SoK: Context and Risk Aware Access Control for Zero Trust Systems

Xiao, Shiyu; Ye, Yuhang; Kanwal, Nadia; Newe, Thomas; Lee, Brian

doi:10.1155/2022/7026779

Cited by 9 publications

(3 citation statements)

References 84 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The concept of zero trust security originated with the work of the Jericho Forum, a security consortium, in 2003 (Al-Ruwaii and De moura 2021). However, the term "zero trust" was officially coined by Forrester in 2010 (Kindervag and Balaouras 2010) and has since matured, gaining widespread recognition in the industry (Xiao et al 2022). In the zero trust model, trust is not given blindly to entities seeking access to network resources, even after undergoing initial authentication and authorization (Ramezanpour and Jagannath 2022).…”

Section: Conceptual Background Of Zero Trustmentioning

confidence: 99%

Dissecting zero trust: research landscape and its implementation in IoT

Liu,

Tan,

et al. 2024

Cybersecurity

View full text Add to dashboard Cite

As a progressive security strategy, the zero trust model has attracted notable attention and importance within the realm of network security, especially in the context of the Internet of Things (IoT). This paper aims to evaluate the current research regarding zero trust and to highlight its practical applications in the IoT sphere through extensive bibliometric analysis. We also delve into the vulnerabilities of IoT and explore the potential role of zero trust security in mitigating these risks via a thorough review of relevant security schemes. Nevertheless, the challenges associated with implementing zero trust security are acknowledged. We provide a summary of these issues and suggest possible pathways for future research aimed at overcoming these challenges. Ultimately, this study aims to serve as a strategic analysis of the zero trust model, intending to empower scholars in the field to pursue deeper and more focused research in the future.

show abstract

Section: Conceptual Background Of Zero Trustmentioning

confidence: 99%

Dissecting zero trust: research landscape and its implementation in IoT

Liu,

Tan,

et al. 2024

Cybersecurity

View full text Add to dashboard Cite

show abstract

“…Incorporating these components into the smart grid contributes to creating more complex, distributed, and dynamic operating environments. To meet the challenges posed by these changes, new enterprise security architectures are emerging, for example, based on the concept of Zero Trust (ZT) as defined by the team around S. Xiao in their paper [ 13 ] “SoK: Context and Risk Aware Access Control for Zero Trust Systems”. ZT systems then consider internal and external networks as untrusted, and both are subject to the same security controls and management to prevent data breaches and limit internal lateral movement.…”

Section: Cyber Security In Substation Automation Systemsmentioning

confidence: 99%

Security Baseline for Substation Automation Systems

Horálek

Soběslav

2023

Sensors

View full text Add to dashboard Cite

The use of information technology and the automation of control systems in the energy sector enables a more efficient transmission and distribution of electricity. However, in addition to the many benefits that the deployment of intelligent and largely autonomous systems brings, it also carries risks associated with information and cyber security breaches. Technology systems form a specific and critical communication infrastructure, in which powerful control elements integrating IoT principles and IED devices are present. It also contains intelligent access control systems such as RTU, IDE, HMI, and SCADA systems that provide communication with the data and control center on the outer perimeter. Therefore, the key question is how to comprehensively protect these specialized systems and how to approach security implementation projects in this area. To establish rules, procedures, and techniques to ensure the cyber security of smart grid control systems in the energy sector, it is necessary to understand the security threats and bring appropriate measures to ensure the security of energy distribution. Given the use of a wide range of information and industrial technologies, it is difficult to protect energy distribution systems using standard constraints to protect common IT technologies and business processes. Therefore, as part of a comprehensive approach to cyber security, specifics such as legislative framework, technological constraints, international standards, specialized protocols or company processes, and many others need to be considered. Therefore, the key question is how to comprehensively protect these specialized systems and how to approach security implementation projects in this area. In this article, a basic security concept for control systems of power stations, which are part of the power transmission and distribution system, is presented based on the Smart Grid domain model with emphasis on substation intelligence, according to the Purdue model. The main contribution of the paper is the comprehensive design of mitigation measures divided into mandatory and recommended implementation based on the standards defined within the MITRE ATT&CK matrix specified, concerning the specifications of intelligent distribution substations. The proposed and industry-tested solution is mapped to meet the international security standards ISO 27001 and national legislation reflecting the requirements of NIS2. This ensures that the security requirements will be met when implementing the proposed Security Baseline.

show abstract

“…The principle states, "Never trust; always verify" [2]. This model is a holistic approach to protecting data and resources and does not represent a single product or technology [3]. It is a modern approach to network security that challenges the traditional notion of the inherent trustworthiness of users and devices.…”

Section: Introductionmentioning

confidence: 99%

The Role of Information Security Culture in Zero Trust Adoption: Insights From UAE Organizations

Zyoud,

Lebai Lutfi

2024

IEEE Access

View full text Add to dashboard Cite

This study examines the viability of Zero Trust (ZT) models, a burgeoning measure of cybersecurity, in different cultural contexts. The ZT security model is based on the principle of "never trust, always verify" and, unlike traditional models, rejects inherent trust assumptions. The focus is on Middle Eastern culture, specifically the United Arab Emirates (UAE), to examine impact of information security, national and organizational culture, and how these correlates with the adoption of the ZT model. A theoretical model explains the user and organizational behavior towards ZT in the Arab culture, assessed through a survey based on the most important factors of the information security culture. The empirical data was analyzed in the UAE with the participation of 98 cybersecurity professionals from 98 different organizations using SmartPLS4 and PLS-SEM. The overall results indicate that both national and organizational culture, as well as information security culture, are significantly and positively correlated with the adoption of the Zero Trust Architecture (ZTA). This indicates that cultural aspects at different levels of national, organizational, and information security-specific play a crucial role in the decision-making process regarding the implementation of ZT models. The inclusion of the UAE brings a particular cultural element that has unique variations, and practical recommendations to help organizations improve their ZT adoption in line with cultural considerations. These findings are relevant for organizations and policy makers. The inclusion of additional factors, countries, and participants in future research could increase the accuracy of the results.

show abstract

SoK: Context and Risk Aware Access Control for Zero Trust Systems

Cited by 9 publications

References 84 publications

Dissecting zero trust: research landscape and its implementation in IoT

Dissecting zero trust: research landscape and its implementation in IoT

Security Baseline for Substation Automation Systems

The Role of Information Security Culture in Zero Trust Adoption: Insights From UAE Organizations

Contact Info

Product

Resources

About