零信任安全体系研究

Research on Zero-trust Security System

随着业界对零信任安全理念的诠释不断更新,对其理论基础和核心技术的不断完善,使其逐步演变为覆盖云环境、大数据中心、微服务等场景的新一代安全架构。基于“以密码为基石、以身份为中心、以权限为边界、持续信任评估、动态访问控制”的理念,对业务平台访问主体进行身份化管理,联动统一的授权管理和审计服务,为网络接入控制、应用访问控制、数据获取服务等场景提供了身份认证与权限控制,行为分析及责任认定,实现终端安全、传输安全、数据安全下全生命周期保障的闭环安全管控能力。

With the gradual understanding of zero-trust in the industry,its theoretical foundation and core technologies continue to improve,gradually evolving into a new generation of security architecture covering cloud environments,big data centers,microservices and other scenarios. This paper proposes the concept of "taking cypher as the basis,identify as the core and permission as the border to perform trust evaluation continuously and visit control dynamically". Meanwhile,this paper also performs identity-based management for entities accessing the business platform,coordinates unified authorization management and auditing service,and provides identity authentication,permission control,behavior analysis and responsibility determination for such scenarios as network access control,application access control and data obtaining services,which contributes to the development of a closed-loop security management control capability of ensuring full life cycle protection of terminal security,transmission security and data security.