The Design And Implementation Of Security Configuration Management Subsystem For Cloud-based System Security Detection Platform

In recent years,with the further development of China's cloud computing mar-ket,many enterprises are beginning to consider moving their company's business to the cloud.At the same time,them are not just using one cloud,but a combination of multiple clouds with each other for network services,such as public cloud,private cloud and hybrid cloud.While the adoption of multiple approaches to the cloud by enterprises has gradually evolved into the mainstream,there are many security risks associated with moving business to the cloud.For example,cloud service manufactur-ers are not responsible for the security of users' cloud services,and the development of cloud security strategy lags behind the use of cloud services,and there are no security guidelines to guide users to configure cloud services.All these are the reasons for the hidden security risks in the systems deployed by customers in the cloud.With the rapid development of cloud computing,the security issues exposed by cloud-based systems need to be addressed urgently.The security configuration management subsystem proposed in this thesis scans the security configuration of applications deployed in the cloud,to finds system se-curity vulnerabilities in a timely manner and gives recommendations for fixing them.Enterprises only need to focus on their own business,and the security detection of the cloud system is taken charge of by the system,which can reduce the enterprise's manual investment,and help enterprises to build a safe and reliable cloud business.The security configuration management subsystem is the core subsystem in the cloud-based system security detection platform,which is a cloud security manage-ment system independently developed by Advanced Institute of Information Technol-ogy Peking University.The cloud-based system security detection platform has nu-merous functions,including microservice detection,artificial intelligence detection,security configuration management and security repair.This thesis focuses on the detailed introduction of the security configuration management subsystem,which in-cludes cloud service detection module,asset visualization module,and firewall policy analysis module.Each module gives corresponding solutions for different cloud secu-rity issues,which can help non-professionals to quickly conduct security detecting and guide them in vulnerability repair,which not only safeguards cloud system security but also improves users efficiency.The front-end of the security configuration management subsystem is built using the Vue framework and the ECharts data visualization library,then the back-end uses the Spring Boot quick configuration SSM framework and the Spring Cloud to build the system's microservice architecture,Rocket MQ for traffic clipping and application decoupling.My SQL and Mongo DB databases were used for data storage,while Redis was used for data caching and distributed locking,and Docker was used for project deployment.The security configuration management subsystem has been integrated into the cloud system security detection platform and put on Huawei Cloud Market.Since its launch,the cloud system security detection platform has been running well,with stable performance,and has received good feedback from users.