摘要
随着信息通信技术在电力信息系统中的不断发展和应用,电网的防护边界逐渐模糊,外部攻击和内部威胁日益严重,急需对电力系统信息资源的访问进行有效控制,确保数据安全。本文在电网二次系统安全防护总体框架的基础上,结合零信任安全机制,提出面向电网信息安全的零信任动态访问控制模型。该模型通过分析电网系统的访问主体属性与行为信息的特点,综合考虑威胁行为、滑动窗口、惩罚机制等因素对访问控制的影响,实现对访问主体信任值的持续评估和动态控制。仿真实验结果表明,增加推荐信任能合理兼顾主观和客观2种信任评价,使电网访问主体的信任值评估更准确。此外,针对外部威胁行为,信任评估引擎会迅速更新访问者的综合信任值,使非法主体无法获得系统的访问权限,具有更好的控制细粒度。
With the continuous development and application of information and communication technology in power information system,the protection boundary of power grid is gradually blurred,and external attacks and internal threats are increasingly serious.It is urgent to carry out effective access control to the information resources of power system to ensure its data security.Based on the general security protection framework of power grid secondary system and zero-trust security mechanism,this paper proposes a zero-trust dynamic access control model for power grid information security.By analyzing the attributes of the access subject and the characteristics of the behavior information of the power grid system,the model comprehensively considers the influence of threatening behavior,sliding window,punishment mechanism and other factors on the access control,and realizes the continuous evaluation and dynamic control of the access subject trust value.The results of simulation experiments show that increasing the recommended trust can reasonably take into account both subjective and objective trust evaluations,which makes the assessment of the trust value of the access subject of the power grid more accurate.In addition,in response to external threat behaviors,the trust evaluation engine will rapidly update the comprehensive trust value of the visitor,making it impossible for illegal subjects to gain access to the system,with better fine-grained control.
作者
陈岑
屈志昊
汪明
魏兴慎
钱珂翔
CHEN Cen;QU Zhihao;WANG Ming;WEI Xingshen;QIAN Kexiang(State Grid Henan Electric Power Research Institute,Zhengzhou 450052,P.R.China;College of Computer Science and Software Engineering,Hohai University,Nanjing 210089,P.R.China;State Grid Corporation of China,Beijing 100031,P.R.China;State Grid Electric Power Research Institute Co.,Ltd.,Nanjing 211102,P.R.China;State Grid Smart Grid Research Institute Co.,Ltd.,Beijing 102209,P.R.China)
出处
《重庆大学学报》
CAS
CSCD
北大核心
2024年第8期81-89,共9页
Journal of Chongqing University
基金
国家电网科技项目(5108-202224046A-1-1-ZN)。
关键词
零信任
电网信息安全
动态访问控制
安全防护架构
信任值
zero trust
power grid information security
dynamic access control
security protection framework
trust values