Zero trust dynamic access control for power grid security
CSTR:
Author:
Affiliation:

1.State Grid Henan Electric Power Research Institute, Zhengzhou 450052, P. R. China;2.College of Computer Science and Software Engineering, Hohai University, Nanjing 210089, P. R. China;3.State Grid Corporation of China, Beijing 100031, P. R. China;4.State Grid Electric Power Research Institute Co., Ltd., Nanjing 211102, P. R. China;5.State Grid Smart Grid Research Institute Co., Ltd., Beijing 102209, P. R. China

Clc Number:

TP309

Fund Project:

Supported by Technology Project of State Grid Co.,Ltd.(5108-202224046A-1-1-ZN).

  • Article
  • | |
  • Metrics
  • |
  • Reference [18]
  • |
  • Related [20]
  • | | |
  • Comments
    Abstract:

    With the continuous development and application of information and communication technology in power information system, the protection boundary of power grid is gradually blurred, and external attacks and internal threats are increasingly serious. It is urgent to carry out effective access control to the information resources of power system to ensure its data security. Based on the general security protection framework of power grid secondary system and zero-trust security mechanism, this paper proposes a zero-trust dynamic access control model for power grid information security. By analyzing the attributes of the access subject and the characteristics of the behavior information of the power grid system, the model comprehensively considers the influence of threatening behavior, sliding window, punishment mechanism and other factors on the access control, and realizes the continuous evaluation and dynamic control of the access subject trust value. The results of simulation experiments show that increasing the recommended trust can reasonably take into account both subjective and objective trust evaluations, which makes the assessment of the trust value of the access subject of the power grid more accurate. In addition, in response to external threat behaviors, the trust evaluation engine will rapidly update the comprehensive trust value of the visitor, making it impossible for illegal subjects to gain access to the system, with better fine-grained control.

    Reference
    [1] Gao P, Yang R X, Shi C C, et al. Research on security protection technology system of power internet of things[C]//2019 IEEE 8th Joint International Information Technology and Artificial Intelligence Conference (ITAIC). Chongqing, China: IEEE, 2019: 1772-1776.
    [2] Khurana H, Hadley M, Lu N, et al. Smart-grid security issues[J]. IEEE Security and Privacy, 2010, 8(1): 81-85.
    [3] Xie M. Smart Grid borderless access control technology based on network security situational awareness[J]. Energy Reports, 2022, 8: 415-423.
    [4] Salmeron J, Wood K, Baldick R. Analysis of electric grid security under terrorist threat[J]. IEEE Transactions on Power Systems, 2004, 19(2): 905-912.
    [5] Annamalai A, Kumar V S, Baptist A L J. Augmenting zero trust network architecture to enhance security in virtual power plants[J]. Energy Reports, 2022, 8: 1309-1320.
    [6] Bertino E. Zero trust architecture: does it help?[J]. IEEE Security & Privacy, 2021, 19(5): 95-96.
    [7] Shi C C, Fei J X, Zhang X J, et al. Continuous trust evaluation of power equipment and users based on risk measurement[J]. Scientific Programming, 2020: 8895804.
    [8] Yang T, Zhu L, Peng R X. Fine-grained big data security method based on zero trust model[C]//2018 IEEE 24th International Conference on Parallel and Distributed Systems (ICPADS). Singapore: IEEE, 2018: 1040-1045.
    [9] 诸葛程晨, 王群, 刘家银, 等. 零信任网络综述[J]. 计算机工程与应用, 2022, 58(22): 12-29.Zhuge C C, Wang Q, Liu J Y, et al. Survey of zero trust network[J]. Computer Engineering and Applications, 2022, 58(22): 12-29.(in Chinese)
    [10] 黄杰, 余若晨, 毛冬. 电力物联网场景下基于零信任的分布式数据库细粒度访问控制[J]. 信息安全研究, 2021, 7(6): 535-542.Huang J, Yu R C, Mao D. Distributed database fine-grained access control based on zero trust in the power internet of things[J]. Journal of Information Security Research, 2021, 7(6): 535-542.(in Chinese)
    [11] Li X M, Huang R, Liu J, et al. System construction of protection solutions of secondary power system in power plant based on information security[C]//2009 Asia-Pacific Power and Energy Engineering Conference. Wuhan, China: IEEE, 2009: 1-4.
    [12] Adahman Z, Malik A W, Anwar Z. An analysis of zero-trust architecture and its cost-effectiveness for organizational security[J]. Computers & Security, 2022, 122: 102911.
    [13] Syed N F, Shah S W, Shaghaghi A, et al. Zero trust architecture: a comprehensive survey[J]. IEEE Access, 2022, 10: 57143-57179.
    [14] YU S B, LI C Y, Ji Z. Application of zero trust architecture in network trust system[J]. Communications Technology, 2020, 10: 2533.
    [15] Phiayura P, Teerakanok S. A comprehensive framework for migrating to zero trust architecture[J]. IEEE Access, 2023, 11: 19487-19511.
    [16] Zeng R, Li N G, Zhou X M, et al. Building a zero-trust security protection system in the environment of the power Internet of Things[C]//2021 2nd International Seminar on Artificial Intelligence, Networking and Information Technology. Shanghai, China: IEEE, 2021: 557-560.
    [17] Gao P, Yan L C, Chen Z Y, et al. Research on zero-trust based network security protection for power Internet of Things[C]//2021 IEEE 4th International Conference on Automation, Electronics and Electrical Engineering. Shenyang, China: IEEE, 2021: 458-461.
    [18] Wu K H, Shi J, Guo Z M, et al. Research on security strategy of power Internet of Things devices based on zero-trust[C]//2021 International Conference on Computer Engineering and Application (ICCEA). Kunming, China: IEEE, 2021: 79-83.
    Cited by
    Comments
    Comments
    分享到微博
    Submit
Get Citation

陈岑,屈志昊,汪明,魏兴慎,钱珂翔.面向电网安全的零信任动态访问控制[J].重庆大学学报,2024,47(8):81~89

Copy
Share
Article Metrics
  • Abstract:
  • PDF:
  • HTML:
  • Cited by:
History
  • Received:October 11,2023
  • Online: September 02,2024
Article QR Code