Research on Dynamic Access Control Model Based on Zero Trust

Journal of Information Security Reserach ›› 2022, Vol. 8 ›› Issue (10): 1008-.

Research on Dynamic Access Control Model Based on Zero Trust

Online:2022-10-25 Published:2022-10-24

基于零信任的动态访问控制模型研究

张刘天;陈丹伟;

(南京邮电大学计算机学院、软件学院、网络空间安全学院南京210023)

通讯作者: 张刘天硕士.主要研究方向为零信任模型、访问控制技术、区块链技术. midgar_zhang.nj@foxmail.com
作者简介:张刘天硕士.主要研究方向为零信任模型、访问控制技术、区块链技术. midgar_zhang.nj@foxmail.com 陈丹伟博士，教授.主要研究方向为计算机通信网及其安全理论与技术、云计算体系结构及安全、云环境下应用安全、大数据平台体系结构安全、数据安全. chendw@njupt.edu.cn

Abstract

Abstract: The traditional access control system can not meet the security requirements of mobile office in ubiquitous access scenarios. This paper firstly proposes an access control model ZTBAC based on the concept of zero trust. This model realizes the dynamic allocation of access rights by continuously evaluating the attributes and behavior information of access subjects, and its trust measurement system considers the dynamic adjustment of permission threshold. The mobile office architecture and simulation experiments based on this model show that ZTBAC model can meet the requirements of access control in mobile office. At the same time, compared with the traditional trustbased access control model, ZTBAC model has significant advantages in authority management and resisting trust attacks.

Key words: zero trust, access control, trust computing, mobile office, authority management

摘要： 由于传统的访问控制体系不能满足泛在接入场景下移动办公的安全要求，提出了一种基于零信任理念的访问控制模型ZTBAC.该模型通过对访问主体的属性及行为信息进行持续信任评估，实现了访问权限的动态分配，其信任度量体系考虑了权限阈值的动态调整.基于该模型构建的移动办公架构和仿真实验表明，ZTBAC模型可以满足移动办公中对访问控制的要求，同时相对于传统的基于信任的访问控制模型，ZTBAC模型在权限管理、抵御信任攻击上有显著优势.

关键词: 零信任, 访问控制, 信任计算, 移动办公, 权限管理

张刘天, 陈丹伟, . 基于零信任的动态访问控制模型研究[J]. 信息安全研究, 2022, 8(10): 1008-.

References

参考文献
［1］Zhou Chunlai, Lin Ziyan. Study on fraud detection of telecom industry based on rough set［C］ Proc of the 8th IEEE Annual Computing and Communication Workshop and Conf (CCWC). Piscataway, NJ: IEEE, 2018: 1519［2］邹佳顺, 张永胜, 高艳. 云环境下基于使用控制的ABAC模型研究［J］. 计算机应用研究, 2014, 31(12): 36923694, 3699［3］石秀金, 张梦娜. 面向医疗大数据基于零信任的UCON访问控制模型［J］. 智能计算机与应用, 2021, 11(5): 4752［4］Chakraborty S, Ray I. TrustBAC: Integrating trust relationships into the RBAC model for access control in open systems［C］ Proc of the ACM Symp on Access Control Models & Technologies. New York: ACM, 2016, 18(37): 4958［5］Polalto. Zero trust network architecture with John KindervagVideo［EBOL］.［20220103］. https:www.paloaltonetworks.comresourcesvideoszerotrust.html［6］Ward R, Beyer B. BeyondCorp: A new approach to enterprise security［J］. Login: The Magazine of USENIX & SAGE, 2014, 39(6): 611［7］张宇, 张妍. 零信任研究综述［J］. 信息安全研究, 2020, 6(7): 608614［8］Rose S, Borchert O. NISTSP800207 Zero Trust Architecture［S］. Gaithersburg: National Insitute of Standards and Technology Special Pulication, 2020［9］Department of Defense (DOD), Zero Trust Reference Architecture Version 1.0［S］. Maryland: Defense Information Systems Agency (DISA) and National Security Agency (NSA) Zero Trust Engineering Team, 2021［10］深圳市腾讯计算机系统有限公司. TCESA 1165—2021零信任系统技术规范［S］. 北京: 中国电子工业标准化技术协会, 2021［11］Tencent,Guidelines for Continuous Protection of the Service Access Process.X.1011［S］. Genève: ITUT for ITU Telecommunication Standardization Sector, 2021［12］零信任产业标准工作组. 零信任实战白皮书［EBOL］. (20200825) ［20220103］. https:share.weiyun.comyqb8cdaD［13］Kelley M, Gaehtans F. Best practices for privileged access management through the four pillars of PAM［EBOL］. (20190128) ［20220103］. https:www.gartner.comendocuments3899567［14］王斯梁, 冯暄, 蔡友保, 等. 零信任安全模型解析及应用研究［J］. 信息安全研究, 2020, 6(11): 966971［15］胡文跃, 李新华, 钱军, 等. “赣政通”移动办公平台建设与研究［J］. 电子技术与软件工程, 2021 (11): 3233

[1]	. Research on an OAuth2.1based Unified Authentication and Authorization Framework [J]. Journal of Information Security Reserach, 2022, 8(9): 879-.
[2]	. [J]. Journal of Information Security Reserach, 2022, 8(8): 768-.
[3]	. A Vulnerability Management System Based on Multiconstrained Secure Workflow [J]. Journal of Information Security Reserach, 2022, 8(7): 700-.
[4]	. An Access Control Model Based on Data Classification and Grading System for Education Cloud Platform [J]. Journal of Information Security Reserach, 2022, 8(4): 400-.
[5]	. Identity Access Management with Trusted Device Solution [J]. Journal of Information Security Reserach, 2021, 7(E1): 106-.
[6]	. HiSec Zero Trust Security Solution [J]. Journal of Information Security Reserach, 2021, 7(E1): 117-.
[7]	. Enlink Zero Trust Solution [J]. Journal of Information Security Reserach, 2021, 7(E1): 162-.
[8]	. Zero Trust Helps Work Digitization Sangfor Zero Trust Security Solution [J]. Journal of Information Security Reserach, 2021, 7(E1): 187-.
[9]	. Research on E-Government Information Sharing Based on Zero Trust Model [J]. Journal of Information Security Reserach, 2021, 7(8): 739-744.
[10]	. Distributed database fine-grained access control based on zero trust in the power Internet of Things [J]. Journal of Information Security Reserach, 2021, 7(6): 535-542.
[11]	. The Application of VM’network Interface Card Substantialization in Security Protection of Private Clouds [J]. Journal of Information Security Research, 2021, 7(3): 275-280.
[12]	. A Scheme Based on CPK Role Access Control [J]. Journal of Information Security Research, 2021, 7(2): 184-189.
[13]	. Research of the Identity Access Management Platform Based on Zero Trust Architecture [J]. Journal of Information Security Reserach, 2021, 7(12): 1127-.
[14]	. Unified Authority Management Scheme in Zero Trust Architecture [J]. Journal of Information Security Reserach, 2021, 7(11): 1047-.
[15]	. Design and Implementation of Access Control Hybrid Model Based on Feature Analysis [J]. Journal of Information Security Research, 2021, 7(1): 4-14.