检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:马俊明 MA Junming(CETC Pengyue Electronic Technology Co.,Ltd.,Taiyuan Shanxi 030028,China)
机构地区:[1]中电科鹏跃电子科技有限公司,山西太原030028
出 处:《信息安全与通信保密》2022年第1期81-88,共8页Information Security and Communications Privacy
基 金:山西省重点研发计划项目“基于IBC的工业网络安全管控系统”(No.201903D21140)。
摘 要:传统IT网络安全架构基于内网安全的假设,安全边界一旦被突破,传统网络安全防护就可能失效,导致网络系统受到严重破坏。为解决上述问题,设计了一种基于标识密码的零信任安全方案。在防护网络中,所有用户和设备都被赋予唯一访问标识,基于国产密码体系搭建标识密钥基础设施,构建统一身份认证体系,对系统主体及客体实施身份认证和加密传输,同时利用策略管理系统对安全凭证进行持续信任评估,实现了零信任网关对访问主体的动态访问控制并为其设定访问所需的最小权限,从而确保系统的整体安全。The traditional IT cyber security architecture is based on the assumption of intranet security.Once the security boundary is broken through,the traditional cyber security protection may fail,resulting in serious damage to the network system.In order to deal with the above problems,a zero trust security scheme based on identity password is designed.All users and equipments are given unique access identities in the protected network.Based on the domestic cryptographic system,the IBC key infrastructure is built,and a unified identity authentication system is constructed to implement identity authentication and encrypted transmission for the system subject and object.At the same time,the policy management system is used to continuously evaluate the trust of security credentials,which realizes the dynamic access control of the zero trust gateway to the access subject,and sets the minimum access permissions,so as to ensure the overall security of the system.
分 类 号:TP393.0[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.23.94.64
