Authentication and identity management based on zero trust security model in micro-cloud environment
- URL: http://arxiv.org/abs/2410.21870v1
- Date: Tue, 29 Oct 2024 09:06:13 GMT
- Title: Authentication and identity management based on zero trust security model in micro-cloud environment
- Authors: Ivana Kovacevic, Milan Stojkov, Milos Simic,
- Abstract summary: The Zero Trust framework can better track and block external attackers while limiting security breaches resulting from insider attacks in the cloud paradigm.
This paper focuses on authentication mechanisms, calculation of trust score, and generation of policies in order to establish required access control to resources.
- Score: 0.0
- License:
- Abstract: The abilities of traditional perimeter-based security architectures are rapidly decreasing as more enterprise assets are moved toward the cloud environment. From a security viewpoint, the Zero Trust framework can better track and block external attackers while limiting security breaches resulting from insider attacks in the cloud paradigm. Furthermore, Zero Trust can better accomplish access privileges for users and devices across cloud environments to enable the secure sharing of resources. Moreover, the concept of zero trust architecture in cloud computing requires the integration of complex practices on multiple layers of system architecture, as well as a combination of a variety of existing technologies. This paper focuses on authentication mechanisms, calculation of trust score, and generation of policies in order to establish required access control to resources. The main objective is to incorporate an unbiased trust score as a part of policy expressions while preserving the configurability and adaptiveness of parameters of interest. Finally, the proof-of-concept is demonstrated on a micro-cloud plat-form solution.
Related papers
- PriRoAgg: Achieving Robust Model Aggregation with Minimum Privacy Leakage for Federated Learning [49.916365792036636]
Federated learning (FL) has recently gained significant momentum due to its potential to leverage large-scale distributed user data.
The transmitted model updates can potentially leak sensitive user information, and the lack of central control of the local training process leaves the global model susceptible to malicious manipulations on model updates.
We develop a general framework PriRoAgg, utilizing Lagrange coded computing and distributed zero-knowledge proof, to execute a wide range of robust aggregation algorithms while satisfying aggregated privacy.
arXiv Detail & Related papers (2024-07-12T03:18:08Z) - Towards Secure Management of Edge-Cloud IoT Microservices using Policy as Code [6.200058263544999]
IoT application providers increasingly use MicroService Architecture (MSA) to develop applications that convert IoT data into valuable information.
The proposed framework contains a "control plane" to intelligently and dynamically utilise and configure cloud-native (i.e., container orchestrators and service mesh) technologies to enforce security policies.
We implement a prototype of the proposed framework using open-source cloud-native technologies such as Docker, Istio, and Open Policy Agent to validate the framework.
arXiv Detail & Related papers (2024-06-27T01:03:23Z) - Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
We investigate the security implications of and software-based Open Radio Access Network (RAN) systems.
We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
arXiv Detail & Related papers (2024-05-03T07:18:45Z) - A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure.
This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus.
We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z) - HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs)
TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks.
We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
arXiv Detail & Related papers (2024-01-17T00:56:23Z) - A Study on the Security Requirements Analysis to build a Zero Trust-based Remote Work Environment [2.1961544533969257]
This paper proposes detailed security requirements based on the Zero Trust model and conducts security analyses of various cloud services accordingly.
As a result of the security analysis, we proposed potential threats and countermeasures for cloud services with Zero Trust.
arXiv Detail & Related papers (2024-01-08T05:50:20Z) - The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge.
This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI)
We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
arXiv Detail & Related papers (2024-01-03T07:47:22Z) - Blockchain-based Zero Trust on the Edge [5.323279718522213]
This paper proposes a novel approach based on Zero Trust Architecture (ZTA) extended with blockchain to further enhance security.
The blockchain component serves as an immutable database for storing users' requests and is used to verify trustworthiness by analyzing and identifying potentially malicious user activities.
We discuss the framework, processes of the approach, and the experiments carried out on a testbed to validate its feasibility and applicability in the smart city context.
arXiv Detail & Related papers (2023-11-28T12:43:21Z) - Zero Trust: Applications, Challenges, and Opportunities [0.0]
This survey comprehensively explores the theoretical foundations, practical implementations, applications, challenges, and future trends of Zero Trust.
We highlight the relevance of Zero Trust in securing cloud environments, facilitating remote work, and protecting the Internet of Things (IoT) ecosystem.
Integrating Zero Trust with emerging technologies like AI and machine learning augments its efficacy, promising a dynamic and responsive security landscape.
arXiv Detail & Related papers (2023-09-07T09:23:13Z) - Exploring Security Practices in Infrastructure as Code: An Empirical
Study [54.669404064111795]
Cloud computing has become popular thanks to the widespread use of Infrastructure as Code (IaC) tools.
scripting process does not automatically prevent practitioners from introducing misconfigurations, vulnerabilities, or privacy risks.
Ensuring security relies on practitioners understanding and the adoption of explicit policies, guidelines, or best practices.
arXiv Detail & Related papers (2023-08-07T23:43:32Z) - secureTF: A Secure TensorFlow Framework [1.1006321791711173]
secureTF is a distributed machine learning framework based on the onflow for the cloud infrastructure.
SecureTF supports unmodified applications, while providing end-to-end security for the input data, ML model, and application code.
This paper reports on our experiences about the system design choices and the system deployment in production use-cases.
arXiv Detail & Related papers (2021-01-20T16:36:53Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.