摘要
基于实体身份安全,零信任可实现网络动态可信访问控制,而访问实体的信任评估则是构成零信任能力的关键要素之一。在零信任访问控制架构下,建立域内和跨域访问信任评估机制。结合历史信任评估结果,域内访问信任评估机制通过引入时间衰减因子并采用指数加权平均的方法,解决单次信任评估结果易受外界因素影响的问题;参考跨域访问实体在他域的历史交互数据,跨域访问信任评估机制通过引入交互频率衰减因子进行指数加权平均,可以解决受访域因缺少足够跨域访问实体属性信息和行为交互数据,难以独立做出有效可信度量的问题。域内和跨域访问信任评估机制的构建,可促进零信任网络安全架构在典型应用场景中落地。
Zero trust achieves dynamic trustworthy access control based on identity security,and the trust evaluation of access entities is one of the key elements constituting zero trust capabilities.Trust evaluation mechanisms for intra-domain and cross-domain access are proposed under the zero trust access control architecture in this paper.The trust evaluation mechanism for intra-domain access,combining historical trust evaluation results,introducing a time decay factor,and using exponential weighted averaging,addresses the issue of single trust evaluation results being easily influenced by external factors.The trust evaluation mechanism for cross-domain access,referring to the historical interaction data of cross-domain access entities in other domains,introducing an interaction frequency decay factor for exponential weighted averaging,addresses the problem of the lack of sufficient cross-domain access entity attribute information and behavioral interaction data in the visited domain which makes it difficult to obtain reliable trust evaluation results.The construction of trust evaluation mechanisms for intra-domain access and cross-domain access can promote the implementation of zero trust network security architectures in typical application scenarios.
作者
江海涛
李洪赭
JIANG Haitao;LI Hongzhe(No.30 Institute of CETC,Chengdu Sichuan 610041,China)
出处
《通信技术》
2024年第6期626-631,共6页
Communications Technology
关键词
零信任
域内访问
跨域访问
信任评估机制
zero trust
intra-domain access
cross-domain access
trust evaluation mechanism
