departing from the spirit and scope of the technical solution of the present invention.

Claims (8)

1. A cloud service management method for cloud computing and information security, the method comprising:
receiving a cloud service request sent by a user, and constructing a cloud data asset value evaluation table according to the credibility, confidentiality, integrity, availability and dimension standards of the data resource; extracting the credibility, confidentiality, integrity, availability and auditability of the original data resources according to the cloud service request; according to the cloud data asset value evaluation table, performing value evaluation on the original data resource according to the credibility, confidentiality, integrity, availability and auditability of the original data resource to obtain an asset value grade of the original data resource;
Obtaining a physical defense level of each server in a server cluster; selecting a server with a corresponding physical defense level from the server cluster according to the asset value level of the original data resource to obtain a target cloud server;
and selecting a target service node in the target cloud server by utilizing a pre-constructed performance calculation formula according to the asset value grade of the original data resource, wherein the performance calculation formula is as follows:
wherein,representing the integrated performance value of the ith service node, for example>Representing the number of performance indicators>Representing the number of service nodes>A j-th performance index parameter representing the normalized i-th service node,/th performance index parameter representing the normalized i-th service node>Representing the j-th performance parameterWeights of (2);
performing cloud computing on the original data resources by using the target service node to obtain target computing data resources, and performing cloud storage on the target computing data resources according to the asset value grade to obtain target storage data resources;
receiving an access request of a user to the target storage data resource, and performing identity verification on the user according to the request authority of the access request;
judging whether the identity verification is passed or not;
If the identity verification is not passed, rejecting the access request;
and if the identity verification is passed, allowing the user to access the target storage data resource, and completing the cloud service management.
2. The cloud service management method for cloud computing and information security according to claim 1, wherein said selecting a target service node in said target cloud server using a pre-constructed performance computing formula according to an asset value level of said raw data resource comprises:
extracting a node performance index value of each service node in the target cloud server according to a preset node performance index;
constructing a node performance matrix according to the node performance index value of each service node in the target cloud server;
normalizing the node performance matrix by using a pre-constructed normalization formula to obtain a normalized performance matrix;
determining the weight of each service node performance index to the original data resource according to the cloud service request;
calculating the comprehensive performance value of each service node in the target cloud server for the original data resource by using the weight, the normalized performance matrix and the performance calculation formula;
And selecting a target service node in the target cloud server according to the comprehensive performance value of each service node in the target cloud server for the original data resource by using the pre-constructed performance selection formula.
3. The cloud service management method for cloud computing and information security according to claim 2, wherein the normalization formula is as follows:
wherein,a j-th performance index parameter representing the normalized i-th service node,/th performance index parameter representing the normalized i-th service node>A j-th performance index parameter representing an unnormalized i-th service node,/th performance index parameter>Representing the minimum value of the j-th performance index,/->The maximum value of the j-th performance index is represented.
4. The cloud service management method for cloud computing and information security as claimed in claim 3, wherein said performance selection formula is as follows:
wherein,representing said target service node->Representation ofThe comprehensive performance value of the ith service node, d, represents the asset value level.
5. The cloud service management method for cloud computing and information security according to claim 4, wherein said performing cloud storage on said target computing data resource according to said asset value level to obtain a target storage data resource comprises:
Selecting a target API management and interaction interface from the pre-constructed API management and interaction interfaces with different security levels according to the asset value level;
storing the target computing data resources into a pre-constructed database by using the target API management and interaction interface to obtain data resources to be encrypted;
selecting a target password protection standard according to the asset value grade, encrypting the data resources to be encrypted by using the target password protection standard, and carrying out remote backup on the encrypted data resources to be encrypted to obtain encrypted data resources;
and selecting a target image snapshot verification period according to the asset value grade, and performing regular image verification on the encrypted data resource according to the target image snapshot verification period to obtain the target storage data resource.
6. The cloud service management method for cloud computing and information security according to claim 5, wherein said receiving an access request from a user to said target storage data resource, and performing identity verification on said user according to a request authority of said access request, comprises:
setting access control standards with different complexity degrees according to preset potential threat degrees;
Determining the potential threat degree of the access request according to the request authority of the access request;
selecting a target access control standard from the access control standards with different complexity levels by utilizing the potential threat level of the access request;
and carrying out identity verification on the access request according to the target access control standard.
7. The cloud service management method for cloud computing and information security as claimed in claim 6, wherein said method further comprises, after said allowing said user to access said target storage data resource if said identity verification passes:
generating an access log according to the access operation of the user;
judging whether the target storage data resource needs to be cleared or not;
if the target storage data resource needs to be cleared, clearing the target storage data resource;
and if the target storage data resource does not need to be cleared, continuing to regularly mirror and check the target storage data resource according to the target mirror snapshot check period, and completing the access request.
8. A cloud service management artificial intelligence platform for cloud computing and information security, for performing the cloud service management method for cloud computing and information security of claim 1, the artificial intelligence platform comprising:
The asset value grade evaluation module is used for receiving a cloud service request sent by a user, and evaluating the value of the original data resource of the user according to the cloud service request to obtain the asset value grade of the original data resource;
the target cloud server selection module is used for selecting a target cloud server from a pre-constructed server cluster according to the asset value grade of the original data resource;
the target service node selection module is used for selecting a target service node in the target cloud server by utilizing a pre-constructed performance calculation formula according to the asset value grade of the original data resource;
the target storage data resource acquisition module is used for carrying out cloud computing on the original data resources by utilizing the target service node to obtain target computing data resources, and carrying out cloud storage on the target computing data resources according to the asset value grade to obtain target storage data resources;
the user identity verification module is used for receiving an access request of a user to the target storage data resource and verifying the identity of the user according to the request authority of the access request; judging whether the identity verification is passed or not; if the identity verification is not passed, rejecting the access request; and if the identity verification is passed, allowing the user to access the target storage data resource.
CN202210624082.1A 2022-06-02 2022-06-02 Cloud service management method and artificial intelligent platform for cloud computing and information security Active CN115174148B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210624082.1A CN115174148B (en) 2022-06-02 2022-06-02 Cloud service management method and artificial intelligent platform for cloud computing and information security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210624082.1A CN115174148B (en) 2022-06-02 2022-06-02 Cloud service management method and artificial intelligent platform for cloud computing and information security

Publications (2)

Publication Number Publication Date
CN115174148A CN115174148A (en) 2022-10-11
CN115174148B true CN115174148B (en) 2023-11-24

Family

ID=83483653

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210624082.1A Active CN115174148B (en) 2022-06-02 2022-06-02 Cloud service management method and artificial intelligent platform for cloud computing and information security

Country Status (1)

Country Link
CN (1) CN115174148B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116579022A (en) * 2023-07-12 2023-08-11 嘉联支付有限公司 Data security privacy protection method based on cloud service
CN117040935B (en) * 2023-10-10 2024-01-23 睿至科技集团有限公司 Cloud computing-based node data security transmission method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103532981A (en) * 2013-10-31 2014-01-22 中国科学院信息工程研究所 Identity escrow and authentication cloud resource access control system and method for multiple tenants
CN109242487A (en) * 2018-09-26 2019-01-18 石帅 A kind of value assessment method of internet block chain environment lower network domain name
CN110147915A (en) * 2018-02-11 2019-08-20 陕西爱尚物联科技有限公司 A kind of method and its system of resource distribution
CN112291232A (en) * 2020-10-27 2021-01-29 中国联合网络通信有限公司深圳市分公司 Safety capability and safety service chain management platform based on tenants

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9413833B2 (en) * 2013-04-17 2016-08-09 International Business Machines Corporation Identity management in a networked computing environment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103532981A (en) * 2013-10-31 2014-01-22 中国科学院信息工程研究所 Identity escrow and authentication cloud resource access control system and method for multiple tenants
CN110147915A (en) * 2018-02-11 2019-08-20 陕西爱尚物联科技有限公司 A kind of method and its system of resource distribution
CN109242487A (en) * 2018-09-26 2019-01-18 石帅 A kind of value assessment method of internet block chain environment lower network domain name
CN112291232A (en) * 2020-10-27 2021-01-29 中国联合网络通信有限公司深圳市分公司 Safety capability and safety service chain management platform based on tenants

Also Published As

Publication number Publication date
CN115174148A (en) 2022-10-11

Similar Documents

Publication Publication Date Title
CN115174148B (en) Cloud service management method and artificial intelligent platform for cloud computing and information security
US11675915B2 (en) Protecting data based on a sensitivity level for the data
US11301578B2 (en) Protecting data based on a sensitivity level for the data
CN113364753B (en) Anti-crawler method and device, electronic equipment and computer readable storage medium
CN114238959A (en) User access behavior evaluation method and system based on zero-trust security system
CN112084486A (en) User information verification method and device, electronic equipment and storage medium
CN112446022A (en) Data authority control method and device, electronic equipment and storage medium
CN116910816B (en) Multiparty asset collaborative management method and device for improving privacy protection
Wang et al. Verification of data redundancy in cloud storage
CN114697132B (en) Method, device, equipment and storage medium for intercepting repeated access request attack
CN115119197B (en) Wireless network risk analysis method, device, equipment and medium based on big data
CN114237517A (en) File decentralized storage method and device
CN113722200A (en) Cloud management-based multi-level audit management method, device and system
CN113360575A (en) Method, device, equipment and storage medium for supervising transaction data in alliance chain
CN115221136A (en) Log tamper-proof verification system, method and device and computer equipment
CN112597490A (en) Security threat arrangement response method and device, electronic equipment and readable storage medium
CN112257078A (en) Block chain encryption and decryption service security trusted system based on TEE technology
CN115296901B (en) Rights management method based on artificial intelligence and related equipment
CN116418580B (en) Data integrity protection detection method and device for local area network and electronic equipment
CN117032906B (en) Agricultural product basic data resource pool management method and system
CN113343288B (en) Block chain intelligent contract security management system based on TEE
CN116707835B (en) Method and system for realizing patient information interaction based on blockchain
CN114978766B (en) Privacy security protection method, device, equipment and medium based on big data
US11455391B2 (en) Data leakage and misuse detection
CN117640203A (en) Power grid information safety protection method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20231102

Address after: Room 604, Building A, Changjiang New Village, Gulou District, Nanjing City, Jiangsu Province, 210000

Applicant after: YuWen Daojing

Address before: 518130 521, Mintai building, Minkang intersection, Minzhi street, Longhua New District, Shenzhen, Guangdong Province

Applicant before: Shenzhen zhongtiandi Network Communication Technology Co.,Ltd.

GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20231220

Address after: 520, 5th Floor, Building 3, No. 2 Binyu East Road, Tongzhou District, Beijing, 100000 RMB

Patentee after: Youlai (Beijing) Technology Co.,Ltd.

Address before: Room 604, Building A, Changjiang New Village, Gulou District, Nanjing City, Jiangsu Province, 210000

Patentee before: YuWen Daojing