摘要
随着云计算、移动办公等技术的普及,企业网络结构变得复杂.传统的网络安全模型基于边界防护的思想,无法适应当前的需求.零信任是一种新的网络安全模型,不区分内外网,所有实体访问资源均需要认证、授权,能够用于防护边界日益模糊的网络.给出了零信任的定义,介绍了零信任的架构,分析了其依赖的核心技术,对代表性的几个零信任方案进行了对比分析,并总结了发展现状,指出了该领域中需要重点关注的研究方向,可为零信任的研究与应用提供参考.
With the popularization of cloud computing,mobile office and other technologies,the enterprise network structure becomes complex.The traditional network security model is based on the idea of boundary protection,which can't meet the current needs.Zero trust as a new network security model,which don't distinguish the internal and external networks,as well as all entities need authentication and authorization before accessing resources,which can be used to protect the network whose perimeter is increasingly fuzzy.This paper gives the definition of zero trust,introduces the architecture of zero trust,analyzes the core technology of zero trust,compares several representative zero trust schemes,summarizes the development status,points out the research direction needing attention in this field,which can provide reference for the research and application of zero trust.
作者
张宇
张妍
Zhang Yu;Zhang Yan(Beijing Certificate Authority,Beijing 100190)
出处
《信息安全研究》
2020年第7期608-614,共7页
Journal of Information Security Research
