检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:唐敏璐 孟茹 TANG Minlu;MENG Ru(Information System Management and Consulting Department,Shanghai Computer Software Technology Development Center,Shanghai 201112,China;KOAL Software Co.,Ltd.,Shanghai 201112,China)
机构地区:[1]上海计算机软件技术开发中心信息系统管理与咨询部,上海201112 [2]格尔软件股份有限公司,上海201112
出 处:《信息安全与通信保密》2022年第10期124-132,共9页Information Security and Communications Privacy
摘 要:随着业界对零信任安全理念的诠释不断更新,对其理论基础和核心技术的不断完善,使其逐步演变为覆盖云环境、大数据中心、微服务等场景的新一代安全架构。基于“以密码为基石、以身份为中心、以权限为边界、持续信任评估、动态访问控制”的理念,对业务平台访问主体进行身份化管理,联动统一的授权管理和审计服务,为网络接入控制、应用访问控制、数据获取服务等场景提供了身份认证与权限控制,行为分析及责任认定,实现终端安全、传输安全、数据安全下全生命周期保障的闭环安全管控能力。With the gradual understanding of zero-trust in the industry,its theoretical foundation and core technologies continue to improve,gradually evolving into a new generation of security architecture covering cloud environments,big data centers,microservices and other scenarios. This paper proposes the concept of "taking cypher as the basis,identify as the core and permission as the border to perform trust evaluation continuously and visit control dynamically". Meanwhile,this paper also performs identity-based management for entities accessing the business platform,coordinates unified authorization management and auditing service,and provides identity authentication,permission control,behavior analysis and responsibility determination for such scenarios as network access control,application access control and data obtaining services,which contributes to the development of a closed-loop security management control capability of ensuring full life cycle protection of terminal security,transmission security and data security.
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.28
