Network permission adjustment method
By generating end-to-end snapshot sequences and interactive trust graphs, network permissions are dynamically adjusted, solving the security risks caused by the decline in device trustworthiness in traditional access authentication methods. This enables continuous trusted status verification and real-time security control of access devices, improving the security of network boundary access.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- GUANGDONG ELECTRIC POWER COMM CO LTD
- Filing Date
- 2026-04-28
- Publication Date
- 2026-07-03
AI Technical Summary
Traditional network access authentication methods cannot reflect in real time the decline in trust caused by kernel call chain anomalies or changes in application service status during device operation. This can lead to authenticated devices being granted network privileges even when they are in an untrusted state, posing a security risk.
By receiving the self-correction operation results of the access device, generating an end-to-end snapshot sequence and setting it to an untrusted state, updating the dynamic verification sequence, constructing an interactive trust graph, and generating access control instructions to adjust network permissions, the system achieves continuous trusted state verification and real-time dynamic control of the access device.
Prevent abnormal devices from bypassing authentication and directly accessing the network, identify progressive attacks across time windows and abnormal interactions between multiple devices, shorten the time window from threat occurrence to permission restriction, and improve the security of network boundary access.
Smart Images

Figure CN122339810A_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of network boundary security access control technology, and in particular to a method for adjusting network permissions. Background Technology
[0002] In the field of network boundary security access control, authentication and access control of access devices are crucial for ensuring network security. Traditional access authentication methods typically employ static identity verification or one-time trusted verification mechanisms, which involve performing a single check on the access device's identity credentials and system status, granting access permissions only after the check passes.
[0003] However, in real-world network environments, the above methods suffer from inaccurate detection. Because detection is performed at the moment of device access, it cannot reflect subsequent declines in trustworthiness caused by factors such as kernel call chain anomalies or changes in application service status during operation. This means that even authenticated devices may be granted network privileges despite being in an untrusted state after access, posing a security risk. Summary of the Invention
[0004] Therefore, it is necessary to provide a method for adjusting network permissions that can improve network security in response to the above-mentioned technical problems.
[0005] Firstly, this application provides a method for adjusting network permissions, applied to a security device, the method comprising:
[0006] The system receives the self-correction operation result sent by the access device. The self-correction operation result is that the access device generates an end-to-end snapshot sequence based on the collected multi-dimensional trusted data arranged along the time axis; it generates a dynamic verification sequence based on the end-to-end snapshot sequence and sets the security attribute of the dynamic verification sequence to an untrusted state; the dynamic verification sequence is used to characterize the state of the access device within each time window.
[0007] The dynamic verification sequence is updated based on the self-correction operation results to obtain the updated dynamic verification sequence. Based on the historical interaction behavior and the updated dynamic verification sequence, an interaction trust graph is constructed. The interaction trust graph is used to represent the multi-dimensional interaction relationship between multiple access devices.
[0008] Access control commands are generated based on the interactive trust graph and sent to the access devices so that the access devices can adjust their own network permissions according to the access control commands.
[0009] Secondly, this application provides a network access control method applied to an access device, the method comprising:
[0010] Generate an end-to-end snapshot sequence based on the collected multi-dimensional reliable data;
[0011] A dynamic verification sequence is generated based on the end-to-end snapshot sequence, and the security attribute of the dynamic verification sequence is set to an untrusted state; the dynamic verification sequence is used to characterize the state of the access device in each time window.
[0012] Perform a self-correction operation in an untrusted state to generate a self-correction operation result;
[0013] The self-correction operation results are sent to the security device so that the security device can update the dynamic verification sequence, construct an interaction trust graph based on historical interaction behavior and the updated dynamic verification sequence, and generate access control instructions based on the interaction trust graph.
[0014] It receives access control commands generated by the security device and adjusts its own network permissions according to the access control commands.
[0015] Thirdly, this application also provides a network access control device, which includes:
[0016] The receiving module is used to receive the self-correction operation results sent by the access device. The self-correction operation results are generated by the access device based on the collected multi-dimensional trusted data arranged on a time axis to form an end-to-end snapshot sequence; a dynamic verification sequence is generated based on the end-to-end snapshot sequence, and the security attribute of the dynamic verification sequence is set to an untrusted state; the dynamic verification sequence is used to characterize the state of the access device within each time window.
[0017] The module is used to update the dynamic verification sequence based on the self-correction operation results, obtain the updated dynamic verification sequence, and construct an interaction trust graph based on historical interaction behavior and the updated dynamic verification sequence; the interaction trust graph is used to represent the multi-dimensional interaction relationship between multiple access devices.
[0018] The sending module is used to generate access control commands based on the interactive trust graph and send the access control commands to the access device so that the access device can adjust its own network permissions according to the access control commands.
[0019] Fourthly, this application also provides a network access control adjustment device, which includes:
[0020] The acquisition module is used to generate an end-to-end snapshot sequence based on the acquired multi-dimensional reliable data;
[0021] A module is set up to generate a dynamic verification sequence based on the end-to-end snapshot sequence, and the security attribute of the dynamic verification sequence is set to an untrusted state; the dynamic verification sequence is used to characterize the state of the access device in each time window.
[0022] The generation module is used to perform self-correction operations in an untrusted state and generate the results of the self-correction operations.
[0023] The sending module is used to send the self-correction operation results to the security device so that the security device can update the dynamic verification sequence, construct an interaction trust graph based on historical interaction behavior and the updated dynamic verification sequence, and generate access control instructions based on the interaction trust graph.
[0024] The receiving module is used to receive access control commands generated by the security device and adjust its own network permissions according to the access control commands.
[0025] Fifthly, this application also provides a computer device, including a memory and a processor, wherein the memory stores a computer program, and the processor executes the computer program to perform the following steps:
[0026] The system receives the self-correction operation result sent by the access device. The self-correction operation result is that the access device generates an end-to-end snapshot sequence based on the collected multi-dimensional trusted data arranged along the time axis; it generates a dynamic verification sequence based on the end-to-end snapshot sequence and sets the security attribute of the dynamic verification sequence to an untrusted state; the dynamic verification sequence is used to characterize the state of the access device within each time window.
[0027] The dynamic verification sequence is updated based on the self-correction operation results to obtain the updated dynamic verification sequence. Based on the historical interaction behavior and the updated dynamic verification sequence, an interaction trust graph is constructed. The interaction trust graph is used to represent the multi-dimensional interaction relationship between multiple access devices.
[0028] Access control commands are generated based on the interactive trust graph and sent to the access devices so that the access devices can adjust their own network permissions according to the access control commands.
[0029] Sixthly, this application also provides a computer-readable storage medium having a computer program stored thereon, which, when executed by a processor, performs the following steps:
[0030] The system receives the self-correction operation result sent by the access device. The self-correction operation result is that the access device generates an end-to-end snapshot sequence based on the collected multi-dimensional trusted data arranged along the time axis; it generates a dynamic verification sequence based on the end-to-end snapshot sequence and sets the security attribute of the dynamic verification sequence to an untrusted state; the dynamic verification sequence is used to characterize the state of the access device within each time window.
[0031] The dynamic verification sequence is updated based on the self-correction operation results to obtain the updated dynamic verification sequence. Based on the historical interaction behavior and the updated dynamic verification sequence, an interaction trust graph is constructed. The interaction trust graph is used to represent the multi-dimensional interaction relationship between multiple access devices.
[0032] Access control commands are generated based on the interactive trust graph and sent to the access devices so that the access devices can adjust their own network permissions according to the access control commands.
[0033] In a seventh aspect, this application also provides a computer program product, including a computer program that, when executed by a processor, performs the following steps:
[0034] The system receives the self-correction operation result sent by the access device. The self-correction operation result is that the access device generates an end-to-end snapshot sequence based on the collected multi-dimensional trusted data arranged along the time axis; it generates a dynamic verification sequence based on the end-to-end snapshot sequence and sets the security attribute of the dynamic verification sequence to an untrusted state; the dynamic verification sequence is used to characterize the state of the access device within each time window.
[0035] The dynamic verification sequence is updated based on the self-correction operation results to obtain the updated dynamic verification sequence. Based on the historical interaction behavior and the updated dynamic verification sequence, an interaction trust graph is constructed. The interaction trust graph is used to represent the multi-dimensional interaction relationship between multiple access devices.
[0036] Access control commands are generated based on the interactive trust graph and sent to the access devices so that the access devices can adjust their own network permissions according to the access control commands.
[0037] The aforementioned network access control method achieves closed-loop verification of the access device's proactive correction behavior by receiving the self-correction operation result sent by the access device after generating a dynamic verification sequence based on an end-to-end snapshot sequence and setting its security attribute to an untrusted state. This prevents abnormal devices from bypassing authentication and directly accessing the network. By updating the dynamic verification sequence based on the self-correction operation result and constructing an interaction trust graph based on historical interaction behavior and the updated dynamic verification sequence, it identifies covert security threats such as progressive attacks across time windows and multi-device collaborative abnormal interactions that cannot be detected by single-point verification. By generating access control commands based on the interaction trust graph and issuing them to the access device, it achieves dynamic access control based on a global risk profile, shortening the time window from threat occurrence to access restriction and reducing the exploitable window period for attackers. This method achieves accurate verification of the continuous trusted state of access devices and real-time dynamic control of network access, thereby comprehensively improving the security of network boundary access. Attached Figure Description
[0038] To more clearly illustrate the technical solutions in the embodiments of this application or related technologies, the drawings used in the description of the embodiments of this application or related technologies will be briefly introduced below. Obviously, the drawings described below are only some embodiments of this application. For those skilled in the art, other related drawings can be obtained based on these drawings without creative effort.
[0039] Figure 1 This is an application environment diagram of a network permission adjustment method in one embodiment;
[0040] Figure 2 This is a flowchart illustrating a network permission adjustment method in one embodiment;
[0041] Figure 3 This is a flowchart illustrating a network permission adjustment method in another embodiment;
[0042] Figure 4 This is a flowchart illustrating a network permission adjustment method in another embodiment;
[0043] Figure 5 This is a flowchart illustrating a network permission adjustment method in another embodiment;
[0044] Figure 6 This is a flowchart illustrating a network permission adjustment method in another embodiment;
[0045] Figure 7 This is a flowchart illustrating a network permission adjustment method in another embodiment;
[0046] Figure 8 This is a flowchart illustrating a network permission adjustment method in another embodiment;
[0047] Figure 9 This is a flowchart illustrating a network permission adjustment method in another embodiment;
[0048] Figure 10 This is a flowchart illustrating a network permission adjustment method in another embodiment;
[0049] Figure 11 This is a structural block diagram of a network permission adjustment device in one embodiment;
[0050] Figure 12 This is a structural block diagram of a network permission adjustment device in another embodiment;
[0051] Figure 13 This is an internal structural diagram of a computer device in one embodiment. Detailed Implementation
[0052] To make the objectives, technical solutions, and advantages of this application clearer, the following detailed description is provided in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative and not intended to limit the scope of this application.
[0053] The video editing method provided in this application embodiment can be applied to, for example... Figure 1 The application environment is shown. In this environment, security device 102 communicates with access device 104 via a network. A data storage system can store the data that access device 104 needs to process. The data storage system can be configured independently, integrated into access device 104, or located in the cloud or on other devices.
[0054] The message sequence-based control method of this application is... Figure 1 The security device 102 and access device 104 work together to complete this process. In this collaborative process, access device 104 generates an end-to-end snapshot sequence based on the collected multi-dimensional trusted data, then generates a dynamic verification sequence based on the end-to-end snapshot sequence, and sets the security attribute of the dynamic verification sequence to an untrusted state. In the untrusted state, access device 104 performs a self-correction operation, generates a self-correction operation result, and then sends the result to security device 102 for updating the dynamic verification sequence. Based on historical interaction behavior and the updated dynamic verification sequence, security device 104 constructs an interaction trust graph and generates access control instructions based on the interaction trust graph. Access device 104 receives the access control instructions generated by security device 102 and adjusts its own network permissions accordingly.
[0055] In one exemplary embodiment, such as Figure 2 As shown, a method for adjusting network permissions is provided, which can be applied to... Figure 1 Taking the safety device in the middle as an example, the explanation includes the following steps 201 to 203. Among them:
[0056] Step 201: Receive the self-correction operation result sent by the access device; wherein, the self-correction operation result is that the access device generates an end-to-end snapshot sequence based on the collected multi-dimensional trusted data arranged on the time axis; generates a dynamic verification sequence based on the end-to-end snapshot sequence, and sets the security attribute of the dynamic verification sequence to an untrusted state; the dynamic verification sequence is used to characterize the state of the access device in each time window.
[0057] The self-correction operation result refers to the feedback data generated by the access device actively performing correction operations after receiving the verification judgment result issued by the security device. This result includes at least the correction operation result (such as whether the configuration parameter adjustment was successful), the call chain integrity correction record (such as the consistency change of the kernel call path before and after correction), and a snapshot of the device environment state (the system running state when the correction is completed). This result is the core basis for the security device to determine whether the access device has completed trusted repair and for subsequent dynamic verification sequence updates.
[0058] An end-to-end snapshot sequence refers to a collection of multi-dimensional trusted data collected and arranged along a unified timeline during the startup and initial operation phases of an access device. This multi-dimensional trusted data includes identity credentials, system integrity indicators, kernel call chains, application service status, and runtime environment data. The sequence covers the entire process from hardware initialization to application service startup, characterizing the device's state evolution trajectory within a continuous time window.
[0059] A dynamic verification sequence refers to a structured data sequence composed of multiple event nodes arranged in chronological order, with each event node corresponding to device status verification information within a time window. This sequence is used to characterize the operating status of the access device within each time window and serves as the basis for the security device to make a trust determination.
[0060] An untrusted state refers to the default security attributes set for access devices by the security device after completing the initial verification. In this state, the access device is not granted trusted access permissions and must actively perform self-correction operations and form a complete verification loop before it can be included in the subsequent trust assessment process.
[0061] In this embodiment, the security device receives a self-correction operation result from the access device. This self-correction operation result involves the access device first collecting its own identity credentials, system integrity indicators, kernel call chain, application service status, and runtime environment data during the startup process, arranging this data in chronological order to generate an end-to-end snapshot sequence. Then, the access device generates a dynamic verification sequence based on this end-to-end snapshot sequence to characterize the state within each time window, and sets the security attribute of this dynamic verification sequence to an untrusted state. Finally, the access device performs a self-correction operation in this untrusted state, generates, and sends the self-correction operation result. By receiving this result, the security device knows that the access device has completed the correction operation.
[0062] In another embodiment, the security device receives the self-correction operation result sent by the access device through an encrypted channel. This self-correction operation result is generated by the access device as follows: first, an end-to-end snapshot sequence is generated based on the collected multi-dimensional trusted data arranged along a timeline; then, the end-to-end snapshot sequence is divided into time windows to obtain a segmented verification input set; subsequently, a dynamic verification sequence is generated and marked as an untrusted state; then, a self-correction operation is performed in this untrusted state; finally, the self-correction operation result, including the correction operation result, the call chain integrity correction record, and a snapshot of the device environment state, is encapsulated and sent to the security device. Upon receiving this result, the security device uses it as input data for subsequently updating the dynamic verification sequence.
[0063] Step 202: Update the dynamic verification sequence according to the self-correction operation result to obtain the updated dynamic verification sequence, and construct an interaction trust graph based on historical interaction behavior and the updated dynamic verification sequence; the interaction trust graph is used to represent the multi-dimensional interaction relationship between multiple access devices.
[0064] The updated dynamic verification sequence refers to the new sequence generated by the security device after fusing the self-correction operation result with the original dynamic verification sequence. Based on the original sequence, this sequence adds correction identifiers and version numbers to key event nodes affected by self-correction to distinguish the verification status before and after the correction.
[0065] Historical interaction behavior refers to the historical records generated by the access device during multiple rounds of interaction with the security device, including device access attempt records, self-correction operation records, status update records, and policy adjustment records issued by the security device.
[0066] An interaction trust graph refers to graph-structured data built with event nodes as vertices and multi-dimensional interaction relationships as edges. Event nodes originate from key interaction events and dynamic verification sequences, while multi-dimensional interaction relationships include inter-device communication relationships, call chain dependencies, and policy influence relationships. This graph is used to characterize the interaction coupling strength and trust propagation paths between multiple access devices.
[0067] In this embodiment, the security device first performs integrity verification and time series consistency comparison on the received self-correction operation results. After successful verification, the self-correction operation results are fused with the original dynamic verification sequence, and correction identifiers and version numbers are added to the affected event nodes to obtain the updated dynamic verification sequence. Then, the security device extracts key interaction events such as device access attempts, self-correction operations, and status updates from historical interaction records. Combining these with the event nodes in the updated dynamic verification sequence, the device connects related event nodes according to inter-device communication relationships, call chain dependencies, and policy impact relationships to construct an interaction trust graph that characterizes the multi-dimensional interaction relationships between multiple access devices.
[0068] In another embodiment, the security device associates the call chain integrity correction record in the self-correction operation result with the event node of the corresponding time window in the original dynamic verification sequence, updates the status information of the event node and increments the version number, and generates an updated dynamic verification sequence. Subsequently, the security device generates security logs based on historical interaction behavior, performs time aggregation processing on the security logs to obtain key interaction events, extracts event nodes from the key interaction events and the updated dynamic verification sequence, and connects related event nodes according to inter-device communication relationships, call chain dependencies, and policy influence relationships to obtain association edges. Based on the event nodes and association edges, an interaction trust graph is constructed, which is used to represent the multi-dimensional interaction relationships between multiple access devices.
[0069] Step 203: Generate access control instructions based on the interactive trust graph and send the access control instructions to the access device so that the access device can adjust its own network permissions according to the access control instructions.
[0070] Access control commands refer to instructions generated by the security device based on the interactive trust graph and dynamic verification sequence, used to adjust the network permissions of access devices. These commands include at least one or more of the following: access permission, permission restriction, session control, and resource access constraints, used to dynamically adjust the network permissions of access devices.
[0071] Network permissions refer to the scope of operations and the set of resources that an access device is allowed to perform in a network, including the range of network addresses that can be accessed, the types of network services that can be used, and the system resources that can be invoked.
[0072] In this embodiment, the security device constructs a multi-dimensional risk matrix based on the trusted state of each event node in the interaction trust graph and the updated dynamic verification sequence. This matrix includes risks related to identity trustworthiness, operational environment stability, call chain consistency, and policy deviation. Based on this multi-dimensional risk matrix, the device calculates the allowed network access permissions and access control priorities for the access device, forming a multi-objective optimization strategy. After parsing this strategy, it generates an access control command. The security device then sends this access control command to the access device in real time through a secure channel, allowing the access device to adjust its network access permissions accordingly.
[0073] In another embodiment, the security device extracts the trusted state of each event node from the interactive trust graph and combines it with the state information of each time window in the updated dynamic verification sequence to construct a multi-dimensional risk matrix. The security device maps this multi-dimensional risk matrix to permission constraints and execution priority weights, calculates the network permissions and access control priorities of the access device, determines a multi-objective optimization strategy based on the calculation results, and generates access control instructions containing access permissions, permission restrictions, and resource call constraints according to the strategy priorities. The security device sends the access control instructions to the access device, and the access device adjusts its own network permissions according to the instructions, including restricting access to specific network segments, reducing service call priorities, or closing unnecessary network ports.
[0074] In the aforementioned network access control method, by receiving the self-correction operation result sent by the access device after generating a dynamic verification sequence based on an end-to-end snapshot sequence and setting its security attribute to an untrusted state, closed-loop verification of the access device's proactive correction behavior is achieved, preventing abnormal devices from bypassing authentication and directly accessing the network. By updating the dynamic verification sequence based on the self-correction operation result and constructing an interaction trust graph based on historical interaction behavior and the updated dynamic verification sequence, covert security threats such as progressive attacks across time windows and multi-device collaborative abnormal interactions that cannot be detected by single-point verification are identified. By generating access control commands based on the interaction trust graph and issuing them to the access device, dynamic access control based on a global risk profile is achieved, shortening the time window from threat occurrence to access restriction and reducing the exploitable window period for attackers. This method achieves accurate verification of the continuous trusted state of access devices and real-time dynamic control of network access, thereby comprehensively improving the security of network boundary access.
[0075] In one exemplary embodiment, such as Figure 3 As shown, the above-mentioned "constructing an interaction trust graph based on historical interaction behavior and updated dynamic verification sequences" includes steps 301 to 303. Wherein:
[0076] Step 301: Generate security logs based on historical interaction behavior.
[0077] Historical interaction behavior refers to the behavioral records generated by the access device during multiple rounds of interaction with the security device, including device access attempt records, self-correction operation records, status update records, policy adjustment records, and verification result transmission and reception records. These behaviors record the entire process of the access device from access to completion of verification and correction.
[0078] A security log is a time-series record file generated by a security device based on historical interaction behavior. This log includes at least a correction summary, dynamic verification sequence update information, timestamps, and integrity verification information. It is used to fully record the state changes before and after self-correction operations, forming a traceable and tamper-proof verification and correction history.
[0079] In this embodiment, the security device reads historical interaction behaviors generated by the access device during multiple rounds of interaction from local storage, including the end-to-end snapshot sequence sent by the access device each time, the verification judgment results issued by the security device, the self-correction operation results returned by the access device, and the record of the security device updating the dynamic verification sequence each time. The security device organizes these behavior records in chronological order, adds timestamps and integrity verification information, and generates a security log for subsequent trust assessment.
[0080] In another embodiment, the security device triggers a log generation process in response to receiving a self-correction operation result from the access device. The security device extracts all historical interaction behaviors of the access device from its first access to the current moment, including device identity information, the time point of each verification, the triggering timing and execution result of the self-correction operation, and version change records of the dynamic verification sequence. The security device arranges this information in chronological order and attaches a hash check value to each record to generate an immutable security log.
[0081] Step 302: Perform time aggregation processing on the security logs to obtain key interaction events.
[0082] Key interaction events refer to representative or influential interactive behavior units extracted after time aggregation processing. Key interaction events include at least device access attempt events, self-correction operation events, and device or policy status update events, used to characterize key nodes in the actual interaction process of the system.
[0083] In this embodiment, the security device sorts the security logs according to a unified time base and then divides the log records into preset time windows (e.g., every 10 seconds). Within each time window, the security device merges multiple log records that occur within that window and extracts the most representative interactive behaviors, such as the device's first access attempt, the triggering and completion of self-correction operations, and the issuance of verification judgment results by the security device, to form the key interactive events corresponding to that time window.
[0084] In another embodiment, the security device scans the security log and identifies records marked as "device access attempt," "self-correction operation completed," or "status update." The security device arranges these records chronologically and aggregates similar operations belonging to the same access device within adjacent time windows. For example, it merges self-correction operation records from multiple consecutive time windows into a single continuous self-correction event, thereby generating a set of key interaction events with clear semantics and contextual constraints.
[0085] Step 303: Construct an interaction trust graph based on key interaction events and the updated dynamic verification sequence.
[0086] In this embodiment, the security device extracts event nodes from key interaction events and updated dynamic verification sequences, each event node carrying a timestamp, device identifier, event type, and trusted state information. The security device connects event nodes from different devices belonging to the same interaction session based on inter-device communication relationships; connects event nodes with causal relationships based on call chain dependencies; and connects event nodes that are associated due to policy adjustments based on policy impact relationships. The security device constructs an interaction trust graph, using event nodes as vertices and connection relationships as edges, to represent the multi-dimensional interaction relationships between multiple access devices.
[0087] In another embodiment, the security device first extracts event nodes corresponding to each time window from the updated dynamic verification sequence. Each event node includes the device environment fingerprint, call chain integrity hash, and security attribute status within that time window. Then, the security device extracts event nodes such as device access attempts, self-correction operations, and status updates from key interaction events. The security device performs feature propagation and aggregation learning on the event nodes using a graph convolutional network, and introduces an attention mechanism to weight the importance of different interaction relationships and adjacent nodes, ultimately generating an interaction trust graph that reflects multi-dimensional interaction relationships and event coupling strength.
[0088] In one exemplary embodiment, such as Figure 4 As shown, the above-mentioned "constructing an interaction trust graph based on key interaction events and updated dynamic verification sequences" includes steps 401 to 303. Wherein:
[0089] Step 401: Extract event nodes from key interaction events and the updated dynamic verification sequence.
[0090] An event node is a single event unit with independent semantics extracted from key interaction events or dynamic verification sequences. Each event node carries at least a timestamp, a unique device identifier, an event type, an event impact range, and trusted state information, serving as the basic vertex unit for constructing an interaction trust graph.
[0091] In this embodiment, the security device traverses the set of key interaction events, generates a corresponding event node for each key interaction event, and labels the event node with the event type (e.g., access attempt, self-correction operation, status update), the scope of the event's impact (affecting a single device or multiple devices), and the unique identifier of the related devices. Simultaneously, the security device traverses the updated dynamic verification sequence, extracting the timestamp, device environment fingerprint, call chain integrity hash, and security attribute status of the event node corresponding to each time window in the sequence. The security device merges these two types of event nodes to form a set of event nodes used to construct an interaction trust graph.
[0092] In another embodiment, the security device extracts device access attempt events from key interaction events, generates corresponding event nodes, and labels the event type as "access attempt," the access time, and the access device identifier. The security device also extracts self-correction operation events from key interaction events, generates corresponding event nodes, and labels the event type as "self-correction," the correction content, the correction result, and a comparison of the states before and after the correction. The security device extracts event nodes corresponding to each time window from the updated dynamic verification sequence. Each node contains the device environment fingerprint, call chain integrity hash, and security attribute state within that window. The security device aggregates all the extracted event nodes as the basic vertices for constructing the interaction trust graph.
[0093] Step 402: Based on the communication relationship between devices, the dependency relationship of the call chain, and the influence relationship of the strategy, the related event nodes are connected to obtain the associated edges.
[0094] The communication relationship between devices refers to the association between different access devices or between access devices and security devices that involves data interaction or message passing. This relationship is used to describe the communication path between the devices to which the event node belongs.
[0095] Call chain dependency refers to the causal relationship between event nodes along the system execution path. This relationship describes how the triggering or execution of one event depends on the completion of another event.
[0096] Policy impact relationships refer to the constraints or triggering effects of policy adjustments issued by safety devices on subsequent event nodes. This relationship is used to reflect the association between policy changes and changes in device behavior.
[0097] An association edge refers to an edge structure that connects two event nodes that have an association relationship. Each association edge carries at least a relationship type identifier (communication relationship, dependency relationship, or influence relationship) and a relationship strength weight, which is used to characterize the degree of interaction and coupling between event nodes.
[0098] In this embodiment, the security device traverses all event nodes. For any two event nodes, it determines whether there is a communication record between their respective devices. If so, it adds an edge representing a communication relationship between the two event nodes. The security device further analyzes the temporal order and call chain path between the event nodes. If the occurrence of one event node is a necessary condition for triggering another event node, it adds an edge representing a call chain dependency relationship between them. Simultaneously, the security device identifies policy adjustment event nodes and their affected subsequent device behavior event nodes, adding an edge representing a policy influence relationship between them. Through the above processing, the security device obtains a set of edges for constructing an interaction trust graph.
[0099] In another embodiment, the security device first groups event nodes belonging to the same device based on the device identifier carried by the event node. For event nodes from different devices, if there are data packet transmission and reception records between them, the security device adds an association edge of inter-device communication relationship type between the corresponding event nodes and sets the relationship strength weight according to the communication frequency. For event nodes within the same device, the security device analyzes the execution path dependency between event nodes based on the call chain integrity hash value. If the call chain hash value of event node B depends on the execution result of event node A, an association edge of call chain dependency relationship type is added between A and B. For policy adjustment event nodes issued by the security device, the security device associates them with subsequently received self-correction operation event nodes and adds an association edge of policy influence relationship type.
[0100] Step 403: Construct an interaction trust graph based on event nodes and associated edges.
[0101] In this embodiment, the security device uses all event nodes extracted in step 401 as the vertex set of the graph and all associated edges generated in step 402 as the edge set of the graph. Using the timestamps of the event nodes as a reference, the security device organizes the event nodes and associated edges into a directed graph structure according to chronological order, where the direction of the edges is determined by the order of events or the direction of dependencies. The security device uses the constructed graph structure data as an interaction trust graph for subsequent analysis and evaluation of the trust status of each event node.
[0102] In another embodiment, the security device constructs an initial graph structure with event nodes as vertices and associated edges as edges. The security device further utilizes a graph convolutional network to learn the embedding vectors of the event nodes, and extracts the structural features of the event nodes within the overall interaction structure by fusing multi-level neighborhood information on node features within the graph structure. Simultaneously, the security device introduces an attention mechanism to weight the importance of different types of associated edges and adjacent nodes, generating an interaction trust graph that reflects multi-dimensional interaction relationships and the strength of event coupling. This graph is output to the security device's trust evaluation module to calculate the credibility of each event node and the overall trust score.
[0103] In one exemplary embodiment, such as Figure 5 As shown, the above-mentioned "generating access control instructions based on the interactive trust graph" includes steps 501 to 504. Wherein:
[0104] Step 501: Construct a multidimensional risk matrix based on the trusted status of each event node in the interactive trust graph and the updated dynamic verification sequence.
[0105] The multidimensional risk matrix refers to a matrix structure data constructed according to preset risk dimensions, used to comprehensively depict the current security posture of access devices. Risk dimensions include at least identity trust risk, operating environment stability risk, call chain consistency risk, and policy deviation risk. Each element in the matrix represents the risk level or risk value of the corresponding risk dimension.
[0106] In this embodiment, the security device traverses all event nodes in the interaction trust graph, reading the trust status of each event node, including whether the device identity corresponding to the node is trustworthy, whether the call chain integrity hash is consistent with the baseline, and whether the security attribute is untrustworthy. Simultaneously, the security device reads the status information of each time window in the updated dynamic verification sequence. The security device uses identity trust risk, operating environment stability risk, call chain consistency risk, and policy deviation risk as four risk dimensions, mapping the trust status of each event node to the corresponding risk dimension, calculating the risk level of each dimension, and constructing a multi-dimensional risk matrix to characterize the current security posture of the access device.
[0107] In another embodiment, the security device extracts the trusted status of each event node from the interactive trust graph, including whether the node carries a correction identifier, whether the corrected call chain integrity hash passes verification, and whether the event node's timestamp matches the sequence time. The security device extracts the verification status of each time window from the updated dynamic verification sequence, including whether the device environment fingerprint within each window has changed and whether the security attribute is still in an untrusted state. The security device constructs a multi-dimensional risk matrix with identity trust risk, runtime environment stability risk, call chain consistency risk, and policy deviation risk as rows, and each time window or event node as columns. Each element in the matrix is a quantitative risk score for the corresponding risk dimension.
[0108] Step 502: Calculate the network permissions and access control priorities of the access devices based on the multidimensional risk matrix.
[0109] Among them, the multidimensional risk matrix refers to matrix structure data constructed according to preset risk dimensions, which is used to comprehensively depict the current security status of access devices.
[0110] Network permissions refer to the scope of operations and the set of resources that an access device is allowed to perform in a network, including the range of network addresses that can be accessed, the types of network services that can be used, and the system resources that can be invoked.
[0111] Access control priority refers to the order in which security devices assign permissions to multiple access devices or multiple access requests. Devices or requests with higher priorities are granted network resources earlier or are granted higher access permissions.
[0112] In this embodiment, the security device takes the risk dimension values in the multi-dimensional risk matrix as input and maps the risk values to network permission constraints according to preset permission calculation rules. For example, when the call chain consistency risk is higher than a preset threshold, access to sensitive system resources by the access device is restricted; when the policy deviation risk is higher than a preset threshold, the network access bandwidth priority of the device is reduced. Based on the risk level of each dimension in the multi-dimensional risk matrix, the security device comprehensively calculates the range of network permissions allowed for the access device and determines the access control priority of the device relative to other access devices.
[0113] In another embodiment, the security device performs a weighted summation of the multi-dimensional risk matrix, assigning different weight coefficients to each risk dimension to obtain a comprehensive risk score. The security device determines the network access permission level of the access device based on the comprehensive risk score: the lower the comprehensive risk score, the wider the range of network permissions granted; the higher the comprehensive risk score, the narrower the range of network permissions granted, even restricting access to the repair server only. Simultaneously, the security device determines the access control priority based on the maximum value of each risk dimension: for devices where any risk dimension exceeds a high threshold, their access control priority is set to the lowest.
[0114] Step 503: Determine a multi-objective optimization strategy based on network permissions and access control priorities.
[0115] Network permissions refer to the scope of operations and the set of resources that an access device is allowed to perform within the network.
[0116] Access control priority refers to the order and weight of permissions that security devices use when assigning permissions to access devices.
[0117] A multi-objective optimization strategy refers to a strategy scheme calculated with security, availability, and continuity as optimization objectives, while meeting minimum security constraints. This strategy must at least include the network permission scope allowed by the device, access control priorities, and the execution order of each security policy.
[0118] In this embodiment, the security device uses the calculated network permissions and access control priorities as constraints, and constructs a multi-objective optimization model with the optimization objectives of maximizing security (i.e., minimizing the risk exposure surface), maximizing availability (i.e., ensuring that normal services are not blocked), and maximizing continuity (i.e., minimizing the impact of policy adjustments on existing sessions). By solving this model, the security device obtains a set of policy parameters that satisfy all constraints, including the specific network address ranges allowed for access by the access device, the types of services that can be used, the session persistence time, and the time order of policy execution. These policy parameters are then encapsulated into a multi-objective optimization policy.
[0119] In another embodiment, the security device determines the minimum security constraints for access devices based on network permissions, such as mandatory encrypted communication requirements and mandatory authentication methods. The security device determines the policy execution order based on access control priorities: higher-priority devices are adjusted first, while lower-priority devices are adjusted later or not at all. Under the premise of meeting minimum security constraints, and prioritizing business continuity, the security device strives to preserve existing sessions from interruption, generating a multi-objective optimization policy that includes network permission scope, access control priority, and policy execution order.
[0120] Step 504: Generate access control instructions based on the multi-objective optimization strategy.
[0121] In this embodiment, the security device inputs a multi-objective optimization strategy into a policy rule engine for parsing. The policy rule engine, based on a preset rule base, converts policy parameters into specific instruction formats, including allowed IP address ranges, prohibited port numbers, session timeout periods, and resource call frequency limits. The security device sorts the instructions according to policy priority, generates one or more access control instructions, and encapsulates these instructions into a protocol format agreed upon between the security device and the access device.
[0122] In another embodiment, the security device incorporates an event-driven scheduling mechanism to dynamically adjust the execution timing of multi-objective optimization strategies based on the current network status and real-time feedback from access devices. The security device maps the network permission scope in the multi-objective optimization strategy to specific access control list rules, maps access control priorities to the order of instruction issuance, and maps the policy execution order to the time scheduling of instruction execution. The security device assembles these mapping results into access control instructions and sends them to access devices in real time through a secure channel, enabling access devices to adjust their own network permissions according to the access control instructions.
[0123] In an exemplary embodiment, the above-mentioned "updating the dynamic verification sequence based on the self-correction operation result to obtain the updated dynamic verification sequence" includes:
[0124] The self-correction operation results are subjected to integrity verification and time series consistency comparison. After the verification is passed, the dynamic verification sequence of the self-correction operation results is fused to generate an updated dynamic verification sequence.
[0125] In this embodiment, after receiving the self-correction operation result sent by the access device, the security device first performs an integrity check on the result: the security device performs encrypted hash calculation on key fields (such as the correction operation result and the call chain integrity correction record) in the self-correction operation result, compares the calculation result with the verification information carried during reception, and confirms that the two are consistent, thereby verifying that the self-correction operation result has not been tampered with during transmission. Then, the security device performs a time series consistency comparison: the security device extracts the timestamp information in the self-correction operation result and compares it with the timestamp of the corresponding event node in the dynamic verification sequence to confirm that the occurrence order of the self-correction operation is consistent with the temporal relationship in the dynamic verification sequence. After both the integrity check and the time series consistency comparison pass the verification, the security device performs a fusion processing on the self-correction operation result and the dynamic verification sequence: the correction information in the self-correction operation result is mapped to the corresponding event node in the dynamic verification sequence, a correction identifier and a new version number are added to the event node, and an updated dynamic verification sequence is generated.
[0126] In another embodiment, the security device receives the self-correction operation result sent by the access device through an end-to-end encrypted channel. The security device extracts the message authentication code carried in the self-correction operation result as an integrity verification value, recalculates the message authentication code on the data content of the self-correction operation result, and compares the calculated authentication code with the received authentication code. If they match, the data integrity is confirmed to be intact. The security device further extracts the timestamp and event node identifier from the self-correction operation result, searches for the corresponding event node in the locally stored dynamic verification sequence, compares the original timestamp of the event node with the timestamp in the self-correction operation result to see if they are within the allowable deviation range, and checks if the event node identifier in the self-correction operation result matches the event node identifier in the dynamic verification sequence. After both the integrity verification and the time series consistency comparison pass, the security device merges the call chain integrity correction record, correction operation result, and device environment state snapshot from the self-correction operation result into the corresponding event node in the dynamic verification sequence, updates the status information of the event node, increments the version number, and generates an updated dynamic verification sequence.
[0127] In one exemplary embodiment, such as Figure 6 As shown, a method for adjusting network permissions is provided, which can be applied to... Figure 1 Taking the access device in the example, the explanation includes the following steps 601 to 605. Wherein:
[0128] Step 601: Generate an end-to-end snapshot sequence based on the collected multi-dimensional reliable data.
[0129] In this embodiment, during the power-on startup process, the access device synchronously collects hardware initialization information, trusted startup logs, operating system loading records, and application service status through a multimodal acquisition unit. The access device performs hash calculations on the startup components recorded in the trusted startup logs to obtain integrity hash values. The access device arranges the identity credentials, integrity hash values, kernel call chain data, application service status, and runtime environment data in a unified timeline order, and adds a timestamp and a unique device identifier to the data at each time point to generate a continuous end-to-end snapshot sequence.
[0130] In another embodiment, the access device initiates a multi-dimensional trusted data collection process in response to a startup trigger signal. The access device obtains trusted startup logs from the hardware security module, verifies the integrity of the secure boot process, and performs integrity hash calculations on the kernel and critical service paths. The access device aggregates the collected identity credentials, system integrity indicators, kernel call chains, application service status, and runtime environment data in chronological order to form structured snapshot units. Multiple snapshot units at consecutive time points are sequentially connected to generate a continuous end-to-end snapshot sequence covering the access device's startup and initial operation phases.
[0131] Step 602: Generate a dynamic verification sequence based on the end-to-end snapshot sequence, and set the security attribute of the dynamic verification sequence to an untrusted state; the dynamic verification sequence is used to characterize the state of the access device within each time window.
[0132] In this embodiment, the access device divides the end-to-end snapshot sequence into time windows to obtain multiple segmented verification input sets covering different time intervals. The access device calls a time-sensitive key function to operate on each segmented verification input set within a trusted execution environment, generating a dynamic verification digest. The access device associates and maps each segmented verification input set with its corresponding dynamic verification digest, constructing event nodes corresponding to the time windows. The access device attaches a device environment fingerprint, call chain integrity hash, and timestamp information collected within the time window to each event node, arranging multiple event nodes in chronological order to form a dynamic verification sequence. The access device establishes a mapping table in its local security context, explicitly setting the security attributes of each event node to an untrusted state.
[0133] In another embodiment, the access device responds to the segmented verification command issued by the security device by performing windowing processing on the end-to-end snapshot sequence. The access device performs time-sensitive key function operations on the segmented verification input set within each time window to generate a dynamic verification digest. It then appends the device environment fingerprint and call chain integrity hash collected within the corresponding time window to each dynamic verification digest, forming an event node. The access device integrates all event nodes in chronological order to form a dynamic verification sequence. The access device establishes a mapping table structure, sequentially writing the security mapping unit of each event node into the mapping table. For each event node, the default security attribute state is set to "no" (i.e., untrusted state), and the node generation time, source snapshot sequence, and state version information are recorded.
[0134] Step 603: Perform a self-correction operation in an untrusted state and generate the self-correction operation result.
[0135] In this embodiment, the access device receives a verification result from the security device. This verification result indicates that the security attribute of the dynamic verification sequence is in an untrusted state and carries a reference to the integrity check value of the mapping table. The access device performs integrity verification on its local mapping table based on the integrity check value. After confirming the data's trustworthiness, it analyzes the cause of the untrusted state, identifies abnormal factors related to its own operating state, configuration parameters, call chain, or application service state, and determines the self-correction operation target. The access device automatically executes at least one correction operation among configuration parameter adjustment, call chain reset, or application service state recovery, and generates a self-correction operation result including the correction operation result, a call chain integrity correction record, and a snapshot of the device environment state.
[0136] In another embodiment, the access device parses the verification judgment result issued by the security device in a trusted execution environment, and confirms the reliability of the data source on which the judgment is based by combining the integrity check value of the mapping table. The access device further analyzes the reasons why event nodes are uniformly marked as untrusted, and determines the targets that need to be corrected. If the reason for the anomaly is that the kernel call chain deviates from the baseline, the access device performs a call chain reset operation to restore the call chain to a trusted state; if the reason for the anomaly is that the application service is abnormally interrupted, the access device performs an application service state recovery operation to restart the relevant services. After the self-correction operation is completed, the access device generates a correction record, which includes the correction time, correction content, the identifiers of the involved event nodes, and the state comparison information before and after the correction, serving as the core content of the self-correction operation result.
[0137] Step 604: The self-correction operation result is sent to the security device so that the security device can update the dynamic verification sequence, construct an interaction trust graph based on the historical interaction behavior and the updated dynamic verification sequence, and generate access control instructions based on the interaction trust graph.
[0138] In this embodiment, after completing the self-correction operation, the access device sends the correction operation result, the call chain integrity correction record, and a snapshot of the device environment state to the security device via an end-to-end encrypted channel. The self-correction operation result is used by the security device for integrity verification and time-series consistency comparison. After successful verification, it is fused with the original dynamic verification sequence to generate an updated dynamic verification sequence. The security device constructs an interaction trust graph based on historical interaction behaviors and the updated dynamic verification sequence, and generates access control commands based on the interaction trust graph. By sending the self-correction operation result, the access device triggers the security device to complete the above processing flow.
[0139] In another embodiment, after generating the self-correction operation result, the access device encapsulates the result data into a message format recognizable by the security device, adds a timestamp and integrity verification information, and sends it to the security device through a pre-established encrypted channel. Upon receiving the self-correction operation result, the security device performs integrity verification and time-series consistency comparison. If the verification passes, it merges the self-correction operation result with the original dynamic verification sequence to generate an updated dynamic verification sequence. Then, it constructs an interaction trust graph based on historical interaction behaviors and the updated dynamic verification sequence. Finally, it generates access control commands based on the interaction trust graph. By sending the self-correction operation result, the access device enables the security device to complete the entire closed loop of updating the dynamic verification sequence, constructing the trust graph, and generating access control commands.
[0140] Step 605: Receive the access control command generated by the security device and adjust its own network permissions according to the access control command.
[0141] In this embodiment, the access device receives access control commands from the security device through a secure channel. The access device parses the commands, extracting information such as the allowed network address range, prohibited port numbers, session timeout, and resource call frequency limits. Based on this information, the access device adjusts its network permission configuration: updating local firewall rules to restrict access to specific network segments; adjusting service call priorities to reduce resource consumption of non-critical services; and closing unnecessary network ports. After completing the permission adjustment, the access device reports the command execution result back to the security device.
[0142] In another embodiment, the access device receives an access control command from the security device. This command includes access control list rules, session control parameters, and resource access constraints. Based on the access control list rules in the command, the access device updates its local network permission configuration, allowing access to specified IP address ranges and denying access to address ranges marked as high-risk. Based on the session control parameters, the access device adjusts the timeout and reconnection policy of the current network session. Based on the resource access constraints, the access device limits the frequency of access to specific system resources. After completing the above adjustments, the access device performs network communication according to the new network permission configuration, realizing dynamic control of its network permissions by the security device.
[0143] In one exemplary embodiment, such as Figure 7 As shown, the aforementioned multi-dimensional trusted data includes hardware initialization information, trusted boot logs, operating system loading records, and application service status. Based on this, the aforementioned "generating an end-to-end snapshot sequence based on the collected multi-dimensional trusted data" includes steps 701 to 702. Wherein:
[0144] Step 701: Perform hash calculation on the startup components recorded in the trusted startup log to obtain the integrity hash value.
[0145] Among them, startup components refer to the system modules that the access device needs to load and execute during the startup process, including at least the kernel of the access device (the core image file of the operating system) and key service paths (such as the storage paths and loading addresses of executable files such as drivers, system services, and security modules).
[0146] An integrity hash value is a digital digest obtained through hash calculation that characterizes the integrity of the boot component. This hash value should be consistent with the preset trusted baseline hash value when the device is in a trusted state; if the boot component is tampered with, the hash value will change.
[0147] In this embodiment, the access device extracts the paths of the bootloader, kernel image file, and executable files of critical system services (such as security monitoring services and network driver services) from the trusted boot log. The access device performs a SHA-256 hash operation on the binary data of the bootloader to obtain a fixed-length hash value; it performs the same hash operation on the kernel image file to obtain a kernel integrity hash value; and it performs hash calculations on each executable file in the critical service paths to obtain the integrity hash value for each service. The access device combines the multiple hash values obtained above to form a set of integrity hash values used to characterize the integrity of the boot components.
[0148] In another embodiment, the access device reads the trusted boot log in the trusted execution environment and parses the kernel loading record and critical service path information from the log. The access device locates the kernel image file in the storage medium, reads all the binary data of the kernel image file, and calls the hash acceleration unit in the hardware security module to execute the SM3 hash algorithm to generate a kernel integrity hash value. The access device traverses each executable file in the critical service path and performs hash calculations on each file to obtain the integrity hash value of each service module. The access device concatenates the kernel integrity hash value and the integrity hash values of each service module in a preset order to form a unified integrity hash value, which is used as a component of the end-to-end snapshot sequence in step 702.
[0149] Step 702: Arrange the integrity hash value, hardware initialization information, trusted boot log, operating system loading record, and application service status in chronological order to obtain an end-to-end snapshot sequence.
[0150] Among them, the integrity hash value refers to the digital digest obtained through hash calculation, which is used to characterize the integrity of the startup component.
[0151] Hardware initialization information refers to the process data of hardware module initialization after the access device is powered on or reset, including CPU register status, memory controller configuration, peripheral enumeration results, and hardware self-test status.
[0152] Trusted boot logs refer to the secure boot process logs recorded by the hardware security module or trusted execution environment during the boot process of the access device.
[0153] Operating system load records refer to the information recorded by the operating system kernel and system services during the loading process, such as timestamps, load addresses, dependencies, and execution status.
[0154] Application service status refers to the status information of applications and services running on the access device, including service startup status, running health, process identification, and resource usage.
[0155] Timeline order refers to the arrangement of multi-dimensional reliable data according to the chronological order in which events occurred. A unified time base is used to synchronize the clocks of each acquisition module, ensuring that data from different acquisition sources are aligned on the same timeline.
[0156] In this embodiment, the access device aggregates the integrity hash value calculated in step 701 with hardware initialization information, trusted boot logs, operating system loading records, and application service status. The access device establishes a unified time base and timestamps the above data types: hardware initialization information corresponds to boot time T0, trusted boot logs correspond to the interval from T0 to T1, integrity hash value corresponds to time T1, operating system loading records correspond to the interval from T1 to T2, and application service status corresponds to time T2. The access device arranges the hardware initialization information, trusted boot logs, integrity hash value, operating system loading records, and application service status in ascending order of timestamps, forming an end-to-end snapshot sequence covering the entire process from hardware power-on to application service startup.
[0157] In another embodiment, the access device first obtains hardware initialization information, including CPU self-test results, memory initialization status, and peripheral enumeration list, and appends a timestamp T0 to it. Then, the access device obtains a trusted boot log, including the bootloader loading time and kernel image verification status, expands it into multiple sub-records in chronological order, and appends a timestamp between T0 and T1 to each sub-record. Next, the access device uses the integrity hash value calculated in step 701 as key data at time T1 and inserts it after the trusted boot log. Subsequently, the access device obtains operating system loading records, including the loading time, loading address, and dependencies of each system service, arranges them in chronological order, and appends a timestamp between T1 and T2. Finally, the access device obtains application service status, including the running status and process identifier of each service, and appends a timestamp T2. The access device arranges all data in timestamp order to generate a continuous end-to-end snapshot sequence.
[0158] In one exemplary embodiment, such as Figure 8 As shown, the above-mentioned "generating a dynamic verification sequence based on the end-to-end snapshot sequence" includes steps 801 to 805. Wherein:
[0159] Step 801: Perform window partitioning on the end-to-end snapshot sequence to obtain multiple segmented verification input sets covering different time intervals.
[0160] In this embodiment, after acquiring the end-to-end snapshot sequence, the access device divides the sequence into windows according to a preset fixed time length (e.g., 10 seconds per window). Starting from the sequence start time, the access device divides all snapshot data within 0-10 seconds into the first segmented verification input set, all snapshot data within 10-20 seconds into the second segmented verification input set, and so on, until the entire time range of the end-to-end snapshot sequence is covered, resulting in multiple segmented verification input sets covering different time intervals.
[0161] In another embodiment, the access device employs an adaptive windowing strategy based on the density of event changes in the end-to-end snapshot sequence. When state changes are frequent in the snapshot data, a shorter time window (e.g., 5 seconds) is used to capture subtle changes; when state changes are gradual, a longer time window (e.g., 30 seconds) is used to reduce redundancy. According to the adaptive partitioning result, the access device divides the end-to-end snapshot sequence into multiple time windows of varying sizes that cover the entire time interval. The snapshot data within each time window constitutes a segmented verification input set.
[0162] Step 802: In response to the segmented verification command issued by the security device, perform time-sensitive key function operations on multiple segmented verification input sets to generate a dynamic verification digest.
[0163] The segmented verification command refers to the instruction issued by the security device to the access device, which triggers the access device to perform verification operations on the segmented verification input set. This command may include information such as a time window identifier, key index, or verification parameters.
[0164] A time-sensitive key function (TSF) is a cryptographic function that incorporates a time factor as an input parameter. The result of this function depends not only on the input data but also on the current time window identifier or timestamp, ensuring that the verification results generated by the same input differ across different time windows and preventing replay attacks.
[0165] A dynamic verification digest is a verification result generated through time-sensitive key function operations, strongly bound to the current time window and device operating state. This digest is non-reusable and non-replayable, and is used for subsequent construction of event nodes and dynamic verification sequences.
[0166] In this embodiment, after receiving the segmented verification command from the security device, the access device iterates through the multiple segmented verification input sets generated in step 801. For each segmented verification input set, the access device calls a time-sensitive key function in a trusted execution environment, using the current time window identifier, the device's unique identifier, and the feature data from the segmented verification input set as function input parameters to perform calculations and obtain a fixed-length dynamic verification digest. This digest is strongly bound to the current time window and the device state; the digests generated for different time windows are all different.
[0167] In another embodiment, in response to a segmented verification command, the access device performs a time-sensitive key function operation based on HMAC on each segmented verification input set. The access device obtains the start and end times of the current time window, and uses them, along with the device private key and the hash value of the segmented verification input set, as inputs to the HMAC function to calculate the message authentication code as a dynamic verification digest. Because time window information is involved in the calculation, even if the segmented verification input sets are exactly the same in two time windows, the generated dynamic verification digest will be different depending on the time window, thereby preventing the verification result from being intercepted and replayed in other time windows.
[0168] Step 803: Associate and map each segmented verification input set with its corresponding dynamic verification summary to construct an event node corresponding to each segmented verification input set and time window.
[0169] In this embodiment, the access device traverses all segmented verification input sets. For each segmented verification input set, it finds the corresponding dynamic verification digest generated in step 802. The access device binds the unique identifier of the segmented verification input set with the dynamic verification digest value, generating a key-value pair containing the input set identifier, digest value, and time window number. The access device uses this key-value pair as the event node for that time window, thereby completing the association mapping between each segmented verification input set and the time window.
[0170] In another embodiment, the access device creates an event node data structure for each time window. This data structure contains three fields: the first field stores the hash value of the segmented verification input set (serving as an identifier for the input set); the second field stores the dynamic verification digest generated in step 802; and the third field stores the start and end times of the time window. The access device fills the data structure with the values of these three fields corresponding to each time window, forming the event node for that time window. In this way, each segmented verification input set is mapped to its corresponding time window and persistently stored in the form of an event node.
[0171] Step 804: Attach the device environment fingerprint, call chain integrity hash, and timestamp information collected within the time window to each event node to generate multiple event nodes.
[0172] Among them, device environment fingerprint refers to the set of information used to identify the hardware and software operating characteristics of the access device within a specific time window, including environmental parameters such as operating system version, hardware configuration, running process list, and network configuration.
[0173] Call chain integrity hash refers to the hash value obtained by hashing the kernel call path and key function call relationship within a time window, which is used to characterize the integrity status of the call chain.
[0174] Timestamp information refers to the time identifier of the time window corresponding to the event node, including the start and end times of the time window, which is used to characterize the position of the event node on the timeline.
[0175] In this embodiment, after generating each event node, the access device further obtains the device environment fingerprint within the corresponding time window, including the current operating system version number, CPU model, memory size, list of running processes, and network interface configuration. The access device performs a hash calculation on the kernel call chain data within the time window to obtain a call chain integrity hash value. The access device obtains the start and end times of the time window as timestamp information. The access device appends the device environment fingerprint, call chain integrity hash value, and timestamp information to the attribute fields of the event node to generate an event node containing complete information.
[0176] In another embodiment, the access device performs an attribute extension operation based on the event node constructed in step 803. The access device calls the system interface to obtain environmental information within the current time window and generates a device environment fingerprint string; it performs a hash operation on the call path recorded by the kernel call chain tracer to generate a call chain integrity hash value; and it reads the start and end times of the current time window from the system clock. The access device writes this information as extended attributes into the event node in the form of key-value pairs. After the above extension, each event node contains a segmented verification input set identifier, a dynamic verification digest, a device environment fingerprint, a call chain integrity hash value, and timestamp information, becoming a complete basic unit for constructing a dynamic verification sequence.
[0177] Step 805: Arrange multiple event nodes in chronological order to form a dynamic verification sequence; the dynamic verification sequence is used to characterize the status of the access device within each time window.
[0178] In this embodiment, the access device collects all event nodes generated in step 804, each event node carrying the start and end times of a time window. The access device sorts all event nodes in ascending order of their start times, obtaining an ordered list of event nodes. The access device uses this ordered list as a dynamic verification sequence, where the first event node corresponds to the earliest time window and the last event node corresponds to the latest time window. This dynamic verification sequence completely records the state change trajectory and verification results of the access device within continuous time windows.
[0179] In another embodiment, when generating each event node, the access device assigns it an incrementing sequence number, the sequence number corresponding to the order of the time windows. The access device writes all event nodes sequentially into the dynamic verification sequence data structure according to their sequence numbers, forming a chronologically ordered sequence. The access device stores this dynamic verification sequence in its local security context for subsequent trust determination by security devices. Each event node in this dynamic verification sequence represents the operating state of the access device within its corresponding time window, and the entire sequence represents the state evolution of the access device across multiple consecutive time windows.
[0180] In one exemplary embodiment, such as Figure 9 As shown, the above-mentioned "setting the security attribute of the dynamic verification sequence to an untrusted state" includes steps 901 to 903. Wherein:
[0181] Step 901: Obtain the mapping table established by the access device; the mapping table records the security mapping units of each event node.
[0182] In this embodiment, the security device sends a mapping table retrieval request to the access device. The access device responds to the request by reading the established mapping table from its local security context. This mapping table is organized by event nodes, with each row containing an event node identifier, dynamic verification digest, device environment fingerprint, call chain integrity hash value, security attribute status (default is no), node generation time, and status version information. The security device receives the mapping table returned by the access device through an encrypted channel, obtaining the security mapping unit for each event node recorded in the mapping table.
[0183] In another embodiment, when the access determination process is triggered, the security device actively obtains a mapping table from the access device. The access device serializes the mapping table stored in its local security context, adds a timestamp and session identifier, and sends it to the security device via an end-to-end encrypted channel. The security device receives and parses the mapping table, extracting each record as a security mapping unit for an event node. Each security mapping unit contains at least the event node's dynamic verification digest, device environment fingerprint, call chain integrity hash value, security attribute status, node generation time, and status version information, used for subsequent integrity verification and security attribute settings.
[0184] Step 902: Obtain the integrity verification value generated by the access device after performing an encrypted hash operation on the mapping table.
[0185] In this embodiment, after establishing the mapping table, the access device performs an encrypted hash operation on all contents of the mapping table. Following a preset data structure order, the access device sequentially extracts the dynamic verification digest, device environment fingerprint binding information, call chain integrity hash binding information, security attribute status, node generation time, and status version information for each event node, concatenating these data into a continuous byte sequence. The access device performs a SHA-256 hash operation on this byte sequence to generate a fixed-length hash value as the integrity verification value of the mapping table. The security device obtains this integrity verification value from the access device.
[0186] In another embodiment, the access device recalculates the integrity check value of the mapping table after each update. The access device employs a Merkle tree structure, calculating the hash value of the secure mapping unit for each event node in the mapping table as a leaf node, and then calculating the hash values of the parent nodes layer by layer upwards, ultimately obtaining the root hash value as the integrity check value of the mapping table. This integrity check value reflects changes to any event node in the mapping table. The security device obtains this integrity check value from the access device and stores it for subsequent integrity verification.
[0187] Step 903: After verifying that the mapping table has not been tampered with based on the integrity check value, set the security attribute of each event node in the mapping table to an untrusted state.
[0188] In this embodiment, after obtaining the mapping table and integrity verification value, the security device re-encrypts and hashes the key fields in the mapping table. Following the same hashing rules as the access device, the security device extracts the dynamic verification digest, device environment fingerprint binding information, call chain integrity hash binding information, security attribute status, node generation time, and status version information of each event node in the mapping table, and concatenates them to calculate the hash value. The security device compares the calculated hash value with the integrity verification value obtained in step 902. If they match, it confirms that the mapping table has not been tampered with. Provided the integrity verification passes, the security device uniformly sets the security attribute of each event node in the mapping table to an untrusted state and records the timestamp and operation identifier of this setting operation in the mapping table.
[0189] In another embodiment, the security device obtains a mapping table and the corresponding Merkle tree root hash value (integrity verification value) from the access device. The security device calculates the hash value for each event node in the mapping table and reconstructs the Merkle tree layer by layer to obtain a new root hash value. The security device compares the newly calculated root hash value with the root hash value obtained from the access device. If they match, it confirms that all event nodes in the mapping table have not been tampered with. After successful verification, the security device traverses each event node in the mapping table, explicitly sets its security attribute field from the default value (No) to an untrusted state, updates the state version information of each event node, and records the security device's identifier and setting time.
[0190] In one exemplary embodiment, such as Figure 10 As shown, the above-mentioned "setting the security attribute of the dynamic verification sequence to an untrusted state" includes steps 1001 to 1003. Wherein:
[0191] Step 1001: Obtain the integrity verification value of the mapping table.
[0192] In this embodiment, after establishing the mapping table, the access device performs a cryptographic hash operation on all contents of the mapping table to generate an integrity verification value. The access device stores this integrity verification value in its local security context and associates it with the mapping table. When a self-correction operation is required, the access device reads the integrity verification value from the local security context for subsequent integrity verification and self-correction target determination.
[0193] In another embodiment, in response to the verification result issued by the security device, the access device extracts a reference to the integrity verification value of the mapping table from the verification result. Based on this reference, the access device searches for and retrieves the corresponding integrity verification value of the mapping table from local storage. This integrity verification value is used to verify whether the current mapping table is consistent with the mapping table state used by the security device during the determination, ensuring that the self-correction operation is based on a trusted data foundation.
[0194] Step 1002: Determine the self-correction operation target based on the integrity check value.
[0195] In this embodiment, after obtaining the integrity verification value of the mapping table, the access device recalculates the integrity verification value of the local mapping table and compares it with the obtained verification value. If the two are consistent, it is confirmed that the mapping table has not been tampered with and the data is trustworthy. The access device further analyzes and verifies the cause of the untrusted state indicated in the judgment result to locate the specific abnormal factors causing the untrustworthiness. If the cause of the abnormality is that the system configuration parameters deviate from the trustworthy baseline, the self-correction operation target is determined to be the adjustment of the configuration parameters; if the cause of the abnormality is that the kernel call chain is abnormal, the self-correction operation target is determined to be the reset of the call chain; if the cause of the abnormality is that the application service is abnormally interrupted, the self-correction operation target is determined to be the restoration of the application service state.
[0196] In another embodiment, after the access device verifies the integrity of the mapping table based on the integrity check value, it parses the event node identifier and exception type field carried in the verification result. The access device determines the self-correction operation target based on the exception type field: when the exception type field indicates "configuration deviation," the target is configuration parameter adjustment, specifically including restoring the configuration file to a trusted version or resetting security policy parameters; when the exception type field indicates "call chain exception," the target is call chain reset, specifically including clearing the abnormal call path or restoring the kernel call chain to its initial state; when the exception type field indicates "service exception," the target is application service state recovery, specifically including restarting the abnormal service or restoring the service configuration. If multiple exception types exist simultaneously, multiple self-correction operation targets are determined and executed in order of priority.
[0197] Step 1003: Execute the self-correction operation objective and generate the self-correction operation result; the self-correction operation objective includes at least one of configuration parameter adjustment, call chain reset or application service state recovery.
[0198] In this embodiment, the access device automatically performs corresponding correction operations in the trusted execution environment according to the self-correction operation target determined in step 1002. If the target is configuration parameter adjustment, the access device reads a preset trusted configuration file template, replaces the current system configuration parameters with the trusted version, and records the parameter differences before and after the adjustment. If the target is call chain reset, the access device calls the kernel interface, clears abnormal call path records, restores the kernel call chain to its initial trusted state, and generates a call chain integrity hash comparison record before and after correction. If the target is application service status recovery, the access device identifies the abnormal service, performs a service restart operation, waits for the service to recover to normal operation, and records the service status change. After completing the correction operation, the access device collects the correction operation results, call chain integrity correction records, and device environment status snapshots to generate self-correction operation results.
[0199] In another embodiment, the access device sequentially executes multiple self-correcting operation objectives based on the untrusted state cause indicated in the verification judgment result. The access device first adjusts configuration parameters, restoring configuration items that deviate from the trusted baseline to their default values, and verifies whether the adjusted configuration meets the requirements. If the untrusted state is still not resolved after configuration adjustment, the access device further performs a call chain reset, clearing abnormal call paths and restoring the integrity of the kernel call chain. If abnormalities still exist after the call chain reset, the access device performs application service state recovery, restarting relevant services. After completing each correction operation, the access device records the execution result of the operation, the state comparison information before and after correction, and a snapshot of the current device environment state. After all correction operations are completed, the access device summarizes all correction records and generates a self-correcting operation result containing complete correction process information.
[0200] In one exemplary embodiment, the method further includes:
[0201] Step 1: The access device performs a hash calculation on the startup components recorded in the trusted boot log to obtain an integrity hash value; the startup components include at least the kernel and critical service paths of the access device.
[0202] Step 2: The access device arranges the integrity hash value, hardware initialization information, trusted boot log, operating system loading record, and application service status in chronological order to obtain an end-to-end snapshot sequence.
[0203] Step 3: The access device performs window segmentation processing on the end-to-end snapshot sequence to obtain multiple segmented verification input sets covering different time intervals.
[0204] Step 4: In response to the segmented verification command issued by the security device, the access device performs time-sensitive key function operations on multiple segmented verification input sets to generate a dynamic verification digest.
[0205] Step 5: The access device performs association mapping processing on each segmented verification input set and the corresponding dynamic verification digest, and constructs an event node corresponding to each segmented verification input set and the time window.
[0206] Step 6: The access device attaches the device environment fingerprint, call chain integrity hash and timestamp information collected within the time window to each event node, generating multiple event nodes.
[0207] Step 7: The access device arranges multiple event nodes in chronological order to form a dynamic verification sequence; the dynamic verification sequence is used to characterize the status of the access device within each time window.
[0208] Step 8: The access device obtains the mapping table established by the access device; the mapping table records the security mapping units of each event node.
[0209] Step 9: The access device obtains the integrity verification value generated after the access device performs an encrypted hash operation on the mapping table.
[0210] Step 10: After verifying that the mapping table has not been tampered with based on the integrity check value, the access device sets the security attribute of each event node in the mapping table to an untrusted state.
[0211] Step 11: The access device obtains the integrity verification value of the mapping table.
[0212] Step 12: The access device determines the self-correction operation target based on the integrity verification value.
[0213] Step 13: The access device executes the self-correction operation objective and generates the self-correction operation result. The self-correction operation objective includes at least one of the following: configuration parameter adjustment, call chain reset, or application service state recovery.
[0214] Step 14: The access device sends the self-correction operation result to the security device, and the security device receives the self-correction operation result sent by the access device.
[0215] Step 15: The safety device performs integrity verification and time series consistency comparison on the self-correction operation results.
[0216] Step 16: After the verification is passed, the safety device will fuse the dynamic verification sequence of the self-correction operation result to generate an updated dynamic verification sequence.
[0217] Step 17: The security device generates a security log based on historical interaction behavior.
[0218] Step 18: The security device performs time aggregation processing on the security log to obtain key interaction events.
[0219] Step 19: The security device extracts event nodes from key interaction events and the updated dynamic verification sequence.
[0220] Step 20: The security device connects related event nodes based on the communication relationship between devices, the dependency relationship of the call chain, and the influence relationship of the strategy, and obtains the associated edges.
[0221] Step 21: The security device constructs an interactive trust graph based on event nodes and associated edges.
[0222] Step 22: The security device constructs a multi-dimensional risk matrix based on the trusted status of each event node in the interactive trust graph and the updated dynamic verification sequence.
[0223] Step 23: The security device calculates the network permissions and access control priorities of the access devices based on the multidimensional risk matrix.
[0224] Step 24: The security device determines a multi-objective optimization strategy based on network permissions and access control priorities.
[0225] Step 25: The security device generates access control commands based on a multi-objective optimization strategy.
[0226] Step 26: The security device sends the access control command to the access device.
[0227] Step 27: The access device receives the access control command generated by the security device and adjusts its own network permissions according to the access control command.
[0228] It should be understood that although the steps in the flowcharts of the above embodiments are shown sequentially according to the arrows, these steps are not necessarily executed in the order indicated by the arrows. Unless explicitly stated herein, there is no strict order restriction on the execution of these steps, and they can be executed in other orders. Moreover, at least some steps in the flowcharts of the above embodiments may include multiple steps or multiple stages. These steps or stages are not necessarily completed at the same time, but can be executed at different times. The execution order of these steps or stages is not necessarily sequential, but can be performed alternately or in turn with other steps or at least some of the steps or stages of other steps.
[0229] Based on the same inventive concept, this application also provides a network permission adjustment device for implementing the network permission adjustment method described above. The solution provided by this device is similar to the solution described in the above method; therefore, the specific limitations in one or more network permission adjustment device embodiments provided below can be found in the limitations of the network permission adjustment method described above, and will not be repeated here.
[0230] In one exemplary embodiment, such as Figure 11 As shown, a network permission adjustment device is provided, including: a receiving module 1101, a constructing module 1102, and a sending module 1103, wherein:
[0231] The receiving module 1101 is used to receive the self-correction operation result sent by the access device; wherein, the self-correction operation result is that the access device generates an end-to-end snapshot sequence based on the collected multi-dimensional trusted data arranged on the time axis; generates a dynamic verification sequence based on the end-to-end snapshot sequence, and sets the security attribute of the dynamic verification sequence to an untrusted state; the dynamic verification sequence is used to characterize the state of the access device in each time window.
[0232] The construction module 1102 is used to update the dynamic verification sequence according to the self-correction operation result, obtain the updated dynamic verification sequence, and construct an interaction trust graph based on historical interaction behavior and the updated dynamic verification sequence; the interaction trust graph is used to represent the multi-dimensional interaction relationship between multiple access devices.
[0233] The sending module 1103 is used to generate access control instructions based on the interactive trust graph and send the access control instructions to the access device so that the access device can adjust its own network permissions according to the access control instructions.
[0234] In an exemplary embodiment, the aforementioned construction module 1102 is specifically used to generate security logs based on historical interaction behaviors; perform time aggregation processing on the security logs to obtain key interaction events; and construct an interaction trust graph based on the key interaction events and the updated dynamic verification sequence.
[0235] In an exemplary embodiment, the above-mentioned construction module 1102 is specifically used to extract event nodes from key interaction events and updated dynamic verification sequences; connect related event nodes according to inter-device communication relationships, call chain dependencies, and policy influence relationships to obtain related edges; and construct an interaction trust graph based on event nodes and related edges.
[0236] In an exemplary embodiment, the sending module 1103 is specifically configured to construct a multi-dimensional risk matrix based on the trusted state of each event node in the interactive trust graph and the updated dynamic verification sequence; calculate the network permissions and access control priorities of the access device based on the multi-dimensional risk matrix; determine a multi-objective optimization strategy based on the network permissions and access control priorities; and generate access control instructions based on the multi-objective optimization strategy.
[0237] In an exemplary embodiment, the above-mentioned construction module 1102 is specifically used to perform integrity verification and time series consistency comparison on the self-correction operation results; after the verification is passed, the dynamic verification sequence of the self-correction operation results is fused to generate an updated dynamic verification sequence.
[0238] In one exemplary embodiment, such as Figure 12 As shown, a network permission adjustment device is provided, including: a collection module 1201, a setting module 1202, a generation module 1203, a sending module 1204, and a receiving module 1205, wherein:
[0239] The acquisition module 1201 is used to generate an end-to-end snapshot sequence based on the acquired multi-dimensional reliable data;
[0240] Module 1202 is configured to generate a dynamic verification sequence based on the end-to-end snapshot sequence and set the security attribute of the dynamic verification sequence to an untrusted state; the dynamic verification sequence is used to characterize the state of the access device within each time window.
[0241] The generation module 1203 is used to perform self-correction operations in an untrusted state and generate self-correction operation results.
[0242] The sending module 1204 is used to send the self-correction operation result to the security device so that the security device can update the dynamic verification sequence, construct an interaction trust graph based on the historical interaction behavior and the updated dynamic verification sequence, and generate access control instructions based on the interaction trust graph.
[0243] The receiving module 1205 is used to receive access control commands generated by the security device and adjust its own network permissions according to the access control commands.
[0244] In an exemplary embodiment, the aforementioned multi-dimensional trusted data includes hardware initialization information, trusted boot logs, operating system loading records, and application service status; the aforementioned acquisition module 1201 is specifically used to perform hash calculations on the boot components recorded in the trusted boot logs to obtain integrity hash values; the boot components at least include the kernel of the access device and key service paths; the integrity hash values are arranged in chronological order with the hardware initialization information, trusted boot logs, operating system loading records, and application service status to obtain an end-to-end snapshot sequence.
[0245] In an exemplary embodiment, the acquisition module 1201 is specifically used to perform windowing processing on the end-to-end snapshot sequence to obtain multiple segmented verification input sets covering different time intervals; in response to the segmented verification command issued by the security device, perform time-sensitive key function operations on the multiple segmented verification input sets to generate dynamic verification digests; perform association mapping processing on each segmented verification input set and the corresponding dynamic verification digest to construct event nodes corresponding to each segmented verification input set and time window; attach device environment fingerprint, call chain integrity hash and timestamp information collected within the time window to each event node to generate multiple event nodes; arrange the multiple event nodes in chronological order to form a dynamic verification sequence; the dynamic verification sequence is used to characterize the status of the access device within each time window.
[0246] In an exemplary embodiment, the above-mentioned setting module 1202 is specifically used to obtain a mapping table established by the access device; the mapping table records the security mapping units of each event node; obtain the integrity verification value generated by the access device after performing an encrypted hash operation on the mapping table; after verifying that the mapping table has not been tampered with according to the integrity verification value, set the security attribute of each event node in the mapping table to an untrusted state.
[0247] In an exemplary embodiment, the generation module 1203 is specifically used to obtain the integrity verification value of the mapping table; determine the self-correction operation target based on the integrity verification value; execute the self-correction operation target and generate the self-correction operation result; the self-correction operation target includes at least one of configuration parameter adjustment, call chain reset or application service state recovery.
[0248] Each module in the aforementioned network access control device can be implemented entirely or partially through software, hardware, or a combination thereof. These modules can be embedded in the processor of a computer device in hardware form or independent of it, or stored in the memory of the computer device in software form, so that the processor can call and execute the corresponding operations of each module.
[0249] In one exemplary embodiment, a computer device is provided, which may be a security device, and its internal structure diagram may be as follows: Figure 13 As shown, this computer device includes a processor, memory, input / output interfaces (I / O), and a communication interface. The processor, memory, and I / O interfaces are connected via a system bus, and the communication interface is also connected to the system bus via the I / O interfaces. The processor provides computational and control capabilities. The memory includes non-volatile storage media and internal memory. The non-volatile storage media stores the operating system, computer programs, and a database. The internal memory provides the environment for the operation of the operating system and computer programs stored in the non-volatile storage media. The database stores relevant data during the network access control process. The I / O interfaces are used for exchanging information between the processor and external devices. The communication interface is used for communicating with external terminals via a network connection. When executed by the processor, the computer program implements a network access control method.
[0250] Those skilled in the art will understand that Figure 13 The structure shown is merely a block diagram of a portion of the structure related to the present application and does not constitute a limitation on the computer device to which the present application is applied. Specific computer devices may include more or fewer components than those shown in the figure, or combine certain components, or have different component arrangements.
[0251] In one embodiment, a computer device is also provided, including a memory and a processor, wherein the memory stores a computer program, and the processor executes the computer program to implement the steps in the above method embodiments.
[0252] In one embodiment, a computer-readable storage medium is provided having a computer program stored thereon that, when executed by a processor, implements the steps in the above method embodiments.
[0253] In one embodiment, a computer program product is provided, including a computer program that, when executed by a processor, implements the steps in the above method embodiments.
[0254] Those skilled in the art will understand that all or part of the processes in the methods of the above embodiments can be implemented by a computer program instructing related hardware. The computer program can be stored in a non-volatile computer-readable storage medium, and when executed, it can include the processes of the embodiments of the above methods. Any references to memory, databases, or other media used in the embodiments provided in this application can include at least one of non-volatile memory and volatile memory. Non-volatile memory can include read-only memory (ROM), magnetic tape, floppy disk, flash memory, optical memory, high-density embedded non-volatile memory, resistive random access memory (ReRAM), magnetic random access memory (MRAM), ferroelectric random access memory (FRAM), phase change memory (PCM), graphene memory, etc. Volatile memory can include random access memory (RAM) or external cache memory, etc. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM). The databases involved in the embodiments provided in this application may include at least one type of relational database and non-relational database. Non-relational databases may include, but are not limited to, blockchain-based distributed databases. The processors involved in the embodiments provided in this application may be general-purpose processors, central processing units, graphics processing units, digital signal processors, programmable logic devices, quantum computing-based data processing logic devices, artificial intelligence (AI) processors, etc., and are not limited to these.
[0255] The technical features of the above embodiments can be combined in any way. For the sake of brevity, not all possible combinations of the technical features in the above embodiments are described. However, as long as there is no contradiction in the combination of these technical features, they should be considered to be within the scope of this application.
[0256] The embodiments described above are merely illustrative of several implementation methods of this application, and while the descriptions are specific and detailed, they should not be construed as limiting the scope of this patent application. It should be noted that those skilled in the art can make various modifications and improvements without departing from the concept of this application, and these all fall within the protection scope of this application. Therefore, the protection scope of this application should be determined by the appended claims.
Claims
1. A method for adjusting network permissions, characterized in that, Applied to safety devices, the method includes: The system receives a self-correction operation result sent by an access device; wherein the self-correction operation result is generated by the access device generating an end-to-end snapshot sequence based on the collected multi-dimensional trusted data arranged along a time axis; generating a dynamic verification sequence based on the end-to-end snapshot sequence, and setting the security attribute of the dynamic verification sequence to an untrusted state; the dynamic verification sequence is used to characterize the state of the access device within each time window; The dynamic verification sequence is updated according to the self-correction operation result to obtain the updated dynamic verification sequence. An interaction trust graph is constructed based on historical interaction behavior and the updated dynamic verification sequence. The interaction trust graph is used to represent the multi-dimensional interaction relationship between multiple access devices. An access control command is generated based on the interactive trust graph, and the access control command is sent to the access device so that the access device can adjust its own network permissions according to the access control command.
2. The method according to claim 1, characterized in that, The construction of an interaction trust graph based on historical interaction behavior and the updated dynamic verification sequence includes: A security log is generated based on the historical interaction behavior; The security logs are processed by time aggregation to obtain key interaction events; The interaction trust graph is constructed based on the key interaction events and the updated dynamic verification sequence.
3. The method according to claim 2, characterized in that, The step of constructing the interaction trust graph based on the key interaction events and the updated dynamic verification sequence includes: Extract event nodes from the key interaction events and the updated dynamic verification sequence; Based on the communication relationships between devices, the dependency relationships of the call chain, and the influence relationships of the strategy, the related event nodes are connected to obtain the related edges; The interaction trust graph is constructed based on the event nodes and associated edges.
4. The method according to claim 1, characterized in that, The step of generating access control instructions based on the interaction trust graph includes: A multidimensional risk matrix is constructed based on the trust status of each event node in the interactive trust graph and the updated dynamic verification sequence. Based on the multidimensional risk matrix, calculate the network permissions and access control priority of the access device; Based on the network permissions and access control priorities, a multi-objective optimization strategy is determined; The access control command is generated based on the multi-objective optimization strategy.
5. The method according to claim 1, characterized in that, The step of updating the dynamic verification sequence based on the self-correction operation result to obtain the updated dynamic verification sequence includes: The results of the self-correction operation are subjected to integrity verification and time series consistency comparison. After successful verification, the self-correction operation result of the dynamic verification sequence is fused to generate the updated dynamic verification sequence.
6. A method for adjusting network permissions, characterized in that, Applied to access devices, the method includes: Generate an end-to-end snapshot sequence based on the collected multi-dimensional reliable data; A dynamic verification sequence is generated based on the end-to-end snapshot sequence, and the security attribute of the dynamic verification sequence is set to an untrusted state; the dynamic verification sequence is used to characterize the state of the access device in each time window. Perform a self-correction operation in the untrusted state to generate a self-correction operation result; The self-correction operation result is sent to the security device so that the security device can update the dynamic verification sequence, construct an interaction trust graph based on historical interaction behavior and the updated dynamic verification sequence, and generate access control instructions based on the interaction trust graph. It receives access control commands generated by the security device and adjusts its own network permissions according to the access control commands.
7. The method according to claim 6, characterized in that, The multi-dimensional trusted data includes hardware initialization information, trusted boot logs, operating system loading records, and application service status; the generation of an end-to-end snapshot sequence based on the collected multi-dimensional trusted data includes: A hash calculation is performed on the startup components recorded in the trusted startup log to obtain an integrity hash value; the startup components include at least the kernel and critical service paths of the access device; The integrity hash value, along with the hardware initialization information, the trusted boot log, the operating system loading record, and the application service status, are arranged in chronological order to obtain the end-to-end snapshot sequence.
8. The method according to claim 6, characterized in that, The step of generating a dynamic verification sequence based on the end-to-end snapshot sequence includes: The end-to-end snapshot sequence is divided into windows to obtain multiple segmented verification input sets covering different time intervals; In response to the segmented verification command issued by the security device, a time-sensitive key function operation is performed on multiple segmentsed verification input sets to generate a dynamic verification digest; Each segmented verification input set is associated with and mapped to its corresponding dynamic verification summary to construct an event node corresponding to each segmented verification input set and a time window. Each event node is appended with the device environment fingerprint, call chain integrity hash, and timestamp information collected within the time window to generate multiple event nodes; The multiple event nodes are arranged in chronological order to form the dynamic verification sequence; the dynamic verification sequence is used to characterize the state of the access device within each time window.
9. The method according to claim 6, characterized in that, Setting the security attribute of the dynamic verification sequence to an untrusted state includes: Obtain the mapping table established by the access device; the mapping table records the security mapping units of each event node; Obtain the integrity verification value generated by the access device after performing a cryptographic hash operation on the mapping table; After verifying that the mapping table has not been tampered with based on the integrity check value, the security attribute of each event node in the mapping table is set to an untrusted state.
10. The method according to claim 6, characterized in that, The step of performing a self-correction operation in the untrusted state and generating a self-correction operation result includes: Obtain the integrity verification value of the mapping table; The self-correction operation target is determined based on the integrity check value; The self-correction operation objective is executed, and the self-correction operation result is generated; the self-correction operation objective includes at least one of configuration parameter adjustment, call chain reset, or application service state recovery.