Research On Key Technologies Of Zero Trust

With the application of new technologies such as cloud computing,big data and the Internet of things,the traditional network boundary security model has exposed many security problems.Zero trust access control realizes real-time access control based on the principle of minimum permission.The core part is the trust evaluation engine and decision engine.This paper studies and optimizes these two key components in the zero trust architecture,and constructs a mobile office use case system to verify the above results.The main contents of this paper are as follows:1.A dynamic access control model ZTBAC based on zero trust is proposed.The model performs access control based on the minimum permission principle and the principal trust value.The core of the model is the real-time calculation of subject trust value.This paper establishes a trust index system based on users,devices,applications and Threat Intelligence,uses the sliding window mechanism to ensure the effectiveness of trust value calculation,and uses the punishment mechanism and authority threshold dynamic adjustment mechanism to resist the trust accumulation attack;2.A dynamic policy management mechanism based on trust classification is proposed.In view of the fine-grained and dynamic characteristics of zero trust access control,which leads to the large scale of policy library and low query efficiency,this paper combines the rules through the rule merging algorithm,and calculates the trust value distribution function of the visiting subject by using the nonparametric kernel density estimation.According to this,the policy set is divided and the index table is constructed for it,which reduces the scale of policy Library in the matching process,and realizes the dynamic management of strategy library,The efficiency of policy matching and the dynamics of the whole policy management mechanism have been significantly improved.3.A mobile office architecture is constructed based on ZTBAC model,and the main business processes are given.Based on the use case system,the trust system of ZTBAC model and the optimized policy evaluation method are experimentally verified.The results show that the above trust system can safely and completely evaluate the access subject,and the timeliness of the optimized policy evaluation process has been greatly improved.This paper studies the key technologies of zero trust.As a model based on zero trust,the proposed ZTBAC model realizes the trust evaluation of the visiting subject,and optimizes the timeliness of decision-making,which provides ideas for subsequent research.