Access Control Policy Enforcement for Zero-Trust-Networking

Romans Vanickis, Paul Jacob, Sohelia Dehghanzadeh, Brian Lee

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

56 Citations (Scopus)

Abstract

The evolution of the enterprise computing landscape towards emerging trends such as fog/edge computing and the Industrial Internet of Things (IIoT) are leading to a change of approach to securing computer networks to deal with challenges such as mobility, virtualized infrastructures, dynamic and heterogeneous user contexts and transaction-based interactions. The uncertainty introduced by such dynamicity introduces greater uncertainty into the access control process and motivates the need for risk-based access control decision making. Thus, the traditional perimeter-based security paradigm is increasingly being abandoned in favour of a so called zero trust networking (ZTN). In ZTN networks are partitioned into zones with different levels of trust required to access the zone resources depending on the assets protected by the zone. All accesses to sensitive information is subject to rigorous access control based on user and device profile and context. In this paper we outline a policy enforcement framework to address many of open challenges for risk-based access control for ZTN. We specify the design of required policy languages including a generic firewall policy language to express firewall rules. We design a mechanism to map these rules to specific firewall syntax and to install the rules on the firewall. We show the viability of our design with a small proof-of-concept.

Original languageEnglish
Title of host publication29th Irish Signals and Systems Conference, ISSC 2018
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781538660461
DOIs
Publication statusPublished - 20 Dec 2018
Event29th Irish Signals and Systems Conference, ISSC 2018 - Belfast, United Kingdom
Duration: 21 Jun 201822 Jun 2018

Publication series

Name29th Irish Signals and Systems Conference, ISSC 2018

Conference

Conference29th Irish Signals and Systems Conference, ISSC 2018
Country/TerritoryUnited Kingdom
CityBelfast
Period21/06/1822/06/18

Keywords

  • firewall
  • micro-segment
  • network zone
  • policy enforcement
  • risk-based access control
  • trust
  • zero trust networking

Fingerprint

Dive into the research topics of 'Access Control Policy Enforcement for Zero-Trust-Networking'. Together they form a unique fingerprint.

Cite this