Survivable zero trust for cloud computing environments

被引:34
作者
Ferretti, Luca [1 ]
Magnanini, Federico [2 ]
Andreolini, Mauro [1 ]
Colajanni, Michele [3 ]
机构
[1] Univ Modena & Reggio Emilia, Dept Phys Informat & Math, Modena, Italy
[2] Univ Modena & Reggio Emilia, Dept Engn Enzo Ferrari, Modena, Italy
[3] Univ Bologna, Dept Informat Sci & Engn, Bologna, Italy
来源
COMPUTERS & SECURITY | 2021年 / 110卷
关键词
Zero trust; Survivability; Distributed systems; Access control; Security; FAULT-TOLERANCE; AUTHENTICATION; SYSTEM;
D O I
10.1016/j.cose.2021.102419
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The security model relying on the traditional defense of the perimeter cannot protect modern dynamic organizations. The emerging paradigm called zero trust proposes a modern alternative that enforces access control on every request and avoids implicit trust based on the physical location of people and devices. These architectures rely on several trusted components, but existing proposals make the unrealistic assumption that attackers cannot compromise some of them. We overcome these assumptions and present a novel survivable zero trust architecture that can guarantee the necessary security level for cloud computing environments. The proposed architecture guarantees a high level of security and robustness and under specific conditions it can tolerate intrusions and can recover from failures and successful attacks. (c) 2021 Elsevier Ltd. All rights reserved.
引用
收藏
页数:18
相关论文
共 52 条
[1]  
Agrawal S, 2018, INT CONF COMPUT
[2]   Trading of Cloud of Things Resources [J].
Alrawahi, Ahmed Salim ;
Lee, Kevin ;
Lotfi, Ahmad .
PROCEEDINGS OF THE SECOND INTERNATIONAL CONFERENCE ON INTERNET OF THINGS, DATA AND CLOUD COMPUTING (ICC 2017), 2017,
[3]  
Amir Y., 2018, NETWORK ATTACK RESIL
[4]   Prime: Byzantine Replication under Attack [J].
Amir, Yair ;
Coan, Brian ;
Kirsch, Jonathan ;
Lane, John .
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2011, 8 (04) :564-577
[5]  
[Anonymous], 2013, eXtensible Access Control Markup language (XACML) version 3.0
[6]   Detection and Threat Prioritization of Pivoting Attacks in Large Networks [J].
Apruzzese, Giovanni ;
Pierazzi, Fabio ;
Colajanni, Michele ;
Marchetti, Mirco .
IEEE TRANSACTIONS ON EMERGING TOPICS IN COMPUTING, 2020, 8 (02) :404-415
[7]  
Ardagna C.A., 2009, P 1 ACM WORKSH INF S, P49
[8]   Basic concepts and taxonomy of dependable and secure computing [J].
Avizienis, A ;
Laprie, JC ;
Randell, B ;
Landwehr, C .
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2004, 1 (01) :11-33
[9]  
Avizienis A., 1995, Software fault tolerance, V3, P23
[10]   SERIALIZABILITY THEORY FOR REPLICATED DATABASES [J].
BERNSTEIN, PA ;
GOODMAN, N .
JOURNAL OF COMPUTER AND SYSTEM SCIENCES, 1985, 31 (03) :355-374
123456