Research On Access Control Mechanism Based On Blockchain In Zero Trust Network

With the development of a new generation of information technologies such as the Internet,cloud computing and big data,the network structure has become more and more complex.The traditional perimeter-based network security model has been unable to deal with the threats under the new network,zero trust network arises at the historic moment.The security concept of zero trust network is "always distrust,verify everywhere",any access subject in the network will not be trusted when accessing,and continuous verification and evaluation are carried out through the dynamic access control mechanism,which poses new challenges to access control.In addition,identity management is the foundation of zero-trust networks.At present,identity management systems of different architectures coexist in the network,so it is difficult to manage massive,cross-domain and polymorphic user identities,which brings great inconvenience to the implementation of access control.How to implement an identity-centric access control mechanism in a zero-trust network is an urgent problem to be solved.The emergence of blockchain technology provides new ideas for building a new access control mechanism in a zero-trust network.Blockchain technology has the characteristics of decentralization,tamper-proof and traceability,and the characteristics of blockchain can provide a more reliable security guarantee for zero trust networks.In recent years,there have been a large number of studies on the combination of blockchain technology with identity management and access control.Although it effectively solves the problems such as single point of failure inherent in the traditional centralized model.It is essentially based on the network boundary for security defense,without breaking the "verify once,always trust" security model,which is difficult to apply to zero trust network.Therefore,this paper studies the identity management model and access control mechanism in zero trust network based on blockchain technology.and the specific work is as follows:(1)Aiming at the problem that it is difficult to manage the massive,cross-domain and polymorphic user identities in zero-trust network,this paper proposes a trusted identity management model based on master-slave multi-chain.By designing unified identities and creating on-chain identity credentials for users in different identity management systems,functions such as identity registration,authentication,association,and cross-domain access are realized,providing a unified identity management method for zero-trust networks.Through experimental analysis,this model effectively improves the overall efficiency and storage capacity of the model by processing requests in parallel with multiple slave chains and storing identity information,,which proves the validity of the proposed identity management model.(2)In view of the problem that the current access control technology is difficult to meet the zerotrust network security concept,this paper designs a blockchain and risk assessment based access control.With the help of blockchain and smart contract technology,distributed attribute-based access control is realized.Using machine learning technology,an access risk assessment model is constructed,which realizes continuous and accurate assessment of the access risk of the access subject in the network.Combined with access control contracts,a zero-trust network provides a dynamic,fine-grained and flexible access control mechanism,which effectively guarantees the security of resources in the network.The access risk assessment model is analyzed through experiments to prove the feasibility of the proposed access control mechanism.(3)In order to support the transformation of enterprises from the traditional network security model to the zero-trust network model,based on the identity management model and access control mechanism proposed above,a blockchain-based access control system in the zero-trust network is implemented,which provides a strong guarantee for the security of internal resources of the enterprise.The feasibility of the above work in practical application is verified by testing the system functions.