WO2021072877A1 - Secure starting method and apparatus for cloud host, and computer device and storage medium - Google Patents

Secure starting method and apparatus for cloud host, and computer device and storage medium Download PDF

Info

Publication number
WO2021072877A1
WO2021072877A1 PCT/CN2019/118430 CN2019118430W WO2021072877A1 WO 2021072877 A1 WO2021072877 A1 WO 2021072877A1 CN 2019118430 W CN2019118430 W CN 2019118430W WO 2021072877 A1 WO2021072877 A1 WO 2021072877A1
Authority
WO
WIPO (PCT)
Prior art keywords
cloud host
designated
specified
host
vulnerability
Prior art date
Application number
PCT/CN2019/118430
Other languages
French (fr)
Chinese (zh)
Inventor
沈勇
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2021072877A1 publication Critical patent/WO2021072877A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • G06F9/4416Network booting; Remote initial program loading [RIPL]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/4557Distribution of virtual machine instances; Migration and load balancing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45575Starting, stopping, suspending or resuming virtual machine instances
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances

Definitions

  • This application relates to the technical field of cloud computing, and in particular to a secure startup method, device, computer equipment, and storage medium of a cloud host.
  • Cloud computing is currently an important field and direction in the development of IT technology, and it is gradually infiltrating all areas of society.
  • Cloud host is an important part of cloud computing in infrastructure applications. It is located at the bottom of the cloud computing industry chain and its products are derived from cloud computing platforms.
  • the platform integrates the three core elements of Internet applications: computing, storage, and network, and provides users with public Internet infrastructure services.
  • Cloud hosting is a kind of similar to VPS (Virtual Private Server, virtual private server) the virtualization technology of the host, VPS uses virtual software (such as VZ or VM) to virtualize multiple parts similar to independent hosts on a host, which can realize single-machine multi-user, and each part can be used.
  • VPS Virtual Private Server, virtual private server
  • VPS uses virtual software (such as VZ or VM) to virtualize multiple parts similar to independent hosts on a host, which can realize single-machine multi-user, and each part can be used.
  • VZ or VM virtual software
  • the cloud host virtualizes multiple parts similar to independent hosts on a group of host machine clusters.
  • Each host machine in the cluster has an image of the cloud host machine, which greatly improves the security and stability of the virtual host machine.
  • cloud hosts can usually be accessed directly from the public network (Internet), and even managed.
  • each cloud host will face the security risk of the protection gap. Specifically, when the cloud host is in the shutdown state, since the cloud host will repair all currently known security vulnerabilities when it is shut down, it can be considered that the cloud host in the shutdown state is also in a safe state. However, when the cloud host is restarted and exposed to the public network, the external environment at this time may change compared to before the shutdown. If there are new security vulnerabilities related to the cloud host, the cloud host may be attacked by attackers on the public network at any time, and the security of the cloud host is greatly threatened.
  • the main purpose of this application is to provide a secure startup method, device, computer equipment and storage medium for a cloud host, which aims to solve the problem that when the cloud host is restarted from the shutdown state and exposed to the existing various cloud computing systems
  • this application proposes a secure startup method for a cloud host.
  • the method includes the steps:
  • asset information corresponding to the specified cloud host Upon receiving a user-triggered start instruction for a specified cloud host, obtain asset information corresponding to the specified cloud host according to preset rules, where the asset information includes at least operating system information; determine whether the preset vulnerability database is Vulnerabilities corresponding to the asset information of the designated cloud host are stored, wherein the number of the vulnerabilities is one or more;
  • This application also provides a secure boot device for a cloud host, including:
  • the first obtaining module is configured to obtain asset information corresponding to the specified cloud host according to preset rules when a user-triggered start instruction for the specified cloud host is received, wherein the asset information includes at least operating system information;
  • the first judgment module is used to judge whether there are vulnerabilities corresponding to the asset information of the designated cloud host stored in the preset vulnerability database, wherein the number of the vulnerabilities is one or more;
  • the second obtaining module is configured to, if yes, obtain the last shutdown time of the designated cloud host and the release time corresponding to each of the vulnerabilities;
  • the second judgment module is used for judging whether there are specified vulnerabilities whose release time is within a specified period of time among all the vulnerabilities according to the last shutdown time and each of the release times;
  • the isolation module is configured to, if yes, start the designated cloud host in a pre-created security isolation area, wherein the network access function of the specified cloud host will be disabled in the security isolation area.
  • the present application also provides a computer device, including a memory and a processor, the memory stores computer-readable instructions, and the processor implements the steps of the above method when the computer-readable instructions are executed by the processor.
  • the present application also provides a computer-readable storage medium on which computer-readable instructions are stored, and when the computer-readable instructions are executed by a processor, the steps of the foregoing method are implemented.
  • the secure startup method, device, computer equipment, and storage medium of a cloud host upon receiving a user-triggered startup instruction for a specified cloud host, acquire asset information corresponding to the specified cloud host according to preset rules , Wherein the asset information includes at least operating system information; it is judged whether there are vulnerabilities corresponding to the asset information of the designated cloud host stored in the preset vulnerability database, wherein the number of the vulnerabilities is one or more; if so , Obtain the last shutdown time of the designated cloud host and the release time corresponding to each of the vulnerabilities; according to the last shutdown time and each release time, determine whether there is a release time in all the vulnerabilities The specified vulnerabilities within a specified time period; if so, the specified cloud host is started in a pre-created security isolation area, wherein the network access function of the specified cloud host will be disabled in the security isolation area.
  • This application will intelligently place the designated cloud host in the pre-created security isolation zone for startup when a new vulnerability related to it occurs during the last shutdown of the designated cloud host, so that after the designated cloud host is started Temporarily disable the network access function of the designated cloud host, effectively avoiding the intrusion or attack of the designated cloud host by vulnerabilities during use, and ensuring the security of the designated cloud host after it is started.
  • FIG. 1 is a schematic flowchart of a method for secure startup of a cloud host according to an embodiment of the present application
  • FIG. 2 is a schematic structural diagram of a secure boot device of a cloud host according to an embodiment of the present application
  • Fig. 3 is a schematic structural diagram of a computer device according to an embodiment of the present application.
  • a secure boot method of a cloud host includes:
  • S1 Acquire asset information corresponding to the designated cloud host according to preset rules when receiving a startup instruction for a designated cloud host triggered by a user, where the asset information includes at least operating system information;
  • S2 Determine whether there are vulnerabilities corresponding to the asset information of the designated cloud host stored in the preset vulnerability database, where the number of the vulnerabilities is one or more;
  • S4 According to the last shutdown time and each of the release times, determine whether there are specified vulnerabilities whose release time is within a specified period of time among all the vulnerabilities;
  • the execution subject of the embodiment of the present invention is a secure boot device for a cloud host, specifically a host cluster used to virtual out the cloud host, through which the host cluster can realize the
  • the above-mentioned designated cloud host is any cloud host among all the cloud hosts virtualized by the host cluster. Specifically, it is first judged whether a user-triggered start instruction for the designated cloud host is received; when the start instruction is received, the asset information corresponding to the designated cloud host is obtained according to preset rules, wherein the asset information includes at least the operating system Information, for example, the operating system is windowsserver2012, and the RDP service version 11.0 is used to provide a remote desktop.
  • the asset information may also include cloud host service information and key application information.
  • the foregoing preset rules may include: obtaining asset information corresponding to the specified cloud host by querying the cloud platform corresponding to the specified cloud host, or by invoking the specified scanning tool. Then, according to the above asset information, it is determined whether there are vulnerabilities corresponding to the asset information of the above designated cloud host stored in the preset vulnerability database, wherein the number of the above vulnerabilities is one or more, and the above vulnerability database stores passing The crawler tool crawls the vulnerability information related to various operating systems corresponding to the cloud host and the vulnerability information related to the cloud host service from the target website in real time.
  • the vulnerability database stores the vulnerability corresponding to the asset information of the specified cloud host, the last shutdown time of the specified cloud host and the release time corresponding to each of the aforementioned vulnerabilities are obtained.
  • the form of any vulnerability information crawled can be CVE20190004-rdp vulnerability, released on July 02, 2019.
  • the affected system is all versions of the rdp service before version 12.0, and the release time of the corresponding vulnerability is 2019 /07/02. Then, based on the last shutdown time and each of the above release times, it is determined whether there are specified vulnerabilities in all the vulnerabilities whose release time is within the specified time period, where the above specified time period is included between the above shutdown time and the above current time period.
  • the above-mentioned designated cloud host will be started in the pre-created security quarantine area, and the network access function of the designated cloud host will be disabled in the above-mentioned security quarantine area.
  • the designated cloud host when a new vulnerability related to the designated cloud host occurs during the last shutdown period, the designated cloud host will be intelligently placed in the pre-created security isolation zone for startup, thereby starting on the designated cloud host Then temporarily disable the network access function of the designated cloud host, effectively avoiding the intrusion or attack of the designated cloud host by vulnerabilities during use, and ensuring the security of the designated cloud host after it is started.
  • step S1 includes:
  • S100 Determine whether an asset management tool is installed in the designated cloud host, where the asset management tool is used to periodically synchronize asset information corresponding to the designated cloud host to the designated cloud platform;
  • the asset information may specifically include the operating system information corresponding to the specified cloud host, as well as the cloud host service information and key application information in the specified cloud host.
  • the cloud platform corresponding to the specified cloud host can be queried. Or by calling the specified scanning tool to obtain the asset information corresponding to the specified cloud host.
  • the asset management tool has a synchronization function for asset information of the specified cloud host.
  • the specified cloud host The host will periodically synchronize the internal asset information to the corresponding designated cloud platform through the above asset management tool, so that the designated cloud platform will store the asset information of the designated cloud host.
  • the above asset information can be found from the designated cloud platform corresponding to the above designated cloud host. If there is no asset management tool installed in the designated cloud host, the designated scanning tool can be called to scan the cloud platform to obtain the above asset information.
  • the designated scanning tool can be nmap, and the nmap tool can be used to perform the scanning process on the cloud platform. Specify the cloud host to send the operating system detection command $nmap-O[target IP], so that the designated cloud host will query its own asset information after receiving the system detection command, and then the asset information returned by the designated cloud host can be obtained. After obtaining the asset information of the designated cloud host, it can then intelligently identify whether there are vulnerabilities corresponding to the designated cloud host in the vulnerability database based on the asset information.
  • the method before the foregoing step S2, the method includes:
  • S200 Use crawler tools to grab the first vulnerability information related to various operating systems corresponding to the cloud host and the second vulnerability information related to the cloud host service from the target website in real time;
  • S202 Store the first vulnerability information and the second vulnerability information in the vulnerability database.
  • the process of generating the vulnerability database is also included. Specifically, first, a crawler tool is used to grab the first vulnerability information related to various operating systems corresponding to the cloud host and the second vulnerability information related to the cloud host service from the target website in real time.
  • first vulnerability information may include vulnerability information corresponding to the first vulnerability, and first patch information corresponding to the first vulnerability.
  • second vulnerability information may include vulnerability information corresponding to the second vulnerability, and second patch information corresponding to the second vulnerability.
  • crawler tools refer to web crawlers (also known as web spiders or web robots), which are programs or scripts that automatically crawl information on the World Wide Web in accordance with certain rules.
  • the crawler tool includes but is not limited to the Python crawler tool.
  • the aforementioned target website is an authoritative website at home and abroad for publishing vulnerabilities related to cloud hosting.
  • the host cluster uses a crawler tool to execute a crawler file to crawl vulnerability information that meets the data crawling conditions set by the crawler file.
  • the crawler file includes, but is not limited to, two data crawling conditions of target URL and search keywords.
  • the target URL is the URL of the target website corresponding to the first vulnerability information that needs to be crawled and the second vulnerability information in the crawler file, and the URL (short for Uniform Resource Locator, that is, uniform resource locator) is correct
  • URL short for Uniform Resource Locator, that is, uniform resource locator
  • Search keywords refer to keywords in the crawler file that are used to limit the common characteristics of the first vulnerability information and the second vulnerability information to be crawled by the crawler file.
  • first vulnerability information and the second vulnerability information After obtaining the above-mentioned first vulnerability information and the second vulnerability information, create a vulnerability database, and then store the first vulnerability information and the second vulnerability information in the above-mentioned vulnerability database to form a subsequent use to determine whether there is a possible threat Specify the vulnerability database of the security vulnerabilities of the cloud host.
  • the method before the above step S4, the method includes:
  • S401 Determine the time period included between the last shutdown time and the current time as the designated time period.
  • the step of determining the specified period of time is also included.
  • the current time is first obtained.
  • the above-mentioned current time has the same accuracy as the above-mentioned last shutdown time, but the accuracy is not specifically limited.
  • the above-mentioned accuracy can be accurate to year, month and day, for example, the current time can be 2019/07/11, or even It can be accurate to the year, month, day, and so on, so I won’t go into too much detail here.
  • the time period included between the last shutdown time and the aforementioned current time is determined as the aforementioned designated time period. For example, if the current time is 2019/07/11 and the last shutdown time is 2019/07/01, it can be determined that the above specified time period includes: 2019/07/01-2019/07/11.
  • This embodiment determines the specified time period based on the current time and the last shutdown time of the specified cloud host, which is beneficial to subsequently accurately identifying whether there are specified vulnerabilities in the vulnerability database that threaten the security of the specified cloud host based on the specified time period. , And then intelligently select the opening method for the designated cloud host based on the recognition result.
  • the method includes:
  • S500 Determine whether the specified patch corresponding to the specified vulnerability is stored in the vulnerability database
  • S502 Send an installation instruction for installing the specified patch to the specified cloud host, so that the specified cloud host installs the specified patch according to the installation instruction, and returns a corresponding patch installation result, where the patch Installation results include successful or failed installation;
  • S503 Determine whether the specified patch is successfully installed according to the patch installation result returned by the specified cloud host;
  • the designated cloud host will be removed from the security only after the designated cloud host has successfully installed the designated patch corresponding to the above-mentioned specified vulnerability. Remove from the quarantine area to ensure the safety of the designated cloud host. Specifically, it is first determined whether the vulnerability database stores the designated patch corresponding to the designated vulnerability. If the above specified patch is stored in the vulnerability database, the specified patch will be downloaded, and the specified patch will be stored in the specified storage area in the specified cloud host through the specified transmission method.
  • the above-mentioned designated transmission method is the local area network transmission method or the Bluetooth transmission method.
  • the host cluster downloads the above-mentioned designated patch, it transmits the downloaded designated patch to the designated storage area in the designated cloud host by using the designated transmission method internally.
  • the designated cloud host Since the transmission process does not need to use network resources, the designated cloud host will not be attacked by attackers on the public network when receiving the designated patch, which effectively guarantees the security of the designated cloud host in the process of storing the designated patch
  • the installation process of the designated cloud host to install the designated patch does not require a network, which further increases the security of the designated cloud host.
  • the above-mentioned designated storage area is not specifically limited, and can be set according to actual needs. For example, it can be a newly created area dedicated to storing the designated patch, or an area with a larger storage space in the designated cloud host.
  • an installation instruction to install the specified patch will be sent to the specified cloud host, so that the specified cloud host can download and install the specified patch according to the above installation instruction, and return to the corresponding patch installation
  • the patch installation result includes installation success or installation failure.
  • the specified cloud host will return the patch installation result that the installation failed.
  • the specified cloud host will not be transferred out of the security quarantine area, but the reason for the failure of the specified patch installation will be found first; Then, according to the failure reason of the failure of the specified patch installation, control the specified cloud host to re-download and install the above specified patch, and after confirming that the specified patch is successfully installed in the specified cloud host, transfer the specified cloud host out of the above security
  • the quarantine area enables the normal network access function of the designated cloud host to be restored only when the designated patch is successfully installed, effectively ensuring the security of the designated cloud host.
  • the method includes:
  • S5040 Acquire first usage data of a first host machine corresponding to the designated cloud host according to a first preset period, where the first usage data includes at least a CPU usage rate, a memory usage rate, and a network interface bandwidth usage rate ;
  • S5041 Analyze and process the first usage data, and determine whether the first usage data is greater than a preset standard threshold
  • S5043 Migrate the designated cloud host from the first host to the second host.
  • the host cluster also has the function of intelligent migration for the specified cloud host. Specifically, after the startup of the specified cloud host is completed, the first usage data of the first host corresponding to the specified cloud host is acquired according to the first preset period, where the first preset period is not specifically limited, for example Can be set to one hour.
  • the aforementioned usage data includes CPU usage, memory usage, and network interface bandwidth usage. Then analyze and process the first usage data, and determine whether the above-mentioned first usage data is greater than a preset standard threshold.
  • the same number of standard thresholds corresponding to the type are set.
  • the specific value of the standard threshold is not specifically limited, and can be set by the host cluster, or can also be set by the user according to requirements.
  • the standard threshold corresponding to CPU usage can be set to 80%
  • the standard threshold corresponding to memory usage can be set to 75%
  • the standard threshold corresponding to network interface bandwidth usage can be set to 85%. If the above-mentioned first usage data is greater than the preset standard threshold value, it indicates that the first host machine corresponding to the designated cloud host is currently in a high-load state, and the first host machine has fewer computable resources.
  • the second host with the second usage data less than the above standard threshold will be found from all the hosts in the host cluster, and the designated cloud host will be migrated from the above first host to the above second host to achieve Intelligently migrate the designated cloud host from the first host with excessive load to the second host with lower load, so that the computing resources of the designated cloud host are optimized, thereby effectively improving the operating efficiency and response speed of the designated cloud host. It also guarantees the safety of the first host. Further, if the number of second host machines is more than one, the designated host machine with the lowest data value corresponding to the second usage data is selected from all the second host machines, and then the designated cloud host machine is selected from the above-mentioned first host machine. The host machine is migrated to the above specified host machine. By filtering out the designated host with the lowest data value corresponding to the second usage data from all the second hosts, not only the operating efficiency and response speed of the designated cloud host can be improved, but also the load balance for all the hosts can be achieved.
  • the method includes:
  • S5045 Analyze and process the available resource space, and determine whether the available resource space is less than a preset resource space threshold
  • S5047 Send a garbage removal instruction to the designated cloud host to control the designated cloud host to clear the junk data according to the garbage removal instruction.
  • the available resource space in the designated cloud host in a normal working state will be monitored and processed to ensure that the designated cloud host can have Sufficient available resource space.
  • the available resource space in the cloud hard disk corresponding to the specified cloud host is acquired according to a second preset period, where the second preset period is not specifically limited, for example, it can be set to One hour. Then it is judged whether the above-mentioned available resource space is less than the preset resource space threshold.
  • the specific value of the above-mentioned resource space threshold is not specifically limited.
  • the resource space The threshold can be set to 5g. If the available resource space is less than the preset resource space threshold, it indicates that the current available resource space of the designated cloud host is small, and the cloud hard disk corresponding to the designated cloud host is under high pressure. At this time, the junk data in the cloud hard disk will be filtered out.
  • the junk data includes the remaining designated cloud host configuration files, useless temporary files, useless files that have been deleted/uninstalled, and the hard disk and/or volume have not been formatted. Successfully leftover files, etc. After the junk data is filtered out, the garbage removal instruction is sent to the designated cloud host to control the designated cloud host to clean up the junk data according to the garbage removal instruction.
  • the management tool or the designated cloud host can be used to clean up the junk data.
  • This embodiment automatically and intelligently removes junk data in the cloud hard disk corresponding to the specified cloud host when the current available resources of the specified cloud host are low, effectively reducing the pressure and burden of the specified cloud host, and releasing the specified cloud host.
  • the redundant and useless resources on the cloud host can be used to process the junk data in the cloud hard disk corresponding to the designated cloud host in an orderly and timely manner, avoid unnecessary waste of resources, improve the utilization efficiency of the internal resources of the designated cloud host, and finally improve the designated cloud The operating efficiency and response speed of the host.
  • an embodiment of the present application also provides a secure boot device for a cloud host, including:
  • the first obtaining module 1 is configured to obtain asset information corresponding to the specified cloud host according to a preset rule when a user-triggered start instruction for a specified cloud host is received, wherein the asset information includes at least operating system information;
  • the first judgment module 2 is used for judging whether there are vulnerabilities corresponding to the asset information of the designated cloud host stored in the preset vulnerability database, wherein the number of the vulnerabilities is one or more;
  • the second obtaining module 3 is configured to, if yes, obtain the last shutdown time of the designated cloud host and the release time corresponding to each of the vulnerabilities;
  • the second judgment module 4 is used for judging whether there are specified vulnerabilities whose release time is within a specified period of time among all the vulnerabilities according to the last shutdown time and each of the release times;
  • the isolation module 5 is configured to, if yes, start the designated cloud host in a pre-created security isolation area, wherein the network access function of the specified cloud host will be disabled in the security isolation area.
  • the realization process of the functions and functions of the first acquisition module, the first judgment module, the second acquisition module, the second judgment module, and the isolation module in the secure boot device of the cloud host is detailed in the above cloud host The implementation process corresponding to steps S1 to S5 in the safe boot method will not be repeated here.
  • the above-mentioned first acquisition module includes:
  • the first determining unit is configured to determine whether an asset management tool is installed in the designated cloud host, wherein the asset management tool is used to periodically synchronize asset information corresponding to the designated cloud host to the designated cloud platform;
  • the first searching unit is configured to search for the asset information from the designated cloud platform if an asset management tool is installed;
  • the first calling unit is configured to, if the asset management tool is not installed, call a designated scanning tool to perform scanning processing on the designated cloud host, so as to obtain the asset information.
  • the implementation process of the functions and roles of the first determining unit, the first searching unit, and the first calling unit in the secure boot device of the cloud host is detailed in the corresponding steps S100 to S100 to the secure boot method of the cloud host.
  • the implementation process of S102 will not be repeated here.
  • the secure boot device of the cloud host includes:
  • the crawling module is used to grab the first vulnerability information related to various operating systems corresponding to the cloud host and the second vulnerability information related to the cloud host service from the target website in real time through a crawler tool;
  • the first storage module is used to store the first vulnerability information and the second vulnerability information in the vulnerability database.
  • the implementation process of the functions and roles of the grab module, creation module, and first storage module in the secure boot device of the cloud host is detailed in the implementation of corresponding steps S200 to S202 in the secure boot method of the cloud host. The process will not be repeated here.
  • the secure boot device of the cloud host includes:
  • the third obtaining module is used to obtain the current time
  • the first determining module is configured to determine the time period included between the last shutdown time and the current time as the designated time period.
  • the implementation process of the functions and roles of the third acquiring module and the first determining module in the secure startup device of the cloud host is detailed in the implementation process corresponding to steps S400 to S401 in the secure startup method of the cloud host. I won't repeat them here.
  • the secure boot device of the cloud host includes:
  • the second determining module is used to determine whether the specified patch corresponding to the specified vulnerability is stored in the vulnerability database
  • the second storage module is configured to download the specified patch if it is, and store the specified patch in a specified storage area in the specified cloud host through a specified transmission method;
  • the first sending module is configured to send an installation instruction for installing the specified patch to the specified cloud host, so that the specified cloud host installs the specified patch according to the installation instruction, and returns the corresponding patch installation result,
  • the patch installation result includes installation success or installation failure
  • the third judgment module is configured to judge whether the specified patch is successfully installed according to the patch installation result returned by the specified cloud host;
  • the transfer module is used for transferring the designated cloud host out of the security isolation area, so as to restore the normal network access function of the designated cloud host.
  • the realization process of the functions and roles of the second determination module, the second storage module, the first sending module, the third judgment module, and the transfer module in the secure boot device of the cloud host is detailed in the above cloud host
  • the implementation process corresponding to steps S500 to S504 in the secure boot method will not be repeated here.
  • the secure boot device of the cloud host includes:
  • the fourth acquiring module is configured to acquire the first usage data of the first host machine corresponding to the designated cloud host according to the first preset period, where the first usage data includes at least a CPU usage rate, a memory usage rate, and Network interface bandwidth usage rate;
  • the fourth judgment module is configured to analyze and process the first usage data, and judge whether the first usage data is greater than a preset standard threshold
  • the searching module is configured to, if yes, find out the second host machine whose second usage data is less than the standard threshold value from all the host machines;
  • the migration module is used to migrate the designated cloud host from the first host to the second host.
  • the implementation process of the functions and roles of the fourth acquisition module, the fourth judgment module, the search module, and the migration module in the secure boot device of the cloud host is detailed in the corresponding step S5040 in the secure boot method of the cloud host.
  • the implementation process to S5043 will not be repeated here.
  • the secure boot device of the cloud host includes:
  • a fifth acquiring module configured to acquire the available resource space in the cloud hard disk corresponding to the designated cloud host according to a second preset period
  • the fifth judgment module is configured to analyze and process the available resource space, and judge whether the available resource space is less than a preset resource space threshold;
  • the screening module is used to screen out junk data in the cloud hard disk if so;
  • the second sending module is configured to send a garbage removal instruction to the designated cloud host to control the designated cloud host to clear the junk data according to the garbage removal instruction.
  • the implementation process of the functions and roles of the fifth acquiring module, the fifth determining module, the screening module, and the second sending module in the secure boot device of the cloud host is detailed in the corresponding method in the secure boot method of the cloud host.
  • the implementation process of steps S5044 to S5047 will not be repeated here.
  • an embodiment of the present application also provides a computer device.
  • the computer device may be a server, and its internal structure may be as shown in FIG. 3.
  • the computer equipment includes a processor, a memory, a network interface, and a database connected through a system bus. Among them, the processor designed for the computer equipment is used to provide calculation and control capabilities.
  • the memory of the computer device includes a volatile or non-volatile storage medium and internal memory.
  • the volatile or non-volatile storage medium stores an operating system, computer readable instructions, and a database.
  • the internal memory provides an environment for the operation of the operating system and computer-readable instructions in the volatile or non-volatile storage medium.
  • the database of the computer equipment is used to store data such as asset information and vulnerabilities.
  • the network interface of the computer device is used to communicate with an external terminal through a network connection.
  • the computer-readable instruction is executed by the processor, the method for secure startup of the cloud host shown in any of the above exemplary embodiments is realized.
  • FIG. 3 is only a block diagram of a part of the structure related to the solution of the present application, and does not constitute a limitation on the devices and computer equipment to which the solution of the present application is applied.
  • An embodiment of the present application also provides a computer-readable storage medium.
  • the computer-readable storage medium may be volatile or non-volatile, and computer-readable instructions are stored thereon.
  • the steps in the foregoing embodiment of the secure boot method for a cloud host are realized when executed by one or more processors.
  • the secure startup method, device, computer equipment, and storage medium of the cloud host upon receiving a user-triggered startup instruction for a specified cloud host, obtain the Asset information corresponding to the designated cloud host, where the asset information includes at least operating system information; determine whether a predetermined vulnerability database stores vulnerabilities corresponding to the asset information of the designated cloud host, wherein the number of vulnerabilities Is one or more; if so, obtain the last shutdown time of the designated cloud host and the release time corresponding to each of the vulnerabilities; according to the last shutdown time and each release time, it is determined that all the Whether there are specified vulnerabilities in the vulnerabilities whose release time is within a specified period of time; if so, start the designated cloud host in the pre-created security isolation zone, where the network access function of the specified cloud host is in the security isolation zone Will be disabled.
  • This application will intelligently place the designated cloud host in the pre-created security isolation zone for startup when a new vulnerability related to it occurs during the last shutdown of the designated cloud host, so that after the designated cloud host is started Temporarily disable the network access function of the designated cloud host, effectively avoiding the intrusion or attack of the designated cloud host by vulnerabilities during use, and ensuring the security of the designated cloud host after it is started.
  • Non-volatile memory may include read-only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory.
  • Volatile memory may include random access memory (RAM) or external cache memory.
  • RAM is available in many forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), dual-rate SDRAM (SSRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.

Abstract

Disclosed are a secure starting method and apparatus for a cloud host, and a computer device and a storage medium. The method comprises: when a starting instruction, triggered by a user, for a specified cloud host is received, acquiring, according to a preset rule, asset information corresponding to the specified cloud host; determining whether there are vulnerabilities, corresponding to the asset information of the specified cloud host, stored in a preset vulnerability database; if so, acquiring the last shutdown time of the specified cloud host and release times respectively corresponding to the vulnerabilities; according to the last shutdown time and the release times, determining whether there is a specified vulnerability, of which the release time is within a specified time period, in all the vulnerabilities; and if so, starting the specified cloud host in a pre-created secure isolation area. According to the preset application, the specified cloud host can be effectively prevented from being invaded or attacked by vulnerabilities during use, and the security of the specified cloud host after starting is guaranteed.

Description

云主机的安全启动方法、装置、计算机设备和存储介质Safe starting method, device, computer equipment and storage medium of cloud host
本申请要求于2019年10月15日提交中国专利局、申请号为2019109790501,发明名称为“云主机的安全启动方法、装置、计算机设备和存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of a Chinese patent application filed with the Chinese Patent Office on October 15, 2019, the application number is 2019109790501, and the invention title is "the secure boot method, device, computer equipment and storage medium of the cloud host", and its entire content Incorporated in this application by reference.
技术领域Technical field
本申请涉及云计算技术领域,具体涉及一种云主机的安全启动方法、装置、计算机设备和存储介质。This application relates to the technical field of cloud computing, and in particular to a secure startup method, device, computer equipment, and storage medium of a cloud host.
背景技术Background technique
云计算当前是IT技术发展的一个重要领域和方向,并正在逐步渗透到社会的各领域。云主机是云计算在基础设施应用上的重要组成部分,位于云计算产业链金字塔底层,产品源自云计算平台。该平台整合了互联网应用三大核心要素:计算、存储、网络,面向用户提供公用化的互联网基础设施服务。云主机是一种类似VPS(Virtual Private Server,虚拟专用服务器)主机的虚拟化技术,VPS是采用虚拟软件(如VZ或VM)在一台主机上虚拟出多个类似独立主机的部分,能够实现单机多用户,每个部分都可以做单独的操作系统,管理方法同主机相同。而云主机是在一组宿主机集群上虚拟出多个类似独立主机的部分,集群中每个宿主机上都有云主机的一个镜像,从而大大提高了虚拟主机的安全稳定性。另外,为了便于用户随时随地访问云计算,云主机通常能从公网(Internet)直接访问,甚至是管理。Cloud computing is currently an important field and direction in the development of IT technology, and it is gradually infiltrating all areas of society. Cloud host is an important part of cloud computing in infrastructure applications. It is located at the bottom of the cloud computing industry chain and its products are derived from cloud computing platforms. The platform integrates the three core elements of Internet applications: computing, storage, and network, and provides users with public Internet infrastructure services. Cloud hosting is a kind of similar to VPS (Virtual Private Server, virtual private server) the virtualization technology of the host, VPS uses virtual software (such as VZ or VM) to virtualize multiple parts similar to independent hosts on a host, which can realize single-machine multi-user, and each part can be used. As a separate operating system, the management method is the same as that of the host. The cloud host virtualizes multiple parts similar to independent hosts on a group of host machine clusters. Each host machine in the cluster has an image of the cloud host machine, which greatly improves the security and stability of the virtual host machine. In addition, in order to facilitate users to access cloud computing anytime and anywhere, cloud hosts can usually be accessed directly from the public network (Internet), and even managed.
在现有的各类云计算系统中,各个云主机均会面临着防护间隙的安全风险。具体地,在云主机处于关机状态时,由于云主机在关机时会对当前所有已知的安全漏洞进行修复处理,因而可认为处于关机状态的云主机也处于一个安全的状态。但是,当云主机被重新启动并暴露在公网时,此时的外界环境相比于关机前可能会发生改变。如果当前出现了与云主机相关的新的安全漏洞,则云主机随时可能会遭受到公网上的攻击者的攻击,云主机的安全性受到极大的威胁。In the existing various cloud computing systems, each cloud host will face the security risk of the protection gap. Specifically, when the cloud host is in the shutdown state, since the cloud host will repair all currently known security vulnerabilities when it is shut down, it can be considered that the cloud host in the shutdown state is also in a safe state. However, when the cloud host is restarted and exposed to the public network, the external environment at this time may change compared to before the shutdown. If there are new security vulnerabilities related to the cloud host, the cloud host may be attacked by attackers on the public network at any time, and the security of the cloud host is greatly threatened.
技术问题technical problem
本申请的主要目的为提供一种云主机的安全启动方法、装置、计算机设备和存储介质,旨在解决在现有的各类云计算系统中,当云主机从关机状态被重新启动并暴露在公网时,随时可能会遭受到公网上的攻击者的攻击,云主机的安全性容易受到极大的威胁的技术问题。The main purpose of this application is to provide a secure startup method, device, computer equipment and storage medium for a cloud host, which aims to solve the problem that when the cloud host is restarted from the shutdown state and exposed to the existing various cloud computing systems When on the public network, you may be attacked by attackers on the public network at any time, and the security of the cloud host is vulnerable to technical problems that are greatly threatened.
技术解决方案Technical solutions
为了实现上述申请目的,本申请提出一种云主机的安全启动方法,所述方法包括步骤:In order to achieve the purpose of the above application, this application proposes a secure startup method for a cloud host. The method includes the steps:
在接收到用户触发的对于指定云主机的启动指令时按照预设规则获取与所述指定云主机对应的资产信息,其中,所述资产信息至少包括操作系统信息;判断预设的漏洞数据库中是否存储有与所述指定云主机的资产信息对应的漏洞,其中,所述漏洞的数量为一个或多个;Upon receiving a user-triggered start instruction for a specified cloud host, obtain asset information corresponding to the specified cloud host according to preset rules, where the asset information includes at least operating system information; determine whether the preset vulnerability database is Vulnerabilities corresponding to the asset information of the designated cloud host are stored, wherein the number of the vulnerabilities is one or more;
若是,获取所述指定云主机的上一次关机时间,以及各所述漏洞分别对应的发布时间;If yes, obtain the last shutdown time of the designated cloud host and the release time corresponding to each of the vulnerabilities;
根据所述上一次关机时间与各所述发布时间,判断在所有所述漏洞中是否存在发布时间为指定时间段内的指定漏洞;According to the last shutdown time and each of the release times, determine whether there is a specified vulnerability whose release time is within a specified period of time among all the vulnerabilities;
若是,在预创建的安全隔离区内启动所述指定云主机,其中,所述指定云主机的网络访问功能在所述安全隔离区内会被禁用。If yes, start the designated cloud host in a pre-created security isolation zone, wherein the network access function of the designated cloud host will be disabled in the security isolation zone.
本申请还提供一种云主机的安全启动装置,包括:This application also provides a secure boot device for a cloud host, including:
第一获取模块,用于在接收到用户触发的对于指定云主机的启动指令时按照预设规则获取与所述指定云主机对应的资产信息,其中,所述资产信息至少包括操作系统信息;The first obtaining module is configured to obtain asset information corresponding to the specified cloud host according to preset rules when a user-triggered start instruction for the specified cloud host is received, wherein the asset information includes at least operating system information;
第一判断模块,用于判断预设的漏洞数据库中是否存储有与所述指定云主机的资产信息对应的漏洞,其中,所述漏洞的数量为一个或多个;The first judgment module is used to judge whether there are vulnerabilities corresponding to the asset information of the designated cloud host stored in the preset vulnerability database, wherein the number of the vulnerabilities is one or more;
第二获取模块,用于若是,获取所述指定云主机的上一次关机时间,以及各所述漏洞分别对应的发布时间;The second obtaining module is configured to, if yes, obtain the last shutdown time of the designated cloud host and the release time corresponding to each of the vulnerabilities;
第二判断模块,用于根据所述上一次关机时间与各所述发布时间,判断在所有所述漏洞中是否存在发布时间为指定时间段内的指定漏洞;The second judgment module is used for judging whether there are specified vulnerabilities whose release time is within a specified period of time among all the vulnerabilities according to the last shutdown time and each of the release times;
隔离模块,用于若是,在预创建的安全隔离区内启动所述指定云主机,其中,所述指定云主机的网络访问功能在所述安全隔离区内会被禁用。The isolation module is configured to, if yes, start the designated cloud host in a pre-created security isolation area, wherein the network access function of the specified cloud host will be disabled in the security isolation area.
本申请还提供一种计算机设备,包括存储器和处理器,所述存储器中存储有计算机可读指令,所述处理器执行所述计算机可读指令时实现上述方法的步骤。The present application also provides a computer device, including a memory and a processor, the memory stores computer-readable instructions, and the processor implements the steps of the above method when the computer-readable instructions are executed by the processor.
本申请还提供一种计算机可读存储介质,其上存储有计算机可读指令,所述计算机可读指令被处理器执行时实现上述方法的步骤。The present application also provides a computer-readable storage medium on which computer-readable instructions are stored, and when the computer-readable instructions are executed by a processor, the steps of the foregoing method are implemented.
有益效果Beneficial effect
本申请中提供的云主机的安全启动方法、装置、计算机设备和存储介质,在接收到用户触发的对于指定云主机的启动指令时,按照预设规则获取与所述指定云主机对应的资产信息,其中,所述资产信息至少包括操作系统信息;判断预设的漏洞数据库中是否存储有与所述指定云主机的资产信息对应的漏洞,其中,所述漏洞的数量为一个或多个;若是,获取所述指定云主机的上一次关机时间,以及各所述漏洞分别对应的发布时间;根据所述上一次关机时间与各所述发布时间,判断在所有所述漏洞中是否存在发布时间为指定时间段内的指定漏洞;若是,在预创建的安全隔离区内启动所述指定云主机,其中,所述指定云主机的网络访问功能在所述安全隔离区内会被禁用。本申请当指定云主机在上一次关机期间时出现了新的与其相关的漏洞的情况下,会智能的将指定云主机放置在预创建的安全隔离区内进行启动,从而在指定云主机启动后暂时禁用指定云主机的网络访问功能,有效的避免出现指定云主机在使用过程中受到漏洞的入侵或攻击的情况,保障了指定云主机启动后的安全性。The secure startup method, device, computer equipment, and storage medium of a cloud host provided in this application, upon receiving a user-triggered startup instruction for a specified cloud host, acquire asset information corresponding to the specified cloud host according to preset rules , Wherein the asset information includes at least operating system information; it is judged whether there are vulnerabilities corresponding to the asset information of the designated cloud host stored in the preset vulnerability database, wherein the number of the vulnerabilities is one or more; if so , Obtain the last shutdown time of the designated cloud host and the release time corresponding to each of the vulnerabilities; according to the last shutdown time and each release time, determine whether there is a release time in all the vulnerabilities The specified vulnerabilities within a specified time period; if so, the specified cloud host is started in a pre-created security isolation area, wherein the network access function of the specified cloud host will be disabled in the security isolation area. This application will intelligently place the designated cloud host in the pre-created security isolation zone for startup when a new vulnerability related to it occurs during the last shutdown of the designated cloud host, so that after the designated cloud host is started Temporarily disable the network access function of the designated cloud host, effectively avoiding the intrusion or attack of the designated cloud host by vulnerabilities during use, and ensuring the security of the designated cloud host after it is started.
附图说明Description of the drawings
图1是本申请一实施例的云主机的安全启动方法的流程示意图;FIG. 1 is a schematic flowchart of a method for secure startup of a cloud host according to an embodiment of the present application;
图2是本申请一实施例的云主机的安全启动装置的结构示意图;FIG. 2 is a schematic structural diagram of a secure boot device of a cloud host according to an embodiment of the present application;
图3是本申请一实施例的计算机设备的结构示意图。Fig. 3 is a schematic structural diagram of a computer device according to an embodiment of the present application.
本发明的最佳实施方式The best mode of the present invention
应当理解,此处所描述的具体实施例仅仅用于解释本申请,并不用于限定本申请。It should be understood that the specific embodiments described here are only used to explain the present application, and are not used to limit the present application.
参照图1,本申请一实施例的云主机的安全启动方法,包括:Referring to Fig. 1, a secure boot method of a cloud host according to an embodiment of the present application includes:
S1:在接收到用户触发的对于指定云主机的启动指令时按照预设规则获取与所述指定云主机对应的资产信息,其中,所述资产信息至少包括操作系统信息;S1: Acquire asset information corresponding to the designated cloud host according to preset rules when receiving a startup instruction for a designated cloud host triggered by a user, where the asset information includes at least operating system information;
S2:判断预设的漏洞数据库中是否存储有与所述指定云主机的资产信息对应的漏洞,其中,所述漏洞的数量为一个或多个;S2: Determine whether there are vulnerabilities corresponding to the asset information of the designated cloud host stored in the preset vulnerability database, where the number of the vulnerabilities is one or more;
S3:若是,获取所述指定云主机的上一次关机时间,以及各所述漏洞分别对应的发布时间;S3: If yes, obtain the last shutdown time of the designated cloud host and the release time corresponding to each of the vulnerabilities;
S4:根据所述上一次关机时间与各所述发布时间,判断在所有所述漏洞中是否存在发布时间为指定时间段内的指定漏洞;S4: According to the last shutdown time and each of the release times, determine whether there are specified vulnerabilities whose release time is within a specified period of time among all the vulnerabilities;
S5:若是,启动所述指定云主机,并在所述指定云主机启动完成时,将所述指定云主机放置于预设的安全隔离区内,以暂停所述指定云主机的网络访问功能。S5: If yes, start the designated cloud host, and when the designated cloud host is started, place the designated cloud host in a preset security isolation area to suspend the network access function of the designated cloud host.
如上述步骤S1至S5所述,本发明实施例的执行主体为一种云主机的安全启动装置,具体可为用于虚拟出云主机的宿主机集群,通过该宿主机集群可实现对于指定云主机的安全启动,上述指定云主机为宿主机集群虚拟出的所有云主机中任意一台云主机。具体地,首先判断是否接收到用户触发的对于指定云主机的启动指令;当接收到该启动指令时,按照预设规则获取与指定云主机对应的资产信息,其中,上述资产信息至少包括操作系统信息,例如可为操作系统为windowsserver2012,使用RDP服务11.0版本提供远程桌面,另外该资产信息还可包括云主机服务信息与关键应用信息。另外,上述预设规则可包括:通过查询与指定云主机对应的云平台的方式,或者通过调用指定扫描工具的方式来获取与指定云主机对应的资产信息。然后,根据上述资产信息,判断预设的漏洞数据库中是否存储有与上述指定云主机的资产信息对应的漏洞,其中,上述漏洞的数量为一个或多个,另外,上述漏洞数据库内存储有通过爬虫工具实时从目标网站抓取与云主机对应的各类操作系统相关的漏洞信息,以及与云主机服务相关的漏洞信息。如果漏洞数据库中存储有与上述指定云主机的资产信息对应的漏洞,则获取上述指定云主机的上一次关机时间以及各上述漏洞分别对应的发布时间。其中,举例地,爬取的任一漏洞信息的形式可为CVE20190004-rdp漏洞,2019/07/02发布,受影响系统为rdp服务12.0版本之前的所有版本,则对应的漏洞的发布时间为2019/07/02。然后根据上述上一次关机时间与各上述发布时间,判断在所有漏洞中是否存在发布时间为指定时间段内的指定漏洞,其中,上述指定时间段为上述关机时间与上述当前时间之间所包含的时间段。如果存在发布时间为指定时间段内的指定漏洞,则在预创建的安全隔离区内启动上述指定云主机,其中,指定云主机的网络访问功能在上述安全隔离区内会被禁用。本实施例当指定云主机在上一次关机期间时出现了新的与其相关的漏洞的情况下,会智能的将指定云主机放置在预创建的安全隔离区内进行启动,从而在指定云主机启动后暂时禁用指定云主机的网络访问功能,有效的避免出现指定云主机在使用过程中受到漏洞的入侵或攻击的情况,保障了指定云主机启动后的安全性。进一步地,如果在所有漏洞中不存在发布时间为指定时间段内的指定漏洞,表明在指定云主机的上一次关机期间并未出现与其相关的漏洞,则直会接完成对于指定云主机的启动,以及不用将指定云主机放置于安全隔离区。以有效的保证用户对于指定云主机的使用体验。As described in the above steps S1 to S5, the execution subject of the embodiment of the present invention is a secure boot device for a cloud host, specifically a host cluster used to virtual out the cloud host, through which the host cluster can realize the For the secure startup of the host, the above-mentioned designated cloud host is any cloud host among all the cloud hosts virtualized by the host cluster. Specifically, it is first judged whether a user-triggered start instruction for the designated cloud host is received; when the start instruction is received, the asset information corresponding to the designated cloud host is obtained according to preset rules, wherein the asset information includes at least the operating system Information, for example, the operating system is windowsserver2012, and the RDP service version 11.0 is used to provide a remote desktop. In addition, the asset information may also include cloud host service information and key application information. In addition, the foregoing preset rules may include: obtaining asset information corresponding to the specified cloud host by querying the cloud platform corresponding to the specified cloud host, or by invoking the specified scanning tool. Then, according to the above asset information, it is determined whether there are vulnerabilities corresponding to the asset information of the above designated cloud host stored in the preset vulnerability database, wherein the number of the above vulnerabilities is one or more, and the above vulnerability database stores passing The crawler tool crawls the vulnerability information related to various operating systems corresponding to the cloud host and the vulnerability information related to the cloud host service from the target website in real time. If the vulnerability database stores the vulnerability corresponding to the asset information of the specified cloud host, the last shutdown time of the specified cloud host and the release time corresponding to each of the aforementioned vulnerabilities are obtained. Among them, for example, the form of any vulnerability information crawled can be CVE20190004-rdp vulnerability, released on July 02, 2019. The affected system is all versions of the rdp service before version 12.0, and the release time of the corresponding vulnerability is 2019 /07/02. Then, based on the last shutdown time and each of the above release times, it is determined whether there are specified vulnerabilities in all the vulnerabilities whose release time is within the specified time period, where the above specified time period is included between the above shutdown time and the above current time period. If there are specified vulnerabilities whose release time is within the specified time period, the above-mentioned designated cloud host will be started in the pre-created security quarantine area, and the network access function of the designated cloud host will be disabled in the above-mentioned security quarantine area. In this embodiment, when a new vulnerability related to the designated cloud host occurs during the last shutdown period, the designated cloud host will be intelligently placed in the pre-created security isolation zone for startup, thereby starting on the designated cloud host Then temporarily disable the network access function of the designated cloud host, effectively avoiding the intrusion or attack of the designated cloud host by vulnerabilities during use, and ensuring the security of the designated cloud host after it is started. Furthermore, if there are no specified vulnerabilities whose release time is within the specified period of time among all vulnerabilities, indicating that no related vulnerabilities appeared during the last shutdown of the specified cloud host, the startup of the specified cloud host will be completed directly , And there is no need to place the designated cloud host in a security quarantine area. In order to effectively guarantee the user experience of the designated cloud host.
进一步地,本申请一实施例中,上述步骤S1,包括:Further, in an embodiment of the present application, the above step S1 includes:
S100:确定所述指定云主机内是否安装有资产管理工具,其中,所述资产管理工具用于定期将所述指定云主机对应的资产信息同步至指定云平台;S100: Determine whether an asset management tool is installed in the designated cloud host, where the asset management tool is used to periodically synchronize asset information corresponding to the designated cloud host to the designated cloud platform;
S101:若安装有资产管理工具,从所述指定云平台中查找出所述资产信息;S101: If an asset management tool is installed, search for the asset information from the designated cloud platform;
S102:若未安装有资产管理工具,调用指定扫描工具对所述指定云主机进行扫描处理,以得到所述资产信息。S102: If an asset management tool is not installed, call a designated scanning tool to perform scanning processing on the designated cloud host to obtain the asset information.
如上述步骤S100至S102所述,上述资产信息具体可包括指定云主机对应的操作系统信息,以及指定云主机内的云主机服务信息与关键应用信息,可通过查询与指定云主机对应的云平台的方式,或者通过调用指定扫描工具的方式来获取与指定云主机对应的资产信息。具体地,首先确定上述指定云主机内是否安装有资产管理工具,其中,上述资产管理工具具有对指定云主机的资产信息的同步功能,当指定云主机内安装有资产管理工具时,则指定云主机会定期通过上述资产管理工具来将内部的资产信息同步至对应的上述指定云平台,从而该指定云平台会存储有指定云主机的资产信息。如果确定出指定云主机内安装有资产管理工具,则可从与上述指定云主机对应的指定云平台中查找出上述资产信息。而如果指定云主机内未安装有资产管理工具,则可调用指定扫描工具对上述云平台进行扫描处理,以得到上述资产信息,其中,上述指定扫描工具可为nmap,可通过nmap工具来对该指定云主机发送操作系统探测命令$nmap-O[target IP],使得指定云主机在接收到该作系统探测命令后会查询自身的资产信息,进而可以得到由指定云主机返回的资产信息。在得到了指定云主机的资产信息后,后续便可智能根据该资产信息来识别出漏洞数据库中是否存在与指定云主机对应的漏洞。As described in the above steps S100 to S102, the asset information may specifically include the operating system information corresponding to the specified cloud host, as well as the cloud host service information and key application information in the specified cloud host. The cloud platform corresponding to the specified cloud host can be queried. Or by calling the specified scanning tool to obtain the asset information corresponding to the specified cloud host. Specifically, first determine whether an asset management tool is installed in the specified cloud host. The asset management tool has a synchronization function for asset information of the specified cloud host. When the asset management tool is installed in the specified cloud host, the specified cloud host The host will periodically synchronize the internal asset information to the corresponding designated cloud platform through the above asset management tool, so that the designated cloud platform will store the asset information of the designated cloud host. If it is determined that an asset management tool is installed in the designated cloud host, the above asset information can be found from the designated cloud platform corresponding to the above designated cloud host. If there is no asset management tool installed in the designated cloud host, the designated scanning tool can be called to scan the cloud platform to obtain the above asset information. The designated scanning tool can be nmap, and the nmap tool can be used to perform the scanning process on the cloud platform. Specify the cloud host to send the operating system detection command $nmap-O[target IP], so that the designated cloud host will query its own asset information after receiving the system detection command, and then the asset information returned by the designated cloud host can be obtained. After obtaining the asset information of the designated cloud host, it can then intelligently identify whether there are vulnerabilities corresponding to the designated cloud host in the vulnerability database based on the asset information.
进一步地,本申请一实施例中,上述步骤S2之前,包括:Further, in an embodiment of the present application, before the foregoing step S2, the method includes:
S200:通过爬虫工具,实时从目标网站抓取出与云主机对应的各类操作系统相关的第一漏洞信息,以及与云主机服务相关的第二漏洞信息;S200: Use crawler tools to grab the first vulnerability information related to various operating systems corresponding to the cloud host and the second vulnerability information related to the cloud host service from the target website in real time;
S201:创建一个漏洞数据库;S201: Create a vulnerability database;
S202:将所述第一漏洞信息与所述第二漏洞信息存储于所述漏洞数据库内。S202: Store the first vulnerability information and the second vulnerability information in the vulnerability database.
如上述步骤S200至S202所述,在根据上述资产信息,进行判断预设的漏洞数据库中是否存储有与上述指定云主机对应的漏洞的判断过程之前,还包括生成该漏洞数据库的生成过程。具体地,首先通过爬虫工具,实时从目标网站抓取与云主机对应的各类操作系统相关的第一漏洞信息,以及与云主机服务相关的第二漏洞信息。其中,上述第一漏洞信息可包括与第一漏洞对应的漏洞信息,以及与第一漏洞对应的第一补丁信息。同理,上述第二漏洞信息可包括与第二漏洞对应的漏洞信息,以及与第二漏洞对应的第二补丁信息。另外,爬虫工具是指网络爬虫(又被称为网页蜘蛛或网络机器人),是一种按照一定的规则,自动地抓取万维网信息的程序或者脚本。该爬虫工具包括但不限于Python爬虫工具。另外,上述目标网站为用于发布与云主机相关漏洞的国内外权威网站。具体地,宿主机集群采用爬虫工具执行爬虫文件,以爬取符合爬虫文件设置的数据爬取条件的漏洞信息。其中,该爬虫文件包括但不限于目标URL和搜索关键词这两个数据爬取条件。该目标URL是该爬虫文件中用于限定所需爬取的第一漏洞信息与第二漏洞信息对应的目标网站的URL,该URL(Uniform Resource Locator的简称,即统一资源定位符)是对可以从互联网上得到的资源的位置和访问方法的一种简洁的表示,是互联网上标准资源的地址。搜索关键词是指该爬虫文件中用于限定该爬虫文件所需爬取的第一漏洞信息与第二漏洞信息的共同特性的关键词。在得到上述第一漏洞信息与第二漏洞信息后,再创建一个漏洞数据库,然后将该第一漏洞信息与第二漏洞信息存储于上述漏洞数据库内,以形成后续用于确定是否存在可能会威胁指定云主机安全的漏洞的漏洞数据库。As described in the above steps S200 to S202, before the judgment process of judging whether the vulnerability corresponding to the specified cloud host is stored in the preset vulnerability database according to the asset information, the process of generating the vulnerability database is also included. Specifically, first, a crawler tool is used to grab the first vulnerability information related to various operating systems corresponding to the cloud host and the second vulnerability information related to the cloud host service from the target website in real time. Wherein, the above-mentioned first vulnerability information may include vulnerability information corresponding to the first vulnerability, and first patch information corresponding to the first vulnerability. Similarly, the aforementioned second vulnerability information may include vulnerability information corresponding to the second vulnerability, and second patch information corresponding to the second vulnerability. In addition, crawler tools refer to web crawlers (also known as web spiders or web robots), which are programs or scripts that automatically crawl information on the World Wide Web in accordance with certain rules. The crawler tool includes but is not limited to the Python crawler tool. In addition, the aforementioned target website is an authoritative website at home and abroad for publishing vulnerabilities related to cloud hosting. Specifically, the host cluster uses a crawler tool to execute a crawler file to crawl vulnerability information that meets the data crawling conditions set by the crawler file. The crawler file includes, but is not limited to, two data crawling conditions of target URL and search keywords. The target URL is the URL of the target website corresponding to the first vulnerability information that needs to be crawled and the second vulnerability information in the crawler file, and the URL (short for Uniform Resource Locator, that is, uniform resource locator) is correct A concise representation of the location and access method of resources obtained from the Internet is the address of a standard resource on the Internet. Search keywords refer to keywords in the crawler file that are used to limit the common characteristics of the first vulnerability information and the second vulnerability information to be crawled by the crawler file. After obtaining the above-mentioned first vulnerability information and the second vulnerability information, create a vulnerability database, and then store the first vulnerability information and the second vulnerability information in the above-mentioned vulnerability database to form a subsequent use to determine whether there is a possible threat Specify the vulnerability database of the security vulnerabilities of the cloud host.
进一步地,本申请一实施例中,上述步骤S4之前,包括:Further, in an embodiment of the present application, before the above step S4, the method includes:
S400:获取当前时间;S400: Obtain the current time;
S401:将所述上一次关机时间与所述当前时间之间所包含的时间段,确定为所述指定时间段。S401: Determine the time period included between the last shutdown time and the current time as the designated time period.
如上述步骤S400至S401所述,上述判断所有上述漏洞中是否存在发布时间为指定时间段内的指定漏洞的步骤之前,还包括确定出该指定时间段的步骤,具体地,首先获取当前时间,其中,上述当前时间与上述上一次关机时间的精确度相同,但对该精确度不做具体限定,例如上述精确度可精确到年月日,例如当前时间可为2019/07/11,或者还可精确到年月日时等,在此不做过多叙述。在得到当前时间以及上述上一次关机时间后,再将该上一次关机时间与上述当前时间之间所包含的时间段确定为上述指定时间段。举例地,如果当前时间为2019/07/11,上一次关机时间为2019/07/01,则可确定出上述指定时间段包括:2019/07/01-2019/07/11。本实施例根据当前时间与指定云主机的上一次关机时间来确定出指定时间段,有利于后续根据该指定时间段来精确的识别出漏洞数据库中是否存有会威胁指定云主机安全的指定漏洞,进而根据识别结果来智能的选择对于指定云主机的开启方式。As described in the above steps S400 to S401, before the step of judging whether there are specified vulnerabilities whose release time is within a specified period of time among all the foregoing vulnerabilities, the step of determining the specified period of time is also included. Specifically, the current time is first obtained, The above-mentioned current time has the same accuracy as the above-mentioned last shutdown time, but the accuracy is not specifically limited. For example, the above-mentioned accuracy can be accurate to year, month and day, for example, the current time can be 2019/07/11, or even It can be accurate to the year, month, day, and so on, so I won’t go into too much detail here. After the current time and the aforementioned last shutdown time are obtained, the time period included between the last shutdown time and the aforementioned current time is determined as the aforementioned designated time period. For example, if the current time is 2019/07/11 and the last shutdown time is 2019/07/01, it can be determined that the above specified time period includes: 2019/07/01-2019/07/11. This embodiment determines the specified time period based on the current time and the last shutdown time of the specified cloud host, which is beneficial to subsequently accurately identifying whether there are specified vulnerabilities in the vulnerability database that threaten the security of the specified cloud host based on the specified time period. , And then intelligently select the opening method for the designated cloud host based on the recognition result.
进一步地,本申请一实施例中,上述步骤S5之后,包括:Further, in an embodiment of the present application, after the above step S5, the method includes:
S500:确定所述漏洞数据库中是否存储有与所述指定漏洞对应的指定补丁;S500: Determine whether the specified patch corresponding to the specified vulnerability is stored in the vulnerability database;
S501:若是,下载所述指定补丁,并通过指定传输方式将所述指定补丁存储于所述指定云主机内的指定存储区域中;S501: If yes, download the designated patch, and store the designated patch in a designated storage area in the designated cloud host through a designated transmission method;
S502:向所述指定云主机发送安装所述指定补丁的安装指令,以便所述指定云主机根据所述安装指令对所述指定补丁进行安装,并返回对应的补丁安装结果,其中,所述补丁安装结果包括安装成功或安装失败;S502: Send an installation instruction for installing the specified patch to the specified cloud host, so that the specified cloud host installs the specified patch according to the installation instruction, and returns a corresponding patch installation result, where the patch Installation results include successful or failed installation;
S503:根据所述指定云主机返回的所述补丁安装结果,判断所述指定补丁是否安装成功;S503: Determine whether the specified patch is successfully installed according to the patch installation result returned by the specified cloud host;
S504:若是,将所述指定云主机转移出所述安全隔离区,以恢复所述指定云主机正常的网络访问功能。S504: If yes, transfer the designated cloud host out of the security isolation area to restore the normal network access function of the designated cloud host.
如上述步骤S500至S504所述,在将指定云主机放置于安全隔离区后,只有在该指定云主机成功安装成功了与上述指定漏洞对应的指定补丁后,才会将该指定云主机从安全隔离区内移除,以保证指定云主机的使用安全。具体地,首先判断上述漏洞数据库是否存储有与上述指定漏洞对应的指定补丁。如果漏洞数据库内存储有上述指定补丁,则会下载该指定补丁,并通过指定传输方式将该指定补丁存储于指定云主机内的指定存储区域中。其中,上述指定传输方式为局域网传输方式或蓝牙传输方式,宿主机集群在下载了上述指定补丁后,通过在内部利用该指定传输方式将下载好的指定补丁传输至指定云主机内的指定存储区域,由于传输过程并不需要使用到网络资源,使得指定云主机在接收到指定补丁时也不会遭受公网上的攻击者的攻击,有效的保证了指定云主机在存储指定补丁的过程中的安全性,而且指定云主机对指定补丁进行安装的安装过程也不需要网络,进一步增加了指定云主机的使用安全性。另外,对于上述指定存储区域不作具体限定,可以根据实际需求进行设置,例如可以是一个新创建的专门用于存储该指定补丁的区域,也可以是指定云主机中的存储空间较大的一个区域,等等。在完成了将指定补丁存储于上述指定存储区域中后,会向上述指定云主机发送安装指定补丁的安装指令,以便指定云主机根据上述安装指令下载并安装该指定补丁,并返回对应的补丁安装结果,其中,所述补丁安装结果包括安装成功或安装失败。然后根据指定云主机返回的补丁安装结果,进一步判断上述指定补丁是否安装成功。如果指定补丁在指定云主机内安装成功,则会将指定云主机转移出上述安全隔离区,以恢复指定云主机正常的网络访问功能,从而使得指定云主机在恢复网络访问功能后可以进行正常的工作,保证用户在使用指定云主机时的体验感。进一步地,如果指定补丁安装失败,指定云主机会返回安装失败的补丁安装结果,则此时不会将指定云主机转移出上述安全隔离区,而会先查找出指定补丁安装失败的失败原因;然后根据该指定补丁安装失败的失败原因,控制该指定云主机对上述指定补丁进行重新下载与安装,并在确定出指定补丁在指定云主机内安装成功后,再将指定云主机转移出上述安全隔离区,使得只有在指定补丁安装成功的情况下,才会恢复指定云主机正常的网络访问功能,有效的保障了指定云主机的使用安全。As mentioned in the above steps S500 to S504, after the designated cloud host is placed in the security quarantine area, the designated cloud host will be removed from the security only after the designated cloud host has successfully installed the designated patch corresponding to the above-mentioned specified vulnerability. Remove from the quarantine area to ensure the safety of the designated cloud host. Specifically, it is first determined whether the vulnerability database stores the designated patch corresponding to the designated vulnerability. If the above specified patch is stored in the vulnerability database, the specified patch will be downloaded, and the specified patch will be stored in the specified storage area in the specified cloud host through the specified transmission method. Among them, the above-mentioned designated transmission method is the local area network transmission method or the Bluetooth transmission method. After the host cluster downloads the above-mentioned designated patch, it transmits the downloaded designated patch to the designated storage area in the designated cloud host by using the designated transmission method internally. , Since the transmission process does not need to use network resources, the designated cloud host will not be attacked by attackers on the public network when receiving the designated patch, which effectively guarantees the security of the designated cloud host in the process of storing the designated patch In addition, the installation process of the designated cloud host to install the designated patch does not require a network, which further increases the security of the designated cloud host. In addition, the above-mentioned designated storage area is not specifically limited, and can be set according to actual needs. For example, it can be a newly created area dedicated to storing the designated patch, or an area with a larger storage space in the designated cloud host. ,and many more. After finishing storing the specified patch in the above specified storage area, an installation instruction to install the specified patch will be sent to the specified cloud host, so that the specified cloud host can download and install the specified patch according to the above installation instruction, and return to the corresponding patch installation As a result, the patch installation result includes installation success or installation failure. Then, according to the patch installation result returned by the designated cloud host, it is further judged whether the above-mentioned designated patch is successfully installed. If the specified patch is successfully installed in the specified cloud host, the specified cloud host will be transferred out of the aforementioned security quarantine area to restore the normal network access function of the specified cloud host, so that the specified cloud host can perform normal operations after the network access function is restored. Work to ensure the user’s sense of experience when using the designated cloud host. Further, if the installation of the specified patch fails, the specified cloud host will return the patch installation result that the installation failed. At this time, the specified cloud host will not be transferred out of the security quarantine area, but the reason for the failure of the specified patch installation will be found first; Then, according to the failure reason of the failure of the specified patch installation, control the specified cloud host to re-download and install the above specified patch, and after confirming that the specified patch is successfully installed in the specified cloud host, transfer the specified cloud host out of the above security The quarantine area enables the normal network access function of the designated cloud host to be restored only when the designated patch is successfully installed, effectively ensuring the security of the designated cloud host.
本申请一实施例中,上述步骤S504之后,包括:In an embodiment of the present application, after the above step S504, the method includes:
S5040:按照第一预设周期获取与所述指定云主机对应的第一宿主机的第一使用数据,其中,所述第一使用数据至少包括CPU使用率、内存使用率以及网络接口带宽使用率;S5040: Acquire first usage data of a first host machine corresponding to the designated cloud host according to a first preset period, where the first usage data includes at least a CPU usage rate, a memory usage rate, and a network interface bandwidth usage rate ;
S5041:对所述第一使用数据进行分析处理,判断所述第一使用数据是否大于预设的标准阈值;S5041: Analyze and process the first usage data, and determine whether the first usage data is greater than a preset standard threshold;
S5042:若是,从所有的宿主机中查找出第二使用数据小于所述标准阈值的第二宿主机;S5042: If yes, find out the second host machine whose second usage data is less than the standard threshold from all the host machines;
S5043:将所述指定云主机从所述第一宿主机迁移至所述第二宿主机。S5043: Migrate the designated cloud host from the first host to the second host.
如上述步骤S5040至S5043所述,在将指定云主机转移出上述安全隔离区后,在指定云主机的正常工作过程中,如果出现了指定云主机对应的第一宿主机处于高负荷状态的情况,宿主机集群还具有对于指定云主机的智能迁移的功能。具体地,在上述指定云主机启动完成后,按照第一预设周期获取与上述指定云主机对应的第一宿主机的第一使用数据,其中,对上述第一预设周期不作具体限定,例如可设为一个小时。另外,上述使用数据包括CPU使用率、内存使用率以及网络接口带宽使用率等。然后对该第一使用数据进行分析处理,并判断上述第一使用数据是否大于预设的标准阈值,其中,对于不同类型的第一使用数据,设置有该类型一一对应的相同数量的标准阈值。另外,对标准阈值的具体数值不作具体限定,可由宿主机集群设定,或者也可由用户根据需求进行设置。举例地,与CPU使用率对应的标准阈值可设为80%,与内存使用率对应的标准阈值可设为75%,与网络接口带宽使用率的标准阈值可设为85%。如果上述第一使用数据大于预设的标准阈值,则表明与指定云主机对应的第一宿主机当前处于高负荷状态,第一宿主机的可计算资源较少。此时会从宿主机集群内的所有宿主机中查找出第二使用数据小于上述标准阈值的第二宿主机,并将指定云主机从上述第一宿主机迁移至上述第二宿主机,以实现将指定云主机从负载过高的第一宿主机智能的迁移到负载较低的第二宿主机,使得指定云主机的计算资源得到优化,从而有效的提升指定云主机的运行效率和响应速度,也保障了第一宿主机的使用安全。进一步地,如果第二宿主机的数量为多个,则从所有的第二宿主机中筛选出与第二使用数据对应的数据值最低的指定宿主机,再将上述指定云主机从上述第一宿主机迁移至上述指定宿主机。通过从所有的二宿主机中筛选出第二使用数据对应的数据值最低的指定宿主机,不仅可以提升指定云主机的运行效率和响应速度,还有利于实现对于所有宿主机的负载均衡。As described in the above steps S5040 to S5043, after the designated cloud host is transferred out of the security quarantine area, in the normal working process of the designated cloud host, if the first host corresponding to the designated cloud host is in a high load state , The host cluster also has the function of intelligent migration for the specified cloud host. Specifically, after the startup of the specified cloud host is completed, the first usage data of the first host corresponding to the specified cloud host is acquired according to the first preset period, where the first preset period is not specifically limited, for example Can be set to one hour. In addition, the aforementioned usage data includes CPU usage, memory usage, and network interface bandwidth usage. Then analyze and process the first usage data, and determine whether the above-mentioned first usage data is greater than a preset standard threshold. For different types of first usage data, the same number of standard thresholds corresponding to the type are set. . In addition, the specific value of the standard threshold is not specifically limited, and can be set by the host cluster, or can also be set by the user according to requirements. For example, the standard threshold corresponding to CPU usage can be set to 80%, the standard threshold corresponding to memory usage can be set to 75%, and the standard threshold corresponding to network interface bandwidth usage can be set to 85%. If the above-mentioned first usage data is greater than the preset standard threshold value, it indicates that the first host machine corresponding to the designated cloud host is currently in a high-load state, and the first host machine has fewer computable resources. At this time, the second host with the second usage data less than the above standard threshold will be found from all the hosts in the host cluster, and the designated cloud host will be migrated from the above first host to the above second host to achieve Intelligently migrate the designated cloud host from the first host with excessive load to the second host with lower load, so that the computing resources of the designated cloud host are optimized, thereby effectively improving the operating efficiency and response speed of the designated cloud host. It also guarantees the safety of the first host. Further, if the number of second host machines is more than one, the designated host machine with the lowest data value corresponding to the second usage data is selected from all the second host machines, and then the designated cloud host machine is selected from the above-mentioned first host machine. The host machine is migrated to the above specified host machine. By filtering out the designated host with the lowest data value corresponding to the second usage data from all the second hosts, not only the operating efficiency and response speed of the designated cloud host can be improved, but also the load balance for all the hosts can be achieved.
进一步地,本申请一实施例中,上述步骤S504之后,包括:Further, in an embodiment of the present application, after the above step S504, the method includes:
S5044:按照第二预设周期获取与所述指定云主机对应的云硬盘内的可用资源空间;S5044: Acquire the available resource space in the cloud hard disk corresponding to the designated cloud host according to the second preset period;
S5045:对所述可用资源空间进行分析处理,判断所述可用资源空间是否小于预设的资源空间阈值;S5045: Analyze and process the available resource space, and determine whether the available resource space is less than a preset resource space threshold;
S5046:若是,筛选出所述云硬盘中的垃圾数据;S5046: If yes, filter out the junk data in the cloud hard disk;
S5047:向所述指定云主机发送垃圾清除指令,以控制所述指定云主机根据所述垃圾清除指令,对所述垃圾数据进行清除处理。S5047: Send a garbage removal instruction to the designated cloud host to control the designated cloud host to clear the junk data according to the garbage removal instruction.
如上述步骤S5044至S5047所述,在将指定云主机转移出上述安全隔离区后,后续还会对处于正常工作状态的指定云主机中的可用资源空间进行监控处理,以保证指定云主机可具备充足的可用资源空间。具体地,在上述指定云主机启动后,按照第二预设周期获取与上述指定云主机对应的云硬盘内的可用资源空间,其中,对上述第二预设周期不作具体限定,例如可设为一个小时。然后判断上述可用资源空间是否小于预设的资源空间阈值,其中,对上述资源空间阈值的具体数值不作具体限定,可由宿主机集群设定,或者也可由用户根据需求进行设置,举例地,资源空间阈值可设为5g。如果可用资源空间小于预设的资源空间阈值,表明指定云主机当前的可用资源空间较少,与指定云主机对应的云硬盘的使用压力较大。此时会筛选出上述云硬盘中的垃圾数据,其中,上述垃圾数据包括残余的指定云主机配置文件、无用的临时文件、已删除/卸载后残留的无用文件、硬盘和/或卷格式化未成功残留的文件等。在筛选出该垃圾数据后,再向上述指定云主机发送垃圾清除指令,以控制上述指定云主机根据该垃圾清除指令,对上述垃圾数据进行清除处理,具体可通过指定云主机上的管理工具或应用软件来实现对于上述垃圾数据的自动清除。本实施例在指定云主机当前的可用资源较少时,会自动并智能的对与指定云主机对应的云硬盘内的垃圾数据进行清除,有效的减少了指定云主机的压力和负担,释放指定云主机上多余、无用的资源,从而实现有序并及时地处理指定云主机对应的云硬盘内的垃圾数据,避免不必要的资源浪费,提高指定云主机内部资源的利用效率,最终提升指定云主机的运行效率和响应速度。As described in the above steps S5044 to S5047, after the designated cloud host is transferred out of the above-mentioned security quarantine area, the available resource space in the designated cloud host in a normal working state will be monitored and processed to ensure that the designated cloud host can have Sufficient available resource space. Specifically, after the specified cloud host is started, the available resource space in the cloud hard disk corresponding to the specified cloud host is acquired according to a second preset period, where the second preset period is not specifically limited, for example, it can be set to One hour. Then it is judged whether the above-mentioned available resource space is less than the preset resource space threshold. The specific value of the above-mentioned resource space threshold is not specifically limited. It can be set by the host cluster, or can also be set by the user according to the needs. For example, the resource space The threshold can be set to 5g. If the available resource space is less than the preset resource space threshold, it indicates that the current available resource space of the designated cloud host is small, and the cloud hard disk corresponding to the designated cloud host is under high pressure. At this time, the junk data in the cloud hard disk will be filtered out. The junk data includes the remaining designated cloud host configuration files, useless temporary files, useless files that have been deleted/uninstalled, and the hard disk and/or volume have not been formatted. Successfully leftover files, etc. After the junk data is filtered out, the garbage removal instruction is sent to the designated cloud host to control the designated cloud host to clean up the junk data according to the garbage removal instruction. Specifically, the management tool or the designated cloud host can be used to clean up the junk data. Application software to realize the automatic removal of the above-mentioned junk data. This embodiment automatically and intelligently removes junk data in the cloud hard disk corresponding to the specified cloud host when the current available resources of the specified cloud host are low, effectively reducing the pressure and burden of the specified cloud host, and releasing the specified cloud host. The redundant and useless resources on the cloud host can be used to process the junk data in the cloud hard disk corresponding to the designated cloud host in an orderly and timely manner, avoid unnecessary waste of resources, improve the utilization efficiency of the internal resources of the designated cloud host, and finally improve the designated cloud The operating efficiency and response speed of the host.
参照图2,本申请一实施例中还提供了一种云主机的安全启动装置,包括:2, an embodiment of the present application also provides a secure boot device for a cloud host, including:
第一获取模块1,用于在接收到用户触发的对于指定云主机的启动指令时按照预设规则获取与所述指定云主机对应的资产信息,其中,所述资产信息至少包括操作系统信息;The first obtaining module 1 is configured to obtain asset information corresponding to the specified cloud host according to a preset rule when a user-triggered start instruction for a specified cloud host is received, wherein the asset information includes at least operating system information;
第一判断模块2,用于判断预设的漏洞数据库中是否存储有与所述指定云主机的资产信息对应的漏洞,其中,所述漏洞的数量为一个或多个;The first judgment module 2 is used for judging whether there are vulnerabilities corresponding to the asset information of the designated cloud host stored in the preset vulnerability database, wherein the number of the vulnerabilities is one or more;
第二获取模块3,用于若是,获取所述指定云主机的上一次关机时间,以及各所述漏洞分别对应的发布时间;The second obtaining module 3 is configured to, if yes, obtain the last shutdown time of the designated cloud host and the release time corresponding to each of the vulnerabilities;
第二判断模块4,用于根据所述上一次关机时间与各所述发布时间,判断在所有所述漏洞中是否存在发布时间为指定时间段内的指定漏洞;The second judgment module 4 is used for judging whether there are specified vulnerabilities whose release time is within a specified period of time among all the vulnerabilities according to the last shutdown time and each of the release times;
隔离模块5,用于若是,在预创建的安全隔离区内启动所述指定云主机,其中,所述指定云主机的网络访问功能在所述安全隔离区内会被禁用。The isolation module 5 is configured to, if yes, start the designated cloud host in a pre-created security isolation area, wherein the network access function of the specified cloud host will be disabled in the security isolation area.
本实施例中,上述云主机的安全启动装置中的第一获取模块、第一判断模块、第二获取模块、第二判断模块与隔离模块的功能和作用的实现过程具体详见上述云主机的安全启动方法中对应步骤S1至S5的实现过程,在此不再赘述。In this embodiment, the realization process of the functions and functions of the first acquisition module, the first judgment module, the second acquisition module, the second judgment module, and the isolation module in the secure boot device of the cloud host is detailed in the above cloud host The implementation process corresponding to steps S1 to S5 in the safe boot method will not be repeated here.
进一步地,本申请一实施例中,上述第一获取模块,包括:Further, in an embodiment of the present application, the above-mentioned first acquisition module includes:
第一确定单元,用于确定所述指定云主机内是否安装有资产管理工具,其中,所述资产管理工具用于定期将所述指定云主机对应的资产信息同步至指定云平台;The first determining unit is configured to determine whether an asset management tool is installed in the designated cloud host, wherein the asset management tool is used to periodically synchronize asset information corresponding to the designated cloud host to the designated cloud platform;
第一查找单元,用于若安装有资产管理工具,从所述指定云平台中查找出所述资产信息;The first searching unit is configured to search for the asset information from the designated cloud platform if an asset management tool is installed;
第一调用单元,用于若未安装有资产管理工具,调用指定扫描工具对所述指定云主机进行扫描处理,以得到所述资产信息。The first calling unit is configured to, if the asset management tool is not installed, call a designated scanning tool to perform scanning processing on the designated cloud host, so as to obtain the asset information.
本实施例中,上述云主机的安全启动装置中的第一确定单元、第一查找单元与第一调用单元的功能和作用的实现过程具体详见上述云主机的安全启动方法中对应步骤S100至S102的实现过程,在此不再赘述。In this embodiment, the implementation process of the functions and roles of the first determining unit, the first searching unit, and the first calling unit in the secure boot device of the cloud host is detailed in the corresponding steps S100 to S100 to the secure boot method of the cloud host. The implementation process of S102 will not be repeated here.
进一步地,本申请一实施例中,上述云主机的安全启动装置,包括:Further, in an embodiment of the present application, the secure boot device of the cloud host includes:
抓取模块,用于通过爬虫工具,实时从目标网站抓取出与云主机对应的各类操作系统相关的第一漏洞信息,以及与云主机服务相关的第二漏洞信息;The crawling module is used to grab the first vulnerability information related to various operating systems corresponding to the cloud host and the second vulnerability information related to the cloud host service from the target website in real time through a crawler tool;
创建模块,用于创建一个漏洞数据库;Create module to create a vulnerability database;
第一存储模块,用于将所述第一漏洞信息与所述第二漏洞信息存储于所述漏洞数据库内。The first storage module is used to store the first vulnerability information and the second vulnerability information in the vulnerability database.
本实施例中,上述云主机的安全启动装置中的抓取模块、创建模块与第一存储模块的功能和作用的实现过程具体详见上述云主机的安全启动方法中对应步骤S200至S202的实现过程,在此不再赘述。In this embodiment, the implementation process of the functions and roles of the grab module, creation module, and first storage module in the secure boot device of the cloud host is detailed in the implementation of corresponding steps S200 to S202 in the secure boot method of the cloud host. The process will not be repeated here.
进一步地,本申请一实施例中,上述云主机的安全启动装置,包括:Further, in an embodiment of the present application, the secure boot device of the cloud host includes:
第三获取模块,用于获取当前时间;The third obtaining module is used to obtain the current time;
第一确定模块,用于将所述上一次关机时间与所述当前时间之间所包含的时间段,确定为所述指定时间段。The first determining module is configured to determine the time period included between the last shutdown time and the current time as the designated time period.
本实施例中,上述云主机的安全启动装置中的第三获取模块与第一确定模块的功能和作用的实现过程具体详见上述云主机的安全启动方法中对应步骤S400至S401的实现过程,在此不再赘述。In this embodiment, the implementation process of the functions and roles of the third acquiring module and the first determining module in the secure startup device of the cloud host is detailed in the implementation process corresponding to steps S400 to S401 in the secure startup method of the cloud host. I won't repeat them here.
进一步地,本申请一实施例中,上述云主机的安全启动装置,包括:Further, in an embodiment of the present application, the secure boot device of the cloud host includes:
第二确定模块,用于确定所述漏洞数据库中是否存储有与所述指定漏洞对应的指定补丁;The second determining module is used to determine whether the specified patch corresponding to the specified vulnerability is stored in the vulnerability database;
第二存储模块,用于若是,下载所述指定补丁,并通过指定传输方式将所述指定补丁存储于所述指定云主机内的指定存储区域中;The second storage module is configured to download the specified patch if it is, and store the specified patch in a specified storage area in the specified cloud host through a specified transmission method;
第一发送模块,用于向所述指定云主机发送安装所述指定补丁的安装指令,以便所述指定云主机根据所述安装指令对所述指定补丁进行安装,并返回对应的补丁安装结果,其中,所述补丁安装结果包括安装成功或安装失败;The first sending module is configured to send an installation instruction for installing the specified patch to the specified cloud host, so that the specified cloud host installs the specified patch according to the installation instruction, and returns the corresponding patch installation result, Wherein, the patch installation result includes installation success or installation failure;
第三判断模块,用于根据所述指定云主机返回的所述补丁安装结果,判断所述指定补丁是否安装成功;The third judgment module is configured to judge whether the specified patch is successfully installed according to the patch installation result returned by the specified cloud host;
转移模块,用于若是,将所述指定云主机转移出所述安全隔离区,以恢复所述指定云主机正常的网络访问功能。The transfer module is used for transferring the designated cloud host out of the security isolation area, so as to restore the normal network access function of the designated cloud host.
本实施例中,上述云主机的安全启动装置中的第二确定模块、第二存储模块、第一发送模块、第三判断模块与转移模块的功能和作用的实现过程具体详见上述云主机的安全启动方法中对应步骤S500至S504的实现过程,在此不再赘述。In this embodiment, the realization process of the functions and roles of the second determination module, the second storage module, the first sending module, the third judgment module, and the transfer module in the secure boot device of the cloud host is detailed in the above cloud host The implementation process corresponding to steps S500 to S504 in the secure boot method will not be repeated here.
进一步地,本申请一实施例中,上述云主机的安全启动装置,包括:Further, in an embodiment of the present application, the secure boot device of the cloud host includes:
第四获取模块,用于按照第一预设周期获取与所述指定云主机对应的第一宿主机的第一使用数据,其中,所述第一使用数据至少包括CPU使用率、内存使用率以及网络接口带宽使用率;The fourth acquiring module is configured to acquire the first usage data of the first host machine corresponding to the designated cloud host according to the first preset period, where the first usage data includes at least a CPU usage rate, a memory usage rate, and Network interface bandwidth usage rate;
第四判断模块,用于对所述第一使用数据进行分析处理,判断所述第一使用数据是否大于预设的标准阈值;The fourth judgment module is configured to analyze and process the first usage data, and judge whether the first usage data is greater than a preset standard threshold;
查找模块,用于若是,从所有的宿主机中查找出第二使用数据小于所述标准阈值的第二宿主机;The searching module is configured to, if yes, find out the second host machine whose second usage data is less than the standard threshold value from all the host machines;
迁移模块,用于将所述指定云主机从所述第一宿主机迁移至所述第二宿主机。The migration module is used to migrate the designated cloud host from the first host to the second host.
本实施例中,上述云主机的安全启动装置中的第四获取模块、第四判断模块、查找模块与迁移模块的功能和作用的实现过程具体详见上述云主机的安全启动方法中对应步骤S5040至S5043的实现过程,在此不再赘述。In this embodiment, the implementation process of the functions and roles of the fourth acquisition module, the fourth judgment module, the search module, and the migration module in the secure boot device of the cloud host is detailed in the corresponding step S5040 in the secure boot method of the cloud host. The implementation process to S5043 will not be repeated here.
进一步地,本申请一实施例中,上述云主机的安全启动装置,包括:Further, in an embodiment of the present application, the secure boot device of the cloud host includes:
第五获取模块,用于按照第二预设周期获取与所述指定云主机对应的云硬盘内的可用资源空间;A fifth acquiring module, configured to acquire the available resource space in the cloud hard disk corresponding to the designated cloud host according to a second preset period;
第五判断模块,用于对所述可用资源空间进行分析处理,判断所述可用资源空间是否小于预设的资源空间阈值;The fifth judgment module is configured to analyze and process the available resource space, and judge whether the available resource space is less than a preset resource space threshold;
筛选模块,用于若是,筛选出所述云硬盘中的垃圾数据;The screening module is used to screen out junk data in the cloud hard disk if so;
第二发送模块,用于向所述指定云主机发送垃圾清除指令,以控制所述指定云主机根据所述垃圾清除指令,对所述垃圾数据进行清除处理。The second sending module is configured to send a garbage removal instruction to the designated cloud host to control the designated cloud host to clear the junk data according to the garbage removal instruction.
本实施例中,上述云主机的安全启动装置中的第五获取模块、第五判断模块、筛选模块与第二发送模块的功能和作用的实现过程具体详见上述云主机的安全启动方法中对应步骤S5044至S5047的实现过程,在此不再赘述。In this embodiment, the implementation process of the functions and roles of the fifth acquiring module, the fifth determining module, the screening module, and the second sending module in the secure boot device of the cloud host is detailed in the corresponding method in the secure boot method of the cloud host. The implementation process of steps S5044 to S5047 will not be repeated here.
参照图3,本申请实施例中还提供一种计算机设备,该计算机设备可以是服务器,其内部结构可以如图3所示。该计算机设备包括通过系统总线连接的处理器、存储器、网络接口和数据库。其中,该计算机设备设计的处理器用于提供计算和控制能力。该计算机设备的存储器包括易失性或非易失性存储介质、内存储器。该易失性或非易失性存储介质存储有操作系统、计算机可读指令和数据库。该内存储器为易失性或非易失性存储介质中的操作系统和计算机可读指令的运行提供环境。该计算机设备的数据库用于存储资产信息、漏洞等数据。该计算机设备的网络接口用于与外部的终端通过网络连接通信。该计算机可读指令被处理器执行时以实现上述任一个示例性实施例所示出的云主机的安全启动方法。本领域技术人员可以理解,图3中示出的结构,仅仅是与本申请方案相关的部分结构的框图,并不构成对本申请方案所应用于其上的装置、计算机设备的限定。Referring to FIG. 3, an embodiment of the present application also provides a computer device. The computer device may be a server, and its internal structure may be as shown in FIG. 3. The computer equipment includes a processor, a memory, a network interface, and a database connected through a system bus. Among them, the processor designed for the computer equipment is used to provide calculation and control capabilities. The memory of the computer device includes a volatile or non-volatile storage medium and internal memory. The volatile or non-volatile storage medium stores an operating system, computer readable instructions, and a database. The internal memory provides an environment for the operation of the operating system and computer-readable instructions in the volatile or non-volatile storage medium. The database of the computer equipment is used to store data such as asset information and vulnerabilities. The network interface of the computer device is used to communicate with an external terminal through a network connection. When the computer-readable instruction is executed by the processor, the method for secure startup of the cloud host shown in any of the above exemplary embodiments is realized. Those skilled in the art can understand that the structure shown in FIG. 3 is only a block diagram of a part of the structure related to the solution of the present application, and does not constitute a limitation on the devices and computer equipment to which the solution of the present application is applied.
本申请一实施例还提供一种计算机可读存储介质,该计算机可读存储介质可以是易失性的,也可以是非易失性的,其上存储有计算机可读指令,该计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行时实现上述云主机的安全启动方法实施例中的步骤。An embodiment of the present application also provides a computer-readable storage medium. The computer-readable storage medium may be volatile or non-volatile, and computer-readable instructions are stored thereon. When executed by one or more processors, the steps in the foregoing embodiment of the secure boot method for a cloud host are realized when executed by one or more processors.
综上所述,本申请实施例中提供的云主机的安全启动方法、装置、计算机设备和存储介质,在接收到用户触发的对于指定云主机的启动指令时,按照预设规则获取与所述指定云主机对应的资产信息,其中,所述资产信息至少包括操作系统信息;判断预设的漏洞数据库中是否存储有与所述指定云主机的资产信息对应的漏洞,其中,所述漏洞的数量为一个或多个;若是,获取所述指定云主机的上一次关机时间,以及各所述漏洞分别对应的发布时间;根据所述上一次关机时间与各所述发布时间,判断在所有所述漏洞中是否存在发布时间为指定时间段内的指定漏洞;若是,在预创建的安全隔离区内启动所述指定云主机,其中,所述指定云主机的网络访问功能在所述安全隔离区内会被禁用。本申请当指定云主机在上一次关机期间时出现了新的与其相关的漏洞的情况下,会智能的将指定云主机放置在预创建的安全隔离区内进行启动,从而在指定云主机启动后暂时禁用指定云主机的网络访问功能,有效的避免出现指定云主机在使用过程中受到漏洞的入侵或攻击的情况,保障了指定云主机启动后的安全性。In summary, the secure startup method, device, computer equipment, and storage medium of the cloud host provided in the embodiments of the present application, upon receiving a user-triggered startup instruction for a specified cloud host, obtain the Asset information corresponding to the designated cloud host, where the asset information includes at least operating system information; determine whether a predetermined vulnerability database stores vulnerabilities corresponding to the asset information of the designated cloud host, wherein the number of vulnerabilities Is one or more; if so, obtain the last shutdown time of the designated cloud host and the release time corresponding to each of the vulnerabilities; according to the last shutdown time and each release time, it is determined that all the Whether there are specified vulnerabilities in the vulnerabilities whose release time is within a specified period of time; if so, start the designated cloud host in the pre-created security isolation zone, where the network access function of the specified cloud host is in the security isolation zone Will be disabled. This application will intelligently place the designated cloud host in the pre-created security isolation zone for startup when a new vulnerability related to it occurs during the last shutdown of the designated cloud host, so that after the designated cloud host is started Temporarily disable the network access function of the designated cloud host, effectively avoiding the intrusion or attack of the designated cloud host by vulnerabilities during use, and ensuring the security of the designated cloud host after it is started.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机可读指令来指令相关的硬件来完成,所述的计算机可读指令可存储于一非易失性或易失性计算机可读取存储介质中,该计算机可读指令在执行时,可包括如上述各方法的实施例的流程。其中,本申请所提供的和实施例中所使用的对存储器、存储、数据库或其它介质的任何引用,均可包括非易失性和/或易失性存储器。非易失性存储器可以包括只读存储器(ROM)、可编程ROM(PROM)、电可编程ROM(EPROM)、电可擦除可编程ROM(EEPROM)或闪存。易失性存储器可包括随机存取存储器(RAM)或者外部高速缓冲存储器。作为说明而非局限,RAM通过多种形式可得,诸如静态RAM(SRAM)、动态RAM(DRAM)、同步DRAM(SDRAM)、双速据率SDRAM(SSRSDRAM)、增强型SDRAM(ESDRAM)、同步链路(Synchlink)DRAM(SLDRAM)、存储器总线(Rambus)直接RAM(RDRAM)、直接存储器总线动态RAM(DRDRAM)、以及存储器总线动态RAM(RDRAM)等。A person of ordinary skill in the art can understand that all or part of the processes in the methods of the foregoing embodiments can be implemented by computer-readable instructions to instruct relevant hardware. The computer-readable instructions can be stored in a non-volatile or In a volatile computer-readable storage medium, when the computer-readable instructions are executed, they may include the processes of the above-mentioned method embodiments. Wherein, any reference to memory, storage, database or other media provided in this application and used in the embodiments may include non-volatile and/or volatile memory. Non-volatile memory may include read-only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. Volatile memory may include random access memory (RAM) or external cache memory. As an illustration and not a limitation, RAM is available in many forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), dual-rate SDRAM (SSRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.
以上所述仅为本申请的优选实施例,并非因此限制本申请的专利范围,凡是利用本申请说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本申请的专利保护范围内。The above are only the preferred embodiments of this application, and do not limit the scope of this application. Any equivalent structure or equivalent process transformation made using the content of the specification and drawings of this application, or directly or indirectly applied to other related The technical field is equally included in the scope of patent protection of this application.

Claims (20)

  1. 一种云主机的安全启动方法,其特征在于,包括:A method for securely starting a cloud host, which is characterized in that it includes:
    在接收到用户触发的对于指定云主机的启动指令时,按照预设规则获取与所述指定云主机对应的资产信息,其中,所述资产信息至少包括操作系统信息;When receiving a user-triggered start instruction for a designated cloud host, acquiring asset information corresponding to the designated cloud host according to a preset rule, where the asset information includes at least operating system information;
    判断预设的漏洞数据库中是否存储有与所述指定云主机的资产信息对应的漏洞,其中,所述漏洞的数量为一个或多个;Judging whether there are vulnerabilities corresponding to the asset information of the designated cloud host stored in the preset vulnerability database, wherein the number of the vulnerabilities is one or more;
    若是,获取所述指定云主机的上一次关机时间,以及各所述漏洞分别对应的发布时间;If yes, obtain the last shutdown time of the designated cloud host and the release time corresponding to each of the vulnerabilities;
    根据所述上一次关机时间与各所述发布时间,判断在所有所述漏洞中是否存在发布时间为指定时间段内的指定漏洞;According to the last shutdown time and each of the release times, determine whether there is a specified vulnerability whose release time is within a specified period of time among all the vulnerabilities;
    若是,在预创建的安全隔离区内启动所述指定云主机,其中,所述指定云主机的网络访问功能在所述安全隔离区内会被禁用。If yes, start the designated cloud host in a pre-created security isolation zone, wherein the network access function of the designated cloud host will be disabled in the security isolation zone.
  2. 根据权利要求1所述的云主机的安全启动方法,其特征在于,所述按照预设规则获取与所述指定云主机对应的资产信息的步骤,包括:The secure startup method of a cloud host according to claim 1, wherein the step of obtaining asset information corresponding to the designated cloud host according to a preset rule comprises:
    确定所述指定云主机内是否安装有资产管理工具,其中,所述资产管理工具用于定期将所述指定云主机对应的资产信息同步至指定云平台;Determining whether an asset management tool is installed in the designated cloud host, wherein the asset management tool is used to periodically synchronize asset information corresponding to the designated cloud host to the designated cloud platform;
    若安装有资产管理工具,从所述指定云平台中查找出所述资产信息;If an asset management tool is installed, search for the asset information from the designated cloud platform;
    若未安装有资产管理工具,调用指定扫描工具对所述指定云主机进行扫描处理,以得到所述资产信息。If the asset management tool is not installed, call the designated scanning tool to scan the designated cloud host to obtain the asset information.
  3. 根据权利要求1所述的云主机的安全启动方法,其特征在于,所述判断预设的漏洞数据库中是否存储有与所述指定云主机的资产信息对应的漏洞的步骤之前,所述方法还包括:The method for secure startup of a cloud host according to claim 1, wherein before the step of determining whether a vulnerability corresponding to the asset information of the designated cloud host is stored in the preset vulnerability database, the method further include:
    通过爬虫工具,实时从目标网站抓取出与云主机对应的各类操作系统相关的第一漏洞信息,以及与云主机服务相关的第二漏洞信息;Through the crawler tool, the first vulnerability information related to various operating systems corresponding to the cloud host and the second vulnerability information related to the cloud host service are captured from the target website in real time;
    创建一个漏洞数据库;Create a vulnerability database;
    将所述第一漏洞信息与所述第二漏洞信息存储于所述漏洞数据库内。The first vulnerability information and the second vulnerability information are stored in the vulnerability database.
  4. 根据权利要求1所述的云主机的安全启动方法,其特征在于,所述根据所述上一次关机时间与各所述发布时间,判断在所有所述漏洞中是否存在发布时间为指定时间段内的指定漏洞的步骤之前,所述方法还包括:The method for secure startup of a cloud host according to claim 1, wherein said determining whether there is a release time in all said vulnerabilities is within a specified time period according to said last shutdown time and each said release time Before the step of specifying vulnerabilities, the method also includes:
    获取当前时间;Get the current time;
    将所述上一次关机时间与所述当前时间之间所包含的时间段,确定为所述指定时间段。The time period included between the last shutdown time and the current time is determined as the designated time period.
  5. 根据权利要求1所述的云主机的安全启动方法,其特征在于,所述在预创建的安全隔离区内启动所述指定云主机的步骤之后,所述方法还包括:The method for safely starting a cloud host according to claim 1, wherein after the step of starting the designated cloud host in a pre-created security isolation zone, the method further comprises:
    确定所述漏洞数据库中是否存储有与所述指定漏洞对应的指定补丁;Determining whether the specified patch corresponding to the specified vulnerability is stored in the vulnerability database;
    若是,下载所述指定补丁,并通过指定传输方式将所述指定补丁存储于所述指定云主机内的指定存储区域中;If yes, download the designated patch, and store the designated patch in a designated storage area in the designated cloud host through a designated transmission method;
    向所述指定云主机发送安装所述指定补丁的安装指令,以便所述指定云主机根据所述安装指令对所述指定补丁进行安装,并返回对应的补丁安装结果,其中,所述补丁安装结果包括安装成功或安装失败;Send an installation instruction for installing the specified patch to the specified cloud host, so that the specified cloud host installs the specified patch according to the installation instruction, and returns a corresponding patch installation result, wherein the patch installation result Including successful or failed installation;
    根据所述指定云主机返回的所述补丁安装结果,判断所述指定补丁是否安装成功;Judging whether the specified patch is successfully installed according to the patch installation result returned by the specified cloud host;
    若是,将所述指定云主机转移出所述安全隔离区,以恢复所述指定云主机正常的网络访问功能。If yes, transfer the designated cloud host out of the security isolation area to restore the normal network access function of the designated cloud host.
  6. 根据权利要求5所述的云主机的安全启动方法,其特征在于,所述将所述指定云主机转移出所述安全隔离区,以恢复所述指定云主机正常的网络访问功能的步骤之后,所述方法还包括:The secure startup method of a cloud host according to claim 5, wherein after the step of transferring the designated cloud host out of the security isolation area to restore the normal network access function of the designated cloud host, The method also includes:
    按照第一预设周期获取与所述指定云主机对应的第一宿主机的第一使用数据,其中,所述第一使用数据至少包括CPU使用率、内存使用率以及网络接口带宽使用率;Acquiring first usage data of a first host machine corresponding to the designated cloud host according to a first preset period, where the first usage data includes at least a CPU usage rate, a memory usage rate, and a network interface bandwidth usage rate;
    对所述第一使用数据进行分析处理,判断所述第一使用数据是否大于预设的标准阈值;Analyzing and processing the first usage data, and determining whether the first usage data is greater than a preset standard threshold;
    若是,从所有的宿主机中查找出第二使用数据小于所述标准阈值的第二宿主机;If yes, find out the second host machine whose second usage data is less than the standard threshold from all the host machines;
    将所述指定云主机从所述第一宿主机迁移至所述第二宿主机。Migrating the designated cloud host from the first host to the second host.
  7. 根据权利要求5所述的云主机的安全启动方法,其特征在于,所述将所述指定云主机转移出所述安全隔离区,以恢复所述指定云主机正常的网络访问功能的步骤之后,所述方法还包括:The secure startup method of a cloud host according to claim 5, wherein after the step of transferring the designated cloud host out of the security isolation area to restore the normal network access function of the designated cloud host, The method also includes:
    按照第二预设周期获取与所述指定云主机对应的云硬盘内的可用资源空间;Acquiring, according to a second preset period, the available resource space in the cloud hard disk corresponding to the designated cloud host;
    对所述可用资源空间进行分析处理,判断所述可用资源空间是否小于预设的资源空间阈值;Analyzing and processing the available resource space, and determining whether the available resource space is less than a preset resource space threshold;
    若是,筛选出所述云硬盘中的垃圾数据;If yes, filter out the junk data in the cloud hard disk;
    向所述指定云主机发送垃圾清除指令,以控制所述指定云主机根据所述垃圾清除指令,对所述垃圾数据进行清除处理。Sending a garbage removal instruction to the designated cloud host to control the designated cloud host to clear the garbage data according to the garbage removal instruction.
  8. 一种云主机的安全启动装置,其特征在于,包括:A secure boot device for a cloud host, which is characterized in that it includes:
    第一获取模块,用于在接收到用户触发的对于指定云主机的启动指令时按照预设规则获取与所述指定云主机对应的资产信息,其中,所述资产信息至少包括操作系统信息;The first obtaining module is configured to obtain asset information corresponding to the specified cloud host according to preset rules when a user-triggered start instruction for the specified cloud host is received, wherein the asset information includes at least operating system information;
    第一判断模块,用于判断预设的漏洞数据库中是否存储有与所述指定云主机的资产信息对应的漏洞,其中,所述漏洞的数量为一个或多个;The first judgment module is used to judge whether there are vulnerabilities corresponding to the asset information of the designated cloud host stored in the preset vulnerability database, wherein the number of the vulnerabilities is one or more;
    第二获取模块,用于若是,获取所述指定云主机的上一次关机时间,以及各所述漏洞分别对应的发布时间;The second obtaining module is configured to, if yes, obtain the last shutdown time of the designated cloud host and the release time corresponding to each of the vulnerabilities;
    第二判断模块,用于根据所述上一次关机时间与各所述发布时间,判断在所有所述漏洞中是否存在发布时间为指定时间段内的指定漏洞;The second judgment module is used for judging whether there are specified vulnerabilities whose release time is within a specified period of time among all the vulnerabilities according to the last shutdown time and each of the release times;
    隔离模块,用于若是,在预创建的安全隔离区内启动所述指定云主机,其中,所述指定云主机的网络访问功能在所述安全隔离区内会被禁用。The isolation module is configured to, if yes, start the designated cloud host in a pre-created security isolation area, wherein the network access function of the specified cloud host will be disabled in the security isolation area.
  9. 根据权利要求8所述的云主机的安全启动装置,其特征在于,所述第一获取模块,包括:The secure boot device for a cloud host according to claim 8, wherein the first obtaining module comprises:
    第一确定单元,用于确定所述指定云主机内是否安装有资产管理工具,其中,所述资产管理工具用于定期将所述指定云主机对应的资产信息同步至指定云平台;The first determining unit is configured to determine whether an asset management tool is installed in the designated cloud host, wherein the asset management tool is used to periodically synchronize asset information corresponding to the designated cloud host to the designated cloud platform;
    第一查找单元,用于若安装有资产管理工具,从所述指定云平台中查找出所述资产信息;The first searching unit is configured to search for the asset information from the designated cloud platform if an asset management tool is installed;
    第一调用单元,用于若未安装有资产管理工具,调用指定扫描工具对所述指定云主机进行扫描处理,以得到所述资产信息。The first calling unit is configured to, if the asset management tool is not installed, call a designated scanning tool to perform scanning processing on the designated cloud host, so as to obtain the asset information.
  10. 根据权利要求8所述的云主机的安全启动装置,其特征在于,所述装置包括:The secure boot device of a cloud host according to claim 8, wherein the device comprises:
    抓取模块,用于通过爬虫工具,实时从目标网站抓取出与云主机对应的各类操作系统相关的第一漏洞信息,以及与云主机服务相关的第二漏洞信息;The crawling module is used to grab the first vulnerability information related to various operating systems corresponding to the cloud host and the second vulnerability information related to the cloud host service from the target website in real time through a crawler tool;
    创建模块,用于创建一个漏洞数据库;Create module to create a vulnerability database;
    第一存储模块,用于将所述第一漏洞信息与所述第二漏洞信息存储于所述漏洞数据库内。The first storage module is used to store the first vulnerability information and the second vulnerability information in the vulnerability database.
  11. 根据权利要求8所述的云主机的安全启动装置,其特征在于,所述装置包括:The secure boot device of a cloud host according to claim 8, wherein the device comprises:
    第三获取模块,用于获取当前时间;The third obtaining module is used to obtain the current time;
    第一确定模块,用于将所述上一次关机时间与所述当前时间之间所包含的时间段,确定为所述指定时间段。The first determining module is configured to determine the time period included between the last shutdown time and the current time as the designated time period.
  12. 根据权利要求8所述的云主机的安全启动装置,其特征在于,所述装置包括:The secure boot device of a cloud host according to claim 8, wherein the device comprises:
    第二确定模块,用于确定所述漏洞数据库中是否存储有与所述指定漏洞对应的指定补丁;The second determining module is used to determine whether the specified patch corresponding to the specified vulnerability is stored in the vulnerability database;
    第二存储模块,用于若是,下载所述指定补丁,并通过指定传输方式将所述指定补丁存储于所述指定云主机内的指定存储区域中;The second storage module is configured to download the specified patch if it is, and store the specified patch in a specified storage area in the specified cloud host through a specified transmission method;
    第一发送模块,用于向所述指定云主机发送安装所述指定补丁的安装指令,以便所述指定云主机根据所述安装指令对所述指定补丁进行安装,并返回对应的补丁安装结果,其中,所述补丁安装结果包括安装成功或安装失败;The first sending module is configured to send an installation instruction for installing the specified patch to the specified cloud host, so that the specified cloud host installs the specified patch according to the installation instruction, and returns the corresponding patch installation result, Wherein, the patch installation result includes installation success or installation failure;
    第三判断模块,用于根据所述指定云主机返回的所述补丁安装结果,判断所述指定补丁是否安装成功;The third judgment module is configured to judge whether the specified patch is successfully installed according to the patch installation result returned by the specified cloud host;
    转移模块,用于若是,将所述指定云主机转移出所述安全隔离区,以恢复所述指定云主机正常的网络访问功能。The transfer module is used for transferring the designated cloud host out of the security isolation area, so as to restore the normal network access function of the designated cloud host.
  13. 根据权利要求12所述的云主机的安全启动装置,其特征在于,所述装置包括:The secure boot device of a cloud host according to claim 12, wherein the device comprises:
    第四获取模块,用于按照第一预设周期获取与所述指定云主机对应的第一宿主机的第一使用数据,其中,所述第一使用数据至少包括CPU使用率、内存使用率以及网络接口带宽使用率;The fourth acquiring module is configured to acquire the first usage data of the first host machine corresponding to the designated cloud host according to the first preset period, where the first usage data includes at least a CPU usage rate, a memory usage rate, and Network interface bandwidth usage rate;
    第四判断模块,用于对所述第一使用数据进行分析处理,判断所述第一使用数据是否大于预设的标准阈值;The fourth judgment module is configured to analyze and process the first usage data, and judge whether the first usage data is greater than a preset standard threshold;
    查找模块,用于若是,从所有的宿主机中查找出第二使用数据小于所述标准阈值的第二宿主机;The searching module is configured to, if yes, find out the second host machine whose second usage data is less than the standard threshold value from all the host machines;
    迁移模块,用于将所述指定云主机从所述第一宿主机迁移至所述第二宿主机。The migration module is used to migrate the designated cloud host from the first host to the second host.
  14. 根据权利要求12所述的云主机的安全启动装置,其特征在于,所述装置包括:The secure boot device of a cloud host according to claim 12, wherein the device comprises:
    第五获取模块,用于按照第二预设周期获取与所述指定云主机对应的云硬盘内的可用资源空间;A fifth acquiring module, configured to acquire the available resource space in the cloud hard disk corresponding to the designated cloud host according to a second preset period;
    第五判断模块,用于对所述可用资源空间进行分析处理,判断所述可用资源空间是否小于预设的资源空间阈值;The fifth judgment module is configured to analyze and process the available resource space, and judge whether the available resource space is less than a preset resource space threshold;
    筛选模块,用于若是,筛选出所述云硬盘中的垃圾数据;The screening module is used to screen out junk data in the cloud hard disk if so;
    第二发送模块,用于向所述指定云主机发送垃圾清除指令,以控制所述指定云主机根据所述垃圾清除指令,对所述垃圾数据进行清除处理。The second sending module is configured to send a garbage removal instruction to the designated cloud host to control the designated cloud host to clear the junk data according to the garbage removal instruction.
  15. 一种计算机设备,包括存储器和处理器,所述存储器存储有计算机可读指令,其特征在于,所述处理器执行所述计算机可读指令时实现云主机的安全启动方法,该云主机的安全启动方法,包括:A computer device includes a memory and a processor, the memory stores computer-readable instructions, and is characterized in that, when the processor executes the computer-readable instructions, a method for safely starting a cloud host is realized, and the cloud host is Start method, including:
    在接收到用户触发的对于指定云主机的启动指令时,按照预设规则获取与所述指定云主机对应的资产信息,其中,所述资产信息至少包括操作系统信息;When receiving a user-triggered start instruction for a designated cloud host, acquiring asset information corresponding to the designated cloud host according to a preset rule, where the asset information includes at least operating system information;
    判断预设的漏洞数据库中是否存储有与所述指定云主机的资产信息对应的漏洞,其中,所述漏洞的数量为一个或多个;Judging whether there are vulnerabilities corresponding to the asset information of the designated cloud host stored in the preset vulnerability database, wherein the number of the vulnerabilities is one or more;
    若是,获取所述指定云主机的上一次关机时间,以及各所述漏洞分别对应的发布时间;If yes, obtain the last shutdown time of the designated cloud host and the release time corresponding to each of the vulnerabilities;
    根据所述上一次关机时间与各所述发布时间,判断在所有所述漏洞中是否存在发布时间为指定时间段内的指定漏洞;According to the last shutdown time and each of the release times, determine whether there is a specified vulnerability whose release time is within a specified period of time among all the vulnerabilities;
    若是,在预创建的安全隔离区内启动所述指定云主机,其中,所述指定云主机的网络访问功能在所述安全隔离区内会被禁用。If yes, start the designated cloud host in a pre-created security isolation zone, wherein the network access function of the designated cloud host will be disabled in the security isolation zone.
  16. 根据权利要求15所述的计算机设备,其特征在于,所述按照预设规则获取与所述指定云主机对应的资产信息的步骤,包括:The computer device according to claim 15, wherein the step of obtaining asset information corresponding to the designated cloud host according to a preset rule comprises:
    确定所述指定云主机内是否安装有资产管理工具,其中,所述资产管理工具用于定期将所述指定云主机对应的资产信息同步至指定云平台;Determining whether an asset management tool is installed in the designated cloud host, wherein the asset management tool is used to periodically synchronize asset information corresponding to the designated cloud host to the designated cloud platform;
    若安装有资产管理工具,从所述指定云平台中查找出所述资产信息;If an asset management tool is installed, search for the asset information from the designated cloud platform;
    若未安装有资产管理工具,调用指定扫描工具对所述指定云主机进行扫描处理,以得到所述资产信息。If the asset management tool is not installed, call the designated scanning tool to scan the designated cloud host to obtain the asset information.
  17. 根据权利要求15所述的计算机设备,其特征在于,所述判断预设的漏洞数据库中是否存储有与所述指定云主机的资产信息对应的漏洞的步骤之前,所述方法还包括:The computer device according to claim 15, wherein before the step of determining whether a vulnerability corresponding to the asset information of the designated cloud host is stored in the preset vulnerability database, the method further comprises:
    通过爬虫工具,实时从目标网站抓取出与云主机对应的各类操作系统相关的第一漏洞信息,以及与云主机服务相关的第二漏洞信息;Through the crawler tool, the first vulnerability information related to various operating systems corresponding to the cloud host and the second vulnerability information related to the cloud host service are captured from the target website in real time;
    创建一个漏洞数据库;Create a vulnerability database;
    将所述第一漏洞信息与所述第二漏洞信息存储于所述漏洞数据库内。The first vulnerability information and the second vulnerability information are stored in the vulnerability database.
  18. 一种计算机可读存储介质,其上存储有计算机可读指令,其特征在于,所述计算机可读指令被处理器执行时实现云主机的安全启动方法,该云主机的安全启动方法,包括:A computer-readable storage medium having computer-readable instructions stored thereon, wherein the computer-readable instructions are executed by a processor to realize a secure startup method of a cloud host, and the secure startup method of the cloud host includes:
    在接收到用户触发的对于指定云主机的启动指令时,按照预设规则获取与所述指定云主机对应的资产信息,其中,所述资产信息至少包括操作系统信息;When receiving a user-triggered start instruction for a designated cloud host, acquiring asset information corresponding to the designated cloud host according to a preset rule, where the asset information includes at least operating system information;
    判断预设的漏洞数据库中是否存储有与所述指定云主机的资产信息对应的漏洞,其中,所述漏洞的数量为一个或多个;Judging whether there are vulnerabilities corresponding to the asset information of the designated cloud host stored in the preset vulnerability database, wherein the number of the vulnerabilities is one or more;
    若是,获取所述指定云主机的上一次关机时间,以及各所述漏洞分别对应的发布时间;If yes, obtain the last shutdown time of the designated cloud host and the release time corresponding to each of the vulnerabilities;
    根据所述上一次关机时间与各所述发布时间,判断在所有所述漏洞中是否存在发布时间为指定时间段内的指定漏洞;According to the last shutdown time and each of the release times, determine whether there is a specified vulnerability whose release time is within a specified period of time among all the vulnerabilities;
    若是,在预创建的安全隔离区内启动所述指定云主机,其中,所述指定云主机的网络访问功能在所述安全隔离区内会被禁用。If yes, start the designated cloud host in a pre-created security isolation zone, wherein the network access function of the designated cloud host will be disabled in the security isolation zone.
  19. 根据权利要求18所述的计算机可读存储介质,其特征在于,所述按照预设规则获取与所述指定云主机对应的资产信息的步骤,包括:The computer-readable storage medium according to claim 18, wherein the step of obtaining asset information corresponding to the designated cloud host according to a preset rule comprises:
    确定所述指定云主机内是否安装有资产管理工具,其中,所述资产管理工具用于定期将所述指定云主机对应的资产信息同步至指定云平台;Determining whether an asset management tool is installed in the designated cloud host, wherein the asset management tool is used to periodically synchronize asset information corresponding to the designated cloud host to the designated cloud platform;
    若安装有资产管理工具,从所述指定云平台中查找出所述资产信息;If an asset management tool is installed, search for the asset information from the designated cloud platform;
    若未安装有资产管理工具,调用指定扫描工具对所述指定云主机进行扫描处理,以得到所述资产信息。If the asset management tool is not installed, call the designated scanning tool to scan the designated cloud host to obtain the asset information.
  20. 根据权利要求18所述的计算机可读存储介质,其特征在于,所述判断预设的漏洞数据库中是否存储有与所述指定云主机的资产信息对应的漏洞的步骤之前,所述方法还包括:The computer-readable storage medium according to claim 18, wherein before the step of determining whether a vulnerability corresponding to the asset information of the designated cloud host is stored in the preset vulnerability database, the method further comprises :
    通过爬虫工具,实时从目标网站抓取出与云主机对应的各类操作系统相关的第一漏洞信息,以及与云主机服务相关的第二漏洞信息;Through the crawler tool, the first vulnerability information related to various operating systems corresponding to the cloud host and the second vulnerability information related to the cloud host service are captured from the target website in real time;
    创建一个漏洞数据库;Create a vulnerability database;
    将所述第一漏洞信息与所述第二漏洞信息存储于所述漏洞数据库内。The first vulnerability information and the second vulnerability information are stored in the vulnerability database.
PCT/CN2019/118430 2019-10-15 2019-11-14 Secure starting method and apparatus for cloud host, and computer device and storage medium WO2021072877A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910979050.1A CN111090470A (en) 2019-10-15 2019-10-15 Secure starting method and device of cloud host, computer equipment and storage medium
CN201910979050.1 2019-10-15

Publications (1)

Publication Number Publication Date
WO2021072877A1 true WO2021072877A1 (en) 2021-04-22

Family

ID=70394178

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/118430 WO2021072877A1 (en) 2019-10-15 2019-11-14 Secure starting method and apparatus for cloud host, and computer device and storage medium

Country Status (2)

Country Link
CN (1) CN111090470A (en)
WO (1) WO2021072877A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220342690A1 (en) * 2021-04-26 2022-10-27 Orca Security Forward and Rearward Facing Attack Vector Visualization

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105204902A (en) * 2015-09-24 2015-12-30 华为技术有限公司 Method and device for upgrading security patches of virtual machine
US20180053001A1 (en) * 2016-08-16 2018-02-22 International Business Machines Corporation Security fix of a container in a virtual machine environment
CN110059007A (en) * 2019-04-03 2019-07-26 北京奇安信科技有限公司 System vulnerability scan method, device, computer equipment and storage medium

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004102479A (en) * 2002-09-06 2004-04-02 Hitachi Software Eng Co Ltd Fragility test inspection providing system and fragility test information providing method
US20100199351A1 (en) * 2009-01-02 2010-08-05 Andre Protas Method and system for securing virtual machines by restricting access in connection with a vulnerability audit
US20100175108A1 (en) * 2009-01-02 2010-07-08 Andre Protas Method and system for securing virtual machines by restricting access in connection with a vulnerability audit
US8806621B2 (en) * 2009-11-16 2014-08-12 Noblis, Inc. Computer network security platform
CN103457974A (en) * 2012-06-01 2013-12-18 中兴通讯股份有限公司 Safety control method and device for virtual machine mirror images
CN103095599A (en) * 2013-01-18 2013-05-08 浪潮电子信息产业股份有限公司 Dynamic feedback weighted integration load scheduling method of cloud computing operating system
CN106293871A (en) * 2016-07-22 2017-01-04 浪潮(北京)电子信息产业有限公司 A kind of resource regulating method of cluster virtual machine
CN107463428B (en) * 2017-06-29 2020-06-02 北京北信源软件股份有限公司 Patch management method and device used in virtualization environment
CN108134842A (en) * 2018-01-26 2018-06-08 广东睿江云计算股份有限公司 System, the method that a kind of cloud host is migrated according to load strategy
CN109218336B (en) * 2018-11-16 2021-02-19 北京知道创宇信息技术股份有限公司 Vulnerability defense method and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105204902A (en) * 2015-09-24 2015-12-30 华为技术有限公司 Method and device for upgrading security patches of virtual machine
US20180053001A1 (en) * 2016-08-16 2018-02-22 International Business Machines Corporation Security fix of a container in a virtual machine environment
CN110059007A (en) * 2019-04-03 2019-07-26 北京奇安信科技有限公司 System vulnerability scan method, device, computer equipment and storage medium

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220342690A1 (en) * 2021-04-26 2022-10-27 Orca Security Forward and Rearward Facing Attack Vector Visualization
US11582257B2 (en) 2021-04-26 2023-02-14 Orca Security Prioritizing internet-accessible workloads for cyber security
US11616803B2 (en) 2021-04-26 2023-03-28 Orca Security LTD. Hybrid deployment of ephemeral scanners
US11627154B2 (en) * 2021-04-26 2023-04-11 Orca Security LTD. Forward and rearward facing attack vector visualization
US11637855B2 (en) 2021-04-26 2023-04-25 Orca Security LTD. Systems and methods for managing cyber vulnerabilities
US11848956B2 (en) 2021-04-26 2023-12-19 Orca Security LTD. Systems and methods for disparate risk information aggregation
US11888888B2 (en) 2021-04-26 2024-01-30 Orca Security LTD. Systems and methods for passive key identification
US11943251B2 (en) 2021-04-26 2024-03-26 Orca Security Systems and methods for malware detection

Also Published As

Publication number Publication date
CN111090470A (en) 2020-05-01

Similar Documents

Publication Publication Date Title
JP6081925B2 (en) Satisfy application dependencies
EP1974264B1 (en) Method and system for sharing files among different virtual machine images
US10911479B2 (en) Real-time mitigations for unfamiliar threat scenarios
US9596251B2 (en) Method and system for providing security aware applications
RU2568282C2 (en) System and method for ensuring fault tolerance of antivirus protection realised in virtual environment
JP2019512791A (en) Protecting Dynamic and Temporary Virtual Machine Instances in Cloud Environments
US20150304344A1 (en) System and method for controlling virtual network including security function
US11176244B2 (en) Cloud application detection method and cloud application detection apparatus
US10318275B2 (en) Software update apparatus and method in virtualized environment
CN109379347B (en) Safety protection method and equipment
US20150089655A1 (en) System and method for detecting malware based on virtual host
JP2010524069A (en) Method, system, and computer program for configuring a firewall
EP3340099B1 (en) Program operation monitoring control device, distributed object generation and management device, recording medium, and program operation monitoring system
CN113835836B (en) System, method, computer device and medium for dynamic publishing container service
JP6282217B2 (en) Anti-malware system and anti-malware method
CN113886835A (en) Method and device for preventing container from escaping, computer equipment and storage medium
WO2021072877A1 (en) Secure starting method and apparatus for cloud host, and computer device and storage medium
JP5411966B2 (en) Monitoring device and monitoring method
US20050102505A1 (en) Method for dynamically changing intrusion detection rule in kernel level intrusion detection system
KR20150017925A (en) A detect system against malicious processes by using the full path of access files
US9262151B2 (en) Methods and systems for automatic configuration of algorithms in a system based on self aware algorithms
JP6658301B2 (en) Application support program, application support device, and application support method
US11487570B1 (en) Efficient creation of endpoints for accessing services directly within a cloud-based system
US10684840B1 (en) Software package installation and monitoring
RU2624554C1 (en) Detection method of the hidden software in the computing system, running under the posix-compatible operating system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19949521

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19949521

Country of ref document: EP

Kind code of ref document: A1