On September 8, the 2023 Bund Conference Cyber Security Sub-Forum was held in Shanghai. The forum was jointly hosted by Ant Group and Information Security Research magazine, with the theme of "Opening the Native Security Paradigm and Protecting Cyberspace Security". At the meeting, Ant Group and the School of Cyberspace Security of Zhejiang University launched a leading cybersecurity achievement, "Native Security Paradigm Framework v1.0". This is an integration of technical ideas and method systems to explore the origin of network security. It mainly includes two major security paradigms: "OVTP traceability paradigm" and "NbSP zero-crossing paradigm", and a major technological innovation "security parallel aspect".
"Modern digital enterprises have become digital beings that are constantly evolving and evolving. The complexity of their architecture will explode and increase the digital risks within the enterprise. The origin of network security protection still comes back to whether the access is legal. problem. We hope that through the native security paradigm framework, we can provide guidance for the design of enterprise security architecture, so that native security can move from macro requirements to implementable practice." Having been engaged in important network security work for many years, Wei Tao, Vice President and Chief Technology Security Officer of Ant Group, has profound insights into the new situation of network security and the nature of security work.
(Picture: Wei Tao, Vice President and Chief Technology Security Officer of Ant Group, delivering a keynote speech)
Faced with new challenges in network security, Ant Group started from 2019 The native security paradigm has been explored since the beginning of the year, and through iterative upgrades and practical verification, it has been continuously improved and condensed into the "native security paradigm framework v1.0". It mainly includes two major security paradigms and one major technological innovation. The two major security paradigms include "OVTP Traceable Paradigm" (Operator-Voucher-Traceable Paradigm, or OVTP) and "NbSP Zero-crossing Paradigm" (Non-bypassable Security Paradigm, or NbSP). A major technological innovation is mainly the "safety parallel aspect technology" system, which is an innovative method system based on two major safety paradigms. The two complement each other and allow the native security concept to be implemented.
(Picture: Native Security Paradigm Framework v1.0)
Under the thought of native security, the two major security paradigms have proposed innovative solutions to solve Network security access issues. Simply put, the goal of OVTP is to ensure the traceability and judgment of sensitive network access operations, such as service tickets that customer service personnel rely on when calling customer information, to prevent the occurrence of unauthorized vulnerabilities. NbSP is similar to airport security. Attackers cannot bypass security checkpoints through hidden channels (such as sewers or ventilation ducts) formed by various vulnerabilities.
Ant's pioneered "security parallel section" can be implemented for modern digital institutions The OVTP traceability paradigm and the NbSP zero-crossing paradigm provide an efficient method system and basic platform, achieving a leap-forward improvement in network security governance effects and efficiency. For example, during the Double Twelve Promotion period in 2021, in response to log4j2 vulnerability attacks, Ant Group's security parallel aspect system achieved hourly site-wide hemostasis, and the security emergency manpower was reduced from 6,000 person-days during fastjson emergency response to 30 person-days, and the efficiency was improved by A hundred times better, a two-pronged approach to hemostasis and reinforcement can resolve the crisis with zero business interruption.
At the forum, guests from Qi’anxin, Ping An Group, Zhijiang Laboratory, Beijing Lianshi Network, Beijing Zhiqian Technology, Certik Company and other units focused on “opening the native security paradigm and protecting cyberspace security” "The theme shared their experience in industry practice and the latest research
Wu Yunkun, deputy director of the China Electronics Science and Technology Commission and president of Qi'anxin Group, believes that modern enterprise network security is endogenous security starting from the business. He pointed out that this security protection system has three key elements. First of all, we must start from focusing on business and build an endogenous security system. Secondly, we must start from paying attention to "people" and build security mechanisms into the entire data chain. Finally, we must start from focusing on operations and build a practical security operation system. Wu Yunkun said that these capabilities helped Qi Anxin achieve "zero accidents" in the network security guarantee of the 2022 Beijing Winter Olympics
(Picture: Vice Chairman of the China Electronics Science and Technology Commission Director and President of Qi’anxin Group Wu Yunkun delivered a keynote speech)
Chen Jian, Chief Information Security Director of Ping An Group, shared the typical native security practice DevSecOps: Code is security, and security is regarded as a core in the process of writing code. elements to ensure that the developed software applications are highly credible and defensible in terms of security; security is when it goes online. Before the application goes online, it must be ensured that the application has a high degree of security and reliability to reduce post-fix vulnerabilities. and the cost of problems; operations are security. In the process of software system and business operations, security is regarded as a continuous need to ensure that a high level of security is maintained during the operation phase and the risk of attack is reduced.
Bai Xiaoyong, founder and CEO of Beijing Lianshi Network, introduced that based on security parallel aspect technology, Lianshi Network reconstructs security rules in the aspect of data flow, achieving technical decoupling and capability integration of security and business. "The native data of the application that does not need to be modified is secure, has multiple compatibility, fast delivery, good protection, and saves costs," Bai Xiaoyong said.
Jin Bo, deputy director of the Third Research Institute of the Ministry of Public Security, and Tan Jianfeng, member of the 13th National Committee of the Chinese People's Political Consultative Conference and honorary president of the Shanghai Information Security Industry Association, expressed strong support for the network security governance initiated by the native security paradigm. Expect the rewritten content of
to be: The core concept of the native security paradigm is to integrate security capabilities into every detail of the business. This concept is changing the way modern enterprises manage security. The guests at the meeting agreed that the native security paradigm is an efficient security practice. It requires continuous evolution based on paradigm cognition and security infrastructure. It requires more enterprises and institutions to participate in technology co-construction and application exploration to jointly build a high-level Safe cyberspace
The above is the detailed content of Tracing back to the origin of network security, native security paradigm framework v1.0 was officially released at the Bund Conference. For more information, please follow other related articles on the PHP Chinese website!