摘要
随着物联网、大数据和5G网络的发展,传统的云计算无法有效处理网络边缘设备产生的海量数据,因此边缘云计算应运而生。本文针对边缘云计算中的中心云和边缘云中网络安全难以统一管理的问题,分别从安全建设目标、安全设计原则、安全顶层设计、总体云安全能力设计、中心云安全能力设计、边缘云安全能力设计几个方面进行了分析研究。总体边缘云计算平台依据网络安全等级保护2.0三级要求进行建设,中心云基于安全通信网络、安全区域边界、安全计算环境和安全管理中心进行划分。边缘云通过边缘访问控制、入侵检测与防御、恶意代码检测和防御、边缘云组租户安全认证等要素进行体系化的说明,从而达到了中心云和边缘云安全统一管理。
With the development of the Internet of Things,big data,and 5G networks,traditional cloud computing is unable to effectively handle the massive data generated by network edge devices.Therefore,edge cloud computing has emerged.This article analyzes and studies the problem of difficult unified management of network security in central and edge clouds in edge cloud computing,including security construction goals,security design principles,security top-level design,overall cloud security capability design,central cloud security capability design,and edge cloud security capability design.The overall edge cloud computing platform is built according to the requirements of network security protection 2.0 Level 3,and the central cloud is divided based on secure communication networks,secure area boundaries,secure computing environments,and security management centers.Edge cloud is systematically explained through elements such as edge access control,intrusion detection and defense,malicious code detection and defense,and edge cloud group tenant security authentication,achieving unified management of central and edge cloud security.
作者
许国磊
孙秀娟
Xu Guolei;Sun Xiujuan(Beijing CCID Infotech.INC,Beijing,100048;Beijing Polytechnic College,Beijing,100042)
出处
《工业信息安全》
2024年第2期53-60,共8页
Industry Information Security
基金
2023年北京工业职业技术学院职业教育教学改革项目(JGXM-202306)。
关键词
边缘云
中心云
网络安全等级保护
云平台安全
Edge Cloud
Central Cloud
Network Security Level Protection
Cloud Platform Security
