重庆大学学报2024,Vol.47Issue(8):81-89,9.DOI:10.11835/j.issn.1000.582X.2024.08.008
面向电网安全的零信任动态访问控制
Zero trust dynamic access control for power grid security
摘要
Abstract
With the continuous development and application of information and communication technology in power information system,the protection boundary of power grid is gradually blurred,and external attacks and internal threats are increasingly serious. It is urgent to carry out effective access control to the information resources of power system to ensure its data security. Based on the general security protection framework of power grid secondary system and zero-trust security mechanism,this paper proposes a zero-trust dynamic access control model for power grid information security. By analyzing the attributes of the access subject and the characteristics of the behavior information of the power grid system,the model comprehensively considers the influence of threatening behavior,sliding window,punishment mechanism and other factors on the access control,and realizes the continuous evaluation and dynamic control of the access subject trust value. The results of simulation experiments show that increasing the recommended trust can reasonably take into account both subjective and objective trust evaluations,which makes the assessment of the trust value of the access subject of the power grid more accurate. In addition,in response to external threat behaviors,the trust evaluation engine will rapidly update the comprehensive trust value of the visitor,making it impossible for illegal subjects to gain access to the system,with better fine-grained control.关键词
零信任/电网信息安全/动态访问控制/安全防护架构/信任值Key words
zero trust/power grid information security/dynamic access control/security protection framework/trust values分类
信息技术与安全科学引用本文复制引用
陈岑,屈志昊,汪明,魏兴慎,钱珂翔..面向电网安全的零信任动态访问控制[J].重庆大学学报,2024,47(8):81-89,9.基金项目
国家电网科技项目(5108-202224046A-1-1-ZN).Supported by Technology Project of State Grid Co.,Ltd.(5108-202224046A-1-1-ZN). (5108-202224046A-1-1-ZN)
