零信任网络综述  被引量：25

作　　者：诸葛程晨 王群[1] 刘家银 梁广俊 ZHUGE Chengchen;WANG Qun;LIU Jiayin;LIANG Guangjun(Department of Computer Information and Network Security,Jiangsu Police Institute,Nanjing 210031,China)

机构地区：[1]江苏警官学院计算机信息与网络安全系,南京210031

出　　处：《计算机工程与应用》2022年第22期12-29,共18页Computer Engineering and Applications

基　　金：江苏警官学院高层次引进人才科研启动项目(JSPIGKZ/2911119220);江苏省高校自然科学研究重大项目(20KJA520004);江苏省高校优秀科技创新团队项目;公安技术、网络空间安全“十四五”江苏省重点学科项目;江苏省市场监督管理局科技计划项目(KJ21125027)。

摘　　要：针对目前网络安全形势日益严峻的问题,零信任网络给出了一种能够有效缓解传统网络安全威胁的架构及其设计与实现方法。零信任的核心思想是“永不信任,始终验证”,零信任网络是在传统网络架构中有效融入零信任机制的一种新型网络安全架构,将实现对网络中所有的对象进行验证,并授予其最小访问权限,同时对所有的访问行为进行持续、动态的评估决策。介绍了零信任网络的基本定义,指出了传统网络架构的不足之处,给出了零信任网络架构。重点从身份和访问管理、微分段以及软件定义边界等方面简述了零信任网络的关键技术,评价了各自的技术特点及应用场景。对目前零信任网络在大数据、云计算、5G和物联网等相关领域内的研究进展和成果进行了分析。对零信任网络进行了总结,并对未来的发展进行了展望。Aiming at the current increasingly challenging network security situation,zero trust network provides an archi-tecture and its design and implementation method that can effectively mitigate traditional network security threats.The core idea of zero trust is“never trust,always verify”,zero trust network is a new network security architecture that effec-tively integrates zero trust mechanism into the traditional network,which will verify all objects of the network and grant them minimum access rights,and make continuous and dynamic evaluation decisions on all access behaviors.Firstly,the basic definition of zero trust network is introduced,the shortcomings of traditional network architecture are pointed out,and the zero trust network architecture is given.Secondly,the key technologies of zero trust network are described,focusing on identity and access management,micro-segmentation and software-defined perimeter,and their technical characteris-tics and application scenarios are evaluated.In addition,the current research progress and results of zero trust network in related fields such as big data,cloud computing,5G and IoT,are analyzed.Finally,zero trust network is summarized and future development is prospected.

关 键 词：零信任网络 身份和访问管理 微分段 软件定义边界 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]