关键词: 零信任, 港口工控系统, 动态访问控制, 微隔离, 软件定义边界, 工业协议安全

Abstract: With the increasing intelligence of port industrial control system (ICS), traditional perimeterbased security models face severe challenges such as expanded attack surfaces and rigid permission management. This paper presents a zero trust architecture (ZTA)based security protection scheme for port ICS, establishing a hierarchical defense system through dynamic trust evaluation, softwaredefined perimeter (SDP), and microsegmentation technologies. The core contributions include a fourlayer architecture (terminal, access, control, and data), a dynamic trust evaluation model that integrates identity authentication, device health, and behavioral characteristics, and finegrained instructionlevel access control for industrial protocols. Experimental results demonstrate that the proposed architecture reduces the attack surface exposure rate from 100% to 8%, optimizes the average authentication time to 0.8s, and limits the permission adjustment response time to 45s, significantly enhancing both security and realtime performance in port industrial control systems.

Key words: zero trust, port industrial control system, dynamic access control, microsegmentation, softwaredefined perimeter, industrial protocol security