摘要
传统物联网“感知–网络–应用”三层架构在边缘侧存在防护盲区,而“六域模型”因实施成本高、域间协同机制缺失导致工程落地困难。基于物理域、网络域、服务域的威胁分析,重构“终端域–边缘域–核心网域–云应用域”四域架构,并引入数据面与控制面解耦的双层控制机制,提出“四域双层”安全框架。该框架系统揭示硬件渗透、协议缺陷、量子计算冲击及API语义冲突等多维威胁,构建了终端轻量化防护、量子增强传输、服务端主动防御及全生命周期安全管控模型。银行零信任场景与工业物联网场景的实测表明,该架构下攻击检出率≥98%,平均响应时间≤500 ms。研究结果可为规模化物联网安全工程提供可复用的体系化方法。
The traditional"perception-network-application"three-layer architecture of the Internet of Things(IoT)exhibits security blind spots at the edge.Meanwhile,the"six-domain model"faces challenges in practical implementation due to high deployment costs and lack of inter-domain coordination mechanisms.Based on threat analysis across the physical,network,and service domains,this paper reconstructs a"terminal domain-edge domain-core network domain-cloud application domain"four-domain architecture and introduces a dual-layer control mechanism that decouples the data plane and control plane,proposing a"four-domain dual-layer"security framework.This framework systematically reveals multi-dimensional threats including hardware infiltration,protocol vulnerabilities,quantum computing impacts,and API semantic conflicts.It constructs models for terminal lightweight protection,quantum-enhanced transmission,server-side proactive defense,and full-lifecycle security management.Practical tests in banking zero-trust scenarios and industrial IoT scenarios demonstrate that the attack detection rate is≥98%,and the average response time is≤500 ms.The results provide a reusable,systematic methodology for large-scale IoT security engineering.
作者
黎珂
Li Ke(Sichuan Innovation Center of Industry Cyber Security Co.,Ltd.,Chengdu 610041,China)
出处
《网络安全与数据治理》
2025年第12期26-33,共8页
CYBER SECURITY AND DATA GOVERNANCE
基金
四川省重大科技专项(2022ZDZX0009)。
关键词
物联网安全
四域双层架构
零信任
全生命周期防御
内生安全
Internet of Things(IoT)security
four-domain dual-layer architecture
zero trust
full-lifecycle defense
endogenous security
