Native Security Paradigm Framework v1.0 Unveiled at the 2023 Waibao Conference Network Security Forum

On September 8, 2023, the Waibao Conference Network Security Forum was held in Shanghai, co‑hosted by Ant Group and the journal Information Security Research, with the theme “Opening the Native Security Paradigm, Safeguarding Cyberspace”. At the forum Ant Group and Zhejiang University’s School of Cyberspace Security jointly launched the pioneering “Native Security Paradigm Framework v1.0”, which integrates two security paradigms—OVTP (Operator‑Voucher‑Traceable Paradigm) and NbSP (Non‑bypassable Security Paradigm)—and a key technical innovation called “Security Parallel Aspect”.

The speakers emphasized that modern digital enterprises are evolving into complex digital organisms, and that security must return to the fundamental question of whether access is legitimate. The framework is intended to guide enterprise security architecture design, moving native security from high‑level requirements to concrete practice.

Since 2019 Ant Group has been iterating the native security paradigm. The current v1.0 consists of the two paradigms and the security parallel aspect technology, which together enable practical implementation. OVTP ensures that sensitive operations are traceable and assessable, while NbSP prevents attackers from bypassing security checkpoints through hidden channels.

The security parallel aspect technology demonstrated its effectiveness during the 2021 Double‑12 promotion when the Log4j2 vulnerability was exploited; the system achieved hour‑level site‑wide mitigation, reducing emergency manpower from 6000 person‑days to 30 person‑days, a hundred‑fold efficiency gain.

Guest speakers from Qi An Xin, Ping An Group, Zhejiang Laboratory, Beijing LianShi Network, Beijing Zhique An Technology, Certik and others shared industry practices. Wu Yunkun, deputy director of the China Electronics Technology Group and president of Qi An Xin, highlighted three key elements of endogenous security: business‑driven design, data‑chain integration, and operational security.

Ping An Group’s chief information security officer Chen Jian presented a DevSecOps‑style native security practice: “code is security, deployment is security, operation is security”. Beijing LianShi Network’s CEO Bai Xiaoyong described how the parallel‑aspect technique decouples security from business logic while enabling fast, cost‑effective data‑security deployment.

The forum concluded that the native security paradigm embeds security into the “capillaries” of business processes, reshaping modern enterprise security governance, and that broader collaboration is needed to co‑create a high‑security cyberspace.