检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:王斯梁 冯暄[1] 蔡友保 陈翼[1] Wang Siliang;Feng Xuan;Cai Youbao;Chen Yi(Institute of Computer Science of Sichuan Province,Chengdu 610041)
出 处:《信息安全研究》2020年第11期966-971,共6页Journal of Information Security Research
基 金:四川省科技厅高新技术重大专项(2020YFG0030)。
摘 要:云计算、大数据和移动互联网的快速发展,带来日趋开放和动态的网络边界,快速增长的用户群体、灵活的移动办公模式导致内网边界也日趋复杂与模糊,使得基于边界的传统安全防护体系逐渐失效,无法阻止内部人攻击和外部的APT攻击.零信任安全模型通过建立以用户身份为中心,用户、终端设备、访问行为为信任决策要素的新安全架构,对来自企业内外部的所有访问进行信任评估和动态访问控制,减小网络攻击面,实现保护企业数据资源的目标.对零信任理论模型进行了解析,提出了模型的应用思路、实现框架和实现机制,给出了移动互联网、云计算和大数据等应用场景中的可行解决方案,最后还总结了零信任模型在实际应用中的改进措施.With the rapid development of technologies of cloud computing,big data and mobile internet,it brings the increasingly open and complex network boundaries and also with fast changing user groups.The flexible mobile office mode leads to the increasingly complex and fuzzy inner network boundary,which made the traditional safety protection system based on boundary gradually fail.It also could unable to prevent insider attacks and external APT attacks.Zero trust architecture focuses on identity,and also users,clients and behaviors as subset.Trust assessment and dynamic access control for all access from inside and outside the enterprise are implemented,which could reduce attack area and realize the objection of protection of the resource data.This paper analyzes the theoretical model of zero trust architecture.The application idea,implementation framework and mechanism of the model are proposed.The feasible solutions of mobile Internet,cloud computing and big data are given in the paper.Finally,the improvement measures of zero trust model in practical application are summarized.
关 键 词:零信任安全模型 信任评估 访问控制 身份认证 解决方案
分 类 号:TP301[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.117
