CN116775235A - Scheduling method and device of security engine and electronic equipment - Google Patents

Scheduling method and device of security engine and electronic equipment Download PDF

Info

Publication number
CN116775235A
CN116775235A CN202210239540.XA CN202210239540A CN116775235A CN 116775235 A CN116775235 A CN 116775235A CN 202210239540 A CN202210239540 A CN 202210239540A CN 116775235 A CN116775235 A CN 116775235A
Authority
CN
China
Prior art keywords
target task
security engine
security
task
development
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210239540.XA
Other languages
Chinese (zh)
Inventor
唐双林
张宇轩
王子炎
刘云
刁伟
温志强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Shanghai ICT Co Ltd
CM Intelligent Mobility Network Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Shanghai ICT Co Ltd
CM Intelligent Mobility Network Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Shanghai ICT Co Ltd, CM Intelligent Mobility Network Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202210239540.XA priority Critical patent/CN116775235A/en
Publication of CN116775235A publication Critical patent/CN116775235A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • G06F9/4806Task transfer initiation or dispatching
    • G06F9/4843Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
    • G06F9/4881Scheduling strategies for dispatcher, e.g. round robin, multi-level priority queues
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a scheduling method and device of a security engine and electronic equipment, and relates to the technical field of security, wherein the method comprises the following steps: acquiring a target task from a task set, and determining a development link corresponding to the target task, wherein the development link is a development link in the SDL development of a safe development life cycle; determining a security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of SDL development and at least one type of security engine and the development link corresponding to the target task; and calling a security engine corresponding to the target task to perform security scanning on the target task. The embodiment of the invention can improve the effect of safety scanning.

Description

Scheduling method and device of security engine and electronic equipment
Technical Field
The present invention relates to the field of security technologies, and in particular, to a method and an apparatus for scheduling a security engine, and an electronic device.
Background
The security hole threatens the security of network information, provides a multiplicable machine for malicious attackers, and along with the development of network technology, the security hole is increasingly outstanding, so that the privacy security of people can be jeopardized, and the property security of people can be jeopardized. Currently, a security engine is generally adopted to scan static codes to eliminate security holes, and the security scanning effect is poor.
Disclosure of Invention
The embodiment of the invention provides a scheduling method and device of a security engine and electronic equipment, and aims to solve the problem that the security engine is adopted to scan static codes to eliminate security holes and the effect of security scanning is poor.
In order to solve the technical problems, the invention is realized as follows:
in a first aspect, an embodiment of the present invention provides a method for scheduling a security engine, where the method includes:
acquiring a target task from a task set, and determining a development link corresponding to the target task, wherein the development link is a development link in the SDL development of a safe development life cycle;
determining a security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of SDL development and at least one type of security engine and the development link corresponding to the target task;
and calling a security engine corresponding to the target task to perform security scanning on the target task.
Optionally, before the invoking the security engine corresponding to the target task to perform security scanning on the target task, the method further includes:
sending heartbeat information to each security engine of the at least one class of security engines to determine whether the each security engine is in a surviving state;
the step of calling the security engine corresponding to the target task to perform security scanning on the target task comprises the following steps:
and under the condition that the security engine corresponding to the target task is in a survival state, invoking the security engine corresponding to the target task to perform security scanning on the target task.
Optionally, the invoking the security engine corresponding to the target task to perform security scanning on the target task includes:
determining whether the security engine corresponding to the target task is in an available state according to CPU (central processing unit) use information, memory use information and network state information of the security engine corresponding to the target task;
and under the condition that the security engine corresponding to the target task is in an available state, invoking the security engine corresponding to the target task to perform security scanning on the target task.
Optionally, the determining the security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of the SDL development and at least one type of security engine and the development link corresponding to the target task includes:
determining a type of security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of SDL development and at least one type of security engine and the development link corresponding to the target task;
and determining the security engine corresponding to the target task from the security engines corresponding to the target task based on the development language corresponding to the target task.
Optionally, the acquiring the target task from the task set includes:
constructing a project set, wherein the project set comprises a plurality of projects, and each project corresponds to a task set;
and acquiring a target task positioned at the first position of a stack queue from a task set of a task management queue, wherein the task management queue stores task sets corresponding to the plurality of items.
Optionally, after the invoking the security engine corresponding to the target task performs security scanning on the target task, the method further includes:
acquiring a security scanning result of the target task;
and storing the association relation between the security scanning result of the target task and the item corresponding to the target task.
Optionally, the at least one development link includes: static code monitoring link, interactive dynamic safety monitoring link and operation and maintenance safety monitoring link.
In a second aspect, an embodiment of the present invention provides a scheduling apparatus for a security engine, where the apparatus includes:
the first acquisition module is used for acquiring a target task from a task set and determining a development link corresponding to the target task, wherein the development link is a development link in the SDL development of a safe development life cycle;
the determining module is used for determining the security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of the SDL development and at least one type of security engine and the development link corresponding to the target task;
and the calling module is used for calling the security engine corresponding to the target task to perform security scanning on the target task.
Optionally, the apparatus further includes:
the sending module is used for sending heartbeat information to each security engine in the at least one type of security engines so as to determine whether each security engine is in a survival state or not;
the calling module is specifically configured to:
and under the condition that the security engine corresponding to the target task is in a survival state, invoking the security engine corresponding to the target task to perform security scanning on the target task.
Optionally, the calling module is specifically configured to:
determining whether the security engine corresponding to the target task is in an available state according to CPU (central processing unit) use information, memory use information and network state information of the security engine corresponding to the target task;
and under the condition that the security engine corresponding to the target task is in an available state, invoking the security engine corresponding to the target task to perform security scanning on the target task.
Optionally, the determining module is specifically configured to:
determining a type of security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of SDL development and at least one type of security engine and the development link corresponding to the target task;
and determining the security engine corresponding to the target task from the security engines corresponding to the target task based on the development language corresponding to the target task.
Optionally, the first obtaining module is specifically configured to:
constructing a project set, wherein the project set comprises a plurality of projects, and each project corresponds to a task set;
and acquiring a target task positioned at the first position of a stack queue from a task set of a task management queue, wherein the task management queue stores task sets corresponding to the plurality of items.
Optionally, the apparatus further includes:
the second acquisition module is used for acquiring a security scanning result of the target task;
and the storage module is used for storing the association relation between the security scanning result of the target task and the item corresponding to the target task.
Optionally, the at least one development link includes: static code monitoring link, interactive dynamic safety monitoring link and operation and maintenance safety monitoring link.
In a third aspect, an embodiment of the present invention provides an electronic device, including: a processor, a memory, and a program stored on the memory and executable on the processor, which when executed by the processor, implements the steps of the security engine scheduling method of the first aspect.
In a fourth aspect, an embodiment of the present invention provides a computer readable storage medium, where a computer program is stored, where the computer program when executed by a processor implements the steps of the scheduling method of the security engine according to the first aspect.
In the embodiment of the invention, a target task is acquired from a task set, and a development link corresponding to the target task is determined, wherein the development link is a development link in the SDL development of a safe development life cycle; determining a security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of SDL development and at least one type of security engine and the development link corresponding to the target task; and calling a security engine corresponding to the target task to perform security scanning on the target task. Thus, each development link of SDL development can be safely scanned, and the effect of safety scanning can be improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments of the present invention will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort to a person of ordinary skill in the art.
FIG. 1 is one of the flowcharts of a method for scheduling security engines according to an embodiment of the present invention;
FIG. 2 is a second flowchart of a method for scheduling a security engine according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a scheduling apparatus of a security engine according to an embodiment of the present invention;
FIG. 4 is a second schematic diagram of a scheduling apparatus of a security engine according to an embodiment of the present invention;
FIG. 5 is a third schematic diagram of a scheduling apparatus of a security engine according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In the embodiment of the invention, a scheduling method and device of a security engine and electronic equipment are provided, so as to solve the problem that the security engine is adopted to scan static codes to eliminate security holes and the effect of security scanning is poor.
Referring to fig. 1, fig. 1 is a flowchart of a scheduling method of a security engine according to an embodiment of the present invention, and fig. 1 shows that the method includes the following steps:
step 101, acquiring a target task from a task set, and determining a development link corresponding to the target task, wherein the development link is a development link in the SDL development of a safe development life cycle.
The task set may include a plurality of tasks, and the plurality of tasks may be security scanning tasks. The development link can be a static code monitoring link, an interactive dynamic safety monitoring link or an operation and maintenance safety monitoring link, and the like. The plurality of tasks may belong to different development links in the development of a secure development lifecycle (Security Development Lifecycle, SDL).
Step 102, determining a security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of SDL development and at least one type of security engine and the development link corresponding to the target task.
Each development link may correspond to a type of security engine, and taking the at least one development link including a static code monitoring link, an interactive dynamic security monitoring link and an operation and maintenance security monitoring link as an example, where the at least one type of security engine includes a type of security engine corresponding to the static code monitoring link, a type of security engine corresponding to the interactive dynamic security monitoring link, and a type of security engine corresponding to the operation and maintenance security monitoring link.
The determining the security engine corresponding to the target task according to the one-to-one correspondence between the at least one development link of the SDL development and the at least one type of security engine and the development link corresponding to the target task may include: determining a type of security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of SDL development and at least one type of security engine and the development link corresponding to the target task; determining a security engine corresponding to the target task from a class of security engines corresponding to the target task based on a development language corresponding to the target task; or may include: determining a type of security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of SDL development and at least one type of security engine and the development link corresponding to the target task; selecting a security engine in a survival state from security engines corresponding to the target task as the security engine corresponding to the target task, or selecting a security engine in an available state from security engines corresponding to the target task as the security engine corresponding to the target task, or selecting a security engine in a survival state and in an available state from security engines corresponding to the target task as the security engine corresponding to the target task; or may include: determining a type of security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of SDL development and at least one type of security engine and the development link corresponding to the target task, and randomly selecting one security engine from the type of security engines corresponding to the target task as the security engine corresponding to the target task; etc., the present embodiment is not limited thereto.
And 103, invoking a security engine corresponding to the target task to perform security scanning on the target task.
As a specific embodiment, as shown in fig. 2, for each development project, one development project corresponds to one task set, where tasks in the task set are security scanning tasks, the tasks relate to respective processes of project evaluation, network access evaluation and operation monitoring, and each task in the task set is managed in a centralized manner in a security task platform layer by task types. The security task platform layer issues a task instruction to the intelligent scheduling module, wherein the task instruction carries a task ID of a task; the intelligent scheduling module sends a task ID to the security engine management module, and the security engine management module carries out result feedback which comprises an allocated security engine; the intelligent scheduling module monitors a network control message protocol (Internet Control Message Protocol, ICMP) of each security engine and acquires feedback of a result of the ICMP monitoring; and in the case that the ICMP monitoring result of the distributed security engine is fed back to be alive and the distributed security engine is in an available state, the intelligent scheduling module schedules the distributed security engine to perform security scanning on the task.
In the embodiment of the invention, a security engine intelligent scheduling mode based on development security is adopted, task set management is integrated, task queue management is tested, task queue management is deleted, task queue management is suspended, load balance monitoring, task issuing and security analysis data visualization capabilities are adopted; the intelligent scheduling method for the safety engine based on development safety is an engine scheduling algorithm suitable for SDL development safety, covers a self-evaluation stage of SDL development safety, a network access evaluation stage and an operation safety evaluation stage, and the technology can be used for extracting parameters for receiving tasks in multiple frequencies in the stages, performing task allocation according to engine load information acquired by the technology, and performing data visual analysis by integrating scanning results.
In the embodiment of the invention, a target task is acquired from a task set, and a development link corresponding to the target task is determined, wherein the development link is a development link in the SDL development of a safe development life cycle; determining a security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of SDL development and at least one type of security engine and the development link corresponding to the target task; and calling a security engine corresponding to the target task to perform security scanning on the target task. Thus, each development link of SDL development can be safely scanned, and the effect of safety scanning can be improved.
Optionally, before the invoking the security engine corresponding to the target task to perform security scanning on the target task, the method further includes:
sending heartbeat information to each security engine of the at least one class of security engines to determine whether the each security engine is in a surviving state;
the step of calling the security engine corresponding to the target task to perform security scanning on the target task comprises the following steps:
and under the condition that the security engine corresponding to the target task is in a survival state, invoking the security engine corresponding to the target task to perform security scanning on the target task.
The heartbeat information may be an ICMP probe message. The security engine returns feedback information of heartbeat information in the active state, wherein the feedback information can comprise: IP address (ipinfoID), MAC address (macID), device type (device type), CPU information (CPU info) and memory information (meminfo). When feedback information of the heartbeat information is received within a preset time after the heartbeat information is sent, the security engine is considered to be in a survival state; when feedback information of the heartbeat information is not received within a preset time period after the heartbeat information is sent, the security engine is considered to be in a non-survival state, the preset time period can be 5s,30s, or 2min, and the like, and the embodiment is not limited to the above.
In this embodiment, when the security engine corresponding to the target task is in the surviving state, the security engine corresponding to the target task is called to perform security scanning on the target task, so that the security engine in the non-surviving state is prevented from being scheduled to execute the security scanning task.
Optionally, the invoking the security engine corresponding to the target task to perform security scanning on the target task includes:
determining whether the security engine corresponding to the target task is in an available state according to CPU (central processing unit) use information, memory use information and network state information of the security engine corresponding to the target task;
and under the condition that the security engine corresponding to the target task is in an available state, invoking the security engine corresponding to the target task to perform security scanning on the target task.
The security engine is in an available state, and can be considered to be idle and can execute security scanning tasks. The central processing unit (Central processing unit, CPU) usage information may include CPU utilization and/or CPU availability, the memory usage information may include memory usage and/or memory residuals, the network status information may include packet loss rate, and/or network speed, etc. may be information characterizing network status.
In one embodiment, a weight value, that is, a first weight value, a second weight value, and a third weight value, may be set for the CPU usage information, the memory usage information, and the network status information, respectively, and the CPU usage information is multiplied by the first weight value to obtain a first result, the memory usage information is multiplied by the second weight value to obtain a second result, the network status information is multiplied by the third weight value to obtain a third result, and the first result, the second result, and the third result are added to obtain a final result, and whether the security engine is in an available state is determined based on the final result. The security engine can be determined to be in an available state when the final result is greater than a first preset value; alternatively, it may be determined that the security engine is in an available state when the final result is less than a second preset value. Taking the example that the CPU usage information includes a CPU usage rate, the memory usage information includes a memory usage amount, and the network status information includes a packet loss rate, it may be determined that the security engine is in an available state when the final result is smaller than a second preset value.
In one embodiment, the feedback information of the security engine on the heartbeat information can be monitored through the monitoring port, when the feedback information of the security engine on the heartbeat information is monitored, the security engine is determined to be online, and the task ID of the task is distributed to the security engine; after the task ID of the task is distributed to the security engine, detecting whether the security engine is in an available state, if so, scheduling the security engine to execute the security scanning work of the task, and feeding back a security scanning result; if the security engine is in an unavailable state, putting the task into a task waiting queue, and reallocating the security engine; when the feedback information of the security engine on the heartbeat information is not monitored, the security engine is determined to be not on line, the task is put into a task waiting queue, and the security engine is redistributed.
It is to be noted that the three-layer network ICMP protocol activity detection and asset performance detection are adopted, so that the effects of intelligent activity detection and load threshold monitoring of the security engine are achieved.
In the embodiment, whether the security engine corresponding to the target task is in an available state is determined according to CPU use information, memory use information and network state information of the security engine corresponding to the target task; and under the condition that the security engine corresponding to the target task is in an available state, invoking the security engine corresponding to the target task to perform security scanning on the target task. In this way, the security engine in an available state can be scheduled to perform security scan tasks.
Optionally, the determining the security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of the SDL development and at least one type of security engine and the development link corresponding to the target task includes:
determining a type of security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of SDL development and at least one type of security engine and the development link corresponding to the target task;
and determining the security engine corresponding to the target task from the security engines corresponding to the target task based on the development language corresponding to the target task.
The security engines with corresponding relation with the development links corresponding to the target tasks can be determined as the security engines corresponding to the target tasks. The security engines corresponding to the target tasks can comprise security engines for scanning a plurality of development languages, and the plurality of development languages can comprise Java, go, python, php, C/C++, and the like. The security engine for scanning the development language corresponding to the target task may be determined as the security engine corresponding to the target task from among the security engines corresponding to the target task.
In this embodiment, according to the one-to-one correspondence between at least one development link of the SDL development and at least one type of security engine, and the development link corresponding to the target task, determining the type of security engine corresponding to the target task; and determining the security engines corresponding to the target tasks from the security engines corresponding to the target tasks based on the development languages corresponding to the target tasks, so that the security engines corresponding to the target tasks can be selected for security scanning based on the development languages of the target tasks.
Optionally, the acquiring the target task from the task set includes:
constructing a project set, wherein the project set comprises a plurality of projects, and each project corresponds to a task set;
and acquiring a target task positioned at the first position of a stack queue from a task set of a task management queue, wherein the task management queue stores task sets corresponding to the plurality of items.
In the embodiment, the centralized management of a plurality of items can be realized by constructing the item set; task initiation, task deletion and task suspension queue management based on task state attributes can be realized by adopting task queue management.
Optionally, after the invoking the security engine corresponding to the target task performs security scanning on the target task, the method further includes:
acquiring a security scanning result of the target task;
and storing the association relation between the security scanning result of the target task and the item corresponding to the target task.
In the embodiment, the association relation between the security scanning result of the target task and the item corresponding to the target task is stored, so that task data normalization processing after task scanning can be realized based on task scheduling and issuing, and data fusion analysis can be realized.
Optionally, the at least one development link includes: static code monitoring link, interactive dynamic safety monitoring link and operation and maintenance safety monitoring link.
As a specific embodiment, as shown in fig. 2, the scheduling method of the security engine may include the following procedures:
(1): and constructing a business model based on the SDL research and development management flow, setting security engines which are called by the SDL flow in a determining mode, such as a security engine of a static code monitoring link, a security engine of an interactive dynamic security monitoring link, a security engine of an operation and maintenance security monitoring link and the like, and further determining the task quantity and the task type distributed by each security engine.
(2): according to the set of structured business model items (P 1 ,P 2 …P N ) Each item P corresponds to a plurality of tasks (T 1 ,T 2 …T N ) Each task T is uniformly managed on a safe task platform layer according to the task type and enters a task queue.
(3): and the background performs task queue management, performs task test by using a first-in first-out stack mode, and notifies the performance threshold and the task type of the security engine. The effects of task set management and security engine task distribution and test are achieved through distributed engine deployment, task queue management and task attribute detection.
Wherein the secure task platform layer is configured to provide a secure task platform to the slave task set (T 1 ,T 2 …T N ) And writing the task attribute of the first task of the stack queue extracted in the process into the intelligent scheduling module by using a management and control protocol. The task attributes may include the following information: action type (actiontype), task ID (taskID), task name (taskname), useUser, device type (device type), action type indicates whether to execute scanning task, task ID is task ID, task name is task name, user is user of task, device type is used to indicate development link, such as device of static code monitoring link, device of interactive dynamic safety monitoring link and device of operation and maintenance safety monitoring link.
The intelligent scheduling module judges the task type according to the acquired task T and further judges the task language of the task T.
The intelligent scheduling module determines from the security engine set (E 1 ,E 2 …E n ) And selecting a distribution engine, and carrying out load inquiry and scanning task scheduling on the distribution engine according to the polling factor.
It should be noted that, the intelligent scheduling module performs ICMP security engine detection on the security engine before distribution, determines the resource threshold of the security engine, and may use the heartbeat packet to perform engine survival monitoring during ICMP security engine detection.
Furthermore, load balancing of the security engine can be realized, and the realization of the load balancing of the security engine can be as follows: setting the number of the security engine as X; the maximum concurrency number of each security engine is recorded as L; the total creation Task number of the system is marked as Z, and the Task is marked as Task i (i=1, 2,3. Z), the scan carrier load for each security engine is denoted p j (j=1, 2,3 … X). Initializing a security engine queue (engine_list) array and a task queue (task_list) array; the load value P of the device which is marked N and serves as the security engine is obtained, and the load value and the security engine X are integrated into a security engine queue Engine_List. After the Task issuing parameters arrive, the Task is inserted into the tail of the task_list queue by adopting a stack model.
After the intelligent scheduling module receives the instruction issued by the security Task platform layer, if the Task is to be processed i When the I module tasks of the security engine queue engine_List are scanned, if the scanner idle value M in the security engine queue engine_List is 0, no available equipment is represented, and the scanning tasks wait to be executed; if the scanner idle value M is not 0, judging the task I and the security engine E.
(4): and if the security engine E is in a survival state and in a usable state, scanning the security task, otherwise, continuing to wait for distribution, and entering the next round of monitoring after the time T.
(5): and for each task T, carrying out normalization processing on the scanning result data, correlating the processing result with the item set P, and feeding back to the SDL business flow.
In this embodiment, the scheduling of the SDL-based security engine runs through the full flow of SDL development; the method comprises the steps of static code detection, interactive dynamic safety detection and operation and maintenance safety monitoring; judging the task participation according to the intelligence in different links of SDL construction, and scheduling a security engine; the load condition of the security engine can be monitored to adjust the task scheduling level; the integrated process and technical capability of the platform are adopted, and the centralized compatibility effect of the static code monitoring, the interactive dynamic safety monitoring and the operation and maintenance safety monitoring safety engine is achieved.
Referring to fig. 3, fig. 3 is a schematic structural diagram of a scheduling apparatus for a security engine according to an embodiment of the present invention, and as shown in fig. 3, a scheduling apparatus 200 for a security engine includes:
the first obtaining module 201 is configured to obtain a target task from a task set, and determine a development link corresponding to the target task, where the development link is a development link in SDL development in a safe development lifecycle;
the determining module 202 is configured to determine, according to a one-to-one correspondence between at least one development link of the SDL development and at least one type of security engine, and a development link corresponding to the target task, a security engine corresponding to the target task;
and the calling module 203 is used for calling the security engine corresponding to the target task to perform security scanning on the target task.
Optionally, as shown in fig. 4, the apparatus 200 further includes:
a sending module 204, configured to send heartbeat information to each security engine in the at least one type of security engines, so as to determine whether each security engine is in a surviving state;
the calling module 203 is specifically configured to:
and under the condition that the security engine corresponding to the target task is in a survival state, invoking the security engine corresponding to the target task to perform security scanning on the target task.
Optionally, the calling module 203 is specifically configured to:
determining whether the security engine corresponding to the target task is in an available state according to CPU (central processing unit) use information, memory use information and network state information of the security engine corresponding to the target task;
and under the condition that the security engine corresponding to the target task is in an available state, invoking the security engine corresponding to the target task to perform security scanning on the target task.
Optionally, the determining module 203 is specifically configured to:
determining a type of security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of SDL development and at least one type of security engine and the development link corresponding to the target task;
and determining the security engine corresponding to the target task from the security engines corresponding to the target task based on the development language corresponding to the target task.
Optionally, the first obtaining module 201 is specifically configured to:
constructing a project set, wherein the project set comprises a plurality of projects, and each project corresponds to a task set;
and acquiring a target task positioned at the first position of a stack queue from a task set of a task management queue, wherein the task management queue stores task sets corresponding to the plurality of items.
Optionally, as shown in fig. 5, the apparatus 200 further includes:
a second obtaining module 205, configured to obtain a security scan result of the target task;
the storage module 206 is configured to store an association relationship between a security scan result of the target task and an item corresponding to the target task.
Optionally, the at least one development link includes: static code monitoring link, interactive dynamic safety monitoring link and operation and maintenance safety monitoring link.
The scheduling device of the security engine can implement each process implemented in the method embodiment of fig. 1, and can achieve the same technical effects, and for avoiding repetition, a detailed description is omitted here.
As shown in fig. 6, an embodiment of the present invention further provides an electronic device 300, including: the processor 301, the memory 302, and the program stored in the memory 302 and capable of running on the processor 301, where the program when executed by the processor 301 implements the processes of the above-described scheduling method embodiment of the security engine, and the same technical effects can be achieved, so that repetition is avoided and redundant description is omitted herein.
The embodiment of the invention also provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements the processes of the above-mentioned scheduling method embodiment of the security engine, and can achieve the same technical effects, so that repetition is avoided, and no further description is given here. Wherein the computer readable storage medium is such as ROM, RAM, magnetic or optical disk.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method according to the embodiments of the present invention.
The embodiments of the present invention have been described above with reference to the accompanying drawings, but the present invention is not limited to the above-described embodiments, which are merely illustrative and not restrictive, and many forms may be made by those having ordinary skill in the art without departing from the spirit of the present invention and the scope of the claims, which are to be protected by the present invention.

Claims (10)

1. A method for scheduling a security engine, the method comprising:
acquiring a target task from a task set, and determining a development link corresponding to the target task, wherein the development link is a development link in the SDL development of a safe development life cycle;
determining a security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of SDL development and at least one type of security engine and the development link corresponding to the target task;
and calling a security engine corresponding to the target task to perform security scanning on the target task.
2. The method of claim 1, wherein before the invoking the security engine corresponding to the target task to perform the security scan on the target task, the method further comprises:
sending heartbeat information to each security engine of the at least one class of security engines to determine whether the each security engine is in a surviving state;
the step of calling the security engine corresponding to the target task to perform security scanning on the target task comprises the following steps:
and under the condition that the security engine corresponding to the target task is in a survival state, invoking the security engine corresponding to the target task to perform security scanning on the target task.
3. The method according to claim 1 or 2, wherein the invoking the security engine corresponding to the target task to perform security scanning on the target task includes:
determining whether the security engine corresponding to the target task is in an available state according to CPU (central processing unit) use information, memory use information and network state information of the security engine corresponding to the target task;
and under the condition that the security engine corresponding to the target task is in an available state, invoking the security engine corresponding to the target task to perform security scanning on the target task.
4. The method of claim 1, wherein determining the security engine corresponding to the target task according to the one-to-one correspondence between the at least one development link of the SDL development and the at least one type of security engine and the development link corresponding to the target task comprises:
determining a type of security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of SDL development and at least one type of security engine and the development link corresponding to the target task;
and determining the security engine corresponding to the target task from the security engines corresponding to the target task based on the development language corresponding to the target task.
5. The method of claim 1, wherein the obtaining the target task from the set of tasks comprises:
constructing a project set, wherein the project set comprises a plurality of projects, and each project corresponds to a task set;
and acquiring a target task positioned at the first position of a stack queue from a task set of a task management queue, wherein the task management queue stores task sets corresponding to the plurality of items.
6. The method of claim 5, wherein after the invoking the security engine corresponding to the target task to perform security scanning on the target task, the method further comprises:
acquiring a security scanning result of the target task;
and storing the association relation between the security scanning result of the target task and the item corresponding to the target task.
7. The method of claim 1, wherein the at least one development link comprises: static code monitoring link, interactive dynamic safety monitoring link and operation and maintenance safety monitoring link.
8. A scheduling apparatus for a security engine, the apparatus comprising:
the first acquisition module is used for acquiring a target task from a task set and determining a development link corresponding to the target task, wherein the development link is a development link in the SDL development of a safe development life cycle;
the determining module is used for determining the security engine corresponding to the target task according to the one-to-one correspondence between at least one development link of the SDL development and at least one type of security engine and the development link corresponding to the target task;
and the calling module is used for calling the security engine corresponding to the target task to perform security scanning on the target task.
9. An electronic device, the electronic device comprising: a processor, a memory and a program stored on the memory and executable on the processor, which when executed by the processor implements the steps of the scheduling method of the security engine of any one of claims 1 to 7.
10. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the scheduling method of a security engine according to any of claims 1 to 7.
CN202210239540.XA 2022-03-11 2022-03-11 Scheduling method and device of security engine and electronic equipment Pending CN116775235A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210239540.XA CN116775235A (en) 2022-03-11 2022-03-11 Scheduling method and device of security engine and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210239540.XA CN116775235A (en) 2022-03-11 2022-03-11 Scheduling method and device of security engine and electronic equipment

Publications (1)

Publication Number Publication Date
CN116775235A true CN116775235A (en) 2023-09-19

Family

ID=88012154

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210239540.XA Pending CN116775235A (en) 2022-03-11 2022-03-11 Scheduling method and device of security engine and electronic equipment

Country Status (1)

Country Link
CN (1) CN116775235A (en)

Similar Documents

Publication Publication Date Title
CN109714192B (en) Monitoring method and system for monitoring cloud platform
CN107995377B (en) Customer service management method, electronic device and computer readable storage medium
CN111858054B (en) Resource scheduling system and method based on edge computing in heterogeneous environment
CN108256118B (en) Data processing method, device, system, computing equipment and storage medium
CN111176803B (en) Service processing method, device, server and storage medium
CN113051019A (en) Flow task execution control method, device and equipment
CN109669835B (en) MySQL database monitoring method, device, equipment and readable storage medium
CN109710416B (en) Resource scheduling method and device
CN101297536A (en) A method and system for preparing execution of systems management tasks on endpoints
CN111240806B (en) Distributed container mirror image construction scheduling method
CN110362474A (en) A kind of distributed game test method, system, device and storage medium
US11743237B2 (en) Utilizing machine learning models to determine customer care actions for telecommunications network providers
CN109697165A (en) A kind of software automation safety detecting method, device and storage medium
CN110231998A (en) Detection method, device and the storage medium of distributed timing task
CN105205399A (en) Vulnerability scanning tool scheduling method and system
CN109117244B (en) Method for implementing virtual machine resource application queuing mechanism
CN113220480B (en) Distributed data task cross-cloud scheduling system and method
CN111258760A (en) Platform management method, system, device and storage medium
CN110532105B (en) Method, system and device for controlling message queue consumer process
CN105491253A (en) Resource distribution method and system for call center
CN116775235A (en) Scheduling method and device of security engine and electronic equipment
CN117149382A (en) Virtual machine scheduling method, device, computer equipment and storage medium
CN110333930A (en) Digital Platform system
CN110390466A (en) Multi-dimensional visual operation and maintenance management device based on cloud SOA framework
CN112398707B (en) Distributed automatic test management method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination