新型电力系统面向云边端架构的安全访问控制技术研究

Research on Security Access Control Technology for Cloud-edge-device Architecture in a New Type of Power System

新型电力系统的建设正朝着云边端一体化方向发展,云边端架构带来灵活性和可扩展性的同时,也带来了数据隐私安全、非法操作、缺乏标准化集成方案等问题。基于此,文章提出一种结合云边端架构特点的基于属性的安全访问控制方案(cloud-edge-device attribute-based access control,CED-ABAC),方案通过边缘融合终端进行重加密,既保护数据安全,又减轻终端设备的通信开销,在策略授权方面,使用可扩展的访问控制标记语言(extensible access control markup language,XACML)设计授权策略和策略匹配算法,实现对多终端访问控制策略的同时下发,更高效地解决标准化集成问题。同时通过实验仿真,证明CED-ABAC方案的效率和性能相比于已有方案具有明显优势。

The construction of a new type of power system is developing in the direction of cloud-edge-device integration.While the cloud-edge-device architecture brings flexibility and scalability,it also brings problems such as data privacy security,illegal operations,and lack of standardized integration solutions.Based on this,this paper proposes a secure access control scheme(cloud-edge-device attribute-based access control,CED-ABAC)combining the characteristics of cloud-edge-device architecture.The scheme uses edge fusion terminals for re-encryption,which protects data security and reduces the communication cost of terminal devices.In terms of policy authorization,extensible access control markup language(XACML)is used to design authorization policies and policy matching algorithms,achieving simultaneous issuance of access control policies for multiple terminals,and more efficiently solving standardized integration problems.Meanwhile,through experimental simulation,it has been proven that the CED-ABAC scheme has significant advantages in efficiency and performance compared to existing schemes.