摘要
为了应对传统网络安全服务交易模型面临的众多挑战,适应产业数字化发展的需求,克服网络安全服务交易不方便、不透明的困难,提出了一种安全可信的基于区块链的网络安全服务交易模型,为网络安全服务提供安全、高效和可控的交易方式。通过网络安全服务的分类和全生命周期管理,引入双链结构和智能合约,旨在提高网络安全服务的可追溯性、透明性和安全性。首先,对网络安全服务进行多维度的分类,包括使用权、许可权、控制权和所有权,有助于更清晰地理解和有效地管理这些服务。进一步,构建服务链,以实现网络安全服务的全生命周期管理,包括创建、发布、配置、运行、维护、更新和结束等关键阶段,从而提高网络安全服务的可追溯性和透明性。此外,构建交易链用于自动化的服务交易,形成先服务后支付模式,确保交易的安全性和完整性。最后,通过实例与实验验证了这些组件在网络安全服务交易中的有效性和可信性。
To overcome the numerous challenges faced by traditional models of cybersecurity service transactions,adapt to the needs of industrial digitalization,and address the inconveniences and opacity of cybersecurity service transactions,a secure and trustworthy blockchain-based model for cybersecurity service transactions was proposed,which could provide a secure,efficient,and controllable means of transaction for cybersecurity services.By categorizing cybersecurity services and managing the full lifecycle,and incorporating a dual-chain structure and smart contracts,the model sought to enhance the traceability,transparency,and security of cybersecurity services.Firstly,cybersecurity services were categorized into multiple dimensions,including usage rights,licensing rights,control rights,and ownership rights,to aid in clearer understanding and effective management of these services.Furthermore,a service chain was constructed for the full lifecycle management of cybersecurity services,covering key stages such as creation,publication,configuration,operation,maintenance,updating,and termination,thereby improving cybersecurity service traceability and transparency.In addition,a transaction chain was established for automated service transactions,adopting a post-service payment model to ensure the security and integrity of transactions.Finally,the effectiveness and trustworthiness of these components in cybersecurity service transactions were validated through case studies and experiments.
作者
朴桂荣
朱建明
PIAO Guirong;ZHU Jianming(School of Information,Central University of Finance and Economics,Beijing 102206,China)
出处
《通信学报》
EI
CSCD
北大核心
2024年第9期68-81,共14页
Journal on Communications
基金
国家自然科学基金资助项目(No.62372493)。
关键词
网络安全服务
区块链
双链
交易模型
全生命周期管理
cybersecurity service
blockchain
dual-chain
transaction model
full lifecycle management
