| The traditional boundary-based network security model focuses on the boundary security,which leads to the lack of global security protection of the network,resulting in increasingly prominent security problems.This paper focuses on designing a dynamic access control mechanism based on zero trust architecture,improving the traditional static access control mechanism,and realizing the access control model of continuous trust evaluation,dynamic authorization,and effectively ensuring the global security of the network.The main work of this paper includes:(1)To solve the difficulties in certificate management and maintenance existing in the traditional certificate-based identity authentication mechanism,this paper proposes an identity-based secure and lightweight mutual authentication mechanism.By introducing the blockchain to decentralize the centralized private key generation center to solve the single point bottleneck and the risk of key leakage.Through safety analysis and simulation evaluation,the performance of this scheme is analyzed.(2)For the user trust evaluation mechanism in zero trust architecture,this paper designs a multi-dimensional user trust evaluation model to achieve a real and fine-grained evaluation of the user’s trust value by fully considering the user dimension,device dimension and user behavior dimension.The mechanism is evaluated on a real user behavior dataset.(3)To improve the traditional binary static access control policy determination method based on pre-assignment of roles and permissions,this paper designs a dynamic access control mechanism based on user trust.Dynamic authorization is required for each access request of the access subject.(4)In this paper,a prototype system for the zero-trust-based dynamic access control mechanism is constructed.The system meets the main functions of the mechanism and some functional tests is conducted. |
PDF Full Text Request