In cyberspace security, critical information infrastructure faces profound and novel challenges, such as inevitable software and hardware vulnerabilities, and endless unknown threats, due to the relentless advancement and pervasive integration of information technologies. Traditional defense paradigms and security methodologies are increasingly inadequate in addressing these challenges, leading us into a ceaseless passive situation of digging and patching vulnerabilities. Hence, there’s an urgent demand for fresh perspectives and innovative technologies to bolster cyberspace security defenses.

In response, we propose an active architecture security framework that necessitates an in-depth analysis of exploitation mechanisms and attack vectors in critical information infrastructure to identify vulnerabilities in the underlying information technologies and a redesign of these technologies to equip them with the capacity to effectively suppress, detect, control, and eliminate security threats caused by their own vulnerabilities. At a high level, this framework aims to transform from mere “information technology + security” to fortified “secure information technology”.

The central insight behind this framework is that the exploitation of software and hardware vulnerabilities is deeply rooted in the intrinsic security weaknesses of fundamental information technologies such as CPUs and operating systems. Unlike the conventional methodologies that focus on patching vulnerabilities, the framework aims to render the vulnerabilities impotent rather than eliminating them outright. Moreover, diverging from the traditional perimeter defense models and defense-in-depth strategies, as well as the zero trust security, the framework aims to establish a paradigm of “hidden treasure model” that focuses directly on attack vectors, aiming to fortify defenses precisely where they are most vulnerable.