In the context of an increasingly severe cybersecurity landscape and the growing complexity of offensive and defen-sive techniques,Zero Trust Networks(ZTN)have emerged as a widely recognized technology.Zero Trust not ...In the context of an increasingly severe cybersecurity landscape and the growing complexity of offensive and defen-sive techniques,Zero Trust Networks(ZTN)have emerged as a widely recognized technology.Zero Trust not only addresses the shortcomings of traditional perimeter security models but also consistently follows the fundamental principle of“never trust,always verify.”Initially proposed by John Cortez in 2010 and subsequently promoted by Google,the Zero Trust model has become a key approach to addressing the ever-growing security threats in complex network environments.This paper systematically compares the current mainstream cybersecurity models,thoroughly explores the advantages and limitations of the Zero Trust model,and provides an in-depth review of its components and key technologies.Additionally,it analyzes the latest research achievements in the application of Zero Trust technology across various fields,including network security,6G networks,the Internet of Things(IoT),and cloud computing,in the context of specific use cases.The paper also discusses the innovative contributions of the Zero Trust model in these fields,the challenges it faces,and proposes corresponding solutions and future research directions.展开更多
With the introduction of 5G,users and devices can access the industrial network from anywhere in the world.Therefore,traditional perimeter-based security technologies for industrial networks can no longer work well.To...With the introduction of 5G,users and devices can access the industrial network from anywhere in the world.Therefore,traditional perimeter-based security technologies for industrial networks can no longer work well.To solve this problem,a new security model called Zero Trust(ZT)is desired,which believes in“never trust and always verify”.Every time the asset in the industrial network is accessed,the subject is authenticated and its trustworthiness is assessed.In this way,the asset in industrial network can be well protected,whether the subject is in the internal network or the external network.However,in order to construct the zero trust model in the 5G Industrial Internet collaboration system,there are still many problems to be solved.In this paper,we first introduce the security issues in the 5G Industrial Internet collaboration system,and illustrate the zero trust architecture.Then,we analyze the gap between existing security techniques and the zero trust architecture.Finally,we discuss several potential security techniques that can be used to implement the zero trust model.The purpose of this paper is to point out the further direction for the realization of the Zero Trust Architecture(ZTA)in the 5G Industrial Internet collaboration system.展开更多
As industrialization and informatization in China deeply integrate and the Internet of Things rapidly develops,industrial control systems are facing increasingly severe information security challenges.The industrial c...As industrialization and informatization in China deeply integrate and the Internet of Things rapidly develops,industrial control systems are facing increasingly severe information security challenges.The industrial control system of the gas extraction plant is characterized by numerous points and centralized operations,with a strong reliance on the system and stringent real-time requirements.展开更多
Zero Trust Network(ZTN)enhances network security through strict authentication and access control.However,in the ZTN,optimizing flow control to improve the quality of service is still facing challenges.Software Define...Zero Trust Network(ZTN)enhances network security through strict authentication and access control.However,in the ZTN,optimizing flow control to improve the quality of service is still facing challenges.Software Defined Network(SDN)provides solutions through centralized control and dynamic resource allocation,but the existing scheduling methods based on Deep Reinforcement Learning(DRL)are insufficient in terms of convergence speed and dynamic optimization capability.To solve these problems,this paper proposes DRL-AMIR,which is an efficient flow scheduling method for software defined ZTN.This method constructs a flow scheduling optimization model that comprehensively considers service delay,bandwidth occupation,and path hops.Additionally,it balances the differentiated requirements of delay-critical K-flows,bandwidth-intensive D-flows,and background B-flows through adaptiveweighting.Theproposed framework employs a customized state space comprising node labels,link bandwidth,delaymetrics,and path length.It incorporates an action space derived fromnode weights and a hybrid reward function that integrates both single-step and multi-step excitation mechanisms.Based on these components,a hierarchical architecture is designed,effectively integrating the data plane,control plane,and knowledge plane.In particular,the adaptive expert mechanism is introduced,which triggers the shortest path algorithm in the training process to accelerate convergence,reduce trial and error costs,and maintain stability.Experiments across diverse real-world network topologies demonstrate that DRL-AMIR achieves a 15–20%reduction in K-flow transmission delays,a 10–15%improvement in link bandwidth utilization compared to SPR,QoSR,and DRSIR,and a 30%faster convergence speed via adaptive expert mechanisms.展开更多
Zero trust architecture is an end-to-end approach for server resources and data security which contains identity authentication,access control,dynamic evaluation,and so on.This work focuses on authentication technolog...Zero trust architecture is an end-to-end approach for server resources and data security which contains identity authentication,access control,dynamic evaluation,and so on.This work focuses on authentication technology in the zero trust network.In this paper,a Traceable Universal Designated Verifier Signature(TUDVS) is used to construct a privacy-preserving authentication scheme for zero trust architecture.Specifically,when a client requests access to server resources,we want to protect the client's access privacy which means that the server administrator cannot disclose the client's access behavior to any third party.In addition,the security of the proposed scheme is proved and its efficiency is analyzed.Finally,TUDVS is applied to the single packet authorization scenario of the zero trust architecture to prove the practicability of the proposed scheme.展开更多
The adoption of Cloud Computing services in everyday business life has grown rapidly in recent years due to the many benefits of this paradigm. The various collaboration tools offered by Cloud Computing have eliminate...The adoption of Cloud Computing services in everyday business life has grown rapidly in recent years due to the many benefits of this paradigm. The various collaboration tools offered by Cloud Computing have eliminated or reduced the notion of distance between entities of the same company or between different organizations. This has led to an increase in the need to share resources (data and services). Community Cloud environments have thus emerged to facilitate interactions between organizations with identical needs and with specific and high security requirements. However, establishing trust and secure resource sharing relationships is a major challenge in this type of complex and heterogeneous environment. This paper proposes a trust assessment model (SeComTrust) based on the Zero Trust cybersecurity strategy. First, the paper introduces a community cloud architecture subdivided into different security domains. Second, it presents a process for selecting a trusted organization for an exchange based on direct or recommended trust value and reputation. Finally, a system for promoting or relegating organizations in the different security domains is applied. Experimental results show that our model guarantees the scalability of a community cloud with a high success rate of secure and quality resource sharing.展开更多
Cybercrime is projected to cost a whopping $23.8 Trillion by 2027. This is essentially because there’s no computer network that’s not vulnerable. Fool-proof cybersecurity of personal data in a connected computer is ...Cybercrime is projected to cost a whopping $23.8 Trillion by 2027. This is essentially because there’s no computer network that’s not vulnerable. Fool-proof cybersecurity of personal data in a connected computer is considered practically impossible. The advent of quantum computers (QC) will worsen cybersecurity. QC will be a boon for data-intensive industries by drastically reducing the computing time from years to minutes. But QC will render our current cryptography vulnerable to quantum attacks, breaking nearly all modern cryptographic systems. Before QCs with sufficient qubits arrive, we must be ready with quantum-safe strategies to protect our ICT infrastructures. Post-quantum cryptography (PQC) is being aggressively pursued worldwide as a defence from the potential Q-day threat. NIST (National Institute of Standards and Technology), in a rigorous process, tested 82 PQC schemes, 80 of which failed after the final round in 2022. Recently the remaining two PQCs were also cracked by a Swedish and a French team of cryptographers, placing NIST’s PQC standardization process in serious jeopardy. With all the NIST-evaluated PQCs failing, there’s an urgent need to explore alternate strategies. Although cybersecurity heavily relies on cryptography, recent evidence indicates that it can indeed transcend beyond encryption using Zero Vulnerability Computing (ZVC) technology. ZVC is an encryption-agnostic absolute zero trust (AZT) approach that can potentially render computers quantum resistant by banning all third-party permissions, a root cause of most vulnerabilities. Unachievable in legacy systems, AZT is pursued by an experienced consortium of European partners to build compact, solid-state devices that are robust, resilient, energy-efficient, and with zero attack surface, rendering them resistant to malware and future Q-Day threats.展开更多
The traditional air traffic control information sharing data has weak security characteristics of personal privacy data and poor effect,which is easy to leads to the problem that the data is usurped.Starting from the ...The traditional air traffic control information sharing data has weak security characteristics of personal privacy data and poor effect,which is easy to leads to the problem that the data is usurped.Starting from the application of the ATC(automatic train control)network,this paper focuses on the zero trust and zero trust access strategy and the tamper-proof method of information-sharing network data.Through the improvement of ATC’s zero trust physical layer authentication and network data distributed feature differentiation calculation,this paper reconstructs the personal privacy scope authentication structure and designs a tamper-proof method of ATC’s information sharing on the Internet.From the single management authority to the unified management of data units,the systematic algorithm improvement of shared network data tamper prevention method is realized,and RDTP(Reliable Data Transfer Protocol)is selected in the network data of information sharing resources to realize the effectiveness of tamper prevention of air traffic control data during transmission.The results show that this method can reasonably avoid the tampering of information sharing on the Internet,maintain the security factors of air traffic control information sharing on the Internet,and the Central Processing Unit(CPU)utilization rate is only 4.64%,which effectively increases the performance of air traffic control data comprehensive security protection system.展开更多
With more and more IoT terminals being deployed in various power grid business scenarios,terminal reliability has become a practical challenge that threatens the current security protection architecture.Most IoT termi...With more and more IoT terminals being deployed in various power grid business scenarios,terminal reliability has become a practical challenge that threatens the current security protection architecture.Most IoT terminals have security risks and vulnerabilities,and limited resources make it impossible to deploy costly security protection methods on the terminal.In order to cope with these problems,this paper proposes a lightweight trust evaluation model TCL,which combines three network models,TCN,CNN,and LSTM,with stronger feature extraction capability and can score the reliability of the device by periodically analyzing the traffic behavior and activity logs generated by the terminal device,and the trust evaluation of the terminal’s continuous behavior can be achieved by combining the scores of different periods.After experiments,it is proved that TCL can effectively use the traffic behaviors and activity logs of terminal devices for trust evaluation and achieves F1-score of 95.763,94.456,99.923,and 99.195 on HDFS,BGL,N-BaIoT,and KDD99 datasets,respectively,and the size of TCL is only 91KB,which can achieve similar or better performance than CNN-LSTM,RobustLog and other methods with less computational resources and storage space.展开更多
As a progressive security strategy,the zero trust model has attracted notable attention and importance within the realm of network security,especially in the context of the Internet of Things(IoT).This paper aims to e...As a progressive security strategy,the zero trust model has attracted notable attention and importance within the realm of network security,especially in the context of the Internet of Things(IoT).This paper aims to evaluate the current research regarding zero trust and to highlight its practical applications in the IoT sphere through extensive bibliometric analysis.We also delve into the vulnerabilities of IoT and explore the potential role of zero trust security in mitigating these risks via a thorough review of relevant security schemes.Nevertheless,the challenges associated with implementing zero trust security are acknowledged.We provide a summary of these issues and suggest possible pathways for future research aimed at overcoming these challenges.Ultimately,this study aims to serve as a strategic analysis of the zero trust model,intending to empower scholars in the field to pursue deeper and more focused research in the future.展开更多
Zero trust architecture(ZTA)is a paradigm shift in how we protect data,stay connected and access resources.ZTA is non-perimeter-based defence,which has been emerging as a promising revolution in the cyber security fie...Zero trust architecture(ZTA)is a paradigm shift in how we protect data,stay connected and access resources.ZTA is non-perimeter-based defence,which has been emerging as a promising revolution in the cyber security field.It can be used to continuously maintain security by safeguarding against attacks both from inside and outside of the network system.However,ZTA automation and orchestration,towards seamless deployment on real-world networks,has been limited to be reviewed in the existing literature.In this paper,we first identify the bottlenecks,discuss the background of ZTA and compare it with traditional perimeter-based security architectures.More importantly,we provide an in-depth analysis of state-of-the-art AI techniques that have the potential in the automation and orchestration of ZTA.Overall,in this review paper,we develop a foundational view on the challenges and potential enablers for the automation and orchestration of ZTA.展开更多
等级保护2.0(以下简称“等保2.0”)对数据中心信息安全架构提出了合规与技术要求。文章构建四层联动架构模型,涵盖网络安全、计算环境、应用数据与安全运营4个层面,通过引入零信任访问控制、虚拟化隔离机制、数据全生命周期防护及安全...等级保护2.0(以下简称“等保2.0”)对数据中心信息安全架构提出了合规与技术要求。文章构建四层联动架构模型,涵盖网络安全、计算环境、应用数据与安全运营4个层面,通过引入零信任访问控制、虚拟化隔离机制、数据全生命周期防护及安全编排自动化响应(Security Orchestration Automation and Response,SOAR)机制,提出了一套面向等保2.0的优化实施方案。实验结果表明,优化架构在检测率、响应效率、资源占用等关键指标上相较传统架构均有显著提升。因此,优化架构具备良好的工程适配性与合规落地能力。展开更多
基金supported by the National Natural Science Foundation of China(Grants Nos.62473146,62072249 and 62072056)the National Science Foundation of Hunan Province(Grant No.2024JJ3017)+1 种基金the Hunan Provincial Key Research and Development Program(Grant No.2022GK2019)by the Researchers Supporting Project Number(RSP2024R509),King Saud University,Riyadh,Saudi Arabia.
文摘In the context of an increasingly severe cybersecurity landscape and the growing complexity of offensive and defen-sive techniques,Zero Trust Networks(ZTN)have emerged as a widely recognized technology.Zero Trust not only addresses the shortcomings of traditional perimeter security models but also consistently follows the fundamental principle of“never trust,always verify.”Initially proposed by John Cortez in 2010 and subsequently promoted by Google,the Zero Trust model has become a key approach to addressing the ever-growing security threats in complex network environments.This paper systematically compares the current mainstream cybersecurity models,thoroughly explores the advantages and limitations of the Zero Trust model,and provides an in-depth review of its components and key technologies.Additionally,it analyzes the latest research achievements in the application of Zero Trust technology across various fields,including network security,6G networks,the Internet of Things(IoT),and cloud computing,in the context of specific use cases.The paper also discusses the innovative contributions of the Zero Trust model in these fields,the challenges it faces,and proposes corresponding solutions and future research directions.
基金supported by the National Natural Science Foundation of China(U22B2026)the ZTE Industry-Academia-Research Project(HC-CN-20221029003,IA20230628015)。
文摘With the introduction of 5G,users and devices can access the industrial network from anywhere in the world.Therefore,traditional perimeter-based security technologies for industrial networks can no longer work well.To solve this problem,a new security model called Zero Trust(ZT)is desired,which believes in“never trust and always verify”.Every time the asset in the industrial network is accessed,the subject is authenticated and its trustworthiness is assessed.In this way,the asset in industrial network can be well protected,whether the subject is in the internal network or the external network.However,in order to construct the zero trust model in the 5G Industrial Internet collaboration system,there are still many problems to be solved.In this paper,we first introduce the security issues in the 5G Industrial Internet collaboration system,and illustrate the zero trust architecture.Then,we analyze the gap between existing security techniques and the zero trust architecture.Finally,we discuss several potential security techniques that can be used to implement the zero trust model.The purpose of this paper is to point out the further direction for the realization of the Zero Trust Architecture(ZTA)in the 5G Industrial Internet collaboration system.
文摘As industrialization and informatization in China deeply integrate and the Internet of Things rapidly develops,industrial control systems are facing increasingly severe information security challenges.The industrial control system of the gas extraction plant is characterized by numerous points and centralized operations,with a strong reliance on the system and stringent real-time requirements.
基金supported in part by Scientific Research Fund of Zhejiang Provincial Education Department under Grant Y202351110in part by Huzhou Science and Technology Plan Project under Grant 2024YZ23+1 种基金in part by Research Fund of National Key Laboratory of Advanced Communication Networks under Grant SCX23641X004in part by Postgraduate Research and Innovation Project of Huzhou University under Grant 2024KYCX50.
文摘Zero Trust Network(ZTN)enhances network security through strict authentication and access control.However,in the ZTN,optimizing flow control to improve the quality of service is still facing challenges.Software Defined Network(SDN)provides solutions through centralized control and dynamic resource allocation,but the existing scheduling methods based on Deep Reinforcement Learning(DRL)are insufficient in terms of convergence speed and dynamic optimization capability.To solve these problems,this paper proposes DRL-AMIR,which is an efficient flow scheduling method for software defined ZTN.This method constructs a flow scheduling optimization model that comprehensively considers service delay,bandwidth occupation,and path hops.Additionally,it balances the differentiated requirements of delay-critical K-flows,bandwidth-intensive D-flows,and background B-flows through adaptiveweighting.Theproposed framework employs a customized state space comprising node labels,link bandwidth,delaymetrics,and path length.It incorporates an action space derived fromnode weights and a hybrid reward function that integrates both single-step and multi-step excitation mechanisms.Based on these components,a hierarchical architecture is designed,effectively integrating the data plane,control plane,and knowledge plane.In particular,the adaptive expert mechanism is introduced,which triggers the shortest path algorithm in the training process to accelerate convergence,reduce trial and error costs,and maintain stability.Experiments across diverse real-world network topologies demonstrate that DRL-AMIR achieves a 15–20%reduction in K-flow transmission delays,a 10–15%improvement in link bandwidth utilization compared to SPR,QoSR,and DRSIR,and a 30%faster convergence speed via adaptive expert mechanisms.
基金supported in part by the National Natural Science Foundation of China(No.61702067)in part by the Natural Science Foundation of Chongqing(No.cstc2020jcyj-msxmX0343).
文摘Zero trust architecture is an end-to-end approach for server resources and data security which contains identity authentication,access control,dynamic evaluation,and so on.This work focuses on authentication technology in the zero trust network.In this paper,a Traceable Universal Designated Verifier Signature(TUDVS) is used to construct a privacy-preserving authentication scheme for zero trust architecture.Specifically,when a client requests access to server resources,we want to protect the client's access privacy which means that the server administrator cannot disclose the client's access behavior to any third party.In addition,the security of the proposed scheme is proved and its efficiency is analyzed.Finally,TUDVS is applied to the single packet authorization scenario of the zero trust architecture to prove the practicability of the proposed scheme.
文摘The adoption of Cloud Computing services in everyday business life has grown rapidly in recent years due to the many benefits of this paradigm. The various collaboration tools offered by Cloud Computing have eliminated or reduced the notion of distance between entities of the same company or between different organizations. This has led to an increase in the need to share resources (data and services). Community Cloud environments have thus emerged to facilitate interactions between organizations with identical needs and with specific and high security requirements. However, establishing trust and secure resource sharing relationships is a major challenge in this type of complex and heterogeneous environment. This paper proposes a trust assessment model (SeComTrust) based on the Zero Trust cybersecurity strategy. First, the paper introduces a community cloud architecture subdivided into different security domains. Second, it presents a process for selecting a trusted organization for an exchange based on direct or recommended trust value and reputation. Finally, a system for promoting or relegating organizations in the different security domains is applied. Experimental results show that our model guarantees the scalability of a community cloud with a high success rate of secure and quality resource sharing.
文摘Cybercrime is projected to cost a whopping $23.8 Trillion by 2027. This is essentially because there’s no computer network that’s not vulnerable. Fool-proof cybersecurity of personal data in a connected computer is considered practically impossible. The advent of quantum computers (QC) will worsen cybersecurity. QC will be a boon for data-intensive industries by drastically reducing the computing time from years to minutes. But QC will render our current cryptography vulnerable to quantum attacks, breaking nearly all modern cryptographic systems. Before QCs with sufficient qubits arrive, we must be ready with quantum-safe strategies to protect our ICT infrastructures. Post-quantum cryptography (PQC) is being aggressively pursued worldwide as a defence from the potential Q-day threat. NIST (National Institute of Standards and Technology), in a rigorous process, tested 82 PQC schemes, 80 of which failed after the final round in 2022. Recently the remaining two PQCs were also cracked by a Swedish and a French team of cryptographers, placing NIST’s PQC standardization process in serious jeopardy. With all the NIST-evaluated PQCs failing, there’s an urgent need to explore alternate strategies. Although cybersecurity heavily relies on cryptography, recent evidence indicates that it can indeed transcend beyond encryption using Zero Vulnerability Computing (ZVC) technology. ZVC is an encryption-agnostic absolute zero trust (AZT) approach that can potentially render computers quantum resistant by banning all third-party permissions, a root cause of most vulnerabilities. Unachievable in legacy systems, AZT is pursued by an experienced consortium of European partners to build compact, solid-state devices that are robust, resilient, energy-efficient, and with zero attack surface, rendering them resistant to malware and future Q-Day threats.
基金This work was supported by National Natural Science Foundation of China(U2133208,U20A20161).
文摘The traditional air traffic control information sharing data has weak security characteristics of personal privacy data and poor effect,which is easy to leads to the problem that the data is usurped.Starting from the application of the ATC(automatic train control)network,this paper focuses on the zero trust and zero trust access strategy and the tamper-proof method of information-sharing network data.Through the improvement of ATC’s zero trust physical layer authentication and network data distributed feature differentiation calculation,this paper reconstructs the personal privacy scope authentication structure and designs a tamper-proof method of ATC’s information sharing on the Internet.From the single management authority to the unified management of data units,the systematic algorithm improvement of shared network data tamper prevention method is realized,and RDTP(Reliable Data Transfer Protocol)is selected in the network data of information sharing resources to realize the effectiveness of tamper prevention of air traffic control data during transmission.The results show that this method can reasonably avoid the tampering of information sharing on the Internet,maintain the security factors of air traffic control information sharing on the Internet,and the Central Processing Unit(CPU)utilization rate is only 4.64%,which effectively increases the performance of air traffic control data comprehensive security protection system.
基金supported by National Key R&D Program of China(No.2022YFB3105101).
文摘With more and more IoT terminals being deployed in various power grid business scenarios,terminal reliability has become a practical challenge that threatens the current security protection architecture.Most IoT terminals have security risks and vulnerabilities,and limited resources make it impossible to deploy costly security protection methods on the terminal.In order to cope with these problems,this paper proposes a lightweight trust evaluation model TCL,which combines three network models,TCN,CNN,and LSTM,with stronger feature extraction capability and can score the reliability of the device by periodically analyzing the traffic behavior and activity logs generated by the terminal device,and the trust evaluation of the terminal’s continuous behavior can be achieved by combining the scores of different periods.After experiments,it is proved that TCL can effectively use the traffic behaviors and activity logs of terminal devices for trust evaluation and achieves F1-score of 95.763,94.456,99.923,and 99.195 on HDFS,BGL,N-BaIoT,and KDD99 datasets,respectively,and the size of TCL is only 91KB,which can achieve similar or better performance than CNN-LSTM,RobustLog and other methods with less computational resources and storage space.
基金supported by the Youth Innovation Promotion Association CAS,the Foundation Strengthening Program Technical Area Fund(No.2021-JCJQJJ-0908)the Climbing Program of the Institute of Information Engineering,Chinese Academy of Sciences(No.E3Z0071116)the Key Laboratory of Network Assessment Technology at Chinese Academy of Sciences and Beijing Key Laboratory of Network security and Protection Technology.
文摘As a progressive security strategy,the zero trust model has attracted notable attention and importance within the realm of network security,especially in the context of the Internet of Things(IoT).This paper aims to evaluate the current research regarding zero trust and to highlight its practical applications in the IoT sphere through extensive bibliometric analysis.We also delve into the vulnerabilities of IoT and explore the potential role of zero trust security in mitigating these risks via a thorough review of relevant security schemes.Nevertheless,the challenges associated with implementing zero trust security are acknowledged.We provide a summary of these issues and suggest possible pathways for future research aimed at overcoming these challenges.Ultimately,this study aims to serve as a strategic analysis of the zero trust model,intending to empower scholars in the field to pursue deeper and more focused research in the future.
文摘Zero trust architecture(ZTA)is a paradigm shift in how we protect data,stay connected and access resources.ZTA is non-perimeter-based defence,which has been emerging as a promising revolution in the cyber security field.It can be used to continuously maintain security by safeguarding against attacks both from inside and outside of the network system.However,ZTA automation and orchestration,towards seamless deployment on real-world networks,has been limited to be reviewed in the existing literature.In this paper,we first identify the bottlenecks,discuss the background of ZTA and compare it with traditional perimeter-based security architectures.More importantly,we provide an in-depth analysis of state-of-the-art AI techniques that have the potential in the automation and orchestration of ZTA.Overall,in this review paper,we develop a foundational view on the challenges and potential enablers for the automation and orchestration of ZTA.
文摘等级保护2.0(以下简称“等保2.0”)对数据中心信息安全架构提出了合规与技术要求。文章构建四层联动架构模型,涵盖网络安全、计算环境、应用数据与安全运营4个层面,通过引入零信任访问控制、虚拟化隔离机制、数据全生命周期防护及安全编排自动化响应(Security Orchestration Automation and Response,SOAR)机制,提出了一套面向等保2.0的优化实施方案。实验结果表明,优化架构在检测率、响应效率、资源占用等关键指标上相较传统架构均有显著提升。因此,优化架构具备良好的工程适配性与合规落地能力。
