Visible to the public Biblio

Filters: Keyword is zero trust networking  [Clear All Filters]
2021-12-21
Rodigari, Simone, O'Shea, Donna, McCarthy, Pat, McCarry, Martin, McSweeney, Sean.  2021.  Performance Analysis of Zero-Trust Multi-Cloud. 2021 IEEE 14th International Conference on Cloud Computing (CLOUD). :730–732.
Zero Trust security model permits to secure cloud native applications while encrypting all network communication, authenticating, and authorizing every request. The service mesh can enable Zero Trust using a side-car proxy without changes to the application code. To the best of our knowledge, no previous work has provided a performance analysis of Zero Trust in a multi-cloud environment. This paper proposes a multi-cloud framework and a testing workflow to analyse performance of the data plane under load and the impact on the control plane, when Zero Trust is enabled. The results of preliminary tests show that Istio has reduced latency variability in responding to sequential HTTP requests. Results also reveal that the overall CPU and memory usage can increase based on service mesh configuration and the cloud environment.
2019-08-05
Vanickis, R., Jacob, P., Dehghanzadeh, S., Lee, B..  2018.  Access Control Policy Enforcement for Zero-Trust-Networking. 2018 29th Irish Signals and Systems Conference (ISSC). :1-6.

The evolution of the enterprise computing landscape towards emerging trends such as fog/edge computing and the Industrial Internet of Things (IIoT) are leading to a change of approach to securing computer networks to deal with challenges such as mobility, virtualized infrastructures, dynamic and heterogeneous user contexts and transaction-based interactions. The uncertainty introduced by such dynamicity introduces greater uncertainty into the access control process and motivates the need for risk-based access control decision making. Thus, the traditional perimeter-based security paradigm is increasingly being abandoned in favour of a so called "zero trust networking" (ZTN). In ZTN networks are partitioned into zones with different levels of trust required to access the zone resources depending on the assets protected by the zone. All accesses to sensitive information is subject to rigorous access control based on user and device profile and context. In this paper we outline a policy enforcement framework to address many of open challenges for risk-based access control for ZTN. We specify the design of required policy languages including a generic firewall policy language to express firewall rules. We design a mechanism to map these rules to specific firewall syntax and to install the rules on the firewall. We show the viability of our design with a small proof-of-concept.