信息安全研究 ›› 2024, Vol. 10 ›› Issue (1): 88-.

• 技术应用 • 上一篇    下一篇

基于零信任安全模型的电力敏感数据访问控制方法

林奕夫1陈雪1许媛媛2汤晓冬3唐仁杰3边珊3   

  1. 1(国网福建省电力有限公司经济技术研究院福州350013)
    2(中国电力科学研究院有限公司北京100192)
    3(上海物盾信息科技有限公司上海201100)
  • 出版日期:2024-01-10 发布日期:2024-01-21
  • 通讯作者: 林奕夫 硕士, 工程师.主要研究方向为电气工程. yf.lin@qq.com
  • 作者简介:林奕夫 硕士, 工程师.主要研究方向为电气工程. yf.lin@qq.com 陈雪 硕士,高级工程师.主要研究方向为配电技术. 50580111@qq.com 许媛媛 工程师.主要研究方向为配电技术. 18515813271@163.com 汤晓冬 工程师.主要研究方向为物联网安全. tang@wudun.net 唐仁杰 工程师.主要研究方向为物联网安全. renjie.tang@wudun.net 边珊 硕士,工程师.主要研究方向为物联网安全. qslshan@wudun.net

Power Sensitive Data Access Control Method Based on Zero Trust Security Model

Lin Yifu1, Chen Xue1, Xu Yuanyuan2, Tang Xiaodong3, Tang Renjie3, and Bian Shan3   

  1. 1(Economic and Technological Research Institute of State Grid Fujian Electric Power Co., Ltd., Fuzhou 350013)
    2(China Electric Power Research Institute, Beijing 100192)
    3(Shanghai Wudun Information Technology Co., Ltd., Shanghai 201100)
  • Online:2024-01-10 Published:2024-01-21

摘要: 针对大数据环境下数据访问控制难度大、数据窃取行为增多造成的电力敏感数据的大量泄露问题,为保护电力敏感数据安全,提出了以零信任安全模型为基础的电力敏感数据访问控制方法.以零信任安全模型为基础,采集用户访问行为信任因素,构建零信任安全模型,采用层次分解模型分解信任属性,基于权重分配法构建判断矩阵计算用户访问行为信任值,结合自适应机制和时间衰减算法,完善信任值的更新与记录.引用按层生长决策树进行电力敏感数据访问分级,在用户认证基础上设置签密参数,引用公私钥实现访问认证信息签密.实验测试结果表明,该方法能够有效抑制恶性数据访问行为,数据加密时间开销小,平均时间开销低于1.4s内1200条,访问控制失误率低于5%,整体控制效果达到了理想标准.

关键词: 零信任安全, 电力敏感数据, 敏感数据访问, 访问控制, 权重分配法

Abstract: In order to protect the security of power sensitive data, the access control method of power sensitive data based on zerotrust security model was proposed, aiming at the problem of large amount of leakage of power sensitive data caused by the difficulty of data access control and the increase of data theft in big data environment. Based on the zerotrust security model, this paper collected the trust factors of users’ access behavior, constructed the zerotrust security model, decomposed the trust attributes by using the hierarchical decomposition model, constructed a judgment matrix based on the weight distribution method to calculate the trust value of users’ access behavior, and combined the adaptive mechanism and the time decay algorithm to improve the update and record of the trust value. The hierarchical growth decision tree is used to classify the access of power sensitive data. On the basis of user authentication, signcryption parameters are set, and public and private keys are used to sign the access authentication information. The experimental results showed that this method can effectively suppress the vicious data access behavior, and the data encryption time overhead was low, the average time overhead was less than 1.4s1200, and the access control error rate was less than 5%. The overall control effect reached the ideal standard.

Key words: zero trust security, power sensitive data, sensitive data access, access control, weight allocation method

中图分类号: