[1]于佳佳,王亮.零信任架构在空管办公网络的应用研究与实践[J].成都信息工程大学学报,2025,40(06):787-793.[doi:10.16836/j.cnki.jcuit.2025.06.007]
　YU Jiajia,WANG Liang.Research and Practice on the Application of Zero Trust Architecture in the Office Network of Air Traffic Control[J].Journal of Chengdu University of Information Technology,2025,40(06):787-793.[doi:10.16836/j.cnki.jcuit.2025.06.007]

点击复制

零信任架构在空管办公网络的应用研究与实践

成都信息工程大学学报[ISSN:1006-6977/CN:61-1281/TN] 卷: 40 期数: 2025年06期页码: 787-793 栏目: 电子信息科学与技术出版日期: 2025-12-31

Title:: Research and Practice on the Application of Zero Trust Architecture in the Office Network of Air Traffic Control

文章编号:: 2096-1618(2025)06-0787-07

作者:: 于佳佳; 王亮; (中国民用航空西南地区空中交通管理局,四川成都 610202)

Author(s):: YU Jiajia; WANG Liang; (Southwest Regional Air Traffic Management Bureau of CAAC, Chengdu 610202, China)

关键词:: 零信任; 动态信任评估; 最小权限; 访问控制; 安全防护

Keywords:: zero trust; dynamic trust assessment; least privilege; access control; security protection

分类号:: TP309

DOI:: 10.16836/j.cnki.jcuit.2025.06.007

文献标志码:: A

摘要:: 随着空管办公系统逐步数字化和智能化,办公网络边界变得越来越模糊,传统的网络边界安全防护架构已无法满足当前空管办公网络的安全需求。为解决空管传统办公网络架构的局限性,提出一种基于零信任理念的网络安全防护架构,通过整合SPA(single packet authorization)单包授权、持续动态信任评估、最小权限原则以及数据加密传输等关键技术,实现全场景动态访问控制。结合空管办公网络的具体实践案例,包括云桌面、移动办公等典型场景,在现代复杂多变的网络环境下,为提升空管办公网络安全防护能力提供理论支撑与实践参考。

Abstract:: As the air traffic control office system gradually moves towards digitalization and intelligence,the boundary of the office network becomes increasingly blurred. The traditional network boundary security protection architecture can no longer meet the current security requirements of the air traffic control office network. To solve the limitations of the traditional office network architecture for air traffic control,this paper studies and proposes a network security protection architecture based on the concept of zero trust. This architecture achieves full-scenario dynamic access control by integrating key technologies such as SPA single-packet authorization, continuous trust evaluation, the principle of least privilege, and encrypted data transmission. This study combines specific practical cases of the air traffic control office network, including typical scenarios, such as virtual desktop infrastructure and mobile work, It provides theoretical support and practical reference for enhancing the safe protection capabilities of air traffic control offices network in the modern complex and ever-changing network environment.

参考文献/References:

[1] John Kindervag.Build security into your network's dna:The zero trust network architecture[J].Forrester Research Inc,2010,27:1-16.
[2] Rory Ward,Betsy Beyer.Beyondcorp:a new approach to enterprise security[J].Login:,2014,39(6):6-11.
[3] Abraham Itzhak Weinberg,Kelly Cohen.Zero trust implementation in the emerging technologies era:a survey[J].Complex Engineering Systems,2024,4:16-20.
[4] 许敏,李皓昱.国内外零信任技术发展研究综述[J].江苏通信,2025,41(4):125-131.
[5] Liudong Xing,Honggang Wang,Chaonan Wang,et al.BDD-based two-party trust sensitivity analysis for social networks[J].International Journal of Security and Networks,2012,7(4):242-251.
[6] 冯景瑜,于婷婷,王梓莹,等.电力物联网场景下抗失陷终端威胁的边缘零信任模型[J].计算机研究与发展,2022,59(5):1120-1132.
[7] 陈石,夏飞,张颂,等.基于混合注意力的零信任电力物联网异常检测方案[J].电力信息与通信技术,2025,23(9):73-79.
[8] 安宁,许文静,刘珠慧,等.基于零信任模型的细粒度数据库安全控制方法[J].电子技术应用,2024,50(10):63-68.
[9] 王超,梁巍,孙理.零信任模型在网络与数据安全中的应用研究[J].军民两用技术与产品,2025(5):23-28.
[10] 王群,袁泉,李馥娟,等.零信任网络及其关键技术综述[J].计算机应用,2023,4(4):1143-1150.
[11] 陈瑜,殷浩,姚蕾,等.基于双模单包授权的公路零信任安全应用研究[J].网络安全与数据治理,2023,42(10):87-93.

备注/Memo

收稿日期:2025-06-30
通信作者:于佳佳.E-mail:1981972473@qq.com

更新日期/Last Update: 2025-12-01