| 铁路云平台细粒度访问控制方案研究 |
| |
| 引用本文: | 锁向荣,齐胜,张悦斌,朱贺. 铁路云平台细粒度访问控制方案研究[J]. 铁路计算机应用, 2021, 30(4): 45-49 |
| |
| 作者姓名: | 锁向荣 齐胜 张悦斌 朱贺 |
| |
| 作者单位: | 1.中铁信息工程集团有限公司,北京 100044 |
| |
| 基金项目: | 城市轨道交通系统安全保障技术国家工程实验室项目(发改办高技[2016]583号) |
| |
| 摘 要: | 为进一步提高铁路云平台网络安全防护能力,参照信息系统安全等级保护的有关要求,在铁路云平台网络安全保障体系框架下,提出一种铁路云平台细粒度访问控制方案;该方案采用零信任访问控制策略,由代理程序、数据总线、安全网关和安全模块4个部件协同完成安全的数据传输,利用标记技术实现域内和跨域的细粒度强制访问控制,在保持原有安全部署的...
|
| 关 键 词: | 铁路云平台 网络安全防护 细粒度访问控制 零信任 标记技术 强制访问控制 |
| 收稿时间: | 2020-10-10 |
Research on fine-grained access control scheme of railway cloud platform |
| |
| Affiliation: | 1.SinoRail Information Engineering Group, Beijing 100044, China2.SinoRail (Beijing) Network Technology Research Institute, Beijing 100044, China |
| |
| Abstract: | In order to further improve the ability of network security protection of railway cloud platform, a fine-grained access control scheme of railway cloud platform is put forward in the framework of network security protection syetem for railway cloud platform according to the basline of classified protection of information system security. By adopting zero trust access control policy, secure data trassimission is completed through the interaction of four major components including the agent, data bus, security gateway and security module. Besides, labeling technique is adopted to realize fine-grained mandatory access control in and across domains, effectively improving the security protection ability of the cloud platform while maintaining the existing deployment of security protection. |
| |
| Keywords: | |
|
| 点击此处可从《铁路计算机应用》浏览原始摘要信息 |
|
点击此处可从《铁路计算机应用》下载免费的PDF全文 |
|
