电信科学 ›› 2020, Vol. 36 ›› Issue (12): 123-132.doi: 10.11959/j.issn.1000-0801.2020325

• 专栏:应用及终端安全 • 上一篇    下一篇

零信任架构在5G云网中应用防护的研究

何国锋   

  1. 中国电信股份有限公司研究院应用安全研究所,上海 200122
  • 修回日期:2020-12-10 出版日期:2020-12-20 发布日期:2020-12-23
  • 作者简介:何国锋(1976-),男,博士,中国电信股份有限公司研究院应用安全研究所所长、教授级高级工程师,主要研究方向为移动应用安全、Web 应用安全、代码安全、PKI体系等

Application protection in 5G cloud network using zero trust architecture

Guofeng HE   

  1. Institute of Applied Security,Research Institute of China Telecom Co.,Ltd.,Shanghai 200122,China
  • Revised:2020-12-10 Online:2020-12-20 Published:2020-12-23

在线阅读

40

PDF下载

846

摘要:

通过对5G云网融合时代的安全需求分析,研究零信任的基本原则,包括不依赖位置、不信任流量、动态访问控制等;研究零信任的基本架构,结合5G云网架构,提出了3种可行的应用防护方案,包括客户自建的OTT模式、利用现有VPDN改造模式、公共零信任架构模式,并进行了比较。分析了客户在5G云网中的应用场景,包括远程访问、安全上云、移动办公等,以及在这些场景中零信任架构可以给客户带来的价值,如实现应用隐藏、动态控制,确保应用的安全性。

关键词: 网络安全, 动态访问控制, 应用隐藏, 零信任, 5G, 应用防护

Abstract:

Based on the analysis of security requirements in the era of 5G cloud-network convergence,the basic principles of zero trust were studied,including not rely on location,untrusted traffic,and dynamic access control.The basic architecture of zero-trust was studied,combining with 5G cloud network architecture,the feasible application protection solutions include the customer-built OTT model,the use of the existing VPDN model,and the public zero-trust architecture model was proposed and compared.The application scenarios of customers in 5G cloud network were analyzed,including remote access,secure cloud,mobile office,etc.In these scenarios,the value that zero-trust architecture can bring to customers was proposed,such as application hiding and dynamic control,ensure the application safety.

Key words: network security, dynamic access control, application hiding, zero trust, 5G, application protection

中图分类号: 

No Suggested Reading articles found!