基于零信任的5G网络切片安全研究

Research on Zero-Trust-Based 5G Network Slicing Security

随着5G网络的广泛部署和网络切片技术的出现,安全问题逐渐成为5G网络建设中不可忽视的一部分。在5G网络中,传统基于边界的安全防护架构无法满足更高安全需求的挑战,而不再划分信任区域、持续验证的零信任架构逐渐得到认可。分析切片现有安全技术缺陷,结合软件定义安全边界的思想,设计了基于零信任的切片安全架构。在信任评估中引入基于服务质量参数的可信度量方法,从可用性、可靠性和实时性角度建立可信度量过程,为持续验证用户是否可信、提供细粒度的访问控制决策奠定了基础。试验结果初步验证了可信度量方法的可行性。所设计的零信任网络安全架构和可信度量方法对信息安全防御相关研究和工程技术人员具有借鉴意义。

With the widespread deployment of 5G network and the emergence of network slicing technology,security has gradually become a part of 5G network construction that cannot be ignored.In 5G network,the traditional boundary-based security protection architecture cannot meet the challenge of higher security requirements,and the zero-trust architecture,which no longer divides the trust region and continuously verifies,is gradually recognized.Analyzing the existing security technology defects of slicing and combining the idea of software-defined security boundary,a zero-trust-based slicing security architecture is designed.The trust measurement method based on quality of service parameters is introduced in trust assessment,and the trust measurement process is established from the perspectives of availability,reliability,and real-time,which lays the foundation for continuously verifying whether the user is trustworthy or not and providing fine-grained access control decisions.The experimental results preliminarily verify the feasibility of the trustworthiness measurement method.The designed zero-trust network security architecture and trustworthiness measurement method are of great significance to researchers and engineers related to information security defense.