Visible to the public Trust Threshold Policy for Explainable and Adaptive Zero-Trust Defense in Enterprise Networks

TitleTrust Threshold Policy for Explainable and Adaptive Zero-Trust Defense in Enterprise Networks
Publication TypeConference Paper
Year of Publication2022
AuthorsGe, Yunfei, Zhu, Quanyan
Conference Name2022 IEEE Conference on Communications and Network Security (CNS)
KeywordsAdaptive systems, decision making, human factors, Markov processes, Metrics, Network security, Partially Observable Markov Decision Processes (POMDP), pubcrawl, Resiliency, Scalability, security policies, threshold policy, trust evaluation, Uncertainty, usability, zero trust, zero trust security
AbstractIn response to the vulnerabilities in traditional perimeter-based network security, the zero trust framework is a promising approach to secure modern network systems and address the challenges. The core of zero trust security is agent-centric trust evaluation and trust-based security decisions. The challenges, however, arise from the limited observations of the agent's footprint and asymmetric information in the decision-making. An effective trust policy needs to tradeoff between the security and usability of the network. The explainability of the policy facilitates the human understanding of the policy, the trust of the result, as well as the adoption of the technology. To this end, we formulate a zero-trust defense model using Partially Observable Markov Decision Processes (POMDP), which captures the uncertainties in the observations of the defender. The framework leads to an explainable trust-threshold policy that determines the defense policy based on the trust scores. This policy is shown to achieve optimal performance under mild conditions. The trust threshold enables an efficient algorithm to compute the defense policy while providing online learning capabilities. We use an enterprise network as a case study to corroborate the results. We discuss key factors on the trust threshold and illustrate how the trust threshold policy can adapt to different environments.
DOI10.1109/CNS56114.2022.9947263
Citation Keyge_trust_2022