Theory and Application of Zero Trust Security: A Brief Survey

Kang, Hongzhaoning; Liu, Gang; Wang, Quan; Meng, Lei; Liu, Jing

doi:10.3390/e25121595

Cited by 9 publications

(3 citation statements)

References 42 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We use T i to represent the sum of the communication time between node i and other nodes on the chain, as shown in Eq. (3).…”

Section: Overall Frameworkmentioning

confidence: 99%

“…However, the rise of novel cyber threats such as insider threat attacks [1] and forged identity attacks [2] has rendered traditional network security models inadequate in ensuring current network security. Consequently, the concept of a zero trust network [3] was introduced.…”

Section: Introductionmentioning

confidence: 99%

“…(2) The principles of least privilege and dynamic allocation must be adhered to when assigning access rights to subjects in a zero trust network [7]. (3) In a zero trust network, continuous assessment of the access risk for each subject is necessary, based on the historical access behavior of that subject [8].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Master-slave Multi-chain with Risk Assessment based Access Control Model for Zero Trust Network

Shao,

Gu,

Yang

et al. 2024

Preprint

View full text Add to dashboard Cite

Zero trust aims to enable users in untrusted network areas to access trusted areas through authentication and policy control. When entering a zero trust network, no entity is inherently trusted, and resources are subject to continuous and dynamic evaluation during access. However, challenges such as dynamic access control decisions, multi-domain polymorphic access subjects, and continuous assessment of access behavior highlight the limitations of conventional zero trust networks in meeting evolving user demands for network security. In response to these challenges, we propose the master-slave multi-chain with risk assessment based access control (MMR-AC) model for zero trust network. This model introduces a unified identity management strategy through the design of access control contracts, facilitating seamless cross-domain access between different identity management systems. Additionally, the model leverages a master-slave multi-chain architecture to establish an Attribute-Based Access Control (ABAC) mechanism. To achieve continuous assessment of the access subject, the model utilizes the historical access records of the access subject as training data. Furthermore, it introduces an access risk assessment method using LightGBM. Experimental results with the proposed MMR-AC model demonstrate its capability to achieve a continuous and accurate assessment of user access risks.

show abstract

“…We use T i to represent the sum of the communication time between node i and other nodes on the chain, as shown in Eq. (3).…”

Section: Overall Frameworkmentioning

confidence: 99%