信息安全研究 ›› 2024, Vol. 10 ›› Issue (3): 241-.

• 学术论文 • 上一篇    下一篇

基于角色和属性的零信任访问控制模型研究

许盛伟1田宇2邓烨3刘昌赫3刘家兴2


  

  1. 1(北京电子科技学院信息安全研究所北京100070)
    2(北京电子科技学院网络空间安全系北京100070)
    3(北京电子科技学院密码科学与技术系北京100070)

  • 出版日期:2024-03-23 发布日期:2024-03-08
  • 通讯作者: 田宇 硕士研究生.主要研究方向为网络安全、密码应用. 923854537@qq.com
  • 作者简介:许盛伟 博士,教授,博士生导师.主要研究方向为大数据安全、网络信任体系、密码应用. 18510529691@163.com 田宇 硕士研究生.主要研究方向为网络安全、密码应用. 923854537@qq.com 邓烨 硕士研究生.主要研究方向为网络安全、密码应用. dyaipai@163.com 刘昌赫 硕士研究生.主要研究方向为密码应用、网络安全. lch99722@126.com 刘家兴 硕士研究生.主要研究方向为密码应用、网络安全. 1260201496@qq.com

Research on Zero Trust Access Control Model Based on Role and Attribute#br#
#br#

Xu Shengwei1, Tian Yu2, Deng Ye3, Liu Changhe3, and Liu Jiaxing2#br#

#br#
  

  1. 1(Institute of Information Security, Beijing Electronic Science and Technology Institute, Beijing 100070)
    2(Department of Cyberspace Security, Beijing Electronic Science and Technology Institute, Beijing 100070)
    3(Department of Cryptologic Science and Technology, Beijing Electronic Science and Technology Institute, Beijing 100070)

  • Online:2024-03-23 Published:2024-03-08

摘要: 面对网络中大量涌现的安全威胁,传统访问控制模型暴露出权限分配动态性差、面对新威胁敏感度低以及资源分配复杂度高的问题.针对上述问题,提出一种基于角色和属性的零信任访问控制模型,模型使用逻辑回归的方法对访问主体进行信任评估,实现对访问主体属性高敏感度的访问控制,并采用一种全新的资源决策树,在实现访问控制更细粒度安全性的同时,降低了对资源权限分配的时间复杂度.最后,通过在典型应用场景下对模型进行验证,表明该模型在权限动态分配方面明显优于传统访问控制模型.

关键词: 零信任, 角色, 属性, 访问控制, 资源决策树

Abstract: In the face of many security threats in the network, the traditional access control model is increasingly exposed to the problems of poor dynamics of permission allocation, low sensitivity to new threats, and high complexity of resource allocation. This paper proposed a zero trust access control model based on role and attribute to address the above problems. The model used a logistic regression approach to trust assessment of access subjects to achieve access control with high sensitivity to access subject attribute, and adopted a new resource decision tree, which reduced the time complexity of resource permission assignment while achieving finergrained security for access control. Finally, verifying the model in this paper under typical application scenarios showed that the model was significantly better than the traditional access control model in terms of dynamic assignment of permissions.

Key words: zero trust, role, attribute, access control, resource decision tree

中图分类号: