Zero Trust Score-based Network-level Access Control in Enterprise Networks
Abstract
Zero Trust security has recently gained attention in enterprise network security. One of its key ideas is making network-level access decisions based on trust scores. However, score-based access control in the enterprise domain still lacks essential elements in our understanding, and in this paper, we contribute with respect to three crucial aspects. First, we provide a comprehensive list of 29 trust attributes that can be used to calculate a trust score. By introducing a novel mathematical approach, we demonstrate how to quantify these attributes. Second, we describe a dynamic risk-based method to calculate the trust threshold the trust score must meet for permitted access. Third, we introduce a novel trust algorithm based on Subjective Logic that incorporates the first two contributions and offers fine-grained decision possibilities. We discuss how this algorithm shows a higher expressiveness compared to a lightweight additive trust algorithm. Performance-wise, a prototype of the Subjective Logic-based approach showed similar calculation times for making an access decision as the additive approach. In addition, the dynamic threshold calculation showed only 7% increased decision-making times compared to a static threshold.
Keywords
Cite
@article{arxiv.2402.08299,
title = {Zero Trust Score-based Network-level Access Control in Enterprise Networks},
author = {Leonard Bradatsch and Oleksandr Miroshkin and Natasa Trkulja and Frank Kargl},
journal= {arXiv preprint arXiv:2402.08299},
year = {2024}
}
Comments
This work is to be published in the Proceedings of 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)