|国家科技期刊平台
| 注册
首页|期刊导航|信息安全研究|基于零信任架构与最小权限原则的配电终端物联网数据共享访问控制方法

基于零信任架构与最小权限原则的配电终端物联网数据共享访问控制方法

林奕夫 陈雪 徐梦宇 陈云

信息安全研究2024,Vol.10Issue(10):937-943,7.
信息安全研究2024,Vol.10Issue(10):937-943,7.DOI:10.12379/j.issn.2096-1057.2024.10.07

基于零信任架构与最小权限原则的配电终端物联网数据共享访问控制方法

Data Sharing Access Control Method for Distribution Terminal IoT Based on Zero Trust Architecture and Least Privilege Principle

林奕夫 1陈雪 2徐梦宇 3陈云3

作者信息

  • 1. 国网福建省电力有限公司 福州 350003
  • 2. 国网福建省电力有限公司经济技术研究院 福州 350013
  • 3. 上海物盾信息科技有限公司 上海 201100
  • 折叠

摘要

Abstract

To maximize the security of IoT data sharing in distribution terminals,a data sharing access control method for distribution terminal IoT based on zero trust architecture and least privilege principle is proposed.We have developed a zero-trust-based IoT data sharing access control framework,which verifies user identity and access control permissions through identity authentication modules.After user access,IDS modules identify obvious network attack behaviors,while behavior trust measurement proxies in user behavior measurement modules,calculate user trust based on historical user behavior measurement data stored in trust measurement databases,and periodically evaluate user behavior trust levels,identify long-term and highly covert network attack behaviors.These proxies also periodically evaluate user behavior trust levels,identify long-term and highly covert network attack behaviors,and use behavioral trust-based access decision agents to allocate user roles based on the user trust level and the principle of least privilege,formulating and implementing access decisions.The IoT controller dynamically adjusts user resource access permissions based on trust measurement results,and achieves dynamic adjustment of user distribution terminal IoT resource access permissions by sending flow tables.The experimental results show that this method can accurately control the shared access of IoT data,and has more comprehensive performance.It has the least redundant permissions while completing user access tasks,which not only meets user access requirements but also ensures network data security.

关键词

零信任架构/最小权限原则/配电终端/物联网/用户信用度/冗余权限

Key words

zero trust architecture/the principle of least privilege/distribution terminal/Internet of things/user credit/redundant permission

分类

信息技术与安全科学

引用本文复制引用

林奕夫,陈雪,徐梦宇,陈云..基于零信任架构与最小权限原则的配电终端物联网数据共享访问控制方法[J].信息安全研究,2024,10(10):937-943,7.

基金项目

国家电网有限公司总部科技项目(5400-202255148A-1-1-ZN) (5400-202255148A-1-1-ZN)

信息安全研究

OA北大核心CSTPCD

2096-1057

访问量0
|
下载量0
段落导航相关论文