2022
DOI: 10.21203/rs.3.rs-1225194/v1
|View full text |Cite
Preprint
|
Sign up to set email alerts
|

ZbSR: A Data Plane Security Model of SR-BE/TE based on Zero-Trust Architecture

Abstract: Facing the untrusted threats of network elements and PKI/CA faced by SR-BE/TE(Segment Routing-BE/TE) data plane in the zero-trust network environment, firstly, this paper refines it into eight specific security issues. Secondly, an SR-BE/TE data plane security model ZbSR(ZTA-based SR) based on zero-trust architecture is proposed, which reconstructs the original SR control plane into a "trust-agent" two-layer plane based on 4 components of the controller, agent, cryptographic center and information base. On one… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1

Citation Types

0
2
0

Publication Types

Select...
1

Relationship

0
1

Authors

Journals

citations
Cited by 1 publication
(2 citation statements)
references
References 6 publications
0
2
0
Order By: Relevance
“…Unlike the static trust model, zero-trust follows the principle of "never trust, always verify" by performing per-session authentication and continuous identification [1]. Trustworthiness evaluations, such as those by reputation [14], social theory [19], and tags [20], accurately reflect the trust level of each entity. Rational trustworthiness values enable granular zerotrust policies in various scenarios.…”
Section: A Zero-trust Network Architecturementioning
confidence: 99%
See 1 more Smart Citation
“…Unlike the static trust model, zero-trust follows the principle of "never trust, always verify" by performing per-session authentication and continuous identification [1]. Trustworthiness evaluations, such as those by reputation [14], social theory [19], and tags [20], accurately reflect the trust level of each entity. Rational trustworthiness values enable granular zerotrust policies in various scenarios.…”
Section: A Zero-trust Network Architecturementioning
confidence: 99%
“…To ensure the adaptability of our proposal, M(., .) is regarded as a pluggable module, supporting various wellproven proposals, e.g., reputation [14] and tags [20]. Similarly, more customized/fine-grained authentication mechanisms can be deployed on PE, e.g., blockchain-based voting [7].…”
Section: System Model: Hierarchical Micro-segmentations For Zero-trus...mentioning
confidence: 99%