Research on E-Government Information Sharing Based on Zero Trust Model

Abstract

Abstract: With the continuous development of e-government, the demand for information sharing across departments is increasing rapidly. At present, there are two main ways to share information: direct connection between departments, and information exchanging and sharing method with the help of government information resources exchange and sharing platform based on the e-government external network. However, the problems of network information security exist in these two ways of sharing is getting worse because of many departments and systems which are involved. The zero trust model tries to improve security by accurately accessing information systems and services and eliminating the uncertainty in decision making. Its essence is the change of security concept from systemcentric boundary protection to resourcecentric dynamic protection.This paper analyses the problems and reasons of information sharing in e-government, puts forward the information sharing scheme based on zero trust model from the perspective of government departments combining the existing technology, and describes the problems in its application.

Key words: zero trust model, e-government external network, information sharing, dynamic access control, data security, classified protection

摘要： 随着电子政务事业的不断发展，跨部门的信息共享需求快速增加，目前采用的主要方式有部门之间直连共享、借助基于电子政务外网的政务信息资源交换共享平台进行信息共享等2种方式，但由于涉及部门多、系统多，这2种共享方式存在的网络信息安全问题也日益严重.零信任模型力图通过对信息系统和服务进行精准访问，消除判定所存在的不确定性来提高安全性，其本质是安全理念上从以系统为中心边界防护到以资源为中心动态防护的转变.通过对目前电子政务信息共享中存在的问题及其产生的原因进行分析，结合现有的技术，站在政府部门的角度，提出基于零信任模型的信息共享方案，并对其应用中存在的问题进行阐述.

关键词: 零信任模型, 电子政务外网, 信息共享, 动态访问控制, 数据安全, 等级保护

达钰鹏陈艳春. 基于零信任模型的电子政务信息共享研究#br#[J]. 信息安全研究, 2021, 7(8): 739-744.

References

［1］国务院办公厅. 国务院办公厅关于印发政务信息系统整合共享实施方案的通知［EBOL］. ［20210415］. http:www.gov.cnzhengcecontent20170518content_5194971.htm

［2］国家电子政务外网管理中心. 2019年全国政务外网建设、应用及运行情况［EBOL］. ［20210415］. http:www.sic.gov.cnNews46210457.htm

［3］中华人民共和国公安部. GAT 709—2007, 信息安全技术信息系统安全等级保护基本模型［S］. 北京: 中国标准出版社, 2007［4］储庄, 张全海, 李建华. 上海市电子政务外网安全保障体系研究与设计［J］. 信息网络安全, 2012, 12(4): 13, 10

［5］曾玲, 星江. 基于零信任的安全架构［J］. 通信技术, 2020, 53(7): 17501754

［6］訾然, 刘嘉. 基于精益信任的风险信任体系构建研究［J］. 信息网络安全, 2019, 19(10): 3241

［7］US Department of Commerce, NIST. NIST SP 800207draft: Zero Trust Architecture［M］. Gaithersburg: National Institute of Standards & Technology, 2020

［8］Ward R, Beyer B. Beyondcorp: A new approach to enterprise security［J］. Login the Magazine of Usenix & Sage, 2014, 39(6): 611

［9］Hunt R. InternetIntranet firewall security—policy, architecture and transaction services［J］. Computer Communications, 1998, 21(13): 11071123

［10］Bellovin S M. Security problems in the TCPIP protocol suite［J］. Computer Communication Review, 1989, 19(2): 3248［11］刘欢, 杨帅, 刘皓. 零信任安全架构及应用研究［J］. 通信技术, 2020, 53(7): 17451749

［12］张宇, 张妍. 零信任研究综述［J］. 信息安全研究, 2020, 6(7): 608614

［13］刘婷. MPLSVPN在IP承载网中的应用及安全策略研究［D］. 杭州: 杭州电子科技大学, 2011

［14］冯乃光, 曾黄麟. 基于MPLS VPN的电子政务外网构建技术［J］. 计算机科学, 2009, 36(9): 300302

［15］罗恒洋. IPSec在MPLS VPN中的应用［J］. 计算机技术与发展, 2009 (3): 168171

［16］埃文·吉尔曼, 道格·巴斯. 零信任网络: 在不可信网络中构建安全系统［M］. 北京: 人民邮电出版社, 2019

[1]	. [J]. Journal of Information Security Reserach, 2021, 7(8): 773-778.
[2]	. Research on the Data Security Management and Application Mode of Audit Informatization [J]. Journal of Information Security Reserach, 2021, 7(7): 661-668.
[3]	. Research on Acceleration Method of Searchable Encryption of Private Data Based on Trusted Hardware [J]. Journal of Information Security Reserach, 2021, 7(4): 319-327.
[4]	. ACARS Data Protection Technology Based on National Secret Algorithm [J]. Journal of Information Security Reserach, 2021, 7(4): 342-350.
[5]	. Governance of Data Security in Artificial Intelligence and Overview of Technology Development [J]. Journal of Information Security Research, 2021, 7(2): 110-119.
[6]	. Research on the Application of Mobile Police Data Security Technology in the Implementation of Classified Protection 2.0 [J]. Journal of Information Security Research, 2021, 7(2): 178-183.
[7]	. Research on Attribute Based Encryption Scheme in Cloud Computing [J]. Journal of Information Security Research, 2020, 6(8): 733-737.
[8]	. Research on cyber security management of the whole life cycle of information system of Integrated sports meeting [J]. Journal of Information Security Research, 2020, 6(7): 664-668.
[9]	. Research on Cloud Security System Based on Big Data Security Technology [J]. Journal of Information Security Research, 2020, 6(5): 404-420.
[10]	. Data Security Protection in Telecommuting [J]. Journal of Information Security Research, 2020, 6(4): 311-316.
[11]	. Discussion of Security Protection System of Public Security Video Network in Xueliang Project [J]. Journal of Information Security Research, 2020, 6(2): 171-180.
[12]	. [J]. Journal of Information Security Research, 2020, 6(11): 0-0.
[13]	. Overview of Current Situation of Critical Information Infrastructure Security Protection at Home and Abroad [J]. Journal of Information Security Research, 2020, 6(11): 0-0.
[14]	. Research of Cyber Situation Awareness System in the Implementation of Classified Protection 2.0 [J]. Journal of Information Security Research, 2019, 5(9): 828-833.
[15]	. Research on Cybersecurity Certification System of Critical Information Infrastructure [J]. Journal of Information Security Research, 2019, 5(9): 847-850.