A Study on the Security Requirements Analysis to build a Zero Trust-based Remote Work Environment
- URL: http://arxiv.org/abs/2401.03675v1
- Date: Mon, 8 Jan 2024 05:50:20 GMT
- Title: A Study on the Security Requirements Analysis to build a Zero Trust-based Remote Work Environment
- Authors: Haena Kim, Yejun Kim, Seungjoo Kim,
- Abstract summary: This paper proposes detailed security requirements based on the Zero Trust model and conducts security analyses of various cloud services accordingly.
As a result of the security analysis, we proposed potential threats and countermeasures for cloud services with Zero Trust.
- Score: 2.1961544533969257
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Recently, the usage of cloud services has been increasing annually, and with remote work becoming one of the new forms of employment within enterprises, the security of cloud-based remote work environments has become important. The existing work environment relies on a perimeter security model, where accessing one's resources is based on the assumption that everything within the internal network is secure. However, due to the limitations of the perimeter security model, which assumes the safety of everything within the internal network, the adoption of Zero Trust is now being demanded. Accordingly, NIST and DoD have published guidelines related to Zero Trust architecture. However, these guidelines describe security requirements at an abstract level, focusing on logical architecture. In this paper, we conduct a threat modeling for OpenStack cloud to propose more detailed security requirements compared to NIST and DoD guidelines. Subsequently, we perform a security analysis of commercial cloud services such as Microsoft Azure, Amazon Web Service, and Google Cloud to validate these requirements. The security analysis results identify security requirements that each cloud service fails to satisfy, indicating potential exposure to threats. This paper proposes detailed security requirements based on the Zero Trust model and conducts security analyses of various cloud services accordingly. As a result of the security analysis, we proposed potential threats and countermeasures for cloud services with Zero Trust, and this is intended to help build a secure Zero Trust-based remote work environment.
Related papers
- Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
We propose Authenticated Cyclic Redundancy Integrity Check (ACRIC)
ACRIC preserves backward compatibility without requiring additional hardware and is protocol agnostic.
We show that ACRIC offers robust security with minimal transmission overhead ( 1 ms)
arXiv Detail & Related papers (2024-11-21T18:26:05Z) - A Critical Analysis of Foundations, Challenges and Directions for Zero Trust Security in Cloud Environments [0.0]
This review discusses the theoretical frameworks and application prospects of Zero Trust Security (ZTS) in cloud computing context.
This paper analyzes the core principles of ZTS, including micro-segmentation, least privileged access, and continuous monitoring.
Main barriers to implementing zero trust security were outlined, including the dimensions of decreased performance in large-scale production.
arXiv Detail & Related papers (2024-11-09T10:26:02Z) - Authentication and identity management based on zero trust security model in micro-cloud environment [0.0]
The Zero Trust framework can better track and block external attackers while limiting security breaches resulting from insider attacks in the cloud paradigm.
This paper focuses on authentication mechanisms, calculation of trust score, and generation of policies in order to establish required access control to resources.
arXiv Detail & Related papers (2024-10-29T09:06:13Z) - Security Evaluation in Software-Defined Networks [1.9713190626298576]
Cloud computing has led to a significant increase in Data Centre (DC) network requirements.
Traditional DCs are struggling to meet the flexible, centrally managed requirements of cloud computing applications.
This article presents a framework for evaluating security of Software-Defined Networks (SDN)
arXiv Detail & Related papers (2024-08-21T09:56:14Z) - Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
We investigate the security implications of and software-based Open Radio Access Network (RAN) systems.
We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
arXiv Detail & Related papers (2024-05-03T07:18:45Z) - A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure.
This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus.
We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z) - HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs)
TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks.
We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
arXiv Detail & Related papers (2024-01-17T00:56:23Z) - The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge.
This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI)
We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
arXiv Detail & Related papers (2024-01-03T07:47:22Z) - Zero Trust: Applications, Challenges, and Opportunities [0.0]
This survey comprehensively explores the theoretical foundations, practical implementations, applications, challenges, and future trends of Zero Trust.
We highlight the relevance of Zero Trust in securing cloud environments, facilitating remote work, and protecting the Internet of Things (IoT) ecosystem.
Integrating Zero Trust with emerging technologies like AI and machine learning augments its efficacy, promising a dynamic and responsive security landscape.
arXiv Detail & Related papers (2023-09-07T09:23:13Z) - Exploring Security Practices in Infrastructure as Code: An Empirical
Study [54.669404064111795]
Cloud computing has become popular thanks to the widespread use of Infrastructure as Code (IaC) tools.
scripting process does not automatically prevent practitioners from introducing misconfigurations, vulnerabilities, or privacy risks.
Ensuring security relies on practitioners understanding and the adoption of explicit policies, guidelines, or best practices.
arXiv Detail & Related papers (2023-08-07T23:43:32Z) - secureTF: A Secure TensorFlow Framework [1.1006321791711173]
secureTF is a distributed machine learning framework based on the onflow for the cloud infrastructure.
SecureTF supports unmodified applications, while providing end-to-end security for the input data, ML model, and application code.
This paper reports on our experiences about the system design choices and the system deployment in production use-cases.
arXiv Detail & Related papers (2021-01-20T16:36:53Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.