摘要
港口车站智能调度与控制系统接口众多,数据信息丰富,虚拟化、集群化技术运用广泛。通过对系统网络安全风险的分析,明确风险点及安全管理需求;基于零信任安全架构,提出适应不可知环境的网络安全技术方案:可动态调整虚拟用户的网络访问权限,构筑零信任身份安全边界,并对计算环境内存指令控制流进行智能安全监测,最终实现安全策略的统一管理,最大限度地避免系统遭受网络中不安全因素的威胁。
The Intelligent Scheduling and Control System for Port Station has many interfaces and rich data,and adopts virtualization and clustering technology.By analyzing the risk points and security management requirements,a network security technical scheme based on zero trust security architecture is put forward,which can adapt to any unknowable environment,dynamically adjusts the network access rights of virtual users,builds up a zero trust identity security boundary,and performs intelligent security monitoring over the memory instruction control flow of the computing environment,realizes the unified management of security policies and maximizes the protection of the system against the threat of insecure factors in the network.
出处
《铁道通信信号》
2022年第9期60-65,69,共7页
Railway Signalling & Communication
基金
中国铁道科学研究院集团有限公司通信信号研究所重点课题(2021HT09)。
关键词
铁路运输
港口车站
网络安全
智能调度与控制
零信任
等级保护
Railway transportation
Port station
Network security
Intelligent scheduling and control
Zero trust
Classified protection
