Distributed database fine-grained access control based on zero trust in the power Internet of Things

Journal of Information Security Reserach ›› 2021, Vol. 7 ›› Issue (6): 535-542.

Previous Articles Next Articles

Distributed database fine-grained access control based on zero trust in the power Internet of Things

Online:2021-06-10 Published:2021-06-10

电力物联网场景下基于零信任的分布式数据库细粒度访问控制

黄杰1),2),3) 余若晨1),2) 毛冬4)

1（东南大学网络空间安全学院，南京 211189）
2（网络通信与安全紫金山实验室，南京 211189）
3 （江苏省计算机网络技术重点实验室，南京 211189）
4 （国家电网浙江省电力有限公司信息通信分公司，杭州 310020）

通讯作者: 黄杰（1970-），博士，教授，主要研究方向和关注领域：物联网安全、无线网络安全、大数据安全。
作者简介:黄杰（1970-），博士，教授，主要研究方向和关注领域：物联网安全、无线网络安全、大数据安全。余若晨（1996-），硕士研究生，主要研究方向和关注领域：数据库安全。毛冬（1991-），硕士，主要研究方向和关注领域：电力信息通信技术。

Abstract

Abstract: With the development of the power Internet of Things architecture, the higher requirements for the data security storage in the data layer have been put forward. In order to realize the fine-grained access control of the data resources of the distributed database in the power Internet of Things, a scheme of using zero-trust architecture was proposed to protect database resources. In this paper, the dynamic trust management was discussed to make real-time and context-based decision and authorization for access request, and the method of fine-grained access control of resources is used to realize the minimum authorization of access subjects. Finally, the methods of optimizing access control performance by multi-granularity strategy matching and permission expansion were introduced.

Key words: Power IoTs, Distributed Database, Zero-trust Architecture, Access Control, Fine-grained

摘要： 电力物联网体系结构的发展对数据层数据安全存储提出了更高的要求，为实现电力物联网中分布式数据库的数据资源细粒度访问控制，提出了利用零信任架构组件保护数据库资源的方案。讨论了使用动态信任管理对访问请求进行实时的、上下文的判决与授权，采用资源的细粒度访问控制方法实现对访问主体的最小授权，最后阐述了通过多粒度策略匹配和权限扩充对访问控制性能进行优化的方法。

关键词: 电力物联网, 分布式数据库, 零信任架构, 访问控制, 细粒度

黄杰余若晨毛冬. 电力物联网场景下基于零信任的分布式数据库细粒度访问控制[J]. 信息安全研究, 2021, 7(6): 535-542.

References

[1] 杨挺, 翟峰, 赵英杰, 等. 泛在电力物联网释义与研究展望[J]. 电力系统自动化, 2019, 43(13): 9-20+53.
[2] 王海峰, 李朝阳, 吕政权, 等.泛在电力物联网环境下网络安全攻击研究[J]. 浙江电力, 2019, 38(12): 76-81.
[3] Rose S, Borchert O, Mitchell S, et a1. Zero Trust Architecture [M]. Gaithersburg, MD: National Institute of Standards and Technology，2020.
[4] 韩祯祥, 曹一家. 电力系统的安全性及防治措施[J]. 电网技术, 2004(09): 1-6.
[5] 韩贤俊. 泛在电力物联网体系架构及实施方案[J]. 电子世界, 2019(23):148-149.
[6] 薛朝晖, 向敏. 零信任安全模型下的数据中心安全防护研究[J]. 通信技术, 2017, 50(06): 1290-1294.
[7] 兰昆, 喻显茂, 唐林. 威胁驱动的网络安全防护模型及应用研究[J]. 电力信息与通信技术, 2020, 18(10): 20-27.
[8] 周水庚, 李丰, 陶宇飞, 等.面向数据库应用的隐私保护研究综述[J]. 计算机学报, 2009, 32(05): 847-861.
[9] 李晓峰, 冯登国, 陈朝武, 等. 基于属性的访问控制模型[J]. 通信学报, 2008(04): 90-98.
[10] 林莉, 怀进鹏, 李先贤. 基于属性的访问控制策略合成代数[J]. 软件学报, 2009, 20(02): 403-414.
[11] 王于丁, 杨家海, 徐聪, 等. 云计算访问控制技术研究综述[J]. 软件学报, 2015, 26(05): 1129-1150.
[12] 胡星高,郑荣锋,周安民,刘亮.基于特征分析的访问控制混合模设计与实现[J].信息安全研究,2021,7(01):4-14.
[13] Nakamura Y, Zhang Y, Sasabe M, Kasahara S. Exploiting Smart Contracts for Capability-Based Access Control in the Internet of Things. Sensors. 2020; 20(6):1793.
[14] 刘义春, 梁英宏. 基于上下文因素的P2P动态信任模型[J]. 通信学报, 2016, 37(08): 34-45.
[15] 张琳, 饶凯莉, 王汝传. 云计算环境下基于评价可信度的动态信任评估模型[J]. 通信学报, 2013, 34(S1): 31-37.
[16] 雷浩, 黄建, 冯登国. 协同环境中共有资源的细粒度协作访问控制策略(英文)[J]. 软件学报, 2005(05): 1000-1011.
[17] Casimer D, Piradon L, Anthony S, et al. Implementing Zero Trust Cloud Networks with Transport Access Control and First Packet Authentication[C]//2016 IEEE International Conference on Smart Cloud (SmartCloud), New York, USA: IEEE, 2016: 5-10.

Distributed database fine-grained access control based on zero trust in the power Internet of Things

电力物联网场景下基于零信任的分布式数据库细粒度访问控制

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

[1]	. The Application of VM’network Interface Card Substantialization in Security Protection of Private Clouds [J]. Journal of Information Security Research, 2021, 7(3): 275-280.
[2]	. A Scheme Based on CPK Role Access Control [J]. Journal of Information Security Research, 2021, 7(2): 184-189.
[3]	. Design and Implementation of Access Control Hybrid Model Based on Feature Analysis [J]. Journal of Information Security Research, 2021, 7(1): 4-14.
[4]	. Application Research of Zero Trust Architecture [J]. Journal of Information Security Research, 2020, 6(11): 0-0.
[5]	. An Example Research of an Over-AuthorityVulnerability Attack Method [J]. Journal of Information Security Research, 2019, 5(3): 248-252.
[6]	. Analysis of Key Technologies of User Data Privacy Protection in Cloud Computing [J]. Journal of Information Security Research, 2018, 4(9): 843-845.
[7]	. Survey on Mobile Web Operating System Security [J]. Journal of Information Security Research, 2018, 4(8): 689-697.
[8]	. Research on the Technology Architecture of Enterprise Trust Service Based On Trusted Identity Authentication [J]. Journal of Information Security Research, 2017, 3(9): 832-840.
[9]	. Fine-Grained Access Control and Audit Management in Big Data Environment [J]. Journal of Information Security Research, 2017, 3(6): 509-516.
[10]	Zheng Huang. Blockchain Technology and Its Applications [J]. Journal of Information Security Research, 2017, 3(3): 237-245.
[11]	. Research on Cryptographic Access Control and Its Applications [J]. Journal of Information Security Research, 2016, 2(8): 721-728.
[12]	. Application Technology of Electronic Authentication Based on USBKey in Domestic Operating System [J]. Journal of Information Security Research, 2016, 2(6): 553-557.
[13]	Wu Zhijun. The Information Security Assurance of Civil Aviation Information System in the United States [J]. Journal of Information Security Research, 2016, 2(6): 562-567.
[14]	. Research and Implementation of Access Control Method for Big Data Platform [J]. Journal of Information Security Research, 2016, 2(10): 913-919.
[15]	. Research and Implementation of Access Control Method for Big Data Platform [J]. Journal of Information Security Research, 2016, 2(10): 926-930.