阅读说明：本技术 一种利用云迁移技术实现的脆弱性分析环境仿真方法及系统 (Vulnerability analysis environment simulation method and system realized by using cloud migration technology ) 是由 甘润东 龙玉江 卫薇 王策 李洵 周晋 王杰峰 杨淳杰 王兴川 于 2021-04-12 设计创作，主要内容包括：本发明公开了一种利用云迁移技术实现的脆弱性分析环境仿真方法及系统,包括：步骤S1:在各生产系统上分别部署仿真平台客户端,将生产系统的操作系统、数据库、应用、数据一体化实时同步到仿真平台；步骤S2：在仿真平台创建多个安全桌面；步骤S3：利用不同的安全桌面在仿真平台完成不同的操作,本发明能够100％仿真生产环境,最大程度满足生产系统测试、漏扫等需求；能够提供仿真业务环境,利用设备内置云平台,可以在设备中拉起整个业务系统,模拟业务运行和业务访问；通过实时仿真,任何在生产系统产生的变更,都会实时同步到仿真环境；能够提供一对多高密度的保障,只需一台仿真平台即可模拟多台生产系统,极大的节省成本。(The invention discloses a vulnerability analysis environment simulation method and system realized by using a cloud migration technology, which comprises the following steps: step S1, respectively deploying simulation platform clients on each production system, and integrally synchronizing the operating system, the database, the application and the data of the production systems to the simulation platform in real time; step S2: creating a plurality of secure desktops on a simulation platform; step S3: different operations are completed on the simulation platform by using different safety desktops, the invention can simulate the production environment by 100 percent, and the requirements of production system testing, missing scanning and the like are met to the maximum extent; the simulation service environment can be provided, the whole service system can be pulled up in the equipment by utilizing the built-in cloud platform of the equipment, and the service operation and service access are simulated; through real-time simulation, any change generated in a production system can be synchronized to a simulation environment in real time; the system can provide a guarantee of one-to-many high density, and can simulate a plurality of production systems by only one simulation platform, thereby greatly saving the cost.)

1. A vulnerability analysis method realized by utilizing a cloud migration technology is characterized by comprising the following steps: the method comprises the following steps:

step S1, respectively deploying simulation platform clients on each production system by using a cloud migration technology, and integrally synchronizing the operating system, the database, the application and the data of the production systems to the simulation platform in real time;

step S2: creating a plurality of secure desktops on a simulation platform;

step S3: different operations are performed on the simulation platform by using different safety desktops, including but not limited to simulation test and history recording operations.

2. The vulnerability analysis method implemented by using cloud migration technology according to claim 1, characterized in that: in the step S2, the security desktop includes a test center security desktop, a training upgrade platform security desktop, a development online management security interface, and an audit video security desktop.

3. The vulnerability analysis method implemented by using cloud migration technology according to claim 1, characterized in that: in the step S3, the simulation test includes bug search second, service simulation test and training upgrade simulation test.

4. The vulnerability analysis method implemented by using cloud migration technology according to claim 2, characterized in that: historical operations are recorded by auditing the video security desktop.

5. A vulnerability analysis environment simulation system realized by using a cloud migration technology is characterized in that: the cloud service environment data migration system comprises a server, wherein a private cloud platform and a data migration platform are arranged in the server and used for reading complete machine data of a service environment.

6. The vulnerability analysis environment simulation system implemented by using cloud migration technology according to claim 5, wherein: and the whole business system is arranged in the internal cloud environment in a one-to-many mode, and a private network is provided for operating system level access or business level access.

7. The vulnerability analysis environment simulation system implemented by using cloud migration technology according to claim 5, wherein: the service environment complete machine data comprises all data including partition formats, operating systems, application programs, databases and production data.

8. A computer-readable storage medium having stored thereon a computer program, characterized in that: the computer program, when executed by a processor, implements the method of any one of claims 1-4.

Technical Field

The invention relates to the technical field of computer information system security management, in particular to a vulnerability analysis environment simulation method and system realized by using a cloud migration technology.

Background

Under the background of the current network era, the support of computer network technology cannot be kept away in each field of social and economic development, particularly in the effective application of the computer technology and the network technology in the country, the government and large enterprises, the working efficiency is further improved, and the convenient and fast working mode ensures that people cannot leave computers and networks more and more. However, computer network resource management is decentralized, users lack security awareness and effective safeguards, and many computer systems are increasingly exposed to its vulnerability in market deployment. Therefore, it is very necessary to analyze the vulnerability of the computer system and then to provide a management scheme, so as to effectively ensure the security of the computer system.

In order to truly and effectively identify and analyze the protection defects of the computer operating system and the service system or the patching condition of the operating system, vulnerability scanning equipment is generally utilized to scan the service environment. However, vulnerability scanning occupies a large amount of network resources of a production server, and may cause risks such as service system crash, server restart, and the like, so that requirements on a time window and an operation specification of vulnerability scanning are high, frequent scanning is difficult to perform, and a large amount of work is brought to service maintenance personnel.

Disclosure of Invention

In view of the above, the first aspect of the present invention is to provide a vulnerability analysis method implemented by using a cloud migration technique; the second aspect of the present invention is to provide a vulnerability analysis environment simulation system implemented by using a cloud migration technology, which can solve the problems in the background art.

The purpose of the invention is realized by the following technical scheme:

the invention discloses a vulnerability analysis method realized by using a cloud migration technology, which comprises the following steps:

step S1, respectively deploying simulation platform clients on each production system, and integrally synchronizing the operating system, the database, the application and the data of the production systems to the simulation platform in real time;

step S2: creating a plurality of secure desktops on a simulation platform;

step S3: different operations are performed on the simulation platform by using different safety desktops, including but not limited to simulation test and history recording operations.

Further, in step S2, the security desktop includes a test center security desktop, a training upgrade platform security desktop, a development online management security interface, and an audit video security desktop.

Further, in the step S3, the simulation test includes bug search second, service simulation test, and training upgrade simulation test.

The second aspect of the invention is realized by the following technical scheme:

a vulnerability analysis environment simulation system realized by using a cloud migration technology comprises a server, wherein a private cloud platform and a data migration platform are arranged in the server and are used for reading complete machine data of a service environment;

further, the whole business system is pulled up in one-to-many mode in the internal cloud environment, and a private network is provided for operating system level access or business level access.

Further, the complete machine data of the service environment comprises all data such as a partition format, an operating system, an application program, a database, production data and the like.

The invention also provides a computer-readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, carries out the method as set forth above.

The invention has the beneficial effects that:

1. the production environment can be simulated by 100 percent, and the requirements of production system testing, missing scanning and the like are met to the greatest extent;

2. providing a simulation service environment, and utilizing a built-in cloud platform of the equipment to pull up the whole service system in the equipment and simulate service operation and service access;

3. real-time simulation, wherein any change generated in a production system can be synchronized to a simulation environment in real time;

4. the one-to-many high-density guarantee can be provided, a plurality of production systems can be simulated only by one simulation platform, and the cost is greatly saved;

5. the system can realize multi-history version recording, whole-course recording and unlimited historical time state write-back, and can simulate destructive testing and violent scanning on a production environment;

6. meanwhile, the functions of data backup and service emergency equivalent value are provided, safe take-over is realized, the failure-free time is about 5 minutes, the emergency success rate of a snapshot point is close to 100 percent, and the reliability and the stability are high.

Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention. The objectives and other advantages of the present invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.

Drawings

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be further described in detail with reference to the accompanying drawings, in which:

FIG. 1 is a flow chart of the method of the present invention.

Detailed Description

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. It should be understood that the preferred embodiments are illustrative of the invention only and are not limiting upon the scope of the invention.

As shown in the figure, the vulnerability analysis method implemented by using the cloud migration technology of the present invention includes the following steps:

step S1, respectively deploying simulation platform clients on each production system by using a cloud migration technology, and integrally synchronizing the operating system, the database, the application and the data of the production systems to the simulation platform in real time;

step S2: creating a plurality of secure desktops on a simulation platform; in the embodiment, the safety desktop comprises a test center safety desktop, a training upgrading platform safety desktop, an online management safety interface and an audit video safety desktop;

step S3: the method comprises the steps that different operations are completed by using a safety desktop, including a test user logging in a test center or training and upgrading the safety desktop, and vulnerability searching, service simulation test and training and upgrading simulation test are performed on a simulation platform; historical operations can be recorded by auditing the video security desktop.

The vulnerability analysis environment simulation system realized by using the cloud migration technology comprises a server, wherein a private cloud platform and a data migration platform are arranged in the server. Installing an agent client in a production environment server for reading complete machine data of a service environment, wherein the complete machine data is stored in the server in a cloud host mirroring mode; the server can utilize a built-in cloud environment to pull up the whole service system in a one-to-many mode, all data and service systems are completely consistent with a production system, dynamic updating can be achieved, service operation is completely and truly simulated in a simulation environment, a private network is provided for operating system level access or service level access, and the method and the system are used for vulnerability scanning, patch verification, system upgrading verification, simulation training and the like. Meanwhile, by utilizing the characteristics of the cloud platform, the simulation system can set a plurality of snapshot points to retreat at any time, so that a user can conveniently test for a plurality of times or destructively.

In the invention, the service environment complete machine data comprises all data including partition formats, operating systems, application programs, databases and production data.

According to the invention, by utilizing a cloud migration technology, all data (an operating system, an application program, production data and the like) of the production system are packaged into a cloud mirror image and copied into the equipment, so that the production environment can be simulated by 100%, and the requirements of the production system on testing, missing scanning and the like are met to the greatest extent; by providing a simulation service environment and utilizing a built-in cloud platform of the equipment, the whole service system can be pulled up in the equipment, and service operation and service access are simulated; through real-time simulation, any change generated in a production system can be synchronized to a simulation environment in real time; the one-to-many high-density guarantee can be provided, a plurality of production systems can be simulated only by one simulation platform, and the cost is greatly saved; the whole-course recording and the write-back of the infinite historical time state can be realized through multi-history version recording, and destructive testing and violent scanning on a production environment can be simulated; meanwhile, the functions of data backup and service emergency equivalent value are provided, safe take-over is realized, the failure-free time is about 5 minutes, the emergency success rate of a snapshot point is close to 100 percent, and the reliability and the stability are high.

It should be recognized that embodiments of the present invention can be realized and implemented by computer hardware, a combination of hardware and software, or by computer instructions stored in a non-transitory computer readable memory. The methods may be implemented in a computer program using standard programming techniques, including a non-transitory computer-readable storage medium configured with the computer program, where the storage medium so configured causes a computer to operate in a specific and predefined manner, according to the methods and figures described in the detailed description. Each program may be implemented in a high level procedural or object oriented programming language to communicate with a computer system. However, the program(s) can be implemented in assembly or machine language, if desired. In any case, the language may be a compiled or interpreted language. Furthermore, the program can be run on a programmed application specific integrated circuit for this purpose.

Further, the operations of processes described herein can be performed in any suitable order unless otherwise indicated herein or otherwise clearly contradicted by context. The processes described herein (or variations and/or combinations thereof) may be performed under the control of one or more computer systems configured with executable instructions, and may be implemented as code (e.g., executable instructions, one or more computer programs, or one or more applications) collectively executed on one or more processors, by hardware, or combinations thereof. The computer program includes a plurality of instructions executable by one or more processors.

Further, the method may be implemented in any type of computing platform operatively connected to a suitable interface, including but not limited to a personal computer, mini computer, mainframe, workstation, networked or distributed computing environment, separate or integrated computer platform, or in communication with a charged particle tool or other imaging device, and the like. Aspects of the invention may be embodied in machine-readable code stored on a non-transitory storage medium or device, whether removable or integrated into a computing platform, such as a hard disk, optically read and/or write storage medium, RAM, ROM, or the like, such that it may be read by a programmable computer, which when read by the storage medium or device, is operative to configure and operate the computer to perform the procedures described herein. Further, the machine-readable code, or portions thereof, may be transmitted over a wired or wireless network. The invention described herein includes these and other different types of non-transitory computer-readable storage media when such media include instructions or programs that implement the steps described above in conjunction with a microprocessor or other data processor. The invention also includes the computer itself when programmed according to the methods and techniques described herein.

Finally, the above embodiments are only intended to illustrate the technical solutions of the present invention and not to limit the present invention, and although the present invention has been described in detail with reference to the preferred embodiments, it will be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions, and all of them should be covered by the claims of the present invention.