[go: up one dir, main page]

CN104735063A - A Security Evaluation Method for Cloud Infrastructure - Google Patents

A Security Evaluation Method for Cloud Infrastructure Download PDF

Info

Publication number
CN104735063A
CN104735063A CN201510107604.0A CN201510107604A CN104735063A CN 104735063 A CN104735063 A CN 104735063A CN 201510107604 A CN201510107604 A CN 201510107604A CN 104735063 A CN104735063 A CN 104735063A
Authority
CN
China
Prior art keywords
test
appraisal
evaluation
mirror image
activity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510107604.0A
Other languages
Chinese (zh)
Other versions
CN104735063B (en
Inventor
王伟
岳强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Computing Technology of CAS
Original Assignee
Institute of Computing Technology of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Computing Technology of CAS filed Critical Institute of Computing Technology of CAS
Priority to CN201510107604.0A priority Critical patent/CN104735063B/en
Publication of CN104735063A publication Critical patent/CN104735063A/en
Application granted granted Critical
Publication of CN104735063B publication Critical patent/CN104735063B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/50Testing arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention relates to the technical field of information security, in particular to a security evaluation method for cloud infrastructure. The method is completed by a device consisting of a scheduling module, an evaluation software library, an evaluation mirror image, an evaluation configuration library, an evaluation result library, an analysis module, an evaluation requirement book, an evaluation report and the like; before evaluation, a user carries out configuration work of an evaluation software library in advance; firstly, uploading existing safety evaluation software aiming at cloud infrastructure and an independently written evaluation software program in the market to an evaluation software library; then according to the usual classification: the software is classified into different 'evaluation software lists', such as system safety, network safety, data safety, behavior safety and the like; the evaluation software library can be continuously updated, so that the advancement and maturity of the evaluation software are ensured. The invention solves the problem that the information security evaluation method is adaptive to cloud computing; the method can be used for security evaluation of cloud infrastructure.

Description

一种用于云基础设施的安全评测方法A Security Evaluation Method for Cloud Infrastructure

技术领域technical field

本发明涉及信息安全技术领域,尤其是一种用于云基础设施的安全评测方法。The invention relates to the technical field of information security, in particular to a security evaluation method for cloud infrastructure.

背景技术Background technique

云基础设施:是指为支撑各种云计算服务而构建的软硬件体系的统称,它包含物理基础设施资源和虚拟基础设施资源。虚拟基础设施资源是在物理基础设施资源的基础上利用虚拟化技术构建的虚拟资源,涉及操作系统、存储、网络以及CPU等一系列硬件和软件资源。Cloud infrastructure: refers to the general term for the software and hardware systems built to support various cloud computing services, including physical infrastructure resources and virtual infrastructure resources. Virtual infrastructure resources are virtual resources built using virtualization technology on the basis of physical infrastructure resources, involving a series of hardware and software resources such as operating systems, storage, networks, and CPUs.

信息安全科目:按照信息系统安全涉及的不同领域,分为系统安全、行为安全、数据安全、网络安全、终端安全等科目。Information security subjects: According to the different fields involved in information system security, it is divided into subjects such as system security, behavioral security, data security, network security, and terminal security.

信息安全评测:利用人工、半自动化和自动化工具对计算机系统进行安全测试和评价,其目的在于检验是否满足安全需求并弄清期望结果与测试实际结果的差别,从而发现系统存在的安全问题。Information security evaluation: Using manual, semi-automated and automated tools to conduct security testing and evaluation of computer systems, the purpose is to verify whether the security requirements are met and to clarify the difference between the expected results and the actual test results, so as to discover the security problems existing in the system.

资源单位:对云基础设施测评时,将可量化额度的计算、存储等物理资源集合抽象为一个可独立运行的实体。具体通过虚拟化技术实现。Resource unit: When evaluating cloud infrastructure, abstract a collection of physical resources such as computing and storage with quantifiable quotas into an entity that can run independently. Specifically, it is realized through virtualization technology.

测评镜像:将资源单位、测评软件程序等打包成一个虚拟机镜像。Evaluation image: package resource units, evaluation software programs, etc. into a virtual machine image.

测评活动:对云基础设施中指定范围内的或者全部资源进行从安装测评镜像到记录测评结果的安全测评过程。Evaluation activity: The security evaluation process from installing the evaluation image to recording the evaluation results for the specified range or all resources in the cloud infrastructure.

测评需求书:一种文档,其62记录了本次测评活动的关键技术点,例如对多大物理网络边界范围内的云基础实施设备进行测评、测评人员、测评时间及其他有关要求。Evaluation requirements document: a document, which records the key technical points of this evaluation activity, such as the evaluation of the cloud infrastructure implementation equipment within the boundaries of the physical network, the evaluation personnel, the evaluation time and other relevant requirements.

测评报告:通过分析测评数据,对云基础设施的不同信息安全领域和整体安全状态进行评价、并给出整改建议的文档。Evaluation report: By analyzing the evaluation data, it evaluates the different information security fields and the overall security status of the cloud infrastructure, and provides a document with rectification suggestions.

轮询调度算法:算法原理是每一次把来自用户的请求轮流分配给请求者器,从1开始,直到N(请求者个数),然后重新开始循环。算法的优点是其简洁性和公平性,它无需记录当前所有连接的状态,所以是无状态调度。Round Robin Scheduling Algorithm: The principle of the algorithm is to assign requests from users to requesters in turn each time, starting from 1 until N (the number of requesters), and then restart the cycle. The advantage of the algorithm is its simplicity and fairness. It does not need to record the status of all current connections, so it is a stateless scheduling.

云计算作为一种能够提供资源共享、按需服务的新型信息技术,当前已经在电子政务、教育、医疗等较大范围内得到普及。由政府、企业牵头建设的大型云基础设施日益增多。然而,在享受云计算带来便捷、易扩展计算和存储能力的同时,由于云计算在网络拓扑结构、使用模式等方面都与传统计算机系统有着巨大区别,许多传统安全防护措施在云计算环境中失效,云基础设施自身安全正面临着巨大挑战。近年来相关的信息安全事故常有发生。As a new type of information technology that can provide resource sharing and on-demand services, cloud computing has been popularized in a wide range of e-government, education, and medical care. Large-scale cloud infrastructures led by the government and enterprises are increasing day by day. However, while enjoying the convenience and easy-to-expand computing and storage capabilities brought by cloud computing, because cloud computing is very different from traditional computer systems in terms of network topology and usage patterns, many traditional security protection measures cannot be used in cloud computing environments. Failure, the security of cloud infrastructure itself is facing a huge challenge. In recent years, relevant information security incidents have occurred frequently.

评估系统的安全性是研究系统安全状态的重要手段和前提。与针对传统计算机系统的信息安全评估一样,云基础设施的安全性评估需要对其进行安全评测,其目的在于检验是否满足云计算的安全需求并弄清期望结果与测试结果的差别,从而发现系统存在的安全问题。Assessing the security of the system is an important means and premise of researching the security state of the system. Like the information security assessment of traditional computer systems, the security assessment of cloud infrastructure requires a security assessment. Existing security issues.

经检索,发明人发现,与本申请最为相关的文献有:After searching, the inventor found that the documents most relevant to the application include:

1、CN2012101308311(名称:一种云计算环境安全量化评估系统)的中国专利申请公开了一种云计算环境安全量化评估系统。所述的系统分为三部分,分别为:信息采集模块,管理分析模块和Web查询模块,所述三大功能模块可挂接方式连接。该发明基于云计算环境安全量化评估指标模型,采用自动化、半自动化、人工访谈等多种形式相结合的方式,对各类云计算环境进行信息安全量化评估。1. The Chinese patent application CN2012101308311 (name: a cloud computing environment security quantitative evaluation system) discloses a cloud computing environment security quantitative evaluation system. The system is divided into three parts, namely: an information collection module, a management analysis module and a Web query module, and the three functional modules can be connected by means of hooks. Based on the cloud computing environment security quantitative evaluation index model, the invention adopts a combination of automation, semi-automation, and manual interviews to conduct quantitative evaluation of information security for various cloud computing environments.

2、《云计算平台的访问控制评测技术研究》(李文雪,哈尔滨工业大学,2013,硕士学位论文)设计并实现了能对系统的访问控制安全性进行自动化评测的系统。该系统通过向待测系统中嵌入访问控制测试接口,实现远程对待测系统的访问控制安全性进行评测。该评测系统采用C/S架构,主要分为两部分:评测工具客户端和待测系统。评测工具客户端的功能子模块包括:界面、测试库、测试分析模块、测试用例生成模块、测试执行模块、测试结果采集模块,测试结果处理模块和部署于待测系统的测试接口。2. "Research on Access Control Evaluation Technology of Cloud Computing Platform" (Li Wenxue, Harbin Institute of Technology, 2013, master's degree thesis) designed and implemented a system that can automatically evaluate the system's access control security. By embedding the access control test interface into the system under test, the system realizes the remote evaluation of the access control security of the system under test. The evaluation system adopts C/S architecture and is mainly divided into two parts: the evaluation tool client and the system to be tested. The functional sub-modules of the evaluation tool client include: interface, test library, test analysis module, test case generation module, test execution module, test result collection module, test result processing module and the test interface deployed in the system under test.

3、CN201110316666.4(名称:一种面向云计算的网络安全预警方法)的中国专利申请公开了网络安全预警方法。为了保证云计算环境下网络通信的安全可靠,动态实时地识别和监控云计算环境下各种攻击企图和行为,为面向云计算下各种网络攻击提供实时预警和安全防护的方法。它主要有安全事件采集器、安全事件处理器、安全状态分析器以及网络安全预警操作核心等部分组成。通过Agent技术和Apriori关联规则算法来解决云计算环境下网络安全预警问题。3. The Chinese patent application CN201110316666.4 (name: a cloud computing-oriented network security early warning method) discloses a network security early warning method. In order to ensure the security and reliability of network communication in the cloud computing environment, dynamically identify and monitor various attack attempts and behaviors in the cloud computing environment in real time, and provide real-time early warning and security protection methods for various network attacks in the cloud computing environment. It mainly consists of a security event collector, a security event processor, a security status analyzer, and a network security early warning operation core. Through Agent technology and Apriori association rule algorithm to solve the network security early warning problem in the cloud computing environment.

纵观现有技术发现存在以下方面的问题:Looking at the prior art, it is found that there are problems in the following aspects:

1、现有已公开的资料多是用户自己编写评测脚本去测试云基础设施的安全状态,但受限于技术水平,这样未必能够全面和深入的了解云基础设施的安全状况。市面上已经有不少开源的功能全面、性能较好的评测软件,例如漏洞扫描的Nessus,入侵检测的Snort等,完全可以按需组合不同的评测软件,对云基础设施实施更全面、深入的安全状态评估。1. Most of the existing public information is that users write evaluation scripts to test the security status of cloud infrastructure, but limited by the technical level, it may not be possible to fully and deeply understand the security status of cloud infrastructure. There are already many open source evaluation software with comprehensive functions and good performance on the market, such as Nessus for vulnerability scanning and Snort for intrusion detection. Security posture assessment.

2、现有技术手段基本遵循的思路是:在云基础设施中的不同主机上安装代理Agent采集数据,通过网络返回数据给管理分析模块进行分析处理。这仍旧是传统信息安全防护理念,存在资源分配可扩展性不够好的缺点。具体论述如下:2. The idea basically followed by the existing technical means is: install an agent agent on different hosts in the cloud infrastructure to collect data, and return the data to the management analysis module through the network for analysis and processing. This is still a traditional concept of information security protection, which has the disadvantage of insufficient scalability of resource allocation. The specific discussion is as follows:

若多个Agent采集的信息数据量很大,对信息的去重、转换、归并等操作将给分析处理模块带来很高的工作负载。但现有公开资料却少有论述测试分析模块的体系结构,即是否是单个节点来处理,如果是单个节点处理,那么又会陷入“C/S”架构的问题,即单个节点容易陷入负载过高的局面。若是采用多服务器或者集群,则采集端与后台存储两种系统之间海量测评数据的导入、存储等问题处理起来也较为麻烦。而且事先难以估计对计算、存储资源的需求量,可能导致在评测过程中发现现有资源跟不上实际需求,又一时难以调配,影响评测进程;同时分配过多资源也容易造成浪费,总的来说不够灵活。If the amount of information data collected by multiple Agents is large, operations such as deduplication, conversion, and merging of information will bring a high workload to the analysis and processing module. However, the existing public information rarely discusses the architecture of the test analysis module, that is, whether it is processed by a single node, and if it is processed by a single node, it will fall into the problem of "C/S" architecture, that is, a single node is easy to fall into the load overload high situation. If multiple servers or clusters are used, it will be more troublesome to deal with the import and storage of massive evaluation data between the collection end and the background storage system. Moreover, it is difficult to estimate the demand for computing and storage resources in advance, which may lead to the discovery that the existing resources cannot keep up with the actual needs during the evaluation process, and it is difficult to allocate for a while, which affects the evaluation process; at the same time, allocating too many resources is likely to cause waste. is not flexible enough.

3、在云基础设施中部署代理采集测评数据,且自主上报数据给后台容易造成信息之间互相冲突,从而给后台的分析处理工作带来干扰,影响测评结论。3. Deploying agents in the cloud infrastructure to collect evaluation data, and self-reporting data to the background may easily cause conflicts between information, which will interfere with the analysis and processing work of the background and affect the evaluation conclusions.

总的来说,当前还缺少适应云计算特点的信息安全测评装置和方法。Generally speaking, there is still a lack of information security evaluation devices and methods that adapt to the characteristics of cloud computing.

发明内容Contents of the invention

本发明解决的技术问题在于提供一种用于云基础设施的安全评测方法;可以适用于云计算的特点,对信息安全状况进行测评。The technical problem solved by the present invention is to provide a security evaluation method for cloud infrastructure; it can be applied to the characteristics of cloud computing and evaluate information security status.

本发明解决上述技术问题的技术方案是:The technical scheme that the present invention solves the problems of the technologies described above is:

所述的方法由调度模块、测评软件库、测评镜像、测评配置库、测评结果库、分析模块、测评需求书、测评报告等模块构成的装置完成;The method is completed by a device composed of a scheduling module, an evaluation software library, an evaluation image, an evaluation configuration library, an evaluation result library, an analysis module, an evaluation requirement book, and an evaluation report;

在测评前,由用户对测评软件库进行配置;然后,Before the evaluation, the user configures the evaluation software library; then,

调度模块读取本次测评活动的测评需求书;确定本次测评所需要的软件,再启动某一测评镜像,开始对某一安全科目进行安全测评,将数据写入测评结果库中;The dispatching module reads the evaluation requirement book of this evaluation activity; determines the software required for this evaluation, and then starts a certain evaluation image, starts the safety evaluation of a certain security subject, and writes the data into the evaluation result database;

在测评活动执行过程中,记录所需的资源配置、测评时间等参数;在本次测评活动结束后,写入测评配置库中,为下一次的测评活动提供配置和执行等参考;During the execution of the evaluation activity, record the required resource configuration, evaluation time and other parameters; after the end of the evaluation activity, write it into the evaluation configuration library to provide configuration and execution reference for the next evaluation activity;

分析模块综合所有测评结果,采用模糊综合评价法、AHP评价法、灰色理论、神经网络法等综合评价方法,对被测试的云基础设施的安全状况给出整体评价,并出具可供用户下载的测评报告;The analysis module synthesizes all the evaluation results, adopts comprehensive evaluation methods such as fuzzy comprehensive evaluation method, AHP evaluation method, gray theory, neural network method, etc., to give an overall evaluation of the security status of the tested cloud infrastructure, and issue a user-downloadable evaluation report;

每个工作中的测评镜像定期返回其资源消耗状况;调度模块根据这些信息判断该测评镜像的工作状态;工作状态集合中包含:“任务失效”、“任务执行中”2种状态;Each working evaluation image periodically returns its resource consumption status; the scheduling module judges the working status of the evaluation image based on this information; the working status set includes: "task failure" and "task execution";

对任务结束的测评镜像,进行虚拟机资源的回收工作;Reclaim virtual machine resources for the evaluation image at the end of the task;

对处于失效状态的测评镜像,进行唤醒操作;如果在设定的时间内未能唤醒,则进行虚拟机迁移;对处于任务执行中的测评镜像,根据按照轮询调度算法,将回收的资源重新分配给仍在执行任务的镜像。Wake up the evaluation image that is in the invalid state; if it fails to wake up within the set time, migrate the virtual machine; Assigned to images that are still executing tasks.

在测评前用户预先做测评软件库的配置工作;先把市场上已有的针对云基础设施的安全测评软件、自主编写的测评软件程序上传至测评软件库中;然后按照通常的分类:系统安全、网络安全、数据安全、行为安全等,对这些软件进行分类,划分到不同的“测评软件列表”;测评软件库可以不断地更新,确保测评软件的先进性、成熟性。Before the evaluation, the user pre-configures the evaluation software library; first uploads the existing security evaluation software for cloud infrastructure on the market and the evaluation software program written by himself to the evaluation software library; then according to the usual classification: system security , network security, data security, behavioral security, etc., these software are classified and divided into different "evaluation software lists"; the evaluation software library can be continuously updated to ensure the advancement and maturity of the evaluation software.

为每种测评软件分配其所需的虚拟机资源,即资源单位;每个测评软件安装于虚拟机中,与计算、存储、网络等资源一并打包形成一个测评镜像;启动测评镜像,进行测评活动,最后对数据进行分析处理,形成测评结论。Allocate the required virtual machine resources for each evaluation software, that is, resource units; each evaluation software is installed in a virtual machine, and is packaged together with computing, storage, network and other resources to form an evaluation image; start the evaluation image and perform evaluation activities, and finally analyze and process the data to form evaluation conclusions.

具体测评流程是:The specific evaluation process is:

(1)、访问测评配置库模块,该模块记录有以前测评活动的基础配置信息;获取以往针对同一云基础设施的网络安全域测评时有关测评活动的资源单位配置状态;比如:为该测评活动分配了多少CPU、内存等资源情况;(1) Access the evaluation configuration library module, which records the basic configuration information of previous evaluation activities; obtain the resource unit configuration status of related evaluation activities in the previous network security domain evaluation for the same cloud infrastructure; for example: for this evaluation activity How many resources such as CPU and memory are allocated;

(2)、调度模块读取本次测评活动的测评需求书,根据测评的不同安全科目,访问测评软件库中的测评软件列表,确定本次测评所需要的软件;(2), the dispatching module reads the evaluation requirement book of this evaluation activity, and accesses the evaluation software list in the evaluation software library according to the different safety subjects of evaluation, and determines the software required for this evaluation;

(3)、根据本次测评的云基础设施的物理边界范围,从而为本次测评活动分配合适的资源单位;这是一种自主学习的过程,如上一次测评活动对100台服务器实施了安全测评,本次需要对60台服务器进行安全测评,考虑到资源的冗余性应付测评过程中的突发事件,则本次分配资源可取上一次所需物理资源的60-70%;(3) According to the physical boundaries of the cloud infrastructure in this evaluation, appropriate resource units are allocated for this evaluation activity; this is a self-learning process, such as the security evaluation of 100 servers in the last evaluation activity , this time, 60 servers need to be evaluated for security. Considering the redundancy of resources to deal with emergencies during the evaluation process, the allocated resources for this time can take 60-70% of the physical resources required last time;

(4)、将本次测评所需软件、程序与为其分配的资源单位打包,形成可运行的测评镜像;(4) Package the software and programs required for this evaluation with the allocated resource units to form a runnable evaluation image;

(5)、调度模块启动某一测评镜像,初始化并获取相关控制权限,采集数据,开始对某一领域进行安全测评;(5) The scheduling module starts a certain evaluation image, initializes and obtains relevant control authority, collects data, and starts to perform security evaluation on a certain field;

(6)、测评镜像执行测评活动;对原始数据进行转换、清洗等操作;本次测评活动结束后,将已处理过的测评结果数据写入测评结果库中;(6) Execute evaluation activities in the evaluation mirror image; perform operations such as conversion and cleaning on the original data; after the evaluation activity is over, write the processed evaluation result data into the evaluation result database;

(7)、待所有测评镜像完成工作后,分析模块综合所有测评结果;(7) After all evaluation images are completed, the analysis module synthesizes all evaluation results;

(8)、如果是第一次对该云基础设施进行测评,则无法从测评历史库中获取可供参考的配置状态;(8) If it is the first time to evaluate the cloud infrastructure, the reference configuration status cannot be obtained from the evaluation history database;

如果访问测评配置库,没有读取到相关测评配置信息,或者是第一次针对该云基础设施实施测评活动,则没有历史数据可以借鉴;针对这种情况,可取该云基础设施日常运行最普遍的虚拟机资源配置情况,作为一个资源单位分配物理资源的参考。If you visit the evaluation configuration library and do not read the relevant evaluation configuration information, or if it is the first time to implement evaluation activities for the cloud infrastructure, there is no historical data to learn from; The resource configuration of the virtual machine is used as a reference for allocating physical resources as a resource unit.

对于处于任务执行中的测评镜像,可根据实际情况为其分配更多资源,加快其完成测评任务;具体过程如下:For the evaluation image that is in the process of task execution, more resources can be allocated to it according to the actual situation to speed up the completion of the evaluation task; the specific process is as follows:

设有一执行任务的测评镜像Ci,当前Ci的测评活动已消耗时间为TC,;Ci预计完成测评活动的时间为TF,新的资源从加入Ci能够用于测评所需要的准备时间为TP,若TF-TC<TP,则将已经结束测评活动的测评镜像中回收的资源再分配;否则不做操作。There is an evaluation mirror C i that executes the task. The current evaluation activity of C i has consumed time T C , and the estimated time for C i to complete the evaluation activity is T F . New resources can be used for evaluation after joining C i The preparation time is T P , if T F -T C <T P , then reallocate the resources recovered from the evaluation mirror that has completed the evaluation activity; otherwise, no operation is performed.

具体分配过程是:The specific allocation process is:

每个仍在工作的测评镜像定期返回其资源消耗状况,调度模块将这些测评镜像按照它们消耗物理资源从高到低的顺序,生成到一个“测评镜像的资源消耗队列”;假设已回收R个资源单位。按照“消耗越多,分配越多”的原则,将这R个资源单位按照轮询调度算法(Round-Robin Scheduling)分配给资源消耗队列”中的测评镜像。Each evaluation image that is still working returns its resource consumption status periodically, and the scheduling module generates these evaluation images into a "resource consumption queue of evaluation images" in the order of their consumption of physical resources from high to low; assuming that R have been recycled resource unit. According to the principle of "more consumption, more allocation", these R resource units are allocated to the evaluation image in the resource consumption queue according to the round-robin scheduling algorithm (Round-Robin Scheduling).

本发明提到的信息安全评测装置部署于云基础设施中,以虚拟机状态运行,利用云基础设施自身的各种资源来评测自身的安全状态。部署较为灵活、可按需组合不同地安全测评软件、有着良好的计算和存储伸缩能力,能够以客户为中心实现各种需求。具体而言,本发明具有以下有益效果:The information security evaluation device mentioned in the present invention is deployed in the cloud infrastructure, runs in a virtual machine state, and uses various resources of the cloud infrastructure itself to evaluate its own security status. The deployment is relatively flexible, and different security evaluation software can be combined on demand, with good computing and storage scalability, and can meet various needs centered on customers. Specifically, the present invention has the following beneficial effects:

1、具备自主学习功能,资源利用效率更高。根据每次测评的要求,访问测评配置库模块,获取以前测评活动的基础配置信息,从而推算本次测评活动所需资源单位,减少了因资源分配不足造成的测评时间延长,也减少了对多余资源的不必要占用。1. With self-learning function, resource utilization efficiency is higher. According to the requirements of each evaluation, visit the evaluation configuration library module to obtain the basic configuration information of previous evaluation activities, so as to calculate the resource units required for this evaluation activity, which reduces the extension of evaluation time caused by insufficient resource allocation, and also reduces the need for redundancy. Unnecessary use of resources.

2、按照通常的安全科目分类,把市场上已有的针对云基础设施的安全测评软件、自主编写的测评软件程序上传至测评软件库中,并对这些软件进行分类,划分到不同的“测评软件列表”。测评软件库具备对其存储的测评软件的更新能力,保证了测评软件的先进性、成熟性。2. According to the usual classification of security subjects, upload the existing security evaluation software for cloud infrastructure on the market and self-written evaluation software programs to the evaluation software library, and classify these software into different "evaluation programs" Software List". The evaluation software library has the ability to update the evaluation software stored in it, which ensures the advancement and maturity of the evaluation software.

3、将每个安全科目的测评工作,包括数据采集、预处理和分析等流程转移到测评镜像中完成,而不是集中到后台分析模块,减轻了其工作负载。3. The evaluation work of each security subject, including data collection, preprocessing, and analysis, is transferred to the evaluation image instead of being concentrated in the background analysis module, which reduces its workload.

4、由调度模块对测评活动中的所需资源进行调度分配,采用轮询调度算法,使得各工作中的测评镜像之间负载较为均衡,能够加快测评活动执行。4. The scheduling module schedules and allocates the required resources in the evaluation activities, and adopts a round-robin scheduling algorithm, so that the load among the evaluation images in each job is relatively balanced, and the execution of evaluation activities can be accelerated.

5、可以按需构建专门针对某一安全科目的安全测评镜像,也可多种组合搭配,测评镜像可独立完成对某一安全科目的测评活动。5. It is possible to build a security evaluation mirror specifically for a certain security subject on demand, or it can be combined and matched in a variety of ways. The evaluation mirror can independently complete the evaluation activities for a certain security subject.

6、可把专业的安全测评软件集成到测评镜像中,每个软件完成专业的工作,使得测评结果更准确、全面和深入。6. Professional security evaluation software can be integrated into the evaluation image, and each software can complete professional work, making the evaluation results more accurate, comprehensive and in-depth.

附图说明Description of drawings

下面结合附图对本发明进一步说明:Below in conjunction with accompanying drawing, the present invention is further described:

图1是本发明测评装置功能模块示意图;Fig. 1 is a schematic diagram of the functional modules of the evaluation device of the present invention;

图2是本发明测评软件库配置流程图;Fig. 2 is the configuration flowchart of the evaluation software library of the present invention;

图3是本发明测评活动流程示意图;Fig. 3 is a schematic diagram of the flow chart of the evaluation activity of the present invention;

图4是本发明测评镜像任务结束后的资源回收流程图;Fig. 4 is a flow chart of resource recovery after the end of the evaluation image task of the present invention;

图5是本发明测评镜像工作失效后的处理流程图;Fig. 5 is the processing flow diagram after the evaluation mirror image work fails in the present invention;

图6是本发明已回收资源调度流程图。Fig. 6 is a flow chart of the reclaimed resource scheduling in the present invention.

具体实施方式Detailed ways

见图1所示,本发明针对云基础设施进行安全评测的装置由调度模块、测评软件库、测评镜像、测评配置库、测评结果库、分析模块、测评需求书、测评报告等模块构成。As shown in Figure 1, the device for security evaluation of cloud infrastructure in the present invention is composed of scheduling module, evaluation software library, evaluation image, evaluation configuration library, evaluation result library, analysis module, evaluation requirement book, evaluation report and other modules.

在测评前用户预先要做测评软件库的配置工作;具体流程见图2所示。把市场上已有的针对云基础设施的安全测评软件、自主编写的测评软件程序上传至测评软件库中。按照通常的分类:系统安全、网络安全、数据安全、行为安全等,对这些软件进行分类,划分到不同的“测评软件列表”。测评软件库可以不断地更新,确保测评软件的先进性、成熟性。Before the evaluation, the user must configure the evaluation software library in advance; the specific process is shown in Figure 2. Upload the existing cloud infrastructure security evaluation software and self-written evaluation software programs to the evaluation software library. According to the usual classification: system security, network security, data security, behavioral security, etc., these software are classified and divided into different "evaluation software lists". The evaluation software library can be continuously updated to ensure the advancement and maturity of the evaluation software.

一次测评活动的完整过程包括以下:根据每次测评的要求(例如本次测评要对该云基础设施范围内的哪些服务器进行测评),为每种测评软件分配其所需的虚拟机资源,即资源单位。每个测评软件安装于虚拟机中,与计算、存储、网络等资源一并打包形成一个测评镜像。启动测评镜像,进行测评活动,最后对数据进行分析处理,形成测评结论。The complete process of an evaluation activity includes the following: according to the requirements of each evaluation (such as which servers within the cloud infrastructure to be evaluated in this evaluation), allocate the required virtual machine resources for each evaluation software, that is, resource unit. Each evaluation software is installed in a virtual machine, and is packaged together with computing, storage, network and other resources to form an evaluation image. Start the evaluation image, carry out the evaluation activities, and finally analyze and process the data to form the evaluation conclusion.

为了更好地说明问题,下面列举一次完整测评活动的实例;具体见图3所示。假设当前要对整个云基础设施中的网络安全科目进行测评,从而得知该云基础设施在这方面的安全状况。In order to better illustrate the problem, the following is an example of a complete evaluation activity; see Figure 3 for details. Assume that it is currently necessary to evaluate the network security subjects in the entire cloud infrastructure, so as to know the security status of the cloud infrastructure in this respect.

1、访问测评配置库模块,该模块记录有以前测评活动的基础配置信息。获取以往针对同一云基础设施的网络安全域测评时有关测评活动的资源单位配置状态。比如:为该测评活动分配了多少CPU、内存等资源情况。1. Access the evaluation configuration library module, which records the basic configuration information of previous evaluation activities. Obtain the configuration status of resource units related to evaluation activities in previous network security domain evaluations for the same cloud infrastructure. For example: How many resources such as CPU and memory are allocated for the evaluation activity.

2、获得这些配置情况后,调度模块读取本次测评活动的测评需求书,根据测评的不同安全科目,访问测评软件库中的测评软件列表,确定本次测评所需要的软件。2. After obtaining these configurations, the dispatching module reads the evaluation requirement document of this evaluation activity, and according to the different security subjects of the evaluation, accesses the evaluation software list in the evaluation software library to determine the software required for this evaluation.

3、根据本次测评的云基础设施的物理边界范围,从而为本次测评活动分配合适的资源单位。这是一种自主学习的过程,举例来说,上一次测评活动对100台服务器实施了安全测评,本次需要对60台服务器进行安全测评,考虑到资源的冗余性应付测评过程中的突发事件,则本次分配资源可取上一次所需物理资源的60-70%。3. According to the physical boundaries of the cloud infrastructure for this evaluation, allocate appropriate resource units for this evaluation activity. This is a process of self-learning. For example, the last evaluation activity implemented security evaluation on 100 servers. This time, it is necessary to conduct security evaluation on 60 servers. Considering the redundancy of resources, it is necessary to deal with sudden changes in the evaluation process. If an event occurs, the resources allocated this time can take 60-70% of the physical resources required last time.

4、将本次测评所需软件、程序与为其分配的资源单位打包,形成可运行的测评镜像。4. Package the software and programs required for this evaluation with the allocated resource units to form a runnable evaluation image.

5、调度模块启动某一测评镜像,初始化并获取相关控制权限,采集数据,开始对某一领域进行安全测评。5. The scheduling module starts a certain evaluation image, initializes and obtains relevant control authority, collects data, and starts to conduct security evaluation on a certain field.

6、测评镜像执行测评活动。对原始数据进行转换、清洗等操作;本次测评活动结束后,将已处理过的测评结果数据写入测评结果库中。6. The evaluation mirror performs evaluation activities. Perform operations such as conversion and cleaning on the original data; after the evaluation activity is over, write the processed evaluation result data into the evaluation result database.

7、待所有测评镜像完成工作后,分析模块综合所有测评结果。7. After all evaluation images are completed, the analysis module will synthesize all evaluation results.

由于云基础设施的安全状况涉及对多个安全科目的评估,是受到多种因素制约的事物。为了做出一个总体、较为准确的评估,可采用综合评价方法,包括模糊综合评价法、层次分析法(AHP,Analytic Hierarchy Process)、灰色理论、神经网络法等。对被测试的云基础设施的安全状况给出整体评价,并出具可供用户下载的测评报告。Since the security status of cloud infrastructure involves the assessment of multiple security subjects, it is restricted by various factors. In order to make an overall and more accurate evaluation, comprehensive evaluation methods can be used, including fuzzy comprehensive evaluation method, Analytic Hierarchy Process (AHP, Analytic Hierarchy Process), gray theory, neural network method, etc. Give an overall evaluation of the security status of the tested cloud infrastructure, and issue an evaluation report for users to download.

8、如果是第一次对该云基础设施进行测评,则无法从测评历史库中获取可供参考的配置状态。8. If it is the first time to evaluate the cloud infrastructure, the reference configuration status cannot be obtained from the evaluation history database.

如果访问测评配置库,没有读取到相关测评配置信息,或者是第一次针对该云基础设施实施测评活动,则没有历史数据可以借鉴。针对这种情况,可采取的一种简单方式是:取该云基础设施日常运行最普遍的虚拟机资源配置情况,作为一个资源单位分配物理资源的参考。If you access the evaluation configuration library and do not read relevant evaluation configuration information, or it is the first time to implement evaluation activities for this cloud infrastructure, then there is no historical data for reference. In view of this situation, a simple method can be adopted: take the most common virtual machine resource configuration in the daily operation of the cloud infrastructure as a reference for a resource unit to allocate physical resources.

在本次测评活动执行过程中,记录所需的资源配置、测评时间等参数。在本次测评活动结束后,写入测评配置库中,为下一次的测评活动提供配置和执行等参考。During the execution of this evaluation activity, record the required resource configuration, evaluation time and other parameters. After this evaluation activity is over, it will be written into the evaluation configuration library to provide configuration and execution reference for the next evaluation activity.

由于每个测评镜像的工作任务量不尽相同,各测评镜像之间完成测评活动有先后顺序;同时,也可能存在硬件或软件故障引起测评镜像工作失效。针对这几种情况,可利用调度模块进行资源的重新分配、任务调整。Since the workload of each evaluation image is different, there is a sequence in which the evaluation activities are completed between each evaluation image; at the same time, there may be hardware or software failures that may cause the evaluation image to fail. For these situations, the scheduling module can be used to reallocate resources and adjust tasks.

见图4、5所示,具体工作过程如下:As shown in Figure 4 and 5, the specific working process is as follows:

每个工作中的测评镜像定期返回其资源消耗状况。调度模块根据这些信息判断该测评镜像的工作状态。工作状态集合中包含:“任务失效”、“任务执行中”2种状态。Each working measurement image periodically returns its resource consumption status. The scheduling module judges the working status of the evaluation image based on these information. The working status set includes two statuses: "task failure" and "task execution".

当测评镜像的任务结束时,通知调度模块,调度模块进行虚拟机资源的回收工作。When the task of evaluating the image ends, the scheduling module is notified, and the scheduling module performs the recovery work of the virtual machine resources.

对处于失效状态的测评镜像,进行唤醒操作。如果在设定的时间内未能唤醒,则进行虚拟机迁移。Perform a wake-up operation on the evaluation image that is in an invalid state. If it fails to wake up within the set time, the virtual machine will be migrated.

对于处于任务执行中的测评镜像,可根据实际情况为其分配更多资源,加快其完成测评任务。具体过程如下:For the evaluation image that is in the process of task execution, more resources can be allocated to it according to the actual situation to speed up the completion of the evaluation task. The specific process is as follows:

设有一执行任务的测评镜像Ci,当前Ci的测评活动已消耗时间为TC,;Ci预计完成测评活动的时间为TF,新的资源从加入Ci能够用于测评所需要的准备时间为TP,若TF-TC<TP,则将已经结束测评活动的测评镜像中回收的资源再分配;否则不做操作。There is an evaluation mirror C i that executes the task. The current evaluation activity of C i has consumed time T C , and the estimated time for C i to complete the evaluation activity is T F . New resources can be used for evaluation after joining C i The preparation time is T P , if T F -T C <T P , then reallocate the resources recovered from the evaluation mirror that has completed the evaluation activity; otherwise, no operation is performed.

见图6所示,下面列举一个实例说明具体分配过程。As shown in Figure 6, an example is given below to illustrate the specific allocation process.

每个仍在工作的测评镜像定期返回其资源消耗状况,调度模块将这些测评镜像按照它们消耗物理资源从高到低的顺序,生成到一个“测评镜像的资源消耗队列”。假设已回收R个资源单位。按照“消耗越多,分配越多”的原则,将这R个资源单位按照轮询调度算法(Round-Robin Scheduling)分配给资源消耗队列”中的测评镜像。Each evaluation image that is still working returns its resource consumption status periodically, and the scheduling module generates these evaluation images into a "resource consumption queue of evaluation images" in the order of their consumption of physical resources from high to low. Assume R resource units have been reclaimed. According to the principle of "more consumption, more allocation", these R resource units are allocated to the evaluation image in the resource consumption queue according to the round-robin scheduling algorithm (Round-Robin Scheduling).

Claims (7)

1. for a safe evaluating method for cloud infrastructure, it is characterized in that: described method is completed by the device of the module composition such as scheduler module, test and evaluation software storehouse, test and appraisal mirror image, test and appraisal repository, evaluating result storehouse, analysis module, test and appraisal demand book, test and evaluation report;
Before test and appraisal, by user, test and evaluation software storehouse is configured; Then, scheduler module reads the test and appraisal demand book of this test and appraisal activity; Determine this test and appraisal required for software, restart a certain test and appraisal mirror image, start to carry out security evaluation to a certain safe subject, data are write in evaluating result storehouse;
In test and appraisal activity implementation, the parameters such as the resource distribution needed for record, test and appraisal time; After this test and appraisal activity end, in write test and appraisal repository, provide the references such as configuration and execution for test and appraisal activity next time;
The comprehensive all evaluating results of analysis module, adopt the integrated evaluating methods such as Field Using Fuzzy Comprehensive Assessment, AHP evaluation assessment, gray theory, neural network, the overall evaluation is provided to the safe condition of measured cloud infrastructure, and provides the test and evaluation report can downloaded for user;
Test and appraisal mirror image in each work regularly returns its resource consumption situation; Scheduler module judges the operating state of this test and appraisal mirror image according to these information; Comprise in operating state set: " task inefficacy ", " in tasks carrying " 2 kinds of states;
To the test and appraisal mirror image that task terminates, carry out the recovery operation of resources of virtual machine;
To the test and appraisal mirror image being in failure state, carry out wake operation; If fail to wake up within the time of setting, then carry out virtual machine (vm) migration; To the test and appraisal mirror image be in tasks carrying, according to according to polling dispatching algorithm, the resource of recovery is reassigned to the mirror image of still executing the task.
2. safe evaluating method according to claim 1, is characterized in that: before test and appraisal, user is beforehand with the configuration effort in test and evaluation software storehouse; First the security evaluation software for cloud infrastructure existing on market, the test and evaluation software program of independently writing are uploaded in test and evaluation software storehouse; Then according to common classification: system safety, network security, data security, behavior safety etc., these softwares are classified, is divided into different " test and evaluation software list "; Test and evaluation software storehouse can constantly upgrade, and guarantees the advance of test and evaluation software, maturity.
3. safe evaluating method according to claim 1, is characterized in that: according to the requirement of each test and appraisal, for often kind of test and evaluation software distributes the resources of virtual machine needed for it, i.e. resource units; Each test and evaluation software is installed in virtual machine, with calculate, store, the formation one of packing in the lump of the resource such as network tests and assesses mirror image; Start test and appraisal mirror image, carry out test and appraisal activity, finally analyzing and processing is carried out to data, form test and appraisal conclusion.
4. safe evaluating method according to claim 2, is characterized in that: according to the requirement of each test and appraisal, for often kind of test and evaluation software distributes the resources of virtual machine needed for it, i.e. resource units; Each test and evaluation software is installed in virtual machine, with calculate, store, the formation one of packing in the lump of the resource such as network tests and assesses mirror image; Start test and appraisal mirror image, carry out test and appraisal activity, finally analyzing and processing is carried out to data, form test and appraisal conclusion.
5. the safe evaluating method according to any one of Claims 1-4, is characterized in that: concrete process is:
(1), test and appraisal repository module is accessed, the configurations information of test and appraisal activity before this module records; About the resource units configuration status of test and appraisal activity when obtaining the network security territory test and appraisal in the past for same cloud infrastructure; Such as: for this test and appraisal activity is assigned with the resource situation such as how many CPU, internal memory;
(2), scheduler module reads the test and appraisal demand book of this test and appraisal activity, and according to the safe subject of difference of test and appraisal, the test and evaluation software list in access test and evaluation software storehouse, determines this software required for test and appraisal;
(3), according to the physical boundary scope of cloud infrastructure of these test and appraisal, thus suitable resource units is distributed for this test and appraisal activity; This is a kind of process of autonomous learning, for example last test and appraisal activity implements security evaluation to 100 station servers, this needs to carry out security evaluation to 60 station servers, consider that the redundancy of resource deals with the accident in assessment process, then the 60-70% of physical resource quantity needed for this Resources allocation desirable last time;
(4), by the required software of these test and appraisal, program pack with for its resource units distributed, the test and appraisal mirror image that formation can run;
(5), scheduler module starts a certain test and appraisal mirror image, and initialization also obtains relevant control authority, image data, starts to carry out security evaluation to a certain field;
(6) mirror image of, testing and assessing performs test and appraisal activity; Initial data is changed, the operation such as cleaning; After this test and appraisal activity end, by processed evaluating result data write evaluating result storehouse;
(7), after all test and appraisal mirror images are finished the work, the comprehensive all evaluating results of analysis module;
(8) if first time tests and assesses to this cloud infrastructure, then configuration status that can be for reference cannot be obtained from test and appraisal history library;
If access test and appraisal repository, do not read relevant test and appraisal configuration information, or first time implements test and appraisal activity for this cloud infrastructure, then do not have historical data to use for reference; For this situation, the resources of virtual machine configuring condition that this cloud infrastructure day-to-day operation desirable is the most general, distributes the reference of physical resource as a resource units.
6. safe evaluating method according to claim 5, is characterized in that: for the test and appraisal mirror image be in tasks carrying, according to actual conditions for it distributes more multiple resource, can accelerate it and complete test and appraisal task; Detailed process is as follows:
Be provided with a test and appraisal mirror image C executed the task i, current C itest and appraisal activity elapsed time be T c; C iestimate that the time of test and appraisal activity is T f, new resource is from adding C ithe time that can be used in required for testing and assessing is T pif, T f-T c< T p, then the redistribute resources reclaimed in the test and appraisal mirror image of test and appraisal activity will be terminated; Otherwise do not operate.
7. safe evaluating method according to claim 6, it is characterized in that: concrete assigning process is: eachly still regularly return its resource consumption situation at the test and appraisal mirror image of work, these test and appraisal mirror images are consumed physical resource order from high to low according to them by scheduler module, are generated to one " the resource consumption queue of test and appraisal mirror image "; Suppose to reclaim R resource units.According to the principle of " consume more, distribute more ", by this R resource units according to polling dispatching algorithm assigns to resource consumption queue " in test and appraisal mirror image.
CN201510107604.0A 2015-03-11 2015-03-11 Security evaluation method for cloud infrastructure Active CN104735063B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510107604.0A CN104735063B (en) 2015-03-11 2015-03-11 Security evaluation method for cloud infrastructure

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510107604.0A CN104735063B (en) 2015-03-11 2015-03-11 Security evaluation method for cloud infrastructure

Publications (2)

Publication Number Publication Date
CN104735063A true CN104735063A (en) 2015-06-24
CN104735063B CN104735063B (en) 2018-01-02

Family

ID=53458498

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510107604.0A Active CN104735063B (en) 2015-03-11 2015-03-11 Security evaluation method for cloud infrastructure

Country Status (1)

Country Link
CN (1) CN104735063B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106383735A (en) * 2016-09-21 2017-02-08 中科信息安全共性技术国家工程研究中心有限公司 System and method for monitoring host security of virtual machine in cloud environment in real time
CN108549934A (en) * 2018-04-25 2018-09-18 福州瑞芯微电子股份有限公司 A kind of operation method and device based on automated cluster neural network chip group
WO2019075795A1 (en) * 2017-10-19 2019-04-25 国云科技股份有限公司 Method for evaluating security of cloud computing platform
CN112052070A (en) * 2020-08-27 2020-12-08 亚信科技(南京)有限公司 Application containerization evaluation method and device, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110214124A1 (en) * 2010-02-26 2011-09-01 James Michael Ferris Systems and methods for generating cross-cloud computing appliances
CN102594617A (en) * 2012-01-12 2012-07-18 易云捷讯科技(北京)有限公司 System and method for evaluating cloud computing service
CN103902442A (en) * 2012-12-25 2014-07-02 中国移动通信集团公司 Method and system for evaluating cloud software health degree
CN104333488A (en) * 2014-11-04 2015-02-04 哈尔滨工业大学 Cloud service platform performance test method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110214124A1 (en) * 2010-02-26 2011-09-01 James Michael Ferris Systems and methods for generating cross-cloud computing appliances
CN102594617A (en) * 2012-01-12 2012-07-18 易云捷讯科技(北京)有限公司 System and method for evaluating cloud computing service
CN103902442A (en) * 2012-12-25 2014-07-02 中国移动通信集团公司 Method and system for evaluating cloud software health degree
CN104333488A (en) * 2014-11-04 2015-02-04 哈尔滨工业大学 Cloud service platform performance test method

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106383735A (en) * 2016-09-21 2017-02-08 中科信息安全共性技术国家工程研究中心有限公司 System and method for monitoring host security of virtual machine in cloud environment in real time
WO2019075795A1 (en) * 2017-10-19 2019-04-25 国云科技股份有限公司 Method for evaluating security of cloud computing platform
CN108549934A (en) * 2018-04-25 2018-09-18 福州瑞芯微电子股份有限公司 A kind of operation method and device based on automated cluster neural network chip group
CN108549934B (en) * 2018-04-25 2020-06-19 福州瑞芯微电子股份有限公司 Operation method and device based on automatic cluster neural network chipset
CN112052070A (en) * 2020-08-27 2020-12-08 亚信科技(南京)有限公司 Application containerization evaluation method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN104735063B (en) 2018-01-02

Similar Documents

Publication Publication Date Title
CN109918198B (en) Simulation cloud platform load scheduling system and method based on user characteristic prediction
Coutinho et al. Elasticity in cloud computing: a survey
Kavulya et al. An analysis of traces from a production mapreduce cluster
Di et al. Characterizing and modeling cloud applications/jobs on a Google data center
Wolski et al. Using parametric models to represent private cloud workloads
Shetty et al. Task resource usage analysis and failure prediction in cloud
Da Costa et al. Modeling, classifying and generating large-scale google-like workload
Caglar et al. Intelligent, performance interference-aware resource management for iot cloud backends
CN104735063B (en) Security evaluation method for cloud infrastructure
Colmant et al. WattsKit: Software-defined power monitoring of distributed systems
Lloyd et al. Mitigating resource contention and heterogeneity in public clouds for scientific modeling services
Devi et al. Multilevel fault-tolerance aware scheduling technique in cloud environment
Da Costa et al. Modeling and generating large-scale Google-like workload
Dai et al. Towards scalable resource management for supercomputers
Ouyang et al. Mitigating stragglers to avoid QoS violation for time-critical applications through dynamic server blacklisting
Cheng Automatic resource scaling for medical cyber-physical systems running in private cloud computing architecture
Noureddine Towards a better understanding of the energy consumption of software systems
Forshaw et al. HTC‐Sim: a trace‐driven simulation framework for energy consumption in high‐throughput computing systems
Tuli et al. Optimizing the performance of fog computing environments using ai and co-simulation
McGough et al. Reduction of wasted energy in a volunteer computing system through reinforcement learning
Zeng et al. Topology-Aware Self-Adaptive Resource Provisioning for Microservices
Corradi et al. Elastic provisioning of virtual Hadoop clusters in OpenStack-based clouds
McGough et al. Using machine learning in trace-driven energy-aware simulations of high-throughput computing systems
Zacarias et al. Dynamic memory provisioning on disaggregated HPC systems
Nandhini et al. An assessment survey of cloud simulators for fault identification

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant