基于序参量的云边端分布式体系协同安全评估  

作　　者：范其纲 蒋忠元 李兴华 马建峰 FAN Qigang;JIANG Zhongyuan;LI Xinghua;MA Jianfeng(School of Cyber Engineering,Xidian University,Xi'an 710126,China)

机构地区：[1]西安电子科技大学网络与信息安全学院,陕西西安710126

出　　处：《网络与信息安全学报》2024年第3期38-51,共14页Chinese Journal of Network and Information Security

基　　金：陕西省重点研发项目(2023-YBGY-270)。

摘　　要：基于云边端的分布式计算体系成功服务于众多应用,已经成为一种主流,具有受众广、用户体验好、安全期望高等特点。然而,近年来针对云、边、端的攻击事件频发,给用户造成严重的安全隐患与巨大经济损失。当前云、边、端的防御机制各自为战,抵御风险的能力差异大,全域安全风险消除难。事前配置和事后“亡羊补牢”式的安全手段难以满足高负载、高实时的云边端协同网络的安全需求。其根源在于云、边、端分层架构各自为营,未形成有效的协同防御体系,导致产生跨域安全治理难度大、实时性差、协同一致性评估难等问题。提出了实时感知、动态决策、积极防御三位一体的云边端协同安全架构,深度融合云、边、端,形成安全协同能力,并进行严格理论一致性证明;提出了基于序参量的协同安全评估模型,实现云、边、端风险感知一致,策略决策一致,攻击防御一致,实行高效率、低成本的安全风险协同防护,最大化系统性安全收益;对一致性理论与评估模型进行仿真验证,结果证明了提出的协同安全体系以及一致性评价模型的正确性与有效性。Distributed computing systems based on cloud-edge-device have been successfully serving thousands of applications and have become mainstream,characterized by a wide audience,high user experience requirements,and high security expectations.However,in recent years,frequent attacks on cloud-edge-device systems have resulted in serious security risks and significant economic losses for users.The defense mechanisms of cloud-edge-device systems have been found to operate independently,leading to major differences in the ability to resist risks,which makes it difficult to eliminate global security risks.Security measures of the pre-configuration and post-event remedy type have been found to hardly meet the security needs of high-load and high real-time in cloud-edge-device collaborative networks.The root cause has been identified as the hierarchical architecture of cloud-edge-device systems being separate,and no effective collaborative defense system has been formed,leading to problems such as difficult cross-domain security governance,poor real-time performance,and difficult collaborative consistency evaluation.Firstly,a cloud-edge-device collaborative security architecture that integrates real-time perception,dynamic decision,and proactive defense was proposed.The cloud-edge-device security collaboration capability was established through rigorous theoretical consistency proofs.Secondly,a collaborative security assessment model based on the order parameter was put forward to achieve consistency of risk perception,decision,and defense.In this way,the efficient and low-cost collaborative protection of security risks could be realized to maximize systemic security benefits.Finally,the consistency theory and assessment method were verified through simulations.The results show that the proposed collaborative security system and consistency evaluation model are correct and effective.

关 键 词：云边端 协同一致性 安全评估 序参量 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]