CN116775235A - Scheduling method and device of security engine and electronic equipment - Google Patents
Scheduling method and device of security engine and electronic equipment Download PDFInfo
- Publication number
- CN116775235A CN116775235A CN202210239540.XA CN202210239540A CN116775235A CN 116775235 A CN116775235 A CN 116775235A CN 202210239540 A CN202210239540 A CN 202210239540A CN 116775235 A CN116775235 A CN 116775235A
- Authority
- CN
- China
- Prior art keywords
- target task
- security engine
- security
- task
- development
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 52
- 238000011161 development Methods 0.000 claims abstract description 148
- 238000012544 monitoring process Methods 0.000 claims description 42
- 230000003068 static effect Effects 0.000 claims description 15
- 230000002452 interceptive effect Effects 0.000 claims description 12
- 238000012423 maintenance Methods 0.000 claims description 12
- 230000004083 survival effect Effects 0.000 claims description 12
- 238000012545 processing Methods 0.000 claims description 10
- 238000004590 computer program Methods 0.000 claims description 4
- 230000000694 effects Effects 0.000 abstract description 14
- 238000001514 detection method Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 5
- 238000011156 evaluation Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 238000010606 normalization Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 238000010276 construction Methods 0.000 description 1
- 238000013079 data visualisation Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 239000000523 sample Substances 0.000 description 1
- 239000000725 suspension Substances 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/48—Program initiating; Program switching, e.g. by interrupt
- G06F9/4806—Task transfer initiation or dispatching
- G06F9/4843—Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
- G06F9/4881—Scheduling strategies for dispatcher, e.g. round robin, multi-level priority queues
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a scheduling method and device of a security engine and electronic equipment, and relates to the technical field of security, wherein the method comprises the following steps: acquiring a target task from a task set, and determining a development link corresponding to the target task, wherein the development link is a development link in the SDL development of a safe development life cycle; determining a security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of SDL development and at least one type of security engine and the development link corresponding to the target task; and calling a security engine corresponding to the target task to perform security scanning on the target task. The embodiment of the invention can improve the effect of safety scanning.
Description
Technical Field
The present invention relates to the field of security technologies, and in particular, to a method and an apparatus for scheduling a security engine, and an electronic device.
Background
The security hole threatens the security of network information, provides a multiplicable machine for malicious attackers, and along with the development of network technology, the security hole is increasingly outstanding, so that the privacy security of people can be jeopardized, and the property security of people can be jeopardized. Currently, a security engine is generally adopted to scan static codes to eliminate security holes, and the security scanning effect is poor.
Disclosure of Invention
The embodiment of the invention provides a scheduling method and device of a security engine and electronic equipment, and aims to solve the problem that the security engine is adopted to scan static codes to eliminate security holes and the effect of security scanning is poor.
In order to solve the technical problems, the invention is realized as follows:
in a first aspect, an embodiment of the present invention provides a method for scheduling a security engine, where the method includes:
acquiring a target task from a task set, and determining a development link corresponding to the target task, wherein the development link is a development link in the SDL development of a safe development life cycle;
determining a security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of SDL development and at least one type of security engine and the development link corresponding to the target task;
and calling a security engine corresponding to the target task to perform security scanning on the target task.
Optionally, before the invoking the security engine corresponding to the target task to perform security scanning on the target task, the method further includes:
sending heartbeat information to each security engine of the at least one class of security engines to determine whether the each security engine is in a surviving state;
the step of calling the security engine corresponding to the target task to perform security scanning on the target task comprises the following steps:
and under the condition that the security engine corresponding to the target task is in a survival state, invoking the security engine corresponding to the target task to perform security scanning on the target task.
Optionally, the invoking the security engine corresponding to the target task to perform security scanning on the target task includes:
determining whether the security engine corresponding to the target task is in an available state according to CPU (central processing unit) use information, memory use information and network state information of the security engine corresponding to the target task;
and under the condition that the security engine corresponding to the target task is in an available state, invoking the security engine corresponding to the target task to perform security scanning on the target task.
Optionally, the determining the security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of the SDL development and at least one type of security engine and the development link corresponding to the target task includes:
determining a type of security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of SDL development and at least one type of security engine and the development link corresponding to the target task;
and determining the security engine corresponding to the target task from the security engines corresponding to the target task based on the development language corresponding to the target task.
Optionally, the acquiring the target task from the task set includes:
constructing a project set, wherein the project set comprises a plurality of projects, and each project corresponds to a task set;
and acquiring a target task positioned at the first position of a stack queue from a task set of a task management queue, wherein the task management queue stores task sets corresponding to the plurality of items.
Optionally, after the invoking the security engine corresponding to the target task performs security scanning on the target task, the method further includes:
acquiring a security scanning result of the target task;
and storing the association relation between the security scanning result of the target task and the item corresponding to the target task.
Optionally, the at least one development link includes: static code monitoring link, interactive dynamic safety monitoring link and operation and maintenance safety monitoring link.
In a second aspect, an embodiment of the present invention provides a scheduling apparatus for a security engine, where the apparatus includes:
the first acquisition module is used for acquiring a target task from a task set and determining a development link corresponding to the target task, wherein the development link is a development link in the SDL development of a safe development life cycle;
the determining module is used for determining the security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of the SDL development and at least one type of security engine and the development link corresponding to the target task;
and the calling module is used for calling the security engine corresponding to the target task to perform security scanning on the target task.
Optionally, the apparatus further includes:
the sending module is used for sending heartbeat information to each security engine in the at least one type of security engines so as to determine whether each security engine is in a survival state or not;
the calling module is specifically configured to:
and under the condition that the security engine corresponding to the target task is in a survival state, invoking the security engine corresponding to the target task to perform security scanning on the target task.
Optionally, the calling module is specifically configured to:
determining whether the security engine corresponding to the target task is in an available state according to CPU (central processing unit) use information, memory use information and network state information of the security engine corresponding to the target task;
and under the condition that the security engine corresponding to the target task is in an available state, invoking the security engine corresponding to the target task to perform security scanning on the target task.
Optionally, the determining module is specifically configured to:
determining a type of security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of SDL development and at least one type of security engine and the development link corresponding to the target task;
and determining the security engine corresponding to the target task from the security engines corresponding to the target task based on the development language corresponding to the target task.
Optionally, the first obtaining module is specifically configured to:
constructing a project set, wherein the project set comprises a plurality of projects, and each project corresponds to a task set;
and acquiring a target task positioned at the first position of a stack queue from a task set of a task management queue, wherein the task management queue stores task sets corresponding to the plurality of items.
Optionally, the apparatus further includes:
the second acquisition module is used for acquiring a security scanning result of the target task;
and the storage module is used for storing the association relation between the security scanning result of the target task and the item corresponding to the target task.
Optionally, the at least one development link includes: static code monitoring link, interactive dynamic safety monitoring link and operation and maintenance safety monitoring link.
In a third aspect, an embodiment of the present invention provides an electronic device, including: a processor, a memory, and a program stored on the memory and executable on the processor, which when executed by the processor, implements the steps of the security engine scheduling method of the first aspect.
In a fourth aspect, an embodiment of the present invention provides a computer readable storage medium, where a computer program is stored, where the computer program when executed by a processor implements the steps of the scheduling method of the security engine according to the first aspect.
In the embodiment of the invention, a target task is acquired from a task set, and a development link corresponding to the target task is determined, wherein the development link is a development link in the SDL development of a safe development life cycle; determining a security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of SDL development and at least one type of security engine and the development link corresponding to the target task; and calling a security engine corresponding to the target task to perform security scanning on the target task. Thus, each development link of SDL development can be safely scanned, and the effect of safety scanning can be improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments of the present invention will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort to a person of ordinary skill in the art.
FIG. 1 is one of the flowcharts of a method for scheduling security engines according to an embodiment of the present invention;
FIG. 2 is a second flowchart of a method for scheduling a security engine according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a scheduling apparatus of a security engine according to an embodiment of the present invention;
FIG. 4 is a second schematic diagram of a scheduling apparatus of a security engine according to an embodiment of the present invention;
FIG. 5 is a third schematic diagram of a scheduling apparatus of a security engine according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In the embodiment of the invention, a scheduling method and device of a security engine and electronic equipment are provided, so as to solve the problem that the security engine is adopted to scan static codes to eliminate security holes and the effect of security scanning is poor.
Referring to fig. 1, fig. 1 is a flowchart of a scheduling method of a security engine according to an embodiment of the present invention, and fig. 1 shows that the method includes the following steps:
step 101, acquiring a target task from a task set, and determining a development link corresponding to the target task, wherein the development link is a development link in the SDL development of a safe development life cycle.
The task set may include a plurality of tasks, and the plurality of tasks may be security scanning tasks. The development link can be a static code monitoring link, an interactive dynamic safety monitoring link or an operation and maintenance safety monitoring link, and the like. The plurality of tasks may belong to different development links in the development of a secure development lifecycle (Security Development Lifecycle, SDL).
Step 102, determining a security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of SDL development and at least one type of security engine and the development link corresponding to the target task.
Each development link may correspond to a type of security engine, and taking the at least one development link including a static code monitoring link, an interactive dynamic security monitoring link and an operation and maintenance security monitoring link as an example, where the at least one type of security engine includes a type of security engine corresponding to the static code monitoring link, a type of security engine corresponding to the interactive dynamic security monitoring link, and a type of security engine corresponding to the operation and maintenance security monitoring link.
The determining the security engine corresponding to the target task according to the one-to-one correspondence between the at least one development link of the SDL development and the at least one type of security engine and the development link corresponding to the target task may include: determining a type of security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of SDL development and at least one type of security engine and the development link corresponding to the target task; determining a security engine corresponding to the target task from a class of security engines corresponding to the target task based on a development language corresponding to the target task; or may include: determining a type of security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of SDL development and at least one type of security engine and the development link corresponding to the target task; selecting a security engine in a survival state from security engines corresponding to the target task as the security engine corresponding to the target task, or selecting a security engine in an available state from security engines corresponding to the target task as the security engine corresponding to the target task, or selecting a security engine in a survival state and in an available state from security engines corresponding to the target task as the security engine corresponding to the target task; or may include: determining a type of security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of SDL development and at least one type of security engine and the development link corresponding to the target task, and randomly selecting one security engine from the type of security engines corresponding to the target task as the security engine corresponding to the target task; etc., the present embodiment is not limited thereto.
And 103, invoking a security engine corresponding to the target task to perform security scanning on the target task.
As a specific embodiment, as shown in fig. 2, for each development project, one development project corresponds to one task set, where tasks in the task set are security scanning tasks, the tasks relate to respective processes of project evaluation, network access evaluation and operation monitoring, and each task in the task set is managed in a centralized manner in a security task platform layer by task types. The security task platform layer issues a task instruction to the intelligent scheduling module, wherein the task instruction carries a task ID of a task; the intelligent scheduling module sends a task ID to the security engine management module, and the security engine management module carries out result feedback which comprises an allocated security engine; the intelligent scheduling module monitors a network control message protocol (Internet Control Message Protocol, ICMP) of each security engine and acquires feedback of a result of the ICMP monitoring; and in the case that the ICMP monitoring result of the distributed security engine is fed back to be alive and the distributed security engine is in an available state, the intelligent scheduling module schedules the distributed security engine to perform security scanning on the task.
In the embodiment of the invention, a security engine intelligent scheduling mode based on development security is adopted, task set management is integrated, task queue management is tested, task queue management is deleted, task queue management is suspended, load balance monitoring, task issuing and security analysis data visualization capabilities are adopted; the intelligent scheduling method for the safety engine based on development safety is an engine scheduling algorithm suitable for SDL development safety, covers a self-evaluation stage of SDL development safety, a network access evaluation stage and an operation safety evaluation stage, and the technology can be used for extracting parameters for receiving tasks in multiple frequencies in the stages, performing task allocation according to engine load information acquired by the technology, and performing data visual analysis by integrating scanning results.
In the embodiment of the invention, a target task is acquired from a task set, and a development link corresponding to the target task is determined, wherein the development link is a development link in the SDL development of a safe development life cycle; determining a security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of SDL development and at least one type of security engine and the development link corresponding to the target task; and calling a security engine corresponding to the target task to perform security scanning on the target task. Thus, each development link of SDL development can be safely scanned, and the effect of safety scanning can be improved.
Optionally, before the invoking the security engine corresponding to the target task to perform security scanning on the target task, the method further includes:
sending heartbeat information to each security engine of the at least one class of security engines to determine whether the each security engine is in a surviving state;
the step of calling the security engine corresponding to the target task to perform security scanning on the target task comprises the following steps:
and under the condition that the security engine corresponding to the target task is in a survival state, invoking the security engine corresponding to the target task to perform security scanning on the target task.
The heartbeat information may be an ICMP probe message. The security engine returns feedback information of heartbeat information in the active state, wherein the feedback information can comprise: IP address (ipinfoID), MAC address (macID), device type (device type), CPU information (CPU info) and memory information (meminfo). When feedback information of the heartbeat information is received within a preset time after the heartbeat information is sent, the security engine is considered to be in a survival state; when feedback information of the heartbeat information is not received within a preset time period after the heartbeat information is sent, the security engine is considered to be in a non-survival state, the preset time period can be 5s,30s, or 2min, and the like, and the embodiment is not limited to the above.
In this embodiment, when the security engine corresponding to the target task is in the surviving state, the security engine corresponding to the target task is called to perform security scanning on the target task, so that the security engine in the non-surviving state is prevented from being scheduled to execute the security scanning task.
Optionally, the invoking the security engine corresponding to the target task to perform security scanning on the target task includes:
determining whether the security engine corresponding to the target task is in an available state according to CPU (central processing unit) use information, memory use information and network state information of the security engine corresponding to the target task;
and under the condition that the security engine corresponding to the target task is in an available state, invoking the security engine corresponding to the target task to perform security scanning on the target task.
The security engine is in an available state, and can be considered to be idle and can execute security scanning tasks. The central processing unit (Central processing unit, CPU) usage information may include CPU utilization and/or CPU availability, the memory usage information may include memory usage and/or memory residuals, the network status information may include packet loss rate, and/or network speed, etc. may be information characterizing network status.
In one embodiment, a weight value, that is, a first weight value, a second weight value, and a third weight value, may be set for the CPU usage information, the memory usage information, and the network status information, respectively, and the CPU usage information is multiplied by the first weight value to obtain a first result, the memory usage information is multiplied by the second weight value to obtain a second result, the network status information is multiplied by the third weight value to obtain a third result, and the first result, the second result, and the third result are added to obtain a final result, and whether the security engine is in an available state is determined based on the final result. The security engine can be determined to be in an available state when the final result is greater than a first preset value; alternatively, it may be determined that the security engine is in an available state when the final result is less than a second preset value. Taking the example that the CPU usage information includes a CPU usage rate, the memory usage information includes a memory usage amount, and the network status information includes a packet loss rate, it may be determined that the security engine is in an available state when the final result is smaller than a second preset value.
In one embodiment, the feedback information of the security engine on the heartbeat information can be monitored through the monitoring port, when the feedback information of the security engine on the heartbeat information is monitored, the security engine is determined to be online, and the task ID of the task is distributed to the security engine; after the task ID of the task is distributed to the security engine, detecting whether the security engine is in an available state, if so, scheduling the security engine to execute the security scanning work of the task, and feeding back a security scanning result; if the security engine is in an unavailable state, putting the task into a task waiting queue, and reallocating the security engine; when the feedback information of the security engine on the heartbeat information is not monitored, the security engine is determined to be not on line, the task is put into a task waiting queue, and the security engine is redistributed.
It is to be noted that the three-layer network ICMP protocol activity detection and asset performance detection are adopted, so that the effects of intelligent activity detection and load threshold monitoring of the security engine are achieved.
In the embodiment, whether the security engine corresponding to the target task is in an available state is determined according to CPU use information, memory use information and network state information of the security engine corresponding to the target task; and under the condition that the security engine corresponding to the target task is in an available state, invoking the security engine corresponding to the target task to perform security scanning on the target task. In this way, the security engine in an available state can be scheduled to perform security scan tasks.
Optionally, the determining the security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of the SDL development and at least one type of security engine and the development link corresponding to the target task includes:
determining a type of security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of SDL development and at least one type of security engine and the development link corresponding to the target task;
and determining the security engine corresponding to the target task from the security engines corresponding to the target task based on the development language corresponding to the target task.
The security engines with corresponding relation with the development links corresponding to the target tasks can be determined as the security engines corresponding to the target tasks. The security engines corresponding to the target tasks can comprise security engines for scanning a plurality of development languages, and the plurality of development languages can comprise Java, go, python, php, C/C++, and the like. The security engine for scanning the development language corresponding to the target task may be determined as the security engine corresponding to the target task from among the security engines corresponding to the target task.
In this embodiment, according to the one-to-one correspondence between at least one development link of the SDL development and at least one type of security engine, and the development link corresponding to the target task, determining the type of security engine corresponding to the target task; and determining the security engines corresponding to the target tasks from the security engines corresponding to the target tasks based on the development languages corresponding to the target tasks, so that the security engines corresponding to the target tasks can be selected for security scanning based on the development languages of the target tasks.
Optionally, the acquiring the target task from the task set includes:
constructing a project set, wherein the project set comprises a plurality of projects, and each project corresponds to a task set;
and acquiring a target task positioned at the first position of a stack queue from a task set of a task management queue, wherein the task management queue stores task sets corresponding to the plurality of items.
In the embodiment, the centralized management of a plurality of items can be realized by constructing the item set; task initiation, task deletion and task suspension queue management based on task state attributes can be realized by adopting task queue management.
Optionally, after the invoking the security engine corresponding to the target task performs security scanning on the target task, the method further includes:
acquiring a security scanning result of the target task;
and storing the association relation between the security scanning result of the target task and the item corresponding to the target task.
In the embodiment, the association relation between the security scanning result of the target task and the item corresponding to the target task is stored, so that task data normalization processing after task scanning can be realized based on task scheduling and issuing, and data fusion analysis can be realized.
Optionally, the at least one development link includes: static code monitoring link, interactive dynamic safety monitoring link and operation and maintenance safety monitoring link.
As a specific embodiment, as shown in fig. 2, the scheduling method of the security engine may include the following procedures:
(1): and constructing a business model based on the SDL research and development management flow, setting security engines which are called by the SDL flow in a determining mode, such as a security engine of a static code monitoring link, a security engine of an interactive dynamic security monitoring link, a security engine of an operation and maintenance security monitoring link and the like, and further determining the task quantity and the task type distributed by each security engine.
(2): according to the set of structured business model items (P 1 ,P 2 …P N ) Each item P corresponds to a plurality of tasks (T 1 ,T 2 …T N ) Each task T is uniformly managed on a safe task platform layer according to the task type and enters a task queue.
(3): and the background performs task queue management, performs task test by using a first-in first-out stack mode, and notifies the performance threshold and the task type of the security engine. The effects of task set management and security engine task distribution and test are achieved through distributed engine deployment, task queue management and task attribute detection.
Wherein the secure task platform layer is configured to provide a secure task platform to the slave task set (T 1 ,T 2 …T N ) And writing the task attribute of the first task of the stack queue extracted in the process into the intelligent scheduling module by using a management and control protocol. The task attributes may include the following information: action type (actiontype), task ID (taskID), task name (taskname), useUser, device type (device type), action type indicates whether to execute scanning task, task ID is task ID, task name is task name, user is user of task, device type is used to indicate development link, such as device of static code monitoring link, device of interactive dynamic safety monitoring link and device of operation and maintenance safety monitoring link.
The intelligent scheduling module judges the task type according to the acquired task T and further judges the task language of the task T.
The intelligent scheduling module determines from the security engine set (E 1 ,E 2 …E n ) And selecting a distribution engine, and carrying out load inquiry and scanning task scheduling on the distribution engine according to the polling factor.
It should be noted that, the intelligent scheduling module performs ICMP security engine detection on the security engine before distribution, determines the resource threshold of the security engine, and may use the heartbeat packet to perform engine survival monitoring during ICMP security engine detection.
Furthermore, load balancing of the security engine can be realized, and the realization of the load balancing of the security engine can be as follows: setting the number of the security engine as X; the maximum concurrency number of each security engine is recorded as L; the total creation Task number of the system is marked as Z, and the Task is marked as Task i (i=1, 2,3. Z), the scan carrier load for each security engine is denoted p j (j=1, 2,3 … X). Initializing a security engine queue (engine_list) array and a task queue (task_list) array; the load value P of the device which is marked N and serves as the security engine is obtained, and the load value and the security engine X are integrated into a security engine queue Engine_List. After the Task issuing parameters arrive, the Task is inserted into the tail of the task_list queue by adopting a stack model.
After the intelligent scheduling module receives the instruction issued by the security Task platform layer, if the Task is to be processed i When the I module tasks of the security engine queue engine_List are scanned, if the scanner idle value M in the security engine queue engine_List is 0, no available equipment is represented, and the scanning tasks wait to be executed; if the scanner idle value M is not 0, judging the task I and the security engine E.
(4): and if the security engine E is in a survival state and in a usable state, scanning the security task, otherwise, continuing to wait for distribution, and entering the next round of monitoring after the time T.
(5): and for each task T, carrying out normalization processing on the scanning result data, correlating the processing result with the item set P, and feeding back to the SDL business flow.
In this embodiment, the scheduling of the SDL-based security engine runs through the full flow of SDL development; the method comprises the steps of static code detection, interactive dynamic safety detection and operation and maintenance safety monitoring; judging the task participation according to the intelligence in different links of SDL construction, and scheduling a security engine; the load condition of the security engine can be monitored to adjust the task scheduling level; the integrated process and technical capability of the platform are adopted, and the centralized compatibility effect of the static code monitoring, the interactive dynamic safety monitoring and the operation and maintenance safety monitoring safety engine is achieved.
Referring to fig. 3, fig. 3 is a schematic structural diagram of a scheduling apparatus for a security engine according to an embodiment of the present invention, and as shown in fig. 3, a scheduling apparatus 200 for a security engine includes:
the first obtaining module 201 is configured to obtain a target task from a task set, and determine a development link corresponding to the target task, where the development link is a development link in SDL development in a safe development lifecycle;
the determining module 202 is configured to determine, according to a one-to-one correspondence between at least one development link of the SDL development and at least one type of security engine, and a development link corresponding to the target task, a security engine corresponding to the target task;
and the calling module 203 is used for calling the security engine corresponding to the target task to perform security scanning on the target task.
Optionally, as shown in fig. 4, the apparatus 200 further includes:
a sending module 204, configured to send heartbeat information to each security engine in the at least one type of security engines, so as to determine whether each security engine is in a surviving state;
the calling module 203 is specifically configured to:
and under the condition that the security engine corresponding to the target task is in a survival state, invoking the security engine corresponding to the target task to perform security scanning on the target task.
Optionally, the calling module 203 is specifically configured to:
determining whether the security engine corresponding to the target task is in an available state according to CPU (central processing unit) use information, memory use information and network state information of the security engine corresponding to the target task;
and under the condition that the security engine corresponding to the target task is in an available state, invoking the security engine corresponding to the target task to perform security scanning on the target task.
Optionally, the determining module 203 is specifically configured to:
determining a type of security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of SDL development and at least one type of security engine and the development link corresponding to the target task;
and determining the security engine corresponding to the target task from the security engines corresponding to the target task based on the development language corresponding to the target task.
Optionally, the first obtaining module 201 is specifically configured to:
constructing a project set, wherein the project set comprises a plurality of projects, and each project corresponds to a task set;
and acquiring a target task positioned at the first position of a stack queue from a task set of a task management queue, wherein the task management queue stores task sets corresponding to the plurality of items.
Optionally, as shown in fig. 5, the apparatus 200 further includes:
a second obtaining module 205, configured to obtain a security scan result of the target task;
the storage module 206 is configured to store an association relationship between a security scan result of the target task and an item corresponding to the target task.
Optionally, the at least one development link includes: static code monitoring link, interactive dynamic safety monitoring link and operation and maintenance safety monitoring link.
The scheduling device of the security engine can implement each process implemented in the method embodiment of fig. 1, and can achieve the same technical effects, and for avoiding repetition, a detailed description is omitted here.
As shown in fig. 6, an embodiment of the present invention further provides an electronic device 300, including: the processor 301, the memory 302, and the program stored in the memory 302 and capable of running on the processor 301, where the program when executed by the processor 301 implements the processes of the above-described scheduling method embodiment of the security engine, and the same technical effects can be achieved, so that repetition is avoided and redundant description is omitted herein.
The embodiment of the invention also provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements the processes of the above-mentioned scheduling method embodiment of the security engine, and can achieve the same technical effects, so that repetition is avoided, and no further description is given here. Wherein the computer readable storage medium is such as ROM, RAM, magnetic or optical disk.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method according to the embodiments of the present invention.
The embodiments of the present invention have been described above with reference to the accompanying drawings, but the present invention is not limited to the above-described embodiments, which are merely illustrative and not restrictive, and many forms may be made by those having ordinary skill in the art without departing from the spirit of the present invention and the scope of the claims, which are to be protected by the present invention.
Claims (10)
1. A method for scheduling a security engine, the method comprising:
acquiring a target task from a task set, and determining a development link corresponding to the target task, wherein the development link is a development link in the SDL development of a safe development life cycle;
determining a security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of SDL development and at least one type of security engine and the development link corresponding to the target task;
and calling a security engine corresponding to the target task to perform security scanning on the target task.
2. The method of claim 1, wherein before the invoking the security engine corresponding to the target task to perform the security scan on the target task, the method further comprises:
sending heartbeat information to each security engine of the at least one class of security engines to determine whether the each security engine is in a surviving state;
the step of calling the security engine corresponding to the target task to perform security scanning on the target task comprises the following steps:
and under the condition that the security engine corresponding to the target task is in a survival state, invoking the security engine corresponding to the target task to perform security scanning on the target task.
3. The method according to claim 1 or 2, wherein the invoking the security engine corresponding to the target task to perform security scanning on the target task includes:
determining whether the security engine corresponding to the target task is in an available state according to CPU (central processing unit) use information, memory use information and network state information of the security engine corresponding to the target task;
and under the condition that the security engine corresponding to the target task is in an available state, invoking the security engine corresponding to the target task to perform security scanning on the target task.
4. The method of claim 1, wherein determining the security engine corresponding to the target task according to the one-to-one correspondence between the at least one development link of the SDL development and the at least one type of security engine and the development link corresponding to the target task comprises:
determining a type of security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of SDL development and at least one type of security engine and the development link corresponding to the target task;
and determining the security engine corresponding to the target task from the security engines corresponding to the target task based on the development language corresponding to the target task.
5. The method of claim 1, wherein the obtaining the target task from the set of tasks comprises:
constructing a project set, wherein the project set comprises a plurality of projects, and each project corresponds to a task set;
and acquiring a target task positioned at the first position of a stack queue from a task set of a task management queue, wherein the task management queue stores task sets corresponding to the plurality of items.
6. The method of claim 5, wherein after the invoking the security engine corresponding to the target task to perform security scanning on the target task, the method further comprises:
acquiring a security scanning result of the target task;
and storing the association relation between the security scanning result of the target task and the item corresponding to the target task.
7. The method of claim 1, wherein the at least one development link comprises: static code monitoring link, interactive dynamic safety monitoring link and operation and maintenance safety monitoring link.
8. A scheduling apparatus for a security engine, the apparatus comprising:
the first acquisition module is used for acquiring a target task from a task set and determining a development link corresponding to the target task, wherein the development link is a development link in the SDL development of a safe development life cycle;
the determining module is used for determining the security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of the SDL development and at least one type of security engine and the development link corresponding to the target task;
and the calling module is used for calling the security engine corresponding to the target task to perform security scanning on the target task.
9. An electronic device, the electronic device comprising: a processor, a memory and a program stored on the memory and executable on the processor, which when executed by the processor implements the steps of the scheduling method of the security engine of any one of claims 1 to 7.
10. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the scheduling method of a security engine according to any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210239540.XA CN116775235A (en) | 2022-03-11 | 2022-03-11 | Scheduling method and device of security engine and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210239540.XA CN116775235A (en) | 2022-03-11 | 2022-03-11 | Scheduling method and device of security engine and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116775235A true CN116775235A (en) | 2023-09-19 |
Family
ID=88012154
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210239540.XA Pending CN116775235A (en) | 2022-03-11 | 2022-03-11 | Scheduling method and device of security engine and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116775235A (en) |
-
2022
- 2022-03-11 CN CN202210239540.XA patent/CN116775235A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107995377B (en) | Customer service management method, electronic device and computer readable storage medium | |
| CN111858054B (en) | Resource scheduling system and method based on edge computing in heterogeneous environment | |
| CN109710416B (en) | Resource scheduling method and device | |
| CN101297536A (en) | A method and system for preparing execution of systems management tasks on endpoints | |
| CN113051019A (en) | Flow task execution control method, device and equipment | |
| CN111176803A (en) | Service processing method, device, server and storage medium | |
| CN111240806B (en) | Distributed container mirror image construction scheduling method | |
| CN109697165A (en) | A kind of software automation safety detecting method, device and storage medium | |
| CN108132878A (en) | The dispatching method and system of a kind of test environment | |
| CN110231998A (en) | Detection method, device and the storage medium of distributed timing task | |
| US20140023185A1 (en) | Characterizing Time-Bounded Incident Management Systems | |
| US11743237B2 (en) | Utilizing machine learning models to determine customer care actions for telecommunications network providers | |
| CN113672934A (en) | Security vulnerability scanning system and method, terminal and storage medium | |
| CN112116208A (en) | Automatic case distribution system and method, storage medium and computing device | |
| CN107544867A (en) | The restoration methods of intelligent network business, apparatus and system | |
| CN111258760A (en) | Platform management method, system, device and storage medium | |
| CN110532105B (en) | Method, system and device for controlling message queue consumer process | |
| CN105491253A (en) | Resource distribution method and system for call center | |
| CN116775235A (en) | Scheduling method and device of security engine and electronic equipment | |
| CN108154343B (en) | Emergency processing method and system for enterprise-level information system | |
| CN115712521A (en) | Cluster node fault processing method, system and medium | |
| CN110390466A (en) | A kind of multidimensional visualized O&M managing device based on cloud SOA framework | |
| CN113778803A (en) | Task resource monitoring system, method and storage medium | |
| CN112463312A (en) | Dynamic maintenance system and method for timing task, medium and computing equipment | |
| CN111163117A (en) | Zookeeper-based peer-to-peer scheduling method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |