面向电网安全的零信任动态访问控制OA北大核心CSTPCD
Zero trust dynamic access control for power grid security
随着信息通信技术在电力信息系统中的不断发展和应用,电网的防护边界逐渐模糊,外部攻击和内部威胁日益严重,急需对电力系统信息资源的访问进行有效控制,确保数据安全.本文在电网二次系统安全防护总体框架的基础上,结合零信任安全机制,提出面向电网信息安全的零信任动态访问控制模型.该模型通过分析电网系统的访问主体属性与行为信息的特点,综合考虑威胁行为、滑动窗口、惩罚机制等因素对访问控制的影响,实现对访问主体信任值的持续评估和动态控制.仿真实验结果表明,增加推荐信任能合理兼顾主观和客观2种信任评价,使电网访问主体的信任值评估更准确.此外,针对外部威胁行为,信任评估引擎会迅速更新访问者的综合信任值,使非法主体无法获得系统的访问权限,具有更好的控制细粒度.
With the continuous development and application of information and communication technology in power information system,the protection boundary of power grid is gradually blurred,and external attacks and internal threats are increasingly serious. It is urgent to carry out effective access control to the information resources of power system to ensure its data security. Based on the general security protection framework of power grid secondary system and zero-trust security mechanism,this paper proposes a zero-trust dynamic access control model for power grid information security. By analyzing the attributes of the access subject and the characteristics of the behavior information of the power grid system,the model comprehensively considers the influence of threatening behavior,sliding window,punishment mechanism and other factors on the access control,and realizes the continuous evaluation and dynamic control of the access subject trust value. The results of simulation experiments show that increasing the recommended trust can reasonably take into account both subjective and objective trust evaluations,which makes the assessment of the trust value of the access subject of the power grid more accurate. In addition,in response to external threat behaviors,the trust evaluation engine will rapidly update the comprehensive trust value of the visitor,making it impossible for illegal subjects to gain access to the system,with better fine-grained control.
陈岑;屈志昊;汪明;魏兴慎;钱珂翔
国网河南省电力公司电力科学研究院,郑州 450052河海大学计算机与软件学院,南京 210089国家电网有限公司北京 100031国网电力科学研究院有限公司南京 211102国网智能电网研究院有限公司北京 102209
计算机与自动化
零信任电网信息安全动态访问控制安全防护架构信任值
zero trustpower grid information securitydynamic access controlsecurity protection frameworktrust values
《重庆大学学报》 2024 (008)
81-89 / 9
国家电网科技项目(5108-202224046A-1-1-ZN).Supported by Technology Project of State Grid Co.,Ltd.(5108-202224046A-1-1-ZN).
评论