A Retrospective and Future Development Study of Zero Trust Architecture

Journal of Information Security Reserach ›› 2024, Vol. 10 ›› Issue (10): 896-.

Previous Articles Next Articles

A Retrospective and Future Development Study of Zero Trust Architecture

Wang Ruohan, Xiang Ji, Guan Changyu, and Wang Lei

(Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100092)
(School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049)

Online:2024-10-15 Published:2024-10-15

零信任架构的回望与未来发展研究

王若晗向继管长御王雷

(中国科学院信息工程研究所北京100092)
(中国科学院大学网络空间安全学院北京100049)

通讯作者: 王若晗博士研究生.主要研究方向为网络空间安全、推荐系统. wangruohan@iie.ac.cn
作者简介:王若晗博士研究生.主要研究方向为网络空间安全、推荐系统. wangruohan@iie.ac.cn 向继博士.正高级工程师.主要研究方向为网络与信息安全. xiangji@iie.ac.cn 管长御硕士.主要研究方向为知识图谱. guanchangyu@iie.ac.cn 王雷博士，高级工程师.主要研究方向为大数据智能分析与管理技术、密码应用. wanglei@iie.ac.cn

Abstract

Abstract: With the rapid development of the internet, big data, and cloud computing, the zero trust architecture has been proposed as a new security paradigm to address the challenges of modern digitalization. This security model is built on never inherently trusting any internal or external requests, emphasizing that access must be granted through constant verification and monitoring. The core principles of zero trust include comprehensive identity verification, access control, least privilege, pervasive encryption, and continuous risk assessment and response. This article primarily reviews the development history of zero trust architecture, elaborates on the basic concepts of the zero zrust mechanism, and finally summarizes the future development of zero trust architecture.

Key words: zero trust, zero trust architecture, zero trust mechanism, cloud computing, cyber security

摘要： 随着互联网、大数据和云计算的快速发展，为了应对现代数字化的挑战，零信任架构作为一种新的安全范式被提出.该安全模型建立在从不默认信任任何内部或外部请求的原则上，强调必须通过持续的验证和监控授予访问权限.零信任的核心原则包括全面身份验证、访问控制、最小权限、普遍加密和持续的风险评估与应对.主要通过对零信任架构的发展历史进行回顾，以及对零信任机制的基本概念进行阐述，最后对零信任架构未来的发展进行总结.

关键词: 零信任, 零信任架构, 零信任机制, 云计算, 网络空间安全

CLC Number:

TP393.08

王若晗, 向继, 管长御, 王雷, . 零信任架构的回望与未来发展研究[J]. 信息安全研究, 2024, 10(10): 896-.

References

［1］肖新光, 徐菲, 赵超, 等. 从美方推动零信任战略过程看网络安全创新的规律特点［J］. 中国信息安全, 2023 (3): 8792［2］Marsh S P. Formalising trust as a computational concept［JOL］. Thesis University of Stirling, 1999［20240902］. https:www.cs.stir.ac.uk~kjttechrepspdf TR133.pdf.［3］刘国柱. 零信任战略与美国网络安全的现代化［J］. 国际安全研究, 2023, 41(6): 328［4］Rose S, Borchert O, Mitchell S, et al. Zerotrust architecture［JOL］. 2019 ［20240902］. https:www.nist.govpublicationszerotrustarchitecture［5］孙宝云, 齐巍. 美国国防部《零信任战略》解析［J］. 保密工作, 2023 (3): 6164［6］李祯静, 张小军, 郝志超. 美国防部《零信任战略》解读［J］. 信息安全与通信保密, 2023 (1): 1015［7］侯亚文. 美国推进零信任发展重要举措分析与回顾［J］. 中国信息安全，2022 (12): 6265［8］叶礼邦, 张现, 张文骞. 美国零信任架构发展现状与趋势研究［J］. 信息安全与通信保密, 2023 (7): 1221［9］段炼, 张智森, 秦益飞, 等. 面向零信任架构的访问安全态势评估［J］. 信息安全与通信保密, 2023 (10): 3949［10］余海, 郭庆, 房利国. 零信任体系技术研究［J］. 通信技术, 2020, 53(8): 20272034［11］赵靖雯, 陆雨韬, 万志涛, 等. 零信任数字政府网络安全防护体系研究［J］. 网络安全技术与应用, 2024 (3): 9094［12］Buck C, Olenberger C, Schweizer A, et al. Never trust, always verify: A multivocal literature review on current knowledge and research gaps of zerotrust［JOL］. Computers & Security, 2021［20240902］. https:www.sciencedirect.comsciencearticlepiiS0167404821002601#sectioncitedby［13］Syed N F, Shah S W, Shaghaghi A, et al. Zero trust architecture (ZTA): A comprehensive survey［J］. IEEE Access, 2022, 10: 5714357179

[1]	. Vehicle CAN Intrusion Detection Method Based on MobileViT Lightweight Network [J]. Journal of Information Security Reserach, 2024, 10(5): 411-.
[2]	. Research on Zero Trust Access Control Model Based on Role and Attribute#br# #br# [J]. Journal of Information Security Reserach, 2024, 10(3): 241-.
[3]	. Research for Zero Trust Security Model [J]. Journal of Information Security Reserach, 2024, 10(10): 886-.
[4]	. Design of SDP Trust Evaluation Model Based on Federated Learning [J]. Journal of Information Security Reserach, 2024, 10(10): 903-.
[5]	. Research and Implementation of Intelligent Permission Management [J]. Journal of Information Security Reserach, 2024, 10(10): 912-.
[6]	. Application of Behavior Anomaly Detection in Zero Trust Access #br# Control Method#br# [J]. Journal of Information Security Reserach, 2024, 10(10): 921-.
[7]	. Data Sharing Access Control Method for Distribution Terminal IoT #br# Based on Zero Trust Architecture and Least Privilege Principle#br# [J]. Journal of Information Security Reserach, 2024, 10(10): 937-.
[8]	. Distributed Authentication Model Under Power IoT Zero Trust Architecture [J]. Journal of Information Security Reserach, 2024, 10(1): 67-.
[9]	. Power Sensitive Data Access Control Method Based on Zero Trust Security Model [J]. Journal of Information Security Reserach, 2024, 10(1): 88-.
[10]	. The Innovation and Practice of the Talent Training Mode of Cyber Security with the Features of ScienceEducation Integration [J]. Journal of Information Security Reserach, 2023, 9(9): 921-.
[11]	. Practical Exploration and Research on Automotive Cyber Security [J]. Journal of Information Security Reserach, 2023, 9(5): 476-.
[12]	. Research on Integrated Scheduling Method of Safety and Security Tasks for Intelligent Instruments in Industrial Internet [J]. Journal of Information Security Reserach, 2023, 9(4): 321-.
[13]	. Research on the Application of Commercial Cryptography to Cloud Computing [J]. Journal of Information Security Reserach, 2023, 9(4): 375-.
[14]	. Energy Data Sharing Access Control Model Based on Blockchain [J]. Journal of Information Security Reserach, 2023, 9(3): 220-.
[15]	. Zero Trust IAM Architecture Technology Based on Dynamic Risk #br# Assessment Mechanism#br# [J]. Journal of Information Security Reserach, 2023, 9(12): 1190-.

A Retrospective and Future Development Study of Zero Trust Architecture

零信任架构的回望与未来发展研究

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics