English

Zero Trust Score-based Network-level Access Control in Enterprise Networks

Cryptography and Security 2024-02-14 v1

Abstract

Zero Trust security has recently gained attention in enterprise network security. One of its key ideas is making network-level access decisions based on trust scores. However, score-based access control in the enterprise domain still lacks essential elements in our understanding, and in this paper, we contribute with respect to three crucial aspects. First, we provide a comprehensive list of 29 trust attributes that can be used to calculate a trust score. By introducing a novel mathematical approach, we demonstrate how to quantify these attributes. Second, we describe a dynamic risk-based method to calculate the trust threshold the trust score must meet for permitted access. Third, we introduce a novel trust algorithm based on Subjective Logic that incorporates the first two contributions and offers fine-grained decision possibilities. We discuss how this algorithm shows a higher expressiveness compared to a lightweight additive trust algorithm. Performance-wise, a prototype of the Subjective Logic-based approach showed similar calculation times for making an access decision as the additive approach. In addition, the dynamic threshold calculation showed only 7% increased decision-making times compared to a static threshold.

Keywords

Cite

@article{arxiv.2402.08299,
  title  = {Zero Trust Score-based Network-level Access Control in Enterprise Networks},
  author = {Leonard Bradatsch and Oleksandr Miroshkin and Natasa Trkulja and Frank Kargl},
  journal= {arXiv preprint arXiv:2402.08299},
  year   = {2024}
}

Comments

This work is to be published in the Proceedings of 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)

R2 v1 2026-06-28T14:47:05.976Z