摘要
当前绝大多数安全管理平台实施于网络边缘,不能解决内部安全问题,进行了基于CWPP的主机安全管理增强型应用设计。主机安全管理增强型应用设计通过树形多级管理结构实现,利用B/S结构完成管理。主动防御平台选用云工作负载保护平台(CWPP),利用单个管理控制台完成对主机工作负载的保护。主机监控模块监控按照主机安全网络需求确定监控策略,在工作机组件启动同时完成注册后,上层工作机会发出监控命令,主机监控模块接收命令后,依据监控策略执行,完成对主机不同数据的监测。通信协议通过数据包传输与私有IP包接收实现。增强型安全审计将可信计算基技术、预定义异常行为以及预定义规则结合在一起实现安全审计。将访问控制模块作用于主机,选用服务器-代理分布式体系结构,只参与访问过程中的密钥协商,完成主机身份验证。实验结果表明,基于CWPP的主机安全管理增强型应用设计可有效保护主机安全性,在不同吞吐量下均可保证较高的保密程度,整体性能强。
At present,most of the security management platforms are implemented at the edge of the network,which can not solve the internal security problems.The enhanced application design of host security management is realized by tree multi-level management structure,and the management is completed by using B/S structure.Cloud workload protection platform(CWPP)is selected as the active defense platform,and a single management console is used to protect the host workload.The host monitoring module determines the monitoring strategy according to the requirements of the host security network.After the work machine component starts and completes the registration,the upper level workers send the monitoring command.After receiving the command,the host monitoring module executes according to the monitoring strategy to complete the monitoring of different host data.The communication protocol is implemented by packet transmission and private IP packet reception.Enhanced security audit combines trusted computing technology,predefined abnormal behavior and predefined rules to achieve security audit.The access control module acts on the host,selects the server agent distributed architecture,and only participates in the key agreement in the access process to complete the host authentication.The experimental results show that the enhanced application design of host security management based on CWPP can effectively protect the host security,and can guarantee a high degree of confidentiality under different throughput,and the overall performance is strong.
作者
刘璐豪
王辉鹏
冯杰
陈凌剑
孔智锋
朱贞燕
LIU Luhao;WNAG Huipeng;FENG Jie;CHEN Lingjian;KONG Zhifeng;ZHU Zhenyan(China Southern Power Grid Guangdong Power Grid Co.,Ltd..Guangzhou Power Supply Bureau,Guangdong Guangzhou 510620,China)
出处
《自动化与仪器仪表》
2021年第4期190-193,198,共5页
Automation & Instrumentation
基金
主机安全软硬件彩购(主经机安全管理增强应用建设)(No.0002200000063021)。
