摘要
零信任安全架构是对传统边界网络安全架构进行评估和审视,要求结合多种来源的信息资源和判别机制进行认证授权访问。然而由于零信任安全架构采用控制中心的体系架构来进行系统搭建,导致单一零信任系统核心组件和数据库易遭受攻击。将内生安全体系引入零信任安全架构,通过动态异构冗余机理将系统组件异构化改造,使得零信任安全架构获得了内生安全增益。安全性分析和动态性分析表明本系统架构具有普适性,能够集约化地实现网络服务、可靠性保障与安全防御等功能。
Zero-trust security architecture was used to evaluate and examine the security architecture of traditional border networks.It required the combination of information resources and discrimination mechanisms from multiple sources for authentication and authorization access.Due to the use of the control center architecture,the core components and databases of zero-trust system were vulnerable to attack.To solve these two problems,the endogenous security architecture was introduced into the zero-trust security architecture,and retrofitted the system components by the dynamic heterogeneous redundancy mechanism,so that the zero-trust security architecture obtained the endogenous security gain.The security analysis and dynamic analysis showed that the proposed system architecture was universal,and could intensively realize the functions of network service,assure the reliability,and increase the security defense.
作者
郭军利
许明洋
原浩宇
曾俊杰
张建辉
GUO Junli;XU Mingyang;YUAN Haoyu;ZENG Junjie;ZHANG Jianhui(Zhongyuan Network Security Research Institute,Zhengzhou University,Zhengzhou 450002,China;School of Cyber Science and Engineering,Zhengzhou University,Zhengzhou 450002,China;National Digital Switching System Engineering&Technological R&D Center,Zhengzhou 450002,China)
出处
《郑州大学学报(理学版)》
CAS
北大核心
2022年第6期51-58,共8页
Journal of Zhengzhou University:Natural Science Edition
基金
国家电网有限公司总部科技项目(5108-202224046A-1-1-ZN)。
关键词
零信任
网络安全架构
内生安全
动态调度
zero trust
network security architecture
endogenous security
dynamic scheduling
