The Zero-trust Paradigm: Concepts, Architectures and Applications
By Charalampos Katsis, Purdue University, USA, ckatsis@purdue.edu | Elisa Bertino, Purdue University, USA, bertino@purdue.edu
Abstract
The notion of Zero Trust Architecture (ZTA) has been introduced as a fine-grained defense approach. It assumes that no entities outside and inside the protected system can be trusted and, therefore, requires articulated and high-coverage deployment of security controls. However, ZTA is a complex notion that does not have a single design solution; rather, it consists of numerous interconnected concepts and processes that need to be assessed prior to deciding on a solution. In this monograph, we cover the principles and architectural foundations of ZTA, basically following the guidelines by NIST, and provide a detailed analysis of ZT architectures proposed by research and industry. The monograph also describes an approach for the automatic generation of ZT policies based on application communication requirements, network topology, and organizational information. This approach was designed to meet a critical need of ZTA, that is, the generation and implementation of a large number of fine-grained policies. Finally, the monograph discusses several research directions, including the incorporation of threat intelligence into ZT networks and the use of large language models (LLMs).
The Zero-trust Paradigm: Concepts, Architectures and Applications
Existing measures aimed at securing network perimeters have demonstrated insufficiency in preventing breaches within an organization’s infrastructure. This inadequacy stems from the escalating resource capabilities of adversaries and the increasing sophistication of multi-step attack strategies, rendering breaches feasible. Zero Trust Architecture (ZTA), also known as perimeter-less security, is a recent paradigm that challenges the conventional notion of network security by considering both internal and external networks as potentially compromised and that threats exist at all times in the network. The notion of ZTA has been introduced as a fine-grained defense approach. It assumes that no entities outside and inside the protected system can be trusted and, therefore, requires articulated and high coverage deployment of security controls. However, ZTA is a complex notion that does not have a single design solution, rather, it consists of numerous interconnected concepts and processes that need to be assessed prior to deciding on a solution.
In this monograph, the authors cover the principles and architectural foundations of ZTA following the guidelines by NIST, and provide a detailed analysis of ZTA proposed by research and industry. The monograph also describes an approach for the automatic generation of Zero Trust (ZT) policies based on application communication requirements, network topology, and organizational information. This approach was designed to meet a critical need of ZTA, that is, the generation and implementation of a large number of fine-grained policies. Finally, the monograph discusses several research directions, including the incorporation of threat intelligence into ZT networks and the use of large language models.
