关键词: 零信任安全模型, 信任评估, 访问控制, 身份认证, 解决方案

Abstract: With the rapid development of technologies of cloud computing, big data and mobile internet, it brings the increasingly open and complex network boundaries and also with fast changing user groups. The flexible mobile office mode leads to the increasingly complex and fuzzy inner network boundary, which made the traditional safety protection system based on boundary gradually fail. It also could unable to prevent insider attacks and external APT attacks. Zero trust architecture focuses on identity, and also users, clients and behaviors as subset. Trust assessment and dynamic access control for all access from inside and outside the enterprise are implemented, which could reduce attack area and realize the objection of protection of the resource data. This paper analyzes the theoretical model of zero trust architecture. The application idea, implementation framework and mechanism of the model are proposed. The feasible solutions of mobile Internet, cloud computing and big data are given in the paper. Finally, the improvement measures of zero trust model in practical application are summarized.

Key words: zero trust architecture, trust evaluation, access control, identity authentication, solutions