摘要
新型电力系统的建设正朝着云边端一体化方向发展,云边端架构带来灵活性和可扩展性的同时,也带来了数据隐私安全、非法操作、缺乏标准化集成方案等问题。基于此,文章提出一种结合云边端架构特点的基于属性的安全访问控制方案(cloud-edge-device attribute-based access control,CED-ABAC),方案通过边缘融合终端进行重加密,既保护数据安全,又减轻终端设备的通信开销,在策略授权方面,使用可扩展的访问控制标记语言(extensible access control markup language,XACML)设计授权策略和策略匹配算法,实现对多终端访问控制策略的同时下发,更高效地解决标准化集成问题。同时通过实验仿真,证明CED-ABAC方案的效率和性能相比于已有方案具有明显优势。
The construction of a new type of power system is developing in the direction of cloud-edge-device integration.While the cloud-edge-device architecture brings flexibility and scalability,it also brings problems such as data privacy security,illegal operations,and lack of standardized integration solutions.Based on this,this paper proposes a secure access control scheme(cloud-edge-device attribute-based access control,CED-ABAC)combining the characteristics of cloud-edge-device architecture.The scheme uses edge fusion terminals for re-encryption,which protects data security and reduces the communication cost of terminal devices.In terms of policy authorization,extensible access control markup language(XACML)is used to design authorization policies and policy matching algorithms,achieving simultaneous issuance of access control policies for multiple terminals,and more efficiently solving standardized integration problems.Meanwhile,through experimental simulation,it has been proven that the CED-ABAC scheme has significant advantages in efficiency and performance compared to existing schemes.
作者
吴克河
韩扬
田峥
孙毅臻
吴雨希
过耀东
WU Kehe;HAN Yang;TIAN Zheng;SUN Yizhen;WU Yuxi;GUO Yaodong(School of Control and Computer Engineering,North China Electric Power University,Changping District,Beijing 102206,China;Information&Communication Branch,State Grid Hunan Electric Power Co.,Ltd.,Changsha 410004,Hunan Province,China;Chenzhou Power Supply Company,State Grid Hunan Electric Power Co.,Ltd.,Chenzhou 423000,Hunan Province,China)
出处
《电力信息与通信技术》
2024年第7期1-8,共8页
Electric Power Information and Communication Technology
基金
国家电网有限公司总部管理科技项目资助“支持新型业务终端接入的威胁智能防控关键技术研究”(5700202223189A11ZN)。
关键词
新型电力系统
云边端
访问控制
XACML
a new type of power system
cloud-edge-device
access control
XACML