摘要: 針對(duì)電網(wǎng)企業(yè)在內(nèi)網(wǎng)環(huán)境下應(yīng)用系統(tǒng)訪(fǎng)問(wèn)出現(xiàn)安全問(wèn)題,,結(jié)合傳統(tǒng)訪(fǎng)問(wèn)控制機(jī)制,,提出了一種基于軟件定義邊界(Software Defined Perimeter,,SDP)的用戶(hù)多維度數(shù)據(jù)身份驗(yàn)證模型。首先分析了當(dāng)前電網(wǎng)企業(yè)應(yīng)用系統(tǒng)中訪(fǎng)問(wèn)控制模型存在的不足,,然后對(duì)現(xiàn)有的模型引入信任的屬性,,依照最小化授權(quán)方式,建立每個(gè)人與公司業(yè)務(wù)系統(tǒng)的對(duì)應(yīng)關(guān)系,,創(chuàng)建千人千面的安全軟邊界網(wǎng)關(guān),。實(shí)際應(yīng)用和理論分析表明,該模型可以實(shí)現(xiàn)用戶(hù)只能看到被授權(quán)訪(fǎng)問(wèn)的應(yīng)用,,建立強(qiáng)信任,、強(qiáng)可控、強(qiáng)防護(hù)的新安全架構(gòu),,有效保護(hù)電網(wǎng)企業(yè)的各類(lèi)應(yīng)用系統(tǒng),。
Application of software definition boundary security model in power grid enterprise system
Wen Xing
(China Southern Power Grid EHV Power Transmission Company Information and Communication Center,Guangzhou 510663,China)
Abstract: Aiming at the security problem of application system access in power grid enterprises under intranet environment,a user multidimensional data authentication model based on Software Defined Perimeter (SDP) is proposed in combination with traditional access control mechanism.Firstly,the shortcomings of access control model in current power grid enterprise application system are analyzed.Then,the attribute of trust is introduced into the existing model.According to the minimal authorization method,the corresponding relationship between each person and the company business system is established,and a secure soft boundary gateway with thousands of people and thousands of faces is created.Practical application and theoretical analysis show that the model can achieve the application that users can only see authorized access,and establish a new security architecture with strong trust,strong control and strong protection,which can effectively protect various application systems of power grid enterprises.
Key words : grid enterprise;access control;minimizing authorization;software definition boundary