摘要
由于传统的访问控制体系不能满足泛在接入场景下移动办公的安全要求,提出了一种基于零信任理念的访问控制模型ZTBAC.该模型通过对访问主体的属性及行为信息进行持续信任评估,实现了访问权限的动态分配,其信任度量体系考虑了权限阈值的动态调整.基于该模型构建的移动办公架构和仿真实验表明,ZTBAC模型可以满足移动办公中对访问控制的要求,同时相对于传统的基于信任的访问控制模型,ZTBAC模型在权限管理、抵御信任攻击上有显著优势.
The traditional access control system can not meet the security requirements of mobile office in ubiquitous access scenarios. This paper firstly proposes an access control model ZTBAC based on the concept of zero trust. This model realizes the dynamic allocation of access rights by continuously evaluating the attributes and behavior information of access subjects, and its trust measurement system considers the dynamic adjustment of permission threshold. The mobile office architecture and simulation experiments based on this model show that ZTBAC model can meet the requirements of access control in mobile office. At the same time, compared with the traditional trust-based access control model, ZTBAC model has significant advantages in authority management and resisting trust attacks.
作者
张刘天
陈丹伟
Zhang Liutian;Chen Danwei(School of Computer Science,Nanjing University of Post and Telecommunications,Nanjing 210023)
出处
《信息安全研究》
2022年第10期1008-1017,共10页
Journal of Information Security Research
基金
国家自然科学基金项目(61672016)
先进密码技术与系统安全四川省重点实验室开放课题(SKLACSS-202114)。
关键词
零信任
访问控制
信任计算
移动办公
权限管理
zero trust
access control
trust computing
mobile office
authority management