SYSTEM FOR GENERATING SECURITY TOPOLOGY OF CLOUD COMPUTING

摘要

The present invention is an API communication unit for collecting an API for one VPC (Virtual Private Cloud) corresponding to a first user account by collecting API (Application Programming Interface) communication with a cloud service provider system, and one collected through the API communication unit. An information classification unit that analyzes the API for the VPC and classifies the information included in the API into VPC configuration information and security policy information, and identifies the objects constituting the VPC by analyzing the VPC configuration information, and identifies the relationship between the objects. VPC configuration analysis unit, a basic topology configuration unit that generates a basic security topology expressing the relationship between objects and objects constituting a VPC using information on the relationship between objects analyzed by the VPC configuration analysis unit, the VPC configuration analysis unit and A security policy analysis unit that identifies objects that make up the VPC by interlocking and analyzes the security policy information applied to the VPC to determine whether the network connection status between the objects and the security policy conflict and policy overlap for each virtual server. A connection topology configuration unit that processes and resolves security policy conflicts and policy duplication according to the priority of the set security policy, and creates a final security topology by displaying the network connection status between objects on the basic security topology, and the final security It relates to a cloud security topology generation system including an output unit for transmitting the topology to the outside.