摘要
随着工业互联网与5G、云计算、大数据的融合,工业互联网服务能力得到极大提升,风险和挑战也随之剧增。基于目前工业互联网在接入安全、访问安全、数据安全和工控安全方面存在的风险,我们引入《软件定义边界标准规范2.0》提出的“网关-网关”模型,并对该模型进行了安全优化。对接入工业互联网的各类终端设备,启用了全新的轻量级身份验证方法,通过提取终端设备指纹,建立终端设备画像,持续收集终端设备的各类静态和动态特征信息,结合指纹库、画像库、身份库、策略库等对终端设备进行持续信任评估,认证设备可信身份,解决工业终端设备接入本地SDP网关的安全问题,从而建立更完善的零信任安全架构体系,确保工业设备联网安全。
With the integration of the Industrial Internet of Things(IIoT)and 5G,cloud computing,and big data,the ability of IIoT services is greatly enhanced,but the risks and challenges also increase.Based on the risks in link security,access security,data security,and industrial control security in the IIoT,we introduce the“Gateway-Gateway”model proposed in the“Software-Defined Perimeter Standard 2.0”and have optimized its security.For various terminal devices connected to the IIoT,we have adopted a new lightweight authentication method.By extracting the fingerprint of the terminal device,establishing the portrait of the terminal device,continuously collecting various static and dynamic feature information of the terminal device,and combining the fingerprint database,portrait database,identity database,policy database,etc.,we continuously evaluate the trust of the terminal device and authenticate the trustworthy identity of the device,thus solving the security problem of the terminal device accessing the local SDP gateway,and establishing a more complete zero-trust security architecture system to ensure the security of industrial device interconnection.
作者
吴青松
张玉
Wu Qingsong;Zhang Yu(Kuaiye Information Technology Co.,Ltd.,Nanjing Jiangsu,210012)
出处
《工业信息安全》
2023年第1期28-34,共7页
Industry Information Security
关键词
软件定义边界
工业互联网
安全接入
Software Defined Perimeter
Industrial Internet
Secure Access
