场景驱动的电力数据中台数据动态访问控制模型-《计算机技术与发展》

文章信息/Info

Title:: A Scenario Driven Dynamic Access Control Model for Power Data Middle Platform

作者:: 周小明1; 周辰语2; 许超3; 魏思佳4*; 冉冉3; 1. 国网辽宁省电力有限公司,辽宁沈阳 110004;
2. 北京邮电大学计算机学院(国家示范性软件学院),北京 100876;
3. 国网辽宁省电力有限公司信息通信分公司,辽宁沈阳 110006;
4. 中国电力科学研究院有限公司电力网络安全防护与监测技术实验室,江苏南京 210000

Author(s):: ZHOU Xiao-ming1; ZHOU Chen-yu2; XU Chao3; WEI Si-jia4*; RAN Ran3; 1. State Grid Liaoning Electric Power Supply Co. ,Ltd. ,Shenyang 110004,China;
2. School of Computer Science (National Pilot Software Engineering School),Beijing University of Posts and Telecommunications,Beijing 100876,China;
3. Information & Telecommunication Branch of State Grid Liaoning Electric Power Supply Co. ,Ltd. ,Shenyang 110006,China;
4.State Grid Laboratory of Power cyber-Security Protection and Monitoring Technology,China Electric Power Research Institute,Nanjing 210000,China

Keywords:: data middle platform; access control model; safety risk analysis; dynamic protection; access control strategies

摘要:: 电力系统数据中台整合了国家电力系统的核心数据,通过整合、清洗、存储和融合提供高质量的数据共享服务。电力数据中台具有数据安全等级高、访问终端数量大、数据运维频度高、数据分析维度广等特点。传统的静态访问控制模型无法阻止身份合法用户的错误和非法操作,基于用户的动态访问行为,智能识别系统访问威胁并开展动态安全访问控制是保护数据中台安全的重要方法。该文基于 ABAC 访问控制模型,提出一种场景驱动的电力数据中台数据动态访问控制模型。该模型通过提取用户访问请求的业务特征和数据特征,构建数据访问场景,通过对每种场景类型进行安全风险分析,得出同类型场景的防护侧重点,并依据场景中具体属性值,计算场景的安全评分,最终得到针对该场景的访问策略,以此实现动态场景下灵活、细粒度的访问控制管理,契合访问控制零信任的理念。

Abstract:: The power system data middle platform integrates the core data of the national power system. By integrating,cleaning,storing, and fusing data,it provides high-quality data sharing services. The platform is characterized by a high level of data security,a large number of access terminals,high frequency of data maintenance,and broad data analysis dimensions. Traditional static access control models cannot prevent errors and illegal operations from authorized users. Intelligent identification of system access threats based on dynamic user behavior and the implementation of dynamic security access control are crucial for ensuring the security of the data middle platform. We propose a scenario driven dynamic access control model based on the Attribute-Based Access Control (ABAC) model.The model extracts business and data characteristics from user access requests to construct data access sce4narios. Through security risk a-nalysis of each scenario type,it identifies the key protection focus for scenarios of the same type. Based on the specific attribute values within the scenario,it calculates a security score and generates an access policy tailored to that scenario, enabling flexible and fine -grained access control management in dynamic environments,aligned with the concept of zero trust in access control.