摘要
为进一步提高铁路云平台网络安全防护能力,参照信息系统安全等级保护的有关要求,在铁路云平台网络安全保障体系框架下,提出一种铁路云平台细粒度访问控制方案;该方案采用零信任访问控制策略,由代理程序、数据总线、安全网关和安全模块4个部件协同完成安全的数据传输,利用标记技术实现域内和跨域的细粒度强制访问控制,在保持原有安全部署的基础上,有效提升铁路云平台的安全防护能力。
In order to further improve the ability of network security protection of railway cloud platform,a finegrained access control scheme of railway cloud platform is put forward in the framework of network security protection syetem for railway cloud platform according to the basline of classified protection of information system security.By adopting zero trust access control policy,secure data trassimission is completed through the interaction of four major components including the agent,data bus,security gateway and security module.Besides,labeling technique is adopted to realize fine-grained mandatory access control in and across domains,effectively improving the security protection ability of the cloud platform while maintaining the existing deployment of security protection.
作者
锁向荣
齐胜
张悦斌
朱贺
SUO Xiangrong;QI Sheng;ZHANG Yuebin;ZHU He(SinoRail Information Engineering Group,Beijing 100044,China;SinoRail(Beijing)Network Technology Research Institute,Beijing 100044,China)
出处
《铁路计算机应用》
2021年第4期45-49,共5页
Railway Computer Application
基金
城市轨道交通系统安全保障技术国家工程实验室项目(发改办高技[2016]583号)。
关键词
铁路云平台
网络安全防护
细粒度访问控制
零信任
标记技术
强制访问控制
railway cloud platform
network security protection
fine-grained access control
zero trust
labeling technique
mandatory access control
