CN115694946A - IDV cloud terminal security management and resource scheduling system and method - Google Patents
IDV cloud terminal security management and resource scheduling system and method Download PDFInfo
- Publication number
- CN115694946A CN115694946A CN202211315794.1A CN202211315794A CN115694946A CN 115694946 A CN115694946 A CN 115694946A CN 202211315794 A CN202211315794 A CN 202211315794A CN 115694946 A CN115694946 A CN 115694946A
- Authority
- CN
- China
- Prior art keywords
- cloud
- idv
- cloud desktop
- terminal
- desktop
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Debugging And Monitoring (AREA)
Abstract
An IDV cloud terminal safety management and resource scheduling system is characterized by comprising an IDV cloud terminal and an IDV cloud desktop server; the IDV cloud terminal comprises a cloud terminal monitoring module, and the IDV cloud desktop server comprises a cloud desktop security management module and a cloud desktop operation management module; the method comprises the following steps: step 1, carrying out initial security binding on the IDV cloud terminal through a cloud desktop operation management module; step 2, starting and operating a cloud desktop security management module on the IDV cloud desktop server; step 3, starting and operating the IDV cloud terminal monitoring module; step 4, the cloud terminal monitoring module sends IDV cloud desktop information to the cloud desktop security management module, and the cloud terminal monitoring module performs specific operation; the method has the characteristics of high safety and intelligent resource allocation.
Description
Technical Field
The invention belongs to the technical field of cloud terminals, and particularly relates to an IDV cloud terminal security management and resource scheduling system and method.
Background
All information and data of existing cloud desktop data users are concentrated in the cloud, documents and data are stored in a data center, unified entrance authentication and firewall are equipped, a shackle of third party security authentication is supported, and then the security of platform data is guaranteed under the control of mobile cloud online management, but units or user groups with high relative confidentiality have risks of secret leakage virus attack in the use process of local terminal equipment, and at present, the risks only depend on third party antivirus software and defense of the system.
Disclosure of Invention
In order to overcome the defects of the prior art, the invention aims to provide an IDV cloud terminal security management and resource scheduling system and method, which have the characteristics of high security and intelligent resource allocation.
In order to achieve the purpose, the invention adopts the technical scheme that: an IDV cloud terminal security management system and a resource scheduling system comprise an IDV cloud terminal and an IDV cloud desktop server; the IDV cloud terminal comprises a cloud terminal monitoring module, and the IDV cloud desktop server comprises a cloud desktop security management module and a cloud desktop operation management module;
the cloud terminal monitoring module is used for monitoring the operation safety state of the cloud terminal in real time according to the system load condition
The cloud desktop operation management module is used for completing the creation of a cloud desktop and providing remote connection access capability to the outside;
the cloud desktop security management module dynamically monitors and analyzes the security state of each desktop in the cloud server and provides resource allocation capability.
A method for utilizing an IDV cloud terminal security management and resource scheduling system comprises the following steps:
step 1, the IDV cloud terminal performs initial security binding through a cloud desktop operation management module: an IDV cloud desktop created by an administrator for a user on an IDV cloud desktop server is bound to an IDV cloud terminal, namely the IDV cloud desktop is downloaded to the IDV cloud terminal which is logged in by the user for the first time in a mirror mode and is operated for the user to use;
step 2, starting and operating a cloud desktop security management module on the IDV cloud desktop server, wherein the cloud desktop security management module provides information reported by a decryption terminal and divides the security level of the terminal; the security levels include: safety, low risk and high risk; after IDV cloud desktop information is received, the state of a registry is analyzed, the number occupation condition of processes is analyzed, whether abnormal operation of the processes exists or not and abnormal behaviors of peripheral operating equipment are analyzed, and the safety state of the IDV cloud desktop is comprehensively judged;
step 3, the IDV cloud terminal starts and operates a cloud terminal monitoring module, and sends the environmental information, the network bandwidth rate, the abnormal load of the CPU, the process information in operation and the state value of the registry of the cloud desktop in real time according to the system load condition;
step 4, the cloud terminal monitoring module sends IDV cloud desktop information to the cloud desktop security management module, and the cloud terminal monitoring module waits for receiving a command returned by the cloud desktop security management module and then performs the following operations:
safety: the cloud desktop security state allows the use of serial port equipment, an optical drive, parallel port equipment, a floppy drive, an infrared interface, bluetooth, a printer, a USB flash disk, an external hard disk and network card equipment;
low risk: killing abnormal processes, managing and controlling abnormal software, and forbidding serial port equipment, optical drives, parallel port equipment, floppy drives, infrared interfaces, bluetooth, printers, USB flash disks, external hard disks and network card equipment to notify an administrator by mails aiming at specific entry operations;
high risk: and immediately cutting off the IDV cloud desktop network, ensuring that other IDV cloud desktops in the area are not infected, storing data in use, performing shutdown operation on the high-risk IDV cloud desktop, and sending high-risk alarm information to an administrator.
Step 2, comprehensively judging the safety state of the IDV cloud desktop, wherein the specific judging method comprises the following steps:
step 21, reading the process information, if the process is found not in the system security process list, immediately notifying the cloud terminal to output information such as a PID number, a name and an executable image of the process, or giving an alarm to a user through sound, waiting for the user to process, and in the waiting process, terminating scheduling the process until the user responds, namely releasing the process or killing the process;
step 22, if the process behaviors and the information are found to be in the high-risk process list, immediately sending a high-risk instruction to the terminal;
step 23, sending a safety instruction if no abnormal condition exists;
and 24, sending low-risk instructions and related equipment management and control instructions by unsafe software and abnormal reader user disk sensitive data.
The information collecting module in the step 3 specifically comprises the following operation steps:
step 1, collecting information of running processes in a system in real time in the process scheduling process;
step 2, collecting registry information of the cloud desktop;
and 3, collecting the activity information of the external hardware.
The invention has the beneficial effects that:
1) Initial security binding of the IDV cloud terminal: the IDV cloud desktop created for a certain user is bound to a certain host at first and operates, namely, the cloud desktop mirror image is downloaded to a cloud terminal where the user logs in for the first time and operates for the user to use.
2) Security management module started and operated on cloud desktop server
3) And the cloud terminal operation monitoring module monitors the operation safety state of the cloud terminal in real time according to the system load condition and reports the state to the server safety management module. If the cloud terminal is operated off-line (namely, the cloud terminal is disconnected from the server network abnormally), the bottom system of the cloud terminal can process the instruction by itself.
4) After the cloud desktop server receives the encrypted data and analyzes the encrypted data, whether the state of the desktop is safe or not can be dynamically analyzed
5) The safe state allows the use of serial port equipment, CD-ROM, parallel port equipment, floppy drive, infrared interface, bluetooth, printer, U disk, external hard disk, network card and other equipment
6) And if the state is not safe, the use of external equipment and network equipment is limited. And killing the abnormal malicious process until the state is recovered, and informing an administrator of the processed flow information through an alarm. And performing data storage and shutdown operation on the cloud desktop which is still in the high-risk level in the state lasting for three periods, and sending an alarm message for real-time processing by an administrator.
7) The operating environment of the cloud desktop is dynamically monitored, the use of external resources (serial port equipment, an optical drive, parallel port equipment, a floppy drive, an infrared interface, bluetooth, a printer, a U disk, an external hard disk, a network card and other equipment) by the cloud desktop is controlled in real time, the high secret use of the cloud desktop is ensured, and abnormal monitoring and timely alarming are realized.
According to the interactive safety management system for the cloud server and the local terminal, the running state of the cloud terminal is dynamically monitored, different instructions are started according to the state of the cloud terminal, and the safety of the desktop environment of a user is ensured.
Drawings
FIG. 1 is a schematic block diagram of the system of the present invention.
FIG. 2 is a flow chart of the method of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples.
An IDV cloud terminal safety management and resource scheduling system is characterized by comprising an IDV cloud terminal and an IDV cloud desktop server; the IDV cloud terminal comprises a cloud terminal monitoring module, and the IDV cloud desktop server comprises a cloud desktop security management module and a cloud desktop operation management module;
the cloud terminal monitoring module is used for monitoring the operation safety state of the cloud terminal in real time according to the system load condition
The cloud desktop operation management module is used for completing the establishment of a cloud desktop and providing remote connection access capability to the outside;
the cloud desktop security management module dynamically monitors and analyzes the security state of each desktop in the cloud server and provides resource allocation capability.
A method for utilizing an IDV cloud terminal security management and resource scheduling system comprises the following steps:
step 1, the IDV cloud terminal performs initial security binding through a cloud desktop operation management module: an IDV cloud desktop created by an administrator for a user on an IDV cloud desktop server is bound to an IDV cloud terminal, namely the IDV cloud desktop is downloaded to the IDV cloud terminal which is logged in by the user for the first time in a mirror mode and is operated for the user to use;
step 2, starting and operating a cloud desktop security management module on the IDV cloud desktop server, wherein the cloud desktop security management module provides information reported by a decryption terminal and divides the security level of the terminal; the security levels include: safety, low risk and high risk; after IDV cloud desktop information is received, the state of a registry is analyzed, the number occupation condition of processes is analyzed, whether abnormal operation of the processes exists or not and abnormal behaviors of peripheral operating equipment are analyzed, and the safety state of the IDV cloud desktop is comprehensively judged;
step 3, the IDV cloud terminal starts and operates a cloud terminal monitoring module, and sends the environmental information, the network bandwidth rate, the cpu abnormal load, the process information in operation and the registry state value of the cloud desktop in real time according to the system load condition;
step 4, the cloud terminal monitoring module sends IDV cloud desktop information to the cloud desktop security management module, and the cloud terminal monitoring module waits for receiving a command returned by the cloud desktop security management module and then performs the following operations:
safety: the cloud desktop security state allows the use of serial port equipment, an optical drive, parallel port equipment, a floppy drive, an infrared interface, bluetooth, a printer, a USB flash disk, an external hard disk and network card equipment;
low risk: killing abnormal processes, managing and controlling abnormal software, and forbidding serial devices, optical drives, parallel devices, floppy drives, infrared interfaces, bluetooth, printers, U disks, external hard disks and network card devices to notify an administrator of mails aiming at specific entry operations;
high risk: immediately cutting off the IDV cloud desktop network to ensure that other IDV cloud desktops in the area are not infected, storing data in use, shutting down the high-risk IDV cloud desktop, and sending high-risk alarm information to an administrator
Step 2, comprehensively judging the safety state of the desktop, wherein the specific judging method is as follows:
step 21, reading process information, if the process is found not in the system security process list, immediately informing the cloud terminal to output information such as a PID (proportion integration differentiation) number, a name and an executable image of the process, or giving an alarm to a user through sound, waiting for the user to process, and in the waiting process, terminating scheduling the process until the user responds (releases the process or kills the process);
step 22, if the process behaviors and the information are found to be in the high-risk process list, immediately sending a high-risk instruction to the terminal;
step 23, sending a safety instruction if no abnormal condition exists;
and 24, sending low-risk instructions and related equipment management and control instructions by unsafe software and abnormal reader user disk sensitive data.
The information collecting module in step 3 specifically comprises the following operation steps:
step 1, collecting information of running processes in a system in real time in a process scheduling process;
step 2, collecting registry information of the cloud desktop;
and 3, collecting the activity information of the external hardware.
Examples
Taking high risk as an example, 1) the administrator creates a user01 and an IDV cloud desktop named as desk in a cloud desktop operation management module of the IDV cloud desktop server, and opens an IDV cloud desktop terminal cached by the IDV cloud desktop
2) Cloud desktop security management module for starting and running in IDV cloud desktop server
3) The cloud terminal monitoring module on the IDV cloud terminal acquires the current IDV cloud desktop system process information, system log information, peripheral operation information and disk network activity information
4) The method comprises the steps that a cloud terminal monitoring module on an IDV cloud terminal sends IDV cloud desktop information to a cloud desktop safety management module, the safety management module finds that a high-risk process exists by comparing received process information, immediately judges that the safety state of the terminal is high-risk, sends an encryption message to the cloud terminal monitoring module, and sends an IDV cloud terminal high-risk notification to a system administrator;
and the cloud terminal monitoring module receives the message, decrypts the message, finds the high-risk state (three periods) of the IDV cloud desktop at the moment, immediately changes the cloud desktop operation command, closes the cloud desktop network, and finally closes the cloud desktop to wait for the confirmation and the reset operation of the administrator.
Interpretation of terms: compared with a VDI cloud desktop, the IDV cloud desktop has the advantages that the computing resources of the IDV are local, better video experience can be provided, the capabilities of 3D operation, peripheral compatibility and the like can be better supported, and the IDV cloud desktop can continue to operate when a network is interrupted. However, the operation needs to be performed by binding the desktop, and if the terminal is replaced, the mirror image and the personal desktop data need to be downloaded from the server again, so that the personal cloud desktop can be reused.
All resources for operating the cloud desktop are on a VDI desktop server, and any terminal can use the personal desktop as long as the terminal can be connected with the server.
Claims (4)
1. An IDV cloud terminal safety management and resource scheduling system is characterized by comprising an IDV cloud terminal and an IDV cloud desktop server; the IDV cloud terminal comprises a cloud terminal monitoring module, and the IDV cloud desktop server comprises a cloud desktop security management module and a cloud desktop operation management module;
the cloud terminal monitoring module is used for monitoring the operation safety state of the cloud terminal in real time according to the system load condition
The cloud desktop operation management module is used for completing the creation of a cloud desktop and providing remote connection access capability to the outside;
the cloud desktop security management module dynamically monitors and analyzes the security state of each desktop in the cloud server and provides resource allocation capacity.
2. A method for utilizing an IDV cloud terminal security management and resource scheduling system is characterized by comprising the following steps:
step 1, carrying out initial security binding on the IDV cloud terminal through a cloud desktop operation management module: an IDV cloud desktop created by an administrator for a user on an IDV cloud desktop server is bound to an IDV cloud terminal, namely the IDV cloud desktop is downloaded to the IDV cloud terminal which is logged in by the user for the first time in a mirror mode and is operated for the user to use;
step 2, starting and operating a cloud desktop security management module on the IDV cloud desktop server, wherein the cloud desktop security management module provides information reported by a decryption terminal and divides the security level of the terminal; the security levels include: safety, low risk, high risk; after receiving IDV cloud desktop information, analyzing the state of a registry, analyzing the number occupation condition of processes, whether abnormal operation of the processes exists or not, and abnormal behaviors of peripheral operating equipment, and comprehensively judging the safety state of the IDV cloud desktop;
step 3, the IDV cloud terminal starts and operates a cloud terminal monitoring module, and sends the environmental information of the cloud desktop, the network bandwidth rate, the abnormal load of the CPU, the process information in operation and the state value of the registry in real time according to the system load condition;
step 4, the cloud terminal monitoring module sends IDV cloud desktop information to the cloud desktop security management module, and the cloud terminal monitoring module waits for receiving a command returned by the cloud desktop security management module and then performs the following operations:
safety: the cloud desktop security state allows the use of serial port equipment, an optical drive, parallel port equipment, a floppy drive, an infrared interface, bluetooth, a printer, a USB flash disk, an external hard disk and network card equipment;
low risk: killing abnormal processes, managing and controlling abnormal software, and forbidding serial devices, optical drives, parallel devices, floppy drives, infrared interfaces, bluetooth, printers, U disks, external hard disks and network card devices to notify an administrator of mails aiming at specific entry operations;
high risk: and immediately cutting off the IDV cloud desktop network, ensuring that other IDV cloud desktops in the area are not infected, storing data in use, performing shutdown operation on the high-risk IDV cloud desktop, and sending high-risk alarm information to an administrator.
3. The method for utilizing the IDV cloud terminal security management and resource scheduling system according to claim 2, wherein the step 2 of comprehensively determining the security status of the IDV cloud desktop specifically comprises the following steps:
step 21, reading the process information, if the process is found not in the system security process list, immediately informing the cloud terminal to output the PID number, the name and the executable image information of the process, or giving an alarm to a user through sound, waiting for the user to process, and in the waiting process, terminating scheduling the process until the user responds, i.e. releasing the process or killing the process;
step 22, if the process behaviors and the information are found to be in the high-risk process list, immediately sending a high-risk instruction to the terminal;
step 23, sending a safety instruction if no abnormal condition exists;
and 24, sending low-risk instructions and related equipment management and control instructions by unsafe software and abnormal reader user disk sensitive data.
4. The method as claimed in claim 2, wherein the information collecting module in step 3 specifically comprises the following steps:
step 1, collecting information of running processes in a system in real time in the process scheduling process;
step 2, collecting registry information of the cloud desktop;
and 3, collecting the activity information of the external hardware.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211315794.1A CN115694946A (en) | 2022-10-26 | 2022-10-26 | IDV cloud terminal security management and resource scheduling system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211315794.1A CN115694946A (en) | 2022-10-26 | 2022-10-26 | IDV cloud terminal security management and resource scheduling system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115694946A true CN115694946A (en) | 2023-02-03 |
Family
ID=85099591
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211315794.1A Pending CN115694946A (en) | 2022-10-26 | 2022-10-26 | IDV cloud terminal security management and resource scheduling system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115694946A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116702121A (en) * | 2023-08-01 | 2023-09-05 | 南京云玑信息科技有限公司 | Method for enhancing access control security in cloud desktop scene |
-
2022
- 2022-10-26 CN CN202211315794.1A patent/CN115694946A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116702121A (en) * | 2023-08-01 | 2023-09-05 | 南京云玑信息科技有限公司 | Method for enhancing access control security in cloud desktop scene |
| CN116702121B (en) * | 2023-08-01 | 2023-10-03 | 南京云玑信息科技有限公司 | Method for enhancing access control security in cloud desktop scene |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6756933B2 (en) | Systems and methods for detecting malicious computing events | |
| CN109873803B (en) | Permission control method and device of application program, storage medium and computer equipment | |
| AU2016369460B2 (en) | Dual memory introspection for securing multiple network endpoints | |
| US10133866B1 (en) | System and method for triggering analysis of an object for malware in response to modification of that object | |
| CN104662517B (en) | Security Vulnerability Detection | |
| US10944720B2 (en) | Methods and systems for network security | |
| US9805204B1 (en) | Systems and methods for determining that files found on client devices comprise sensitive information | |
| US10735468B1 (en) | Systems and methods for evaluating security services | |
| JP6139028B2 (en) | System and method for instructing application updates | |
| US20190108333A1 (en) | Systems and methods for monitoring bait to protect users from security threats | |
| US10547531B2 (en) | Systems and methods for enforcing data loss prevention policies | |
| JP7144544B2 (en) | System and method for controlling access to peripheral devices | |
| CN115694946A (en) | IDV cloud terminal security management and resource scheduling system and method | |
| CN110505246B (en) | Client network communication detection method, device and storage medium | |
| CN114707144A (en) | Virtual machine escape behavior detection method and device | |
| CN115118481B (en) | Host information acquisition method, device, equipment and medium | |
| US11743346B2 (en) | Detection device, detection method, and detection program | |
| CN115086081A (en) | Escape prevention method and system for honeypots | |
| CN114362980A (en) | Protocol hang login account identification method and device, computer equipment and storage medium | |
| US10579795B1 (en) | Systems and methods for terminating a computer process blocking user access to a computing device | |
| KR102547869B1 (en) | The method and apparatus for detecting malware using decoy sandbox | |
| CN114884993B (en) | Virtualized android system for enhancing data security | |
| WO2020220842A1 (en) | Application control method, terminal and computer readable storage medium | |
| CN116010961A (en) | Cloud device, terminal device and cloud computer system | |
| CN115618335A (en) | Attack defense method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |