English

A Multi-Cloud Framework for Zero-Trust Workload Authentication

Cryptography and Security 2025-10-21 v1 Distributed, Parallel, and Cluster Computing Networking and Internet Architecture

Abstract

Static, long-lived credentials for workload authentication create untenable security risks that violate Zero-Trust principles. This paper presents a multi-cloud framework using Workload Identity Federation (WIF) and OpenID Connect (OIDC) for secretless authentication. Our approach uses cryptographically-verified, ephemeral tokens, allowing workloads to authenticate without persistent private keys and mitigating credential theft. We validate this framework in an enterprise-scale Kubernetes environment, which significantly reduces the attack surface. The model offers a unified solution to manage workload identities across disparate clouds, enabling future implementation of robust, attribute-based access control.

Keywords

Cite

@article{arxiv.2510.16067,
  title  = {A Multi-Cloud Framework for Zero-Trust Workload Authentication},
  author = {Saurabh Deochake and Ryan Murphy and Jeremiah Gearheart},
  journal= {arXiv preprint arXiv:2510.16067},
  year   = {2025}
}

Comments

Cyber Security Experimentation and Test (CSET) at the Annual Computer Security Applications Conference (ACSAC) 2025

R2 v1 2026-07-01T06:44:05.151Z