Research On Fine-grained Dynamic Access Control Of Distribution IoT Based On Zero Trust

As a bridge between power production and power users,distribution Internet of Things(IoT)plays a crucial role in power system.It is not only responsible for monitoring,controlling and protecting power equipment,but also can realize the effective matching of power production and demand,and improve the operation efficiency and reliability of power system.Access control is one of the indispensable services for any information system that is responsible for protecting the underlying data from attacks.The business system of the distribution Internet of Things is complex,involving various types of business,various types of terminals,and different requirements for access control of various terminals and businesses.How to change the access control results of the subject to the object according to the entity behavior or environmental changes,and establish a zero-trust security architecture suitable for the distribution Internet of Things business is of great importance.To solve the above problems,based on the idea of zero trust,this thesis studies the fine-grained dynamic access control of distribution Internet of Things environment.It designs and implements Zero Trust-Risk Adaptable Access Control(ZT-RAdAC)and a kind of ZT-RAdAC access control strategy generation method based on KformerXL.The access control system of distribution Internet of Things based on ZT-RAdAC is built.The specific research content of this thesis is as follows:1.Aiming at the problem that network attacks caused by identity theft in the distribution Internet of Things cannot be perceived,a fine-grained dynamic access control model based on zero trust is proposed to improve the security of the system.According to the evaluation index of the model,the model is evaluated,and the analysis shows that the model can effectively reduce attacks from insiders and has high flexibility.2.Aiming at the problem of "single point attack,global loss of control" in distribution Internet of things,a fine-grained dynamic access control method is proposed,which integrates attribute and risk-value decision,to prevent unauthorized access and malicious attacks by legitimate terminals with abnormal behaviors.The core of this method is to dynamically update the access control policy based on the policy generated by Kformer-XL to realize the dynamic permission granting or blocking control and disposal of untrusted subjects.The experimental results show that the method can accurately identify the business behavior pattern of the access subject,and continuously monitor it according to its runtime time characteristics,which guarantees the continuous credibility of the access subject.3.Aiming at the engineering application of zero-trust architecture in the access control system of distribution Internet of Things,this thesis constructs the core components of the security architecture and designs the corresponding security protection process.By studying the key technologies and achievements,the security protection level of distribution Internet of Things access control system is successfully improved,which provides important support for solving the security problems in this field.