Journal of Information Security Reserach ›› 2024, Vol. 10 ›› Issue (10): 886-.

    Next Articles

Research for Zero Trust Security Model

Gao Neng, Peng Jia, and Wang Shixiao   

  1. (Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100085)
  • Online:2024-10-15 Published:2024-10-15

零信任的安全模型研究

高能彭佳王识潇   

  1. (中国科学院信息工程研究所北京100085)
  • 通讯作者: 高能 博士,研究员.主要研究方向为数据安全、网络空间安全. gaoneng@iie.ac.cn
  • 作者简介:高能 博士,研究员.主要研究方向为数据安全、网络空间安全. gaoneng@iie.ac.cn 彭佳 博士,工程师.主要研究方向为数据安全、网络空间安全. pengjia@iie.ac.cn 王识潇 硕士研究生.主要研究方向为网络空间安全. wangshixiao@iie.ac.cn

Abstract: Zero trust is considered a new security paradigm. From the perspective of security models, this paper reveals the deepening and integration of security models in zero trust architecture, with “identity and data” as the main focus. Zero trust establishes a panoramic control object chain with identity at its core, builds defenseindepth mechanisms around object attributes, functions, and lifecycles, and centrally redirects the flow of information between objects. It integrates information channels to achieve layered protection and finegrained, dynamic access control. Finally, from an attacker’s perspective, it sets up proactive defense mechanisms at key nodes in the information flow path. Since zero trust systems are bound to become highvalue assets, this paper also explores the essential issues of inherent security and resilient service capabilities in zerotrust systems. Through the analysis of the security models embedded in zerotrust and its inherent security, this paper aims to provide a clearer technical development path for the architectural design, technological evolution, and selfprotection of zero trust in its application.

Key words: zero trust, security model, identity trust model, defenseindepth, access control, resilience

摘要: 零信任被认为是一种新的安全范式,从安全模型视角,揭示了零信任架构以“身份和数据”为主线的安全模型深化与整合.零信任以身份为核心建立全景管控实体链条,围绕实体属性功能生命周期等建立深度防御,并集中重定向实体间信息的流动,整合信息通道,实现层层防护和细粒度动态化访问控制,最后从攻击者视角在信息流通道关键节点设置主动防御机制.由于零信任系统一定会成为高价值资产,探讨了零信任系统演进中与业务深度融合、零信任自身安全和弹性服务能力的新趋势.通过对零信任蕴含安全模型和自身安全性的分析,期望能够为零信任在应用中的架构设计、技术演进、应用安全提供更加清晰的技术发展路径.

关键词: 零信任, 安全模型, 身份信任模型, 深度防御, 访问控制, 弹性化

CLC Number: