关键词: 零信任, 角色, 属性, 访问控制, 资源决策树

Abstract: In the face of many security threats in the network, the traditional access control model is increasingly exposed to the problems of poor dynamics of permission allocation, low sensitivity to new threats, and high complexity of resource allocation. This paper proposed a zero trust access control model based on role and attribute to address the above problems. The model used a logistic regression approach to trust assessment of access subjects to achieve access control with high sensitivity to access subject attribute, and adopted a new resource decision tree, which reduced the time complexity of resource permission assignment while achieving finergrained security for access control. Finally, verifying the model in this paper under typical application scenarios showed that the model was significantly better than the traditional access control model in terms of dynamic assignment of permissions.

Key words: zero trust, role, attribute, access control, resource decision tree