CN116319026A - Trust assessment method and device in zero-trust architecture and electronic equipment - Google Patents

Trust assessment method and device in zero-trust architecture and electronic equipment Download PDF

Info

Publication number
CN116319026A
CN116319026A CN202310294903.4A CN202310294903A CN116319026A CN 116319026 A CN116319026 A CN 116319026A CN 202310294903 A CN202310294903 A CN 202310294903A CN 116319026 A CN116319026 A CN 116319026A
Authority
CN
China
Prior art keywords
trust
evaluation
access
model
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310294903.4A
Other languages
Chinese (zh)
Inventor
吴大明
王秀娟
梁凯
刘祥松
高峰
张志超
轩晓荷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Ultrapower Information Safety Technology Co ltd
Ultrapower Software Co ltd
Original Assignee
Beijing Ultrapower Information Safety Technology Co ltd
Ultrapower Software Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Ultrapower Information Safety Technology Co ltd, Ultrapower Software Co ltd filed Critical Beijing Ultrapower Information Safety Technology Co ltd
Priority to CN202310294903.4A priority Critical patent/CN116319026A/en
Publication of CN116319026A publication Critical patent/CN116319026A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a trust evaluation method and device in a zero trust architecture and electronic equipment. The method of the present application is performed by a continuous trust evaluation center comprising: receiving a trust evaluation request; according to the trust evaluation request, a trust evaluation model and risk data corresponding to the trust evaluation model are obtained, wherein the trust evaluation model comprises an access subject trust evaluation model and an access object security level evaluation model; performing continuous trust evaluation on corresponding risk data by using the obtained trust evaluation model to obtain a trust score; and generating an access control strategy corresponding to the trust evaluation request according to the trust score so as to control the access behavior of the user according to the generated access control strategy. The technical scheme of the method and the device can improve the accuracy of trust evaluation in the access process.

Description

Trust assessment method and device in zero-trust architecture and electronic equipment
Technical Field
The present disclosure relates to the field of network information security technologies, and in particular, to a trust evaluation method and apparatus in a zero trust architecture, and an electronic device.
Background
The zero trust architecture is a planning of enterprise network security, and is constructed around the component relation, workflow planning and access strategy based on the zero trust concept. The zero trust architecture narrows the boundaries of network defenses to a single or smaller set of resources, whose central intent is that the enterprise should not automatically trust anyone/thing inside or outside, that the system should not be granted full trust rights based on physical or network location, that any person/thing attempting to access the enterprise system should be verified before authorization, that access to the application asset should only be granted when required by the application asset.
The zero trust architecture generally includes three parts, a trusted access client, a trusted access control gateway, and a persistent trust evaluation center, wherein the persistent trust evaluation center is a policy maker, an allocator, is a manager of users, clients, gateways, and protected application assets, and is the security brain of the zero trust architecture. The safety protection problem based on the zero trust architecture is not mature at present, and particularly, a continuous trust evaluation center cannot accurately perform risk evaluation on an access subject and an access object, so that potential risks exist in the access process.
Disclosure of Invention
In order to overcome at least one of the above-mentioned problems, embodiments of the present application provide a trust evaluation method, apparatus and electronic device in a zero-trust architecture, so as to improve accuracy of trust evaluation in an access control process.
The embodiment of the application adopts the following technical scheme:
in a first aspect, an embodiment of the present application provides a trust evaluation method in a zero trust architecture, performed by a continuous trust evaluation center, the method comprising:
receiving a trust evaluation request;
according to the trust evaluation request, a trust evaluation model and risk data corresponding to the trust evaluation model are obtained, wherein the trust evaluation model comprises an access subject trust evaluation model and an access object security level evaluation model;
performing continuous trust evaluation on corresponding risk data by using the obtained trust evaluation model to obtain a trust score;
and generating an access control strategy corresponding to the trust evaluation request according to the trust score so as to control the access behavior of the user according to the generated access control strategy.
Optionally, when the accessing subject trust evaluation model corresponds to accessing subject risk data and the trust evaluation model acquired according to the trust evaluation request includes accessing subject trust evaluation model, the performing continuous trust evaluation on the corresponding risk data by using the acquired trust evaluation model to obtain a trust score includes:
And carrying out terminal environment trust evaluation and user behavior trust evaluation on the access subject risk data by using the access subject trust evaluation model to obtain the trust score of the access subject.
Optionally, the access subject risk assessment model includes a terminal environment trust assessment sub-model and a user behavior trust assessment sub-model, and the performing terminal environment trust assessment and user behavior trust assessment on the access subject risk data by using the access subject trust assessment model to obtain a trust score of the access subject includes:
performing user identity credibility analysis, terminal environment risk credibility analysis and access network environment risk credibility analysis on the access subject risk data by using the terminal environment trust evaluation sub-model to obtain four-dimensional analysis results;
performing abnormal time login risk credibility analysis, abnormal IP login risk credibility analysis, multiple authentication failure risk credibility analysis, suspected violent cracking success credibility analysis, terminal user frequent login behavior credibility analysis, abnormal time period trial login risk credibility analysis, terminal multi-account login risk credibility analysis, abnormal time period access application asset risk credibility analysis and abnormal time period operation application asset risk credibility analysis on the access subject risk data by utilizing the user behavior trust evaluation sub-model to obtain nine-dimensional analysis results;
And obtaining the trust score of the access subject according to the analysis results of the four dimensions and the analysis results of the nine dimensions.
Optionally, the obtaining the trust score of the access subject according to the analysis results of the four dimensions and the analysis results of the nine dimensions includes:
acquiring trust weights corresponding to analysis results of each dimension based on a rule algorithm and/or an artificial intelligence algorithm;
and obtaining the trust score of the access subject according to the analysis result and the trust weight of each dimension.
Optionally, the accessing object security level assessment model corresponds to accessing object risk data, when the trust assessment model obtained according to the trust assessment request includes the accessing object security level assessment model, the performing continuous trust assessment on the corresponding risk data by using the obtained trust assessment model, to obtain a trust score, including:
and carrying out login value evaluation and basic value evaluation on the access object risk data by using the access object security level evaluation model to obtain the security level of the access object.
Optionally, the access object security level assessment model includes a login value assessment sub-model and a basic value assessment sub-model, and the using the access object security level assessment model to perform login value assessment and basic value assessment on the access object risk data, to obtain the security level of the access object includes:
Performing access object use value evaluation, access object attribution value evaluation, access object use stage value evaluation and access object sensitivity value evaluation on the access object risk data by using the login value evaluation submodel to obtain four-dimensional value evaluation results;
performing equal-insurance-level record value evaluation and policy requirement value evaluation on the access object risk data by using the basic value evaluation sub-model to obtain value evaluation results of two dimensions;
and obtaining the security level of the access object according to the value evaluation results of the four dimensions and the value evaluation results of the two dimensions.
Optionally, the obtaining the security level of the access object according to the value evaluation results of the four dimensions and the value evaluation results of the two dimensions includes:
acquiring a value weight corresponding to a value evaluation result of each dimension based on a rule algorithm and/or an artificial intelligence algorithm;
obtaining the value score of the access object according to the value evaluation result and the value weight of each dimension;
and acquiring the security level corresponding to the value score of the access object according to the preset mapping relation between the value score and the security level.
Optionally, the trust score includes a trust score of an access subject and a security level of an access object, and the generating the access control policy corresponding to the trust evaluation request according to the trust score includes:
generating a control decision according to the trust score of the access subject and the security level of the access object;
determining whether the control decision requires associated secondary authentication according to the type of the control decision;
and if the control decision needs to be associated with the secondary authentication, acquiring a configuration strategy, and carrying out authentication strategy configuration on the secondary authentication associated with the control decision according to the acquired configuration strategy to obtain the access control strategy corresponding to the trust evaluation request.
In a second aspect, an embodiment of the present application provides a trust evaluation apparatus in a zero trust architecture, applied to a continuous trust evaluation center, the apparatus comprising:
a request receiving unit for receiving a trust evaluation request;
the model acquisition unit is used for acquiring a trust evaluation model and risk data corresponding to the trust evaluation model according to the trust evaluation request, wherein the trust evaluation model comprises an access subject trust evaluation model and an access object security level evaluation model;
The trust evaluation unit is used for carrying out continuous trust evaluation on the corresponding risk data by using the acquired trust evaluation model to obtain a trust score;
and the policy generation unit is used for generating an access control policy corresponding to the trust evaluation request according to the trust score so as to control the access behavior of the user according to the generated access control policy.
In a third aspect, embodiments of the present application further provide an electronic device, including: a processor; and a memory arranged to store computer executable instructions that, when executed, cause the processor to perform a trust evaluation method in a zero trust architecture.
In a fourth aspect, embodiments of the present application also provide a computer-readable storage medium storing one or more programs that, when executed by an electronic device comprising a plurality of application programs, cause the electronic device to perform a trust evaluation method in a zero-trust architecture.
The above-mentioned at least one technical scheme that this application embodiment adopted can reach following beneficial effect:
the continuous trust evaluation center firstly acquires a trust evaluation model and risk data corresponding to the trust evaluation model according to a received trust evaluation request; then, carrying out continuous trust evaluation on the corresponding risk data by using the obtained trust evaluation model to obtain a trust score; and finally, generating an access control strategy corresponding to the trust evaluation request according to the trust score.
According to the continuous trust evaluation center, two types of trust evaluation models and risk data corresponding to each type of trust evaluation model are preset, so that reasonable customized trust evaluation can be performed on various access scenes in a zero trust architecture, the accuracy of trust evaluation of different access scenes is improved, the complexity of the models can be reduced through classifying the trust evaluation models, and the trust evaluation efficiency is improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute an undue limitation to the application. In the drawings:
FIG. 1 is a flow chart of a trust evaluation method in a zero trust architecture according to an embodiment of the present application;
FIG. 2 is a mathematical graph of accessing a subject trust evaluation model in an embodiment of the present application;
FIG. 3 is a mathematical graph of access to an object security level assessment model in an embodiment of the present application;
FIG. 4 is a control decision configuration chart according to an embodiment of the present application;
FIG. 5 is a schematic structural diagram of a trust evaluation device in a zero trust architecture according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an electronic device in an embodiment of the present application.
Detailed Description
For the purposes, technical solutions and advantages of the present application, the technical solutions of the present application will be clearly and completely described below with reference to specific embodiments of the present application and corresponding drawings. It will be apparent that the described embodiments are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
The embodiment of the application provides a trust evaluation method in a zero trust architecture, which is executed by a continuous trust evaluation center, as shown in fig. 1, and provides a flow diagram of the trust evaluation method in the zero trust architecture in the embodiment of the application, wherein the method at least comprises the following steps S110 to S140:
step S110, a trust evaluation request is received.
When trust evaluation is required, for example, when a user performs security management platform portal login, application asset access, application asset operation and the like in a zero-trust architecture, relevant equipment in the zero-trust architecture generates a trust evaluation request and sends the trust evaluation request to a continuous trust evaluation center, and the continuous trust evaluation center performs trust evaluation on an access subject and/or an access object according to the received trust evaluation request.
The present application is not limited to the scenario of performing trust evaluation, and may be executed in other scenarios such as login authentication, in addition to the scenario of portal login, application asset access, and application asset operation of the security management platform. Those skilled in the art can flexibly set the scene requiring trust evaluation according to the service requirement.
Step S120, according to the trust evaluation request, obtaining a trust evaluation model and risk data corresponding to the trust evaluation model, where the trust evaluation model includes an access subject trust evaluation model and an access object security level evaluation model.
It may be appreciated that the access subject in the embodiments of the present application includes a user and a terminal, and the access object includes an application asset. The trust evaluation model in the embodiment of the application comprises an access subject trust evaluation model and an access object security level evaluation model, wherein the access subject trust evaluation model can perform continuous risk evaluation on various subject risks, for example, whether a malicious process exists, whether a terminal firewall is closed, whether login account information and a state are abnormal, whether a network where the access subject trust evaluation model is located is safe or not and the like can be judged. The access object security level assessment model enables security level assessment of assets for application assets accessed by a user.
The access subject trust evaluation model corresponds to access subject risk data, and the access subject risk data includes, but is not limited to, network information, user identity information, terminal basic information (including, for example, user terminal operating system version and vulnerability patch information, installed software version, violation and piracy software installation information, terminal virus information, terminal compliance baseline information, terminal vulnerability information, etc.), terminal state information, process information, firewall information, antivirus software information, log information, etc.; the access subject risk data may originate from a related device (e.g., a trusted access client) in the zero-trust architecture, or may originate from an external platform or external system, for example, the access subject risk data may be obtained by an external system such as a terminal management system, a network access system, or a terminal anti-virus system, where the user terminal state information is obtained. The access object risk data includes, but is not limited to, security attribute information of the accessed application asset (or accessed device), and the like.
Step S130, carrying out continuous trust evaluation on the corresponding risk data by using the obtained trust evaluation model to obtain a trust score.
In practical application, only the risk assessment of the subject is needed in part of the scenes, only the risk assessment of the object is needed in part of the scenes, and the unified risk assessment of the subject and the object is needed in part of the scenes. The continuous trust evaluation center can adapt to different trust evaluation demands in a complex environment by constructing two trust evaluation models, so that in the design stage of the continuous trust evaluation center, trust evaluation strategies corresponding to corresponding scenes can be formulated according to the demands, trust evaluation requests corresponding to the scenes are generated, and customized trust evaluation of the scenes is realized based on the trust evaluation requests.
For example, the trust evaluation model obtained according to the trust evaluation request includes three cases, the first case: only obtaining an access subject trust evaluation model; for example, when a user logs in to a trusted access client and sends a login authentication request to a trusted access controller through the trusted access client, the trusted access controller forwards the authentication request to an authentication server, the authentication server generates a trust evaluation request based on the authentication request and sends the trust evaluation request to a continuous trust evaluation center, and the continuous trust evaluation center performs risk evaluation on an access subject. Second case: acquiring an access subject trust evaluation model and an access object security level evaluation model; for example, when a user initiates a login request to a target application asset at the security management and control platform portal, the security management and control platform portal sends a trust evaluation request to the continuous trust evaluation center based on the login request, and at this time, the continuous trust evaluation center performs unified risk evaluation on the access subject and the access object. Third case: only the access object security level assessment model is obtained; for example, the continuous trust evaluation center monitors related operations of the user on the application asset in real time, and when a preset operation (such as deleting data in the application asset) occurs on the application asset, the continuous trust evaluation center generates a trust evaluation request, and the continuous trust evaluation center performs risk evaluation on the access object according to the trust evaluation request.
And step 140, generating an access control strategy corresponding to the trust evaluation request according to the trust score so as to control the access behavior of the user according to the generated access control strategy.
Based on the trust evaluation method in the zero trust architecture shown in fig. 1, the continuous trust evaluation center of the embodiment firstly obtains a trust evaluation model and risk data corresponding to the trust evaluation model according to the received trust evaluation request; then, carrying out continuous trust evaluation on the corresponding risk data by using the obtained trust evaluation model to obtain a trust score; and finally, generating an access control strategy corresponding to the trust evaluation request according to the trust score. The continuous trust evaluation center of the embodiment presets two types of trust evaluation models and risk data corresponding to each type of trust evaluation model, can perform reasonable customized trust evaluation on various access scenes in a zero trust architecture, improves the accuracy of trust evaluation of different access scenes, and can reduce model complexity and improve trust evaluation efficiency by classifying the trust evaluation models.
In some embodiments of the present application, when the trust evaluation model obtained according to the trust evaluation request includes accessing a subject trust evaluation model, the performing continuous trust evaluation on the corresponding risk data using the obtained trust evaluation model, to obtain a trust score includes:
And carrying out terminal environment trust evaluation and user behavior trust evaluation on the access subject risk data by using the access subject trust evaluation model to obtain the trust score of the access subject.
In some possible implementations of the present embodiment, the access subject risk assessment model includes a terminal environment trust assessment sub-model and a user behavior trust assessment sub-model, and referring to fig. 2, the present embodiment uses the access subject trust assessment model to perform terminal environment trust assessment and user behavior trust assessment on access subject risk data, to obtain a trust score of the access subject, including:
performing user identity credibility analysis, terminal environment risk credibility analysis and access network environment risk credibility analysis on the access subject risk data by using the terminal environment trust evaluation sub-model to obtain four-dimensional analysis results;
performing abnormal time login risk credibility analysis, abnormal IP login risk credibility analysis, multiple authentication failure risk credibility analysis, suspected violent cracking success credibility analysis, terminal user frequent login behavior credibility analysis, abnormal time period trial login risk credibility analysis, terminal multi-account login risk credibility analysis, abnormal time period access application asset risk credibility analysis and abnormal time period operation application asset risk credibility analysis on the access subject risk data by utilizing the user behavior trust evaluation sub-model to obtain nine-dimensional analysis results;
And obtaining the trust score of the access subject according to the analysis results of the four dimensions and the analysis results of the nine dimensions.
According to the method, an access subject risk assessment model is built according to an access subject risk and trust assessment mechanism, limited enumeration is carried out on key risks affecting trust in advance, a measurement basis is built from a risk assessment angle, measurement sub-item content and corresponding trust weights (total trust weight values are added to meet a percentage system) are built, subject identity trust scores and access context trust scores of the access subject are assessed respectively, and the trust scores of the access subject are obtained comprehensively.
The risk assessment model of the access subject in this embodiment performs trust assessment on all access subjects, for example, when a user initiates a service request, fusion processing is performed on multiple attribute conditions such as basic authentication behavior, environmental factors, historical behavior records and the like of the access subject according to the terminal environment trust assessment sub-model and the user behavior trust assessment sub-model, the fusion processing refers to obtaining trust weights corresponding to analysis results of each dimension through a rule algorithm and/or an artificial intelligence (Artificial Intelligence, AI) algorithm, for example, obtaining trust weights shown in fig. 2, so as to obtain trust scores of the access subject according to the analysis results and the trust weights of each dimension.
The rule algorithm is to set trust weights corresponding to analysis results of each dimension according to the requirements of application scenes, and the artificial intelligence algorithm is to learn and infer the weights of the analysis results of the thirteen dimensions to obtain reasonable trust weights. Optionally, the trust weight obtained by the rule algorithm and the trust weight obtained by the artificial intelligence algorithm may be weighted to obtain a final trust weight.
The user behavior trust evaluation submodel can be an algorithm-based model, for example, abnormal detection of scenes such as abnormal time, abnormal place login and the like of a user can be realized by adopting a Long Short-Term Memory (LSTM), an isolated forest algorithm and an outlier factor detection algorithm based on an artificial intelligence technology; for the extraction of abnormal data features, such as physical address, IP address, user ID, login time, etc., a principal component analysis algorithm (Principal Component Analysis, PCA) based on artificial intelligence techniques may be employed. The user behavior trust evaluation submodel may also be a rule-based model, e.g., rules configured as follows:
the time period of the account accessing a certain application asset is abnormal, and the rules are as follows: 21:00-06:00 is an abnormal time period, and account access behaviors in the abnormal time period are marked as abnormal records;
The account source IP is abnormal, and the rules are, for example: according to the IP information of the access source of each account for the last three months, analyzing whether the IP used by the current access is in a history range, if not, marking the IP as an abnormal record;
the account operation authority is abnormal, and the rules are as follows: according to the operation authority information of each account in the last three months, whether the current operation type is in a history range or not is analyzed, and if not, the current operation type is marked as an abnormal record;
in this way, a rule-based user behavior trust evaluation sub-model is formed through rule configuration to perform multidimensional trust evaluation on the access subject risk data.
In some embodiments of the present application, when the trust evaluation model obtained according to the trust evaluation request includes accessing the object security level evaluation model, the performing continuous trust evaluation on the corresponding risk data by using the obtained trust evaluation model, to obtain a trust score includes:
and carrying out login value evaluation and basic value evaluation on the access object risk data by using the access object security level evaluation model to obtain the security level of the access object.
In some possible implementations of the present embodiment, the access object security level assessment model includes a login value assessment sub-model and a basic value assessment sub-model, and referring to fig. 3, the present embodiment uses the access object security level assessment model to perform login value assessment and basic value assessment on access object risk data to obtain a security level of the access object, where the access object security level assessment model includes:
Performing access object use value evaluation, access object attribution value evaluation, access object use stage value evaluation and access object sensitivity value evaluation on the access object risk data by using the login value evaluation submodel to obtain four-dimensional value evaluation results;
performing equal-insurance-level record value evaluation and policy requirement value evaluation on the access object risk data by using the basic value evaluation sub-model to obtain value evaluation results of two dimensions;
and obtaining the security level of the access object according to the value evaluation results of the four dimensions and the value evaluation results of the two dimensions.
According to the method and the device, an access object security level assessment model is constructed according to an assessment mechanism of the service value and the security level of the access object, the access object security level assessment model can comprehensively measure the service value score of the object from the dimensions of the equivalent security level, the service importance, the influence degree and the like of the object, and the security level corresponding to the service value score is determined.
The access object security level evaluation model of the present embodiment performs periodic trust evaluation on all access objects, specifically performs fusion processing on key business value types (i.e., value evaluation types in fig. 3) of the access objects through a login value evaluation sub-model and a basic value evaluation sub-model, where the fusion processing refers to obtaining value weights corresponding to value evaluation results of each dimension through a rule algorithm and/or an artificial intelligence algorithm, for example, obtaining value weights shown in fig. 3, then obtaining value scores of the access objects according to the value evaluation results and the value weights of each dimension, and finally obtaining security levels corresponding to the value scores of the access objects according to a mapping relationship between preset value scores and security levels.
For example, suppose the value score of the visit object is between 0 and 20, with the corresponding security level being level 1; the value score of the visiting object is 21-40, and the corresponding security level is level 2; the value score of the visiting object is 41-60, and the corresponding security level is level 3; the value score of the visiting object is 61-80, and the corresponding security level is level 4; the value score of the visit object is 81-100, and the corresponding security level is level 5. Thus, the security level of the access object can be determined according to the value score of the access object.
In some embodiments of the present application, the trust score includes a trust score of an accessing subject and a security level of an accessing object, and generating an access control policy corresponding to the trust evaluation request according to the trust score includes:
generating a control decision according to the trust score of the access subject and the security level of the access object;
determining whether the control decision requires associated secondary authentication according to the type of the control decision;
and if the control decision needs to be associated with the secondary authentication, acquiring a configuration strategy, and carrying out authentication strategy configuration on the secondary authentication associated with the control decision according to the acquired configuration strategy to obtain the access control strategy corresponding to the trust evaluation request.
In this embodiment, a control decision configuration table may be preset, where the control decision configuration table records the corresponding relationship between the trust score of the access subject, the security level of the access object, and the control decision, for example, as shown in fig. 4, the control decision includes a release decision, a blocking decision, and a re-authentication decision, where the re-authentication decision may include a simple secondary authentication, an enhanced secondary authentication, a joint secondary authentication, and the like, the simple secondary authentication may be understood as a manner of authentication by means of a static password, the enhanced secondary authentication may be understood as a manner of authentication by means of a user biometric feature or a dynamic password, and the joint secondary authentication may be understood as a manner of authentication by joining other users.
When the control decision generated according to the trust score of the access subject and the security level of the access object is a re-authentication decision, a corresponding configuration strategy can be obtained according to the trust score of the access subject and/or the security level of the access object, or a corresponding configuration strategy can be obtained according to a preset configuration strategy template, so that the authentication strategy configuration can be carried out on the associated secondary authentication according to the obtained configuration strategy, and a final access control strategy is obtained. After the sustained trust evaluation center generates the access control policy, the access control policy may be sent to a controller (e.g., trusted access controller) in the zero trust architecture so that the controller may control access behavior based on the access control policy.
In addition, in other embodiments of the present application, an access control policy corresponding to the trust evaluation request may also be generated in conjunction with a trust baseline library. The trust baseline library is used for continuously collecting risk data of an access subject and an access object, constructing a trust baseline library, and providing basic judgment conditions for a trust evaluation model by including risk basic information, sources, weights, scores and the like, so that personalized trust evaluation is performed.
For example, a trust score baseline corresponding to the user is obtained from a trust baseline library, and an access control strategy corresponding to the trust evaluation request is generated according to the trust score baseline and the trust score corresponding to the user.
As well as the trust evaluation method in the zero trust architecture according to the foregoing embodiment, the embodiment of the present application also provides a trust evaluation device 500 in the zero trust architecture, where the device 500 is applied to a continuous trust evaluation center, as shown in fig. 5, and a schematic structural diagram of the trust evaluation device 500 in the zero trust architecture in the embodiment of the present application is provided, where the device 500 includes: a request receiving unit 510, a model obtaining unit 520, a trust evaluation unit 530 and a policy generating unit 540, wherein:
A request receiving unit 510, configured to receive a trust evaluation request;
the model obtaining unit 520 is configured to obtain, according to the trust evaluation request, a trust evaluation model and risk data corresponding to the trust evaluation model, where the trust evaluation model includes an access subject trust evaluation model and an access object security level evaluation model;
the trust evaluation unit 530 is configured to perform continuous trust evaluation on the corresponding risk data by using the obtained trust evaluation model, so as to obtain a trust score;
the policy generating unit 540 is configured to generate an access control policy corresponding to the trust evaluation request according to the trust score, so as to control an access behavior of the user according to the generated access control policy.
In some embodiments of the present application, the access subject trust evaluation model corresponds to access subject risk data, and the trust evaluation unit 530 includes a subject evaluation module;
and the main body evaluation module is used for carrying out terminal environment trust evaluation and user behavior trust evaluation on the access main body risk data by utilizing the access main body trust evaluation model to obtain the trust score of the access main body.
In some embodiments of the present application, the access subject risk assessment model includes a terminal environment trust assessment sub-model and a user behavior trust assessment sub-model, where the subject assessment module is configured to perform user identity trusted analysis, terminal environment risk trusted analysis, and access network environment risk trusted analysis on the access subject risk data by using the terminal environment trust assessment sub-model, to obtain analysis results in four dimensions; performing abnormal time login risk credibility analysis, abnormal IP login risk credibility analysis, multiple authentication failure risk credibility analysis, suspected violent cracking success credibility analysis, terminal user frequent login behavior credibility analysis, abnormal time period trial login risk credibility analysis, terminal multi-account login risk credibility analysis, abnormal time period access application asset risk credibility analysis and abnormal time period operation application asset risk credibility analysis on the access subject risk data by utilizing the user behavior trust evaluation sub-model to obtain nine-dimensional analysis results; and obtaining the trust score of the access subject according to the analysis results of the four dimensions and the analysis results of the nine dimensions.
In some embodiments of the present application, the subject evaluation module is further configured to obtain a trust weight corresponding to an analysis result of each dimension based on a rule algorithm and/or an artificial intelligence algorithm; and obtaining the trust score of the access subject according to the analysis result and the trust weight of each dimension.
In some embodiments of the present application, the access object security level assessment model corresponds to access object risk data, and the trust assessment unit 530 further includes an object assessment module;
and the object evaluation module is used for carrying out login value evaluation and basic value evaluation on the access object risk data by utilizing the access object security level evaluation model to obtain the security level of the access object.
In some embodiments of the present application, the access object security level assessment model includes a login value assessment sub-model and a basic value assessment sub-model, and the object assessment module is specifically configured to perform access object use value assessment, access object attribution value assessment, access object use stage value assessment and access object sensitivity value assessment on the access object risk data by using the login value assessment sub-model, so as to obtain a four-dimensional value assessment result; performing equal-insurance-level record value evaluation and policy requirement value evaluation on the access object risk data by using the basic value evaluation sub-model to obtain value evaluation results of two dimensions; and obtaining the security level of the access object according to the value evaluation results of the four dimensions and the value evaluation results of the two dimensions.
In some embodiments of the present application, the object evaluation module is further configured to obtain a value weight corresponding to a value evaluation result of each dimension based on a rule algorithm and/or an artificial intelligence algorithm; obtaining the value score of the access object according to the value evaluation result and the value weight of each dimension; and acquiring the security level corresponding to the value score of the access object according to the preset mapping relation between the value score and the security level.
In some embodiments of the present application, the trust score includes a trust score of an access subject and a security level of an access object, and the policy generating unit 540 is configured to generate a control decision according to the trust score of the access subject and the security level of the access object; determining whether the control decision requires associated secondary authentication according to the type of the control decision; and if the control decision needs to be associated with the secondary authentication, acquiring a configuration strategy, and carrying out authentication strategy configuration on the secondary authentication associated with the control decision according to the acquired configuration strategy to obtain the access control strategy corresponding to the trust evaluation request.
It can be understood that the trust evaluation device in the zero trust architecture can implement the steps of the trust evaluation method in the zero trust architecture provided in the foregoing embodiments, and the relevant explanation about the trust evaluation method in the zero trust architecture is applicable to the trust evaluation device in the zero trust architecture, which is not repeated herein.
Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application. Referring to fig. 6, at the hardware level, the electronic device includes a processor and a memory, and optionally an internal bus, a network interface. The Memory may include a Memory, such as a Random-Access Memory (RAM), and may further include a non-volatile Memory (non-volatile Memory), such as at least 1 disk Memory. Of course, the electronic device may also include hardware required for other services.
The processor, network interface, and memory may be interconnected by an internal bus, which may be an ISA (Industry Standard Architecture ) bus, a PCI (Peripheral Component Interconnect, peripheral component interconnect standard) bus, or EISA (Extended Industry Standard Architecture ) bus, among others. The buses may be classified as address buses, data buses, control buses, etc. For ease of illustration, only one bi-directional arrow is shown in FIG. 6, but not only one bus or type of bus.
And the memory is used for storing programs. In particular, the program may include program code including computer-operating instructions. The memory may include memory and non-volatile storage and provide instructions and data to the processor.
The processor reads the corresponding computer program from the nonvolatile memory into the memory and then runs, and forms a trust evaluation device in the zero trust architecture on a logic level. The processor is used for executing the programs stored in the memory and is specifically used for executing the following operations:
receiving a trust evaluation request;
according to the trust evaluation request, a trust evaluation model and risk data corresponding to the trust evaluation model are obtained, wherein the trust evaluation model comprises an access subject trust evaluation model and an access object security level evaluation model;
performing continuous trust evaluation on corresponding risk data by using the obtained trust evaluation model to obtain a trust score;
and generating an access control strategy corresponding to the trust evaluation request according to the trust score so as to control the access behavior of the user according to the generated access control strategy.
The method performed by the trust evaluation means in the zero trust architecture disclosed in the embodiment of fig. 1 of the present application may be applied to or implemented by a processor. The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or by instructions in the form of software. The processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU), a network processor (Network Processor, NP), etc.; but also digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components. The disclosed methods, steps, and logic blocks in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present application may be embodied directly in hardware, in a decoded processor, or in a combination of hardware and software modules in a decoded processor. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in the memory, the processor reads the information in the memory, and the steps of the trust evaluation method in the zero trust architecture are completed by combining the hardware of the processor.
The electronic device may further execute the method executed by the trust evaluation device in the zero trust architecture in fig. 1, and implement the functions of the trust evaluation device in the zero trust architecture in the embodiment shown in fig. 1, which are not described herein.
The embodiments of the present application also provide a computer readable storage medium storing one or more programs, where the one or more programs include instructions, which when executed by an electronic device that includes a plurality of application programs, enable the electronic device to perform a method performed by a trust assessment apparatus in a zero trust architecture in the embodiment shown in fig. 1, and specifically for performing:
receiving a trust evaluation request;
according to the trust evaluation request, a trust evaluation model and risk data corresponding to the trust evaluation model are obtained, wherein the trust evaluation model comprises an access subject trust evaluation model and an access object security level evaluation model;
performing continuous trust evaluation on corresponding risk data by using the obtained trust evaluation model to obtain a trust score;
and generating an access control strategy corresponding to the trust evaluation request according to the trust score so as to control the access behavior of the user according to the generated access control strategy.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and changes may be made to the present application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc. which are within the spirit and principles of the present application are intended to be included within the scope of the claims of the present application.

Claims (10)

1. A trust evaluation method in a zero trust architecture, performed by a continuous trust evaluation center, the method comprising:
receiving a trust evaluation request;
according to the trust evaluation request, a trust evaluation model and risk data corresponding to the trust evaluation model are obtained, wherein the trust evaluation model comprises an access subject trust evaluation model and an access object security level evaluation model;
Performing continuous trust evaluation on corresponding risk data by using the obtained trust evaluation model to obtain a trust score;
and generating an access control strategy corresponding to the trust evaluation request according to the trust score so as to control the access behavior of the user according to the generated access control strategy.
2. The method of claim 1, wherein the accessing the subject trust evaluation model corresponds to accessing subject risk data, and wherein when the trust evaluation model obtained from the trust evaluation request comprises accessing the subject trust evaluation model, the performing a continuous trust evaluation on the corresponding risk data using the obtained trust evaluation model to obtain a trust score comprises:
and carrying out terminal environment trust evaluation and user behavior trust evaluation on the access subject risk data by using the access subject trust evaluation model to obtain the trust score of the access subject.
3. The method of claim 2, wherein the access subject risk assessment model includes a terminal environment trust assessment sub-model and a user behavior trust assessment sub-model, the using the access subject trust assessment model to perform terminal environment trust assessment and user behavior trust assessment on the access subject risk data, obtaining a trust score for the access subject, comprising:
Performing user identity credibility analysis, terminal environment risk credibility analysis and access network environment risk credibility analysis on the access subject risk data by using the terminal environment trust evaluation sub-model to obtain four-dimensional analysis results;
performing abnormal time login risk credibility analysis, abnormal IP login risk credibility analysis, multiple authentication failure risk credibility analysis, suspected violent cracking success credibility analysis, terminal user frequent login behavior credibility analysis, abnormal time period trial login risk credibility analysis, terminal multi-account login risk credibility analysis, abnormal time period access application asset risk credibility analysis and abnormal time period operation application asset risk credibility analysis on the access subject risk data by utilizing the user behavior trust evaluation sub-model to obtain nine-dimensional analysis results;
and obtaining the trust score of the access subject according to the analysis results of the four dimensions and the analysis results of the nine dimensions.
4. The method of claim 3, wherein the deriving a trust score for the accessing subject based on the four-dimensional analysis and the nine-dimensional analysis comprises:
Acquiring trust weights corresponding to analysis results of each dimension based on a rule algorithm and/or an artificial intelligence algorithm;
and obtaining the trust score of the access subject according to the analysis result and the trust weight of each dimension.
5. The method of any of claims 1-4, wherein the access object security level assessment model corresponds to access object risk data, and wherein when the trust assessment model obtained from the trust assessment request includes the access object security level assessment model, the performing a continuous trust assessment on the corresponding risk data using the obtained trust assessment model to obtain a trust score comprises:
and carrying out login value evaluation and basic value evaluation on the access object risk data by using the access object security level evaluation model to obtain the security level of the access object.
6. The method of claim 5, wherein the access object security level assessment model includes a login value assessment sub-model and a base value assessment sub-model, and wherein the performing login value assessment and base value assessment on the access object risk data using the access object security level assessment model to obtain the access object security level comprises:
Performing access object use value evaluation, access object attribution value evaluation, access object use stage value evaluation and access object sensitivity value evaluation on the access object risk data by using the login value evaluation submodel to obtain four-dimensional value evaluation results;
performing equal-insurance-level record value evaluation and policy requirement value evaluation on the access object risk data by using the basic value evaluation sub-model to obtain value evaluation results of two dimensions;
and obtaining the security level of the access object according to the value evaluation results of the four dimensions and the value evaluation results of the two dimensions.
7. The method of claim 6, wherein the obtaining the security level of the access object based on the four-dimensional value assessment results and the two-dimensional value assessment results comprises:
acquiring a value weight corresponding to a value evaluation result of each dimension based on a rule algorithm and/or an artificial intelligence algorithm;
obtaining the value score of the access object according to the value evaluation result and the value weight of each dimension;
and acquiring the security level corresponding to the value score of the access object according to the preset mapping relation between the value score and the security level.
8. The method of any of claims 6-7, wherein the trust score comprises a trust score of an accessing subject and a security level of an accessing object, the generating the access control policy corresponding to the trust evaluation request according to the trust score comprising:
generating a control decision according to the trust score of the access subject and the security level of the access object;
determining whether the control decision requires associated secondary authentication according to the type of the control decision;
and if the control decision needs to be associated with the secondary authentication, acquiring a configuration strategy, and carrying out authentication strategy configuration on the secondary authentication associated with the control decision according to the acquired configuration strategy to obtain the access control strategy corresponding to the trust evaluation request.
9. A trust evaluation apparatus in a zero trust architecture, the apparatus comprising:
a request receiving unit for receiving a trust evaluation request;
the model acquisition unit is used for acquiring a trust evaluation model and risk data corresponding to the trust evaluation model according to the trust evaluation request, wherein the trust evaluation model comprises an access subject trust evaluation model and an access object security level evaluation model;
The trust evaluation unit is used for carrying out continuous trust evaluation on the corresponding risk data by using the acquired trust evaluation model to obtain a trust score;
and the policy generation unit is used for generating an access control policy corresponding to the trust evaluation request according to the trust score so as to control the access behavior of the user according to the generated access control policy.
10. An electronic device, comprising:
a processor; and
a memory arranged to store computer executable instructions that when executed cause the processor to perform the trust assessment method in the zero trust architecture of any one of claims 1-8.
CN202310294903.4A 2023-03-23 2023-03-23 Trust assessment method and device in zero-trust architecture and electronic equipment Pending CN116319026A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310294903.4A CN116319026A (en) 2023-03-23 2023-03-23 Trust assessment method and device in zero-trust architecture and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310294903.4A CN116319026A (en) 2023-03-23 2023-03-23 Trust assessment method and device in zero-trust architecture and electronic equipment

Publications (1)

Publication Number Publication Date
CN116319026A true CN116319026A (en) 2023-06-23

Family

ID=86825506

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310294903.4A Pending CN116319026A (en) 2023-03-23 2023-03-23 Trust assessment method and device in zero-trust architecture and electronic equipment

Country Status (1)

Country Link
CN (1) CN116319026A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112507317A (en) * 2020-12-07 2021-03-16 国网河北省电力有限公司电力科学研究院 Electric power Internet of things safety protection method based on zero trust
CN114338701A (en) * 2021-12-29 2022-04-12 四川启睿克科技有限公司 Block chain-based zero-trust system and access method for Internet of things
CN114499922A (en) * 2021-11-30 2022-05-13 中国大唐集团科学技术研究总院有限公司 Intelligent zero-trust dynamic authorization method
US20220210173A1 (en) * 2020-12-31 2022-06-30 Fortinet, Inc. Contextual zero trust network access (ztna) based on dynamic security posture insights
CN115296916A (en) * 2022-08-09 2022-11-04 江苏易安联网络技术有限公司 Zero-trust safety system based on decision tree model
CN115426141A (en) * 2022-08-19 2022-12-02 国网河南省电力公司电力科学研究院 Cloud master station service dynamic access control method and system based on zero trust network

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112507317A (en) * 2020-12-07 2021-03-16 国网河北省电力有限公司电力科学研究院 Electric power Internet of things safety protection method based on zero trust
US20220210173A1 (en) * 2020-12-31 2022-06-30 Fortinet, Inc. Contextual zero trust network access (ztna) based on dynamic security posture insights
CN114499922A (en) * 2021-11-30 2022-05-13 中国大唐集团科学技术研究总院有限公司 Intelligent zero-trust dynamic authorization method
CN114338701A (en) * 2021-12-29 2022-04-12 四川启睿克科技有限公司 Block chain-based zero-trust system and access method for Internet of things
CN115296916A (en) * 2022-08-09 2022-11-04 江苏易安联网络技术有限公司 Zero-trust safety system based on decision tree model
CN115426141A (en) * 2022-08-19 2022-12-02 国网河南省电力公司电力科学研究院 Cloud master station service dynamic access control method and system based on zero trust network

Similar Documents

Publication Publication Date Title
US10924514B1 (en) Machine learning detection of fraudulent validation of financial institution credentials
EP3635934B1 (en) Privacy as a service by offloading user identification and network protection to a third party
US9679125B2 (en) Characterizing user behavior via intelligent identity analytics
CN111079104A (en) Authority control method, device, equipment and storage medium
US10841320B2 (en) Identifying command and control endpoint used by domain generation algorithm (DGA) malware
CN110445769B (en) Access method and device of business system
CN111865885B (en) Access control method, device, equipment and storage medium
US11379591B2 (en) Methods and devices for user authorization
EP2767030A1 (en) Multi-repository key storage and selection
CN112800397A (en) Data asset protection method, system, electronic equipment and storage medium
CN114138590A (en) Operation and maintenance processing method and device for Kubernetes cluster and electronic equipment
KR102393913B1 (en) Apparatus and method for detecting abnormal behavior and system having the same
CN111131166B (en) User behavior prejudging method and related equipment
CN111181979B (en) Access control method, device, computer equipment and computer readable storage medium
CN111949363A (en) Service access management method, computer equipment, storage medium and system
CN116319026A (en) Trust assessment method and device in zero-trust architecture and electronic equipment
CN116070382A (en) Risk prediction method and device for network, processor and electronic equipment
CN116244733A (en) Data processing method and device based on zero trust model and electronic equipment
CN115189938A (en) Service safety protection method and device
CN111953637B (en) Application service method and device
WO2022244179A1 (en) Policy generation device, policy generation method, and non-transitory computer-readable medium having program stored thereon
CN113949578B (en) Automatic detection method and device for unauthorized loopholes based on flow and computer equipment
CN115174270B (en) Behavior abnormity detection method, device, equipment and medium
CN115086022B (en) Method and device for adjusting safety evaluation index system
RU2739833C1 (en) System and method for reducing load on malware detection service

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination