工业互联网公共服务平台信任架构建设探究  被引量：1

作　　者：宁黄江 郭翔宇 安健 刘芮汐 NING Huangjiang;GUO Xiangyu;AN Jian;LIU Ruixi(China Software Testing Center,Beijing 100048,China)

机构地区：[1]中国软件评测中心,北京100048

出　　处：《工业技术创新》2022年第2期97-103,共7页Industrial Technology Innovation

摘　　要：工业互联网(Industrial Internet)是新一代信息通信技术与工业经济深度融合的新型基础设施、应用模式和工业生态,实现人、机、物、系统等网络连接,但由于工业互联网具有开放特征,其内部各层级暴露于互联网,带来较大安全隐患。针对工业互联网公共服务平台IT域和OT域信任边界模糊的问题,设计了一种分层的公共服务平台信任架构。引入信任计算机制与零信任协作模型,形成了可信连接、可信设备、可信用户和可信业务兼备的信任管控与评估架构;通过可信连接机制、可信手段特征化、工业安全姿态感知等多种手段,解决了信任域之间敏感信息脱敏和情报共享的问题。形成了企业、边缘计算网关和公共服务平台三方分层解耦的工业互联网公共服务平台信任架构,可以更好应对当前工业互联网公共服务面临的安全挑战,对促进企业实现数字化转型、提升智能化运营水平起到了安全保护和支持服务作用。The Industrial Internet is a new type of infrastructure,application model,and industrial ecology that deeply integrates the new generation of information and communication technology with the industrial economy,which realizes the network connection of people,machines,objects and systems,but due to the openness of the Industrial Internet,its all levels inside expose to the Internet outside,which brings great security risks.To solve the current problem that the trust boundary between IT domain and OT domain of Industrial Internet public service platform is fuzzy,a hierarchical trust architecture of Industrial Internet public service platform was designed.By introducing the trust computing mechanism and the zero-trust cooperation model,trust management and evaluation framework with trusted connections,trusted devices,trusted users,and trusted services were formed.By means of trusted connection mechanism,characterization of trusted means and industrial security posture awareness,etc.,the problem of desensitization of sensitive information and information sharing between trust domains was solved.The trust architecture of Industrial Internet public service platform with hierarchical decoupling among enterprises,edge computing gateways,and public service platforms has been formed to better cope with the security challenges faced by the current Industrial Internet public service,which plays a security protection and supporting service role in promoting the digital transformation of enterprises and improving the intelligent operation level of enterprises.

关 键 词：工业互联网安全 公共服务平台 IT域和OT域 信任计算 零信任协作模型 

分 类 号：TP393.0[自动化与计算机技术—计算机应用技术]