网络内生安全研究现状与关键技术

摘要：网络正处于融合开放的发展趋势中，传统的由安全事件和等保合规驱动的外挂式、被动式的安全机制已无法满足业务的需求。认为以“架构决定安全”为核心理念的内生安全已成为下一阶段网络安全领域的发展方向。从现有安全技术出发，分析了前内生安全技术的缺陷及发展内生安全技术的必要性，介绍了内生安全的概念与演进阶段，梳理总结了包括拟态防御、信计算、零信任、DevSecOps 等路线在内的主流内生安全路线的研究现状，并从原理层面介绍了各路线的关键技术。

关键词：内生安全；拟态防御；可信计算；零信任；DevSecOps；物理层安全

Abstract: The network is in the development trend of integration and opening. The traditional external and passive security mechanism driven by security events and equal guarantee compliance cannot meet the needs of business. The endogenous security with "architecture determines security" as the core concept has become the development direction of the network security field in the next stage. Starting from the existing security technology, this paper analyzes the defects of the former endogenous security technology and the necessity of developing endogenous security technology, introduces the concept and evolution stage of endogenous security, and summarizes the research status of mainstream endogenous security routes including mimicry defense, trusted computing, zero trust, DevSecOps, etc. The key technologies of each route are introduced from the principle level.

Keywords: endogenous security; mimicry defense; trusted computing; zero trust; DevSecOps; physical layer security