| In the informatization and intelligent transformation represented by 5G/6G,the interaction between the information world and the physical world is increasingly close,and heterogeneous entities with complex identity information play a huge role in the network.Due to the anonymity of the identities of a large number of heterogeneous entities,access control methods are used to prevent malicious entities from illegally accessing and using data resources.However,due to the large scale of entities and complex multi-layered system tasks,malicious access outside and inside the system still threatens the security of data all the time.Therefore,in view of the development trend of diversification of entity types and large-scale quantity,continuous and effective access control research is urgently needed.Continuous access control can combine device security,link security,and application security to continuously monitor the status of network entities in the system.Around the continuous access control scheme,academia and industry have achieved many research results in related technologies such as identity construction and authentication,access control,and zero trust architecture.However,the existing continuous access control solutions lack to deal with the problems that large-scale entity security access leads to performance degradation and excessive authentication and access control leads to entity business discontinuity.Aiming at the identity management and continuous access control of large-scale network entities,this thesis studies the construction of multiple identities and combined authentication methods for resource-sensitive entities and the continuous access control method based on task status.Aiming at the problem of resource conflict and performance degradation caused by the lack of security access of large-scale entities in the identity management scheme,this thesis introduces the multi-dimensional and multi-level identity features of entities and establishes the corresponding relationship between hierarchical resources and entity identities in the spatial dimension.A resource-sensitive entity multi-identity security model is designed,and a multi-identity construction and combined authentication scheme for large-scale entities are proposed.The queuing theory model and related theoretical analysis show that this scheme can flexibly adapt to different access requirements of large-scale entities,and provide authentication services for network entities with more than 30 000 requests.Aiming at the problem that the entity authentication and control steps in the continuous access control scheme are too cumbersome to cause business discontinuity,this thesis uses the idea of zero trust network,and proposes a multi-entity spatiotemporal continuous behavior state slicing method and a finite state machine-based entity according to the continuity of entity behavior.The behavior modeling method,combined with the multiidentity construction and combined authentication scheme for large-scale entities,designs a continuous access control scheme based on task status from the time dimension.Through theoretical analysis and experimental verification,the scheme in this thesis can effectively protect the access security of the system and improve the business continuity of the system.Compared with the traditional scheme based on CA certification,the interruption time is reduced by about 47.4%.Based on the above research,this thesis designs and implements a continuous access control prototype system for large-scale network entities by using virtualization technologies such as containers,identity construction,and multi-service queues.Through the management and control of large-scale entities and resources,the system can adapt to the authentication and management of large-scale network entities under the continuous access control scheme,which verifies the stability and availability of the research scheme.Application,effectively improve the security and efficiency of the system. |
PDF Full Text Request