检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:高能[1] 彭佳[1] 王识潇 Gao Neng;Peng Jia;Wang Shixiao(Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100085)
出 处:《信息安全研究》2024年第10期886-895,共10页Journal of Information Security Research
摘 要:零信任被认为是一种新的安全范式,从安全模型视角,揭示了零信任架构以“身份和数据”为主线的安全模型深化与整合.零信任以身份为核心建立全景管控实体链条,围绕实体属性功能生命周期等建立深度防御,并集中重定向实体间信息的流动,整合信息通道,实现层层防护和细粒度动态化访问控制,最后从攻击者视角在信息流通道关键节点设置主动防御机制.由于零信任系统一定会成为高价值资产,探讨了零信任系统演进中与业务深度融合、零信任自身安全和弹性服务能力的新趋势.通过对零信任蕴含安全模型和自身安全性的分析,期望能够为零信任在应用中的架构设计、技术演进、应用安全提供更加清晰的技术发展路径.Zero trust is considered a new security paradigm.From the perspective of security models,this paper reveals the deepening and integration of security models in zero trust architecture,with“identity and data”as the main focus.Zero trust establishes a panoramic control object chain with identity at its core,builds defense-in-depth mechanisms around object attributes,functions,and lifecycles,and centrally redirects the flow of information between objects.It integrates information channels to achieve layered protection and fine-grained,dynamic access control.Finally,from an attacker’s perspective,it sets up proactive defense mechanisms at key nodes in the information flow path.Since zero trust systems are bound to become high-value assets,this paper also explores the essential issues of inherent security and resilient service capabilities in zero-trust systems.Through the analysis of the security models embedded in zero-trust and its inherent security,this paper aims to provide a clearer technical development path for the architectural design,technological evolution,and self-protection of zero trust in its application.
关 键 词:零信任 安全模型 身份信任模型 深度防御 访问控制 弹性化
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.26
