Bertino, Elisa, Brancik, Kenneth.
2021.
Services for Zero Trust Architectures - A Research Roadmap. 2021 IEEE International Conference on Web Services (ICWS). :14–20.
The notion of Zero Trust Architecture (ZTA) has been introduced as a fine-grained defense approach. It assumes that no entities outside and inside the protected system can be trusted and therefore requires articulated and high-coverage deployment of security controls. However, ZTA is a complex notion which does not have a single design solution; rather it consists of numerous interconnected concepts and processes that need to be assessed prior to deciding on a solution. In this paper, we outline a ZTA design methodology based on cyber risks and the identification of known high security risks. We then discuss challenges related to the design and deployment of ZTA and related solutions. We also discuss the role that service technology can play in ZTA.
Oliver, Ian.
2021.
Trust, Security and Privacy through Remote Attestation in 5G and 6G Systems. 2021 IEEE 4th 5G World Forum (5GWF). :368–373.
Digitalisation of domains such as medical and railway utilising cloud and networking technologies such as 5G and forthcoming 6G systems presents additional security challenges. The establishment of the identity, integrity and provenance of devices, services and other functional components removed a number of attack vectors and addresses a number of so called zero-trust security requirements. The addition of trusted hardware, such as TPM, and related remote attestation integrated with the networking and cloud infrastructure will be necessary requirement.
Wu, Ya Guang, Yan, Wen Hao, Wang, Jin Zhi.
2021.
Real Identity Based Access Control Technology under Zero Trust Architecture. 2021 International Conference on Wireless Communications and Smart Grid (ICWCSG). :18–22.
With the rapid development and application of emerging information technology, the traditional network security architecture is more and more difficult to support flexible dynamic and a wider range of business data access requirements. Zero trust technology can truly realize the aggregation of security and business by building an end-to-end dynamic new boundary based on identity, which puts forward a new direction for the upgrade and evolution of enterprise network security architecture. This paper mainly includes access control and identity authentication management functions. The goal of access control system is to ensure that legitimate and secure users can use the system normally, and then protect the security of enterprise network and server. The functions of the access control system include identifying the user's identity (legitimacy), evaluating the security characteristics (Security) of the user's machine, and taking corresponding response strategies.
Xiaojian, Zhang, Liandong, Chen, Jie, Fan, Xiangqun, Wang, Qi, Wang.
2021.
Power IoT Security Protection Architecture Based on Zero Trust Framework. 2021 IEEE 5th International Conference on Cryptography, Security and Privacy (CSP). :166–170.
The construction of the power Internet of Things has led various terminals to access the corporate network on a large scale. The internal and external business interaction and data exchange are more extensive. The current security protection system is based on border isolation protection. This is difficult to meet the needs of the power Internet of Things connection and open shared services. This paper studies the application scheme of the ``zero trust'' typical business scenario of the power Internet of Things with ``Continuous Identity Authentication and Dynamic Access Control'' as the core, and designs the power internet security protection architecture based on zero trust.
Rodigari, Simone, O'Shea, Donna, McCarthy, Pat, McCarry, Martin, McSweeney, Sean.
2021.
Performance Analysis of Zero-Trust Multi-Cloud. 2021 IEEE 14th International Conference on Cloud Computing (CLOUD). :730–732.
Zero Trust security model permits to secure cloud native applications while encrypting all network communication, authenticating, and authorizing every request. The service mesh can enable Zero Trust using a side-car proxy without changes to the application code. To the best of our knowledge, no previous work has provided a performance analysis of Zero Trust in a multi-cloud environment. This paper proposes a multi-cloud framework and a testing workflow to analyse performance of the data plane under load and the impact on the control plane, when Zero Trust is enabled. The results of preliminary tests show that Istio has reduced latency variability in responding to sequential HTTP requests. Results also reveal that the overall CPU and memory usage can increase based on service mesh configuration and the cloud environment.
Wu, Kehe, Shi, Jin, Guo, Zhimin, Zhang, Zheng, Cai, Junfei.
2021.
Research on Security Strategy of Power Internet of Things Devices Based on Zero-Trust. 2021 International Conference on Computer Engineering and Application (ICCEA). :79–83.
In order to guarantee the normal operation of the power Internet of things devices, the zero-trust idea was used for studying the security protection strategies of devices from four aspects: user authentication, equipment trust, application integrity and flow baselines. Firstly, device trust is constructed based on device portrait; then, verification of device application integrity based on MD5 message digest algorithm to achieve device application trustworthiness. Next, the terminal network traffic baselines are mined from OpenFlow, a southbound protocol in SDN. Finally, according to the dynamic user trust degree attribute access control model, the comprehensive user trust degree was obtained by weighting the direct trust degree. It obtained from user authentication and the trust degree of user access to terminal communication traffic. And according to the comprehensive trust degree, users are assigned the minimum authority to access the terminal to realize the security protection of the terminal. According to the comprehensive trust degree, the minimum permissions for users to access the terminal were assigned to achieve the security protection of the terminal. The research shows that the zero-trust mechanism is applied to the terminal security protection of power Internet of Things, which can improve the reliability of the safe operation of terminal equipment.
Chen, Lu, Dai, Zaojian, CHEN, Mu, Li, Nige.
2021.
Research on the Security Protection Framework of Power Mobile Internet Services Based on Zero Trust. 2021 6th International Conference on Smart Grid and Electrical Automation (ICSGEA). :65–68.
Under the background of increasingly severe security situation, the new working mode of power mobile internet business anytime and anywhere has greatly increased the complexity of network interaction. At the same time, various means of breaking through the boundary protection and moving laterally are emerging in an endless stream. The existing boundary-based mobility The security protection architecture is difficult to effectively respond to the current complex and diverse network attacks and threats, and faces actual combat challenges. This article first analyzes the security risks faced by the existing power mobile Internet services, and conducts a collaborative analysis of the key points of zero-trust based security protection from multiple perspectives such as users, terminals, and applications; on this basis, from identity security authentication, continuous trust evaluation, and fine-grained access The dimension of control, fine-grained access control based on identity trust, and the design of a zero-trust-based power mobile interconnection business security protection framework to provide theoretical guidance for power mobile business security protection.
Zhang, Fengqing, Jiang, Xiaoning.
2021.
The Zero Trust Security Platform for Data Trusteeship. 2021 4th International Conference on Advanced Electronic Materials, Computers and Software Engineering (AEMCSE). :1014–1017.
Cloud storage is a low-cost and convenient storage method, but the nature of cloud storage determines the existence of security risks for data uploaded by users. In order to ensure the security of users' data in third-party cloud platforms, a zero trust security platform for data trusteeship is proposed. The platform introduces the concept of zero trust, which meets the needs of users to upload sensitive data to untrusted third-party cloud platforms by implementing multiple functional modules such as sensitivity analysis service, cipher index service, attribute encryption service.
Zhang, Pengfeng, Tian, Chuan, Shang, Tao, Liu, Lin, Li, Lei, Wang, Wenting, Zhao, Yiming.
2021.
Dynamic Access Control Technology Based on Zero-Trust Light Verification Network Model. 2021 International Conference on Communications, Information System and Computer Engineering (CISCE). :712–715.
With the rise of the cloud computing and services, the network environments tend to be more complex and enormous. Security control becomes more and more hard due to the frequent and various access and requests. There are a few techniques to solve the problem which developed separately in the recent years. Network Micro-Segmentation provides the system the ability to keep different parts separated. Zero Trust Model ensures the network is access to trusted users and business by applying the policy that verify and authenticate everything. With the combination of Segmentation and Zero Trust Model, a system will obtain the ability to control the access to organizations' or industrial valuable assets. To implement the cooperation, the paper designs a strategy named light verification to help the process to be painless for the cost of inspection. The strategy was found to be effective from the perspective of the technical management, security and usability.
Hatakeyama, Koudai, Kotani, Daisuke, Okabe, Yasuo.
2021.
Zero Trust Federation: Sharing Context under User Control towards Zero Trust in Identity Federation. 2021 IEEE International Conference on Pervasive Computing and Communications Workshops and Other Affiliated Events (PerCom Workshops). :514–519.
Perimeter models, which provide access control for protecting resources on networks, make authorization decisions using the source network of access requests as one of critical factors. However, such models are problematic because once a network is intruded, the attacker gains access to all of its resources. To overcome the above problem, a Zero Trust Network (ZTN) is proposed as a new security model in which access control is performed by authenticating users who request access and then authorizing such requests using various information about users and devices called contexts. To correctly make authorization decisions, this model must take a large amount of various contexts into account. However, in some cases, an access control mechanism cannot collect enough context to make decisions, e.g., when an organization that enforces access control joins the identity federation and uses systems operated by other organizations. This is because the contexts collected using the systems are stored in individual systems and no federation exists for sharing contexts. In this study, we propose the concept of a Zero Trust Federation (ZTF), which applies the concept of ZTN under the identity federation, and a method for sharing context among systems of organizations. Since context is sensitive to user privacy, we also propose a mechanism for sharing contexts under user control. We also verify context sharing by implementing a ZTF prototype.
Coufal\'ıková, Aneta, Klaban, Ivo, \v Slajs, Tomá\v s.
2021.
Complex Strategy against Supply Chain Attacks. 2021 International Conference on Military Technologies (ICMT). :1–5.
The risk of cyber-attack is omnipresent, there are lots of threat actors in the cyber field and the number of attacks increases every day. The paper defines currently the most discussed supply chain attacks, briefly summarizes significant events of successful supply chain attacks and outlines complex strategy leading to the prevention of such attacks; the strategy which can be used not only by civil organizations but governmental ones, too. Risks of supply chain attacks against the Czech army are taken into consideration and possible mitigations are suggested.