零信任新型网络安全架构致力于保证物联网(Internet of Things,IoT)终端设备的接入安全.针对设备的异构性以及网络接收数据的实时性导致网络攻击增多且无法有效防御的问题,本文提出一种动态、主动地确定设备安全可信的评估方法用于评判接入设备的实时可信性.将数学中的变化率思想引入信任分析中,基于信任区间和变化率形成3个属性集:离散区间、变化范围和变化频率.通过计算实体信任值的上述属性,得到实体的信任状况,并从完备性、准确性和客观性3个层面对终端实体的信任状况进行全面评估.在减少加密等手段的前提下,上述方法可以从数据的角度对终端设备的信任状态进行评估,该评估方法可以为零信任网络安全架构的动态授权等过程提供更加客观、准确的依据.
Zero-trust Dynamic Evaluation Method for IoT Terminals
The zero trust network security architecture is committed to ensure the access security of Internet of Things(IoT)ter-minal devices.However,the heterogeneous nature of devices and the real-time nature of the data received by the network lead to the increase of network attacks and cannot be effectively defended.Therefore,we propose a method that can effectively and ac-tively determine safety.This paper introduces the idea of rate of change in mathematics into trust analysis,and forms three attri-bute sets based on trust interval and rate of change:discrete interval,change range,and change frequency.By calculating the above attributes of the entity's trust value,the entity's trust situation is obtained,and an overall assessment of the terminal en-tity's trust situation is made from the three levels of completeness,accuracy and objectivity.Under the premise of reducing en-cryption and other means,the above method can evaluate the trust state of the IoT terminal from the perspective of the data,and this evaluation method can provide a basis for the judgment of the IoT terminal more objectively and accurately.
万方数据
维普
