摘要
通过对5G云网融合时代的安全需求分析,研究零信任的基本原则,包括不依赖位置、不信任流量、动态访问控制等;研究零信任的基本架构,结合5G云网架构,提出了3种可行的应用防护方案,包括客户自建的OTT模式、利用现有VPDN改造模式、公共零信任架构模式,并进行了比较。分析了客户在5G云网中的应用场景,包括远程访问、安全上云、移动办公等,以及在这些场景中零信任架构可以给客户带来的价值,如实现应用隐藏、动态控制,确保应用的安全性。
Based on the analysis of security requirements in the era of 5G cloud-network convergence,the basic principles of zero trust were studied,including not rely on location,untrusted traffic,and dynamic access control.The basic architecture of zero-trust was studied,combining with 5G cloud network architecture,the feasible application protection solutions include the customer-built OTT model,the use of the existing VPDN model,and the public zero-trust architecture model was proposed and compared.The application scenarios of customers in 5G cloud network were analyzed,including remote access,secure cloud,mobile office,etc.In these scenarios,the value that zero-trust architecture can bring to customers was proposed,such as application hiding and dynamic control,ensure the application safety.
作者
何国锋
HE Guofeng(Institute of Applied Security,Research Institute of China Telecom Co.,Ltd.,Shanghai 200122,China)
出处
《电信科学》
2020年第12期123-132,共10页
Telecommunications Science
关键词
网络安全
动态访问控制
应用隐藏
零信任
5G
应用防护
network security
dynamic access control
application hiding
zero trust
5G
application protection
