Guardado en:
Detalles Bibliográficos
Autores principales: Bradatsch, Leonard, Miroshkin, Oleksandr, Trkulja, Natasa, Kargl, Frank
Formato: Preprint
Publicado: 2024
Materias:
Acceso en línea:https://arxiv.org/abs/2402.08299
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
_version_ 1866913233574559744
author Bradatsch, Leonard
Miroshkin, Oleksandr
Trkulja, Natasa
Kargl, Frank
author_facet Bradatsch, Leonard
Miroshkin, Oleksandr
Trkulja, Natasa
Kargl, Frank
contents Zero Trust security has recently gained attention in enterprise network security. One of its key ideas is making network-level access decisions based on trust scores. However, score-based access control in the enterprise domain still lacks essential elements in our understanding, and in this paper, we contribute with respect to three crucial aspects. First, we provide a comprehensive list of 29 trust attributes that can be used to calculate a trust score. By introducing a novel mathematical approach, we demonstrate how to quantify these attributes. Second, we describe a dynamic risk-based method to calculate the trust threshold the trust score must meet for permitted access. Third, we introduce a novel trust algorithm based on Subjective Logic that incorporates the first two contributions and offers fine-grained decision possibilities. We discuss how this algorithm shows a higher expressiveness compared to a lightweight additive trust algorithm. Performance-wise, a prototype of the Subjective Logic-based approach showed similar calculation times for making an access decision as the additive approach. In addition, the dynamic threshold calculation showed only 7% increased decision-making times compared to a static threshold.
format Preprint
id arxiv_https___arxiv_org_abs_2402_08299
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Zero Trust Score-based Network-level Access Control in Enterprise Networks
Bradatsch, Leonard
Miroshkin, Oleksandr
Trkulja, Natasa
Kargl, Frank
Cryptography and Security
Zero Trust security has recently gained attention in enterprise network security. One of its key ideas is making network-level access decisions based on trust scores. However, score-based access control in the enterprise domain still lacks essential elements in our understanding, and in this paper, we contribute with respect to three crucial aspects. First, we provide a comprehensive list of 29 trust attributes that can be used to calculate a trust score. By introducing a novel mathematical approach, we demonstrate how to quantify these attributes. Second, we describe a dynamic risk-based method to calculate the trust threshold the trust score must meet for permitted access. Third, we introduce a novel trust algorithm based on Subjective Logic that incorporates the first two contributions and offers fine-grained decision possibilities. We discuss how this algorithm shows a higher expressiveness compared to a lightweight additive trust algorithm. Performance-wise, a prototype of the Subjective Logic-based approach showed similar calculation times for making an access decision as the additive approach. In addition, the dynamic threshold calculation showed only 7% increased decision-making times compared to a static threshold.
title Zero Trust Score-based Network-level Access Control in Enterprise Networks
topic Cryptography and Security
url https://arxiv.org/abs/2402.08299