Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Securware 2023 1 10 30021

Download as pdf or txt
Download as pdf or txt
You are on page 1of 6

SECURWARE 2023 : The Seventeenth International Conference on Emerging Security Information, Systems and Technologies

Lightweight Fine-Grained Access Control Mechanism Based on Zero Trust in CPS

Nakul D. Ghate Shohei Mitani Hirofumi Ueda


NEC Corporation, Japan NEC Corporation, Japan NEC Corporation, Japan
Tokyo, Japan Tokyo, Japan Tokyo, Japan
email: te.nak14@nec.com email: s.mitani@nec.com email: h-ueda_cb@nec.com

Abstract— The paper explores the trade-off between security and and resources [6]. Access control mechanisms utilizing the ZT
workload when enforcing fine-grained access control in Cyber principles assume that threats exist everywhere, and no user or
Physical Systems network. The paper describes a novel approach device is trusted solely based on its physical or network
to select the access control granularity based on dynamic
location. The ZT-based access control continuously performs
environment conditions by distributing a part of fine-grained
application-level policy on a network-level access controller to authentication and authorization to ensure only the authorized
reduce the workload while ensuring security. Under the desk entity is permitted to access protected resource(s), adapting to
evaluation, we achieved a workload reduction of over 90% the principle of least privilege to prevent lateral movement.
compared to the input policy, with a granularity degrade of just However, to achieve this effectively, it requires fine-grained
15%. Although, some mis-control due to denying essential access control for authorization, where access rules are
requests can be observed in the distribution-based approach, the defined for individual users, devices, resources, applications,
presented algorithms are conceptualized to minimize it. The
and so on. An example is Attribute Based Access Control
preliminary experimental results show promising improvement
in the access control system performance when employing this (ABAC) [7], enforced with mechanisms such as Attribute-
approach. Based Encryption (ABE) [8] and with Application-level
access policy designed for secure access to resources, when
Keywords- Cyber physical systems; zero trust; fine-grained; the access risk is associated with attributes such as “device
workload; distributed access control. ID”, “resource ID”, “resource confidentiality”, “device
behavior”, “user-behavior”, and so on. The application-level
I. INTRODUCTION access policy utilizes the influence of these attributes to decide
Beyond 5G / 6G network has highly enabled the access decision, and such decisions are performed at
integration of physical systems with the cyber world in the application-level access controllers which define the fine-
form of Cyber Physical Systems (CPS) [1], whose grained authorization rules from the application-level policy.
applications range from smart manufacturing, healthcare, The fine-granularity contributes to the large workload of
power grids, Internet of vehicles, smart homes and so on [2]. access control mechanism in terms of increased storage of
Because they are deployed in critical infrastructures, the enforceable rules, large computation cost of ABE, higher
security of such systems has become ever important. The processing load on the access controller, etc. [9][10][11].
heterogeneity of the devices utilized in the CPS is one of the These drawbacks may result in latency in enforcing access
fundamental issues in CPS security. Many sensors, and decisions and can be a possible target for Distributed Denial of
actuators used are constrained IOT devices, on which Service attacks (DDOS), hindering enterprise operations [12].
deploying security functions is a challenge [3]. As CPS Implementing coarse-grained access control such as
integrates many such hardware, along with software used for network-level access control that defines authorization rules
monitoring and control, etc., every site in CPS network using the network attributes such as “source IP”, “destination
functions as an entry point for malware to intrude into IP”, etc. reduces the access control workload by defining a
organization’s network [2]. single access rule for many devices and resources contained
Traditional network-perimeter based defense model has within the same IP address. But due to its coarseness, it fails in
become obsolete in the dynamic CPS network due to (1) achieving least privilege security, thereby implying that a
failure to prevent lateral movement inside the network trade-off exists between the security and workload when
perimeter as everything inside the perimeter is trusted [4], (2) subjected to the granularity of access control policies. Our
emergence of cloud services which blur the perimeter approach implements a distributed access control mechanism
boundary by extending the enterprise resource access through which distributes the access control decisions on sequentially
third party servers [5]. With cloud services ever evolving, implemented access controllers: network-level access
achieving practical security is impossible using perimeter- controllers that utilize coarse-grained access policies and
based defense techniques. Zero Trust (ZT) is the term for an application-level access controllers that deal with fine-grained
evolving set of cybersecurity paradigms that move defenses application-level policies. With this, we aim to achieve both
from static, network-based perimeters to focus on users, assets, high security and low workload to overcome the existing issue.
The rest of the paper is organized as follows: Section II

Copyright (c) IARIA, 2023. ISBN: 978-1-68558-092-6 1


SECURWARE 2023 : The Seventeenth International Conference on Emerging Security Information, Systems and Technologies

presents the related study, Section III presents the approach to a novel approach of access granularity selection based on
solve the problem, Section IV describes the methodology for analyzing the dynamic environment.
the approach. The experimentation and results are described in
III. APPROACH
Section V, while Section VI presents the discussion of our
work. Finally, we conclude our work in Section VII. We argue that the optimal performance is achieved when
the security and workloads are balanced by the access control
II. RELATED STUDY system towards overall business growth by facilitating access
The security and workload trade-off exists because the continuity. We propose that dynamic selection of access
implementation of traditional ZT-based access control in the control granularity promises to achieve this balance. A
existing literature is static in terms of access granularity, i.e., it schematic comparison of the existing work [15] and our
either implements coarse-grained network-level access control approach is shown in Figure 1. Due to the fact that the existing
[13] or fine-grained application-level access control [14]. For work does not take into account for dynamically changing
instance, [13] embeds authentication tokens inside TCP behaviors of access subjects, such as users and (IOT) devices,
packets and first-packet authentication, therefore, enforcing ZT it would always choose coarse-grained packet filtering for
principles with static rules and coarse-grained network-level non-confidential resource as shown in Figure 1, which may
access control, while [14] only considers Attribute Based
result in malicious device taking control over the resource. On
Access Control (ABAC) rules to be enforced at the Policy
Enforcement Point (PEP) resulting in high workload. Such the other hand, it would always choose fine-grained deep
static approaches to implement ZT-based access control do not inspection to protect sensitive resources, even for trusted
result in optimal performance with respect to the workload- devices, which requires large workload and induce latency in
security trade-off. the access.
To reduce the workload of application-level policies, Our approach lies in dynamically distributing the (fine-
existing methods [15][16] focused on controlling the access at grained) application-level access control towards (coarse-
network devices such as firewall, based on application- grained) network-level access control. Our algorithm
awareness. In [15], the access granularity of the firewall is dynamically decides which policies are safe to be distributed
changed from coarse-grained packet filtering to a finer-grained towards network-level access control for the intention of
stateful TCP or application-level deep packet inspection, reducing the workload while not compromising the security.
depending on the application security requirements and static On a high level, we utilize an application-level access policy
access control policies. In [16], an application-aware network which intends to be enforced at the application-level access
access control for IOT services is proposed based on SDN
controller in the traditional methods, and distribute it into two
using mandatory access control (MAC). While they simplify
sets of policies, the coarse-grained policy enforced at the
access management of fine-grained access control, they fail to
recognize the access risks from the heterogenous devices as network-level access controller and the remaining subset of
well the dynamically changing environment conditions. This the application-level policies enforced at the application-level
may lead to malware infection caused by wrong choice of access controller as shown in Figure 1.
access granularity by only considering application awareness.
[17] proposed a policy-based dynamic network access control
by utilizing the real-time feedback from network devices and
application servers. However, it is proposed as a conceptual
framework only. Several multi-layer access control methods
are also provided to enhance security. In [12], the authors
proposed cooperation of PEP among network-level and
application-level services in the same or remote domains to
facilitate defense in depth. However, the solution relies heavily
on static application-level policies. In [18], a dual layer ZT
architecture is proposed where the policy evaluates user’s 5G
network layer behavior and industry application layer behavior.
In [19] a multi-layer authorization framework of Apache
Hadoop is discussed which covers a range of services. Both of
them do not consider the workload and scalability aspect.
In a dynamic environment such as CPS, the deployed Figure 1. Comparison between (a) existing method and (b) our approach.
access control method should be aware of the changing
attributes of both the access subject as well as resources, and We take advantages of the following three properties as
adaptively respond by enforcing access control rules with long as it doesn’t compromise security; 1) Network-level
choosing appropriate granularity. For instance, enforcing access control requires lower processing load compared to
network-level access control when the risk is related to the application-level, 2) A network-level access controller
changing network attributes, such as suspicious activities from
deployed in front of an application-level access controller cuts
a source IP address, and on the other hand, enforcing
application-layer access control when the risk is related to the off access requests, 3) The size of network-level access policy
changing attributes of user or device behavior, etc. We propose is smaller than that of application-level policy if they represent

Copyright (c) IARIA, 2023. ISBN: 978-1-68558-092-6 2


SECURWARE 2023 : The Seventeenth International Conference on Emerging Security Information, Systems and Technologies

same access decision rules. In this way, the network-level determines the authorization decisions based on the dynamic
access control reduces both the workload (as the application- environment. For distribution algorithm to work, the policy
level access controller only controls access to the requests must be defined in an enforceable form. We picked the Access
which are passed on by the network-level access controller), Control List (ACL) [20] format for the enforceable policies.
as well as cuts of malicious access and attacks such as DDOS The application-level policy (ABAC) is first converted to
early on, securing the network against unnecessary bandwidth Application-level ACL before distribution as shown in Figure
2. The distribution algorithm is described in Algorithm 1.
consumption.
IV. METHODOLOGY Pseudo-code of distribution of access control policies
Input: Application-level policy F = list (Device ID, Resource ID, Operation,
We describe the methodology to our approach in this Decision)
section. Assuming an existing application-level policy, the 1. DO
objective of our distributed access control is to reduce the 2. Create all pairs: p = (source IP, destination IP) ∈ P
workload and operation cost of directly enforcing the 3. Create dictionaries: nw_acl (Network-level ACL), app_acl (Application-
application-level access control policy. Instead, we distribute level ACL), D (decision), SubP (sub-Policy) with keys p for each p∈ P
and enforce it on both network-level and application-level 4. Initialize ‘allow count’ D[p][ac] = 0 and ‘deny count’ D[p][dc] = 0 for
access controller. A trivial solution is to enforce the whole each p∈ P
policy as a network-level policy to achieve least workload. 5. FOR each e = (Device ID, Resource ID, Decision) in F
However, it has a problem. In a CPS network, many devices 6. Find p for (Device ID, Resource ID) ∈ e
may share a common IP address. Assume that for accessing 7. If Decision == ‘allow’
certain resource, one device belonging to a certain IP have 8. D[p][ac] <- D[p][ac] + 1
“allow” decision in the application-level policy, meanwhile 9. If Decision == ‘deny’
another device have “deny” decision. If the devices share same 10. D[p][dc] <- D[p][dc] + 1
IP address (and same destination port number), those two 11. SubP[p] <- append (e)
devices will be assigned the same decision under the network- 12. END FOR
level access control. Hence, one of them would be mis- 13. FOR each p∈ P
controlled by the decision due to policy differences. Our 14. Apply policy aggregation
algorithm evaluates the mis-control rate and decides if some 15. END FOR
parts of the application-level policy can be distributed and 16. RETURN (nw_acl, app_acl)
enforced at the network-level access control. Because network-
level access controller can deal with (coarse-grained) network- Policy aggregation
1. Calculate allow rate AR = (ac) / (ac + dc)
level policy only, we use the aggregation approach where the
2. IF AR > threshold
decisions controlling access of all devices from a source IP
3. nw_acl[p] <- {action} = ‘allow’
address to all the resources in the destination IP address can be
4. app_acl[p] <- SubP[p]
aggregated into a single coarse-grained network-level policy
5. ELSE
enforceable at the network access controller as shown in Figure 6. nw_acl[p] <- {action} = ‘deny’
2. 7. END FOR
Algorithm 1. Distribution of application-level policy.

The input application-level policy F is defined in an ACL


format with attributes ‘Device ID’, ‘Resource ID’, ‘Operation’
(such as ‘read’, ‘write’ operations, etc.) and the action decision
(such as ‘allow’ or ‘deny’). The algorithm defines the output
network-level ACL ‘nw_acl’ with attributes ‘source IP’,
‘destination IP’, and action decision (‘allow’ or ‘deny’) and the
output application-level ACL ‘app_acl’ defined with same
attributes as F. The aggregation approach uses the attributes of
the network-level ACL, i.e., source IP, destination IP (if the
IP-level access control is enforced). The algorithm proceeds as
follows: for each access pattern in F, it finds the pair p =
(source IP, destination IP) associated with the pair (device ID,
resource ID) using the associated binding between device ID,
resource ID and their attributes. Then, for each pair p
controlled by the network-level access controller, the
aggregation algorithm evaluates the ‘allow count’ ac and the
‘deny count’ dc by calculating the total number of ‘allowed’
Figure 2. Distribution of application-level access control policies. and ‘denied’ access patterns respectively. The decision
dictionary D stores this value for each p∈P, where P is the set
Algorithm. In this study, we utilized a manually defined of all pairs (source IP, destination IP). All the access patterns
application-level policy (such as ABAC) as the input. We for each (device ID, resource ID) associated with the pair p are
assume that the application-level access policy accurately

Copyright (c) IARIA, 2023. ISBN: 978-1-68558-092-6 3


SECURWARE 2023 : The Seventeenth International Conference on Emerging Security Information, Systems and Technologies

stored as sub-policies of p in the dictionary SubP. The policy devices, the difference between the size of the input and
aggregation algorithm calculates the ‘allow rate’ AR of access distributed application-level ACL is increased. This is due to
decisions for all the pairs (device ID, resource ID) belonging to the presence of network-level access controller which cuts the
p. The allow rate is compared against a set threshold. If the access before reaching application-level access controller. As
‘allow rate’ is greater or less than the set threshold, the the ACL is a list of sequentially arranged filters or commands,
network-level acl nw_acl for each p is set to “allow” or “deny” the throughput is inversely proportional to the size of the ACL
respectively. The policy aggregation operation is shown in
[21]. The increase in the difference between the application-
algorithm 1. For each “allow” decision in the network-level
ACL, an application-level ACL app_acl is distributed towards level ACL size suggests that the throughput for the distributed
the application-level access controller (by appending sub- application-level ACL will be higher compared to the original
Policy SubP to app_acl). This ensures only legitimate access is application-level ACL, indicating latency reduction.
permitted to access the resources (at the application-level)
while the rest is denied. The value of set threshold depends on
how strict one wants to set the access control for network
access control. Higher the threshold, stricter becomes the
network access control. However, denying access at network-
level access control may cause limitations, which along with a
conceptual solution is discussed in Section VI.
V. EXPERIMENT AND EVALUATION
We performed a desk evaluation in Python to show the
effectiveness of our approach. We assume that many devices
are assigned a common IP address, e.g., through Network
Address Translation (NAT). Likewise, many resources are
Figure 4. Comparison of the average workload on each controller before and
contained in a single server that has a certain IP address. Our after distribution algorithm.
experiment considers two source IP addresses. The number of
devices is increased from 10 to 100 in a succession of 10 TABLE I. PERFORMANCE COMPARISION BETWEEN ORIGINAL AND
devices. Similarly, at destination, two resource servers, each DISTRIBUTED ACL.
Metric Original Network- Proposed
assigned with a unique destination IP address and contain 5
Application-level level ACL method
resources each. Any device can request any resource and the ACL
access is controlled in a similar fashion as Figure 1(b) with Access workload (100%) 1% 7%
two controllers: Network-level access controller and
Access granularity (100%) 38% 85%
Application-level access controller. In our first evaluation, we
considered the effect of applying policy distribution on the
size of the ACL (number of entries in ACL). We created the We compare the security and workload trade-off of our
proposed method through two metrics: average access
input application-level ACL with ‘allow’ probability of approx.
workload and access granularity. The average access
40% (from the ABAC policy). The distribution algorithm workload is described here, as the average time to process all
distributes this ACL into network-level and remaining set of the access requests on the given access controller at an instance,
application-level ACL enforced at network-level access and it is approximated as the product of the size of the ACL
controller and application-level access controller respectively. used by the controller and the number of access requests falling
Figure 3 shows the ACL size comparison before and after on it [22]. For this, we artificially created 100 access requests
applying policy distribution. patterns in the format (‘device ID, ‘resource ID’, ‘operation’)
for every device and resource pair. Figure 4 shows the
comparison of access workload (defined in arbitrary units)
between input policy and distributed policies. Without the
distribution algorithm in place, all the access requests will be
managed by the application-level access controller. As the
number of access requests increase with the increase in number
of devices, the access workload on the application-level access
controller will keep on increasing. However, when the
distribution is applied, the access workload will be divided
among both the network-level as well as the application-level
access controllers. This, together with smaller ACL size after
distribution will result in significant workload reduction after
distribution relative to input application-level ACL as shown in
Figure 3. Comparison of the size of the policy before and after distribution. Figure 4. For the case of 100 devices, relative to the access
workload at original application-level ACL (taken as 100%),
the total access workload (network-level ACL + application-
It can be observed that with the increase in the number of
level ACL) after distribution is only around 7%, which is

Copyright (c) IARIA, 2023. ISBN: 978-1-68558-092-6 4


SECURWARE 2023 : The Seventeenth International Conference on Emerging Security Information, Systems and Technologies

comparable to simply implementing only network-level ACL attacker to compromise availability by launching DDOS.
as shown in Table 1. Meanwhile, with our approach, such access requests can be
To evaluate the impact on security after distribution, we rejected early-on by the network-level access controller, thus
utilized access granularity metric. We measure the access minimizing the risk of DDOS and congestion of enterprise
granularity of a given ACL as the fraction of all access bandwidth. This may also improve the CPS performance by
decisions enforced by the ACL which match the input allocating the saved bandwidth to mission-critical and other
application-level ACL, given the same access patterns. We necessary services. Hence, the approach balances the security
assume that the input application-level ACL is carefully and workloads towards overall business growth.
In our evaluation, the access granularity after policy
constructed to provide accurate access decisions with fine
distribution was around 15% less relative to the input ACL.
granularity. Therefore, any access deviations from the input Investigating further, we observed that our approach correctly
application-level ACL will result in degrade of access mimicked the input application-level ACL in case of “DENY”
granularity, and thus a degrade in security, as the new access decisions, but in some cases failed to mimic the “ALLOW”
decisions enforced by the access controllers after the policy cases. It means that some access patterns got rejected on the
distribution would not be correct. If we only use network-level network-level ACL but were originally allowed in the
ACL for access control, then in case of 100 devices, as application-level ACL, resulting in additional mis-control and
expected, the access granularity of a network-level ACL is thus causing granularity degradation. The reason of this
only 38% relative to the input application-level ACL. additional mis-control being that these access patterns belong
However, our proposed method achieves access granularity of to a (Source IP, Destination IP) pair which mainly contains
85%, significantly greater than the network-level ACL. Our access from devices which are intended to be rejected. As our
method thus, suggests greater reduction in access control aggregation approach uses a general network allow-rate based
workload of application-level ACL by distributing the mechanism, in such cases, “DENY” decision would be
enforced on the network-level access controller when the
workload among the network-level and application-level
allow-rate is small. However, it is possible that in some cases,
access controllers without degrading the satisfaction of
those access patterns which were mis-controlled on the
security requirements. network-access controller may represent critical workflow,
VI. DISCUSSION such as emergency situations, or mission critical services,
which should not be disrupted for maintaining business
In our method, the ACLs are dynamically distributed. continuity. Stopping them may result in a loss of availability to
Meaning, once the environmental conditions are changed, i.e., those services and may degrade the reliability of the access
the attribute values belonging to the subject, resource or control system. To overcome this, we conceptualize an
context change, or when new device join, etc., new ACL rules algorithm which would intend to balance the workload,
are distributed, and the previous ones are revoked (by any security along with the business requirements. Simplistically,
internal mechanism inside the controllers). The ACL enforced to decide the access granularity, the algorithm would evaluate
by our distributed mechanism sharply reduce the access control the negative business impacts caused by the general policy
workload of application-level access controller by transferring aggregation approach, and then utilize several algorithms or
many of the application-level policies from application-level techniques to reduce this impact. It may select any one or more
access controller to the network-level access controller, which techniques depending on the use-case and dynamic
controls the access with low processing load. The access environmental conditions.
requests which are decided to be “denied” on the network- One example of such an algorithm is the use of attributes of
level access controller are dropped, and thus cannot reach the application-level policy defined with attributes such as
application-level access controller. Therefore, those requests ‘location’, ‘resource-confidentiality’, ‘access needs”, etc., as an
results in no workload at the application-level access controller. additional method for policy aggregation. It utilizes the impact
Such distribution also reduces the size of the application-level of these attributes on the access decision for a given access
ACL which now contains access rules corresponding to only pattern. For instance, consider confidential resources such as
those patterns which are decided to be ‘allowed’ by the employee personal details. If the access to such resources is
network-level access controller. As we increase the number of mistakenly permitted (mis-controlled), then it causes a large
devices, more and more access requests are controlled on the impact of information leakage. On the other hand, resources
network-level access controller, resulting in significant such as server monitoring API-calls, diagnostics, updates, etc.
reduction of workload relative to the input application-level are essential-workflow resources that have high access-needs
ACL. This is particularly useful in CPS, which contain large for business continuity, and it would cause large impact on
number of connected devices accessing data for real-time customer services and revenue, if the access to them is
applications. A large access workload on the application-level mistakenly denied (mis-controlled). Likewise, the mis-control
access controller may induce latency in the access decisions, impact (termed attribute impact) is estimated using access
thus degrading the application’s performance. By employing attributes, such as “resource-confidentiality” and “access-
the distributed control approach, therefore enables to realize needs’ respectively. The attribute-impact may dynamically
the real-time access. Our approach also enhances security, in decide access granularity between network-level and
terms of early rejection of malicious activities. With only using application-level access control. For instance, in case of large
application-level ACL, every request reaches the application- attribute impact, application-level access control can be chosen
level access controller, usually located close to a resource (such for fine-granularity. In the foresight, it is necessary to consider
as implemented inside the resource server). This may allow an

Copyright (c) IARIA, 2023. ISBN: 978-1-68558-092-6 5


SECURWARE 2023 : The Seventeenth International Conference on Emerging Security Information, Systems and Technologies

which attributes lead to optimization between access [6] S. Rose, O. Borchert, S. Mitchell, and S. Connelly, “Zero trust
granularity and workload. The implementation of such concept architecture”, National Institute of Standards and Technology,
2020.
is left for future work. The evaluation performed in the current
[7] V. C. Hu, D. R. Kuhn, D. F. Ferraiolo and J. Voas, “Attribute-
study assumes the input application-level ACL to be 100% based access control”, Computer, vol. 48, no. 2, pp. 85-88, 2015.
accurate and the performance objective of the distributed [8] J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy
policies is to mimic the original policy as close as possible with attribute-based encryption”, IEEE symposium on security and
low access control workload. Thus, the current results are privacy (SP’07), pp. 321-334, May, 2007
limited by the accuracy of the application-level ACL itself. As [9] S. Patil. M. Polte, K. Ren, W. tantisiriroj, L. Xiao, J. Lopez, G.
we obtained the accurate (input) ACL through a manually Gibson, A. Fuchs, and B. Rinaldi, “Ycsb++ benchmarking and
defined application-level ABAC policy, the evaluation of performance debugging advanced features in scalable table
accuracy of the application-level ACL was out of the scope of stores”, ACM Symposium on Cloud Computing, vol. 2, pp. 1-14,
Oct. 2011.
this study. The current research fulfils the objective to show
[10] L. Touati, Y. Challal, and A. Bouabdallah, “C-cp-abe:
case a lightweight mechanism to achieve efficient fine-grained Cooperative ciphertext policy attribute-based encryption for the
access control. The construction and evaluation of the internet of things”, International Conference on Advanced
improved method as well as the performance evaluation of the Networking Distributed Systems and Applications, IEEE, pp.
distributed ACLs in a real network scenario is a task for the 64-69, June, 2014.
future work. [11] N. Oualha, and K. T. Nguyen, “Lightweight attribute-based
encryption for the internet of things”, International Conference
VII. CONCLUSION on Computer Communication and Networks (ICCCN), vol. 25,
pp. 1-6, Aug. 2016.
For optimal performance of any access control mechanism, [12] A. Shaghaghi, M.A. Kaafar, S. Scott-Hayward, S. S. Kanhere,
balancing the security and access control workload is a key and S. Jha, “Towards policy enforcement point as a service
challenge which is explored in this research. We proposed a (peps)”, IEEE Conference on Network Function Virtualization
and Software Defined Networks (NFV-SDN), pp. 50-55, Nov.
novel approach of achieving a lightweight fine-grained access 2016.
control mechanism by distributing the application-level access [13] C. DeCusatis, P. Liengtiraphan, A. Sager, and M. Pinelli,
control policy towards coarse-grained access controller to “Implementing zero trust cloud networks with transport access
reduce the workload while not compromising the security. Our control and first packet authentication”, IEEE International
Conference on Smart Cloud (SmartCloud), pp. 5-10, Nov.
results show a significant reduction in the access workload 2016.
compared to the input application-level ACL without [14] T. Ahmad, U. Morelli, and S. Ranise, “Distributed Enforcement
degrading the security when evaluated on an artificially of Access Control policies in Intelligent Transportation System
created desk evaluation. The study observed the occurrence of (ITS) for Situation Awareness”, In Proceedings of the
International Conference on Availability, Reliability and
mis-control for the cases of essential access requests in the Security, vol. 17, pp. 1-10, August, 2022.
presented algorithm. The second improved method is [15] E. Liu, Huawei Technologies Co Ltd, “Firewall control system
conceptualized which intends to lower such mis-control based on a next generation network service and method
occurred in the first method while balancing the workload. thereof”, U.S. Patent No. 7,987,503, Jul. 2011.
The results of our work show a promising direction towards [16] B. Alzahrani, , and N. Fotiou, “Enhancing internet of things
security using software-defined networking”. Journal of
innovative solutions for optimal performance in the field of Systems Architecture, 110, 101779, Nov, 2020.
efficient access control. [17] C. Tang, X. Fu, and P. Tamg, “Policy-Based Network Access
and Behavior Control Management”, IEEE 20th International
ACKNOWLEDGMENT Conference on Communication Technology (ICCT), vol. 20,
pp. 1102-1106, Oct, 2020.
These research results were (partially) obtained from the
[18] Z. Feng, P. Zhou, Q. Wang, and W. Qi, “A Dual-layer Zero
commissioned research of National Institute of Information Trust Architecture for 5G Industry MEC Applications Access
and Communications Technology (NICT) [0120101], JAPAN. Control”, IEEE International Conference on Electronic
Information and Communication Technology (ICEICT), vol. 5,
REFERENCES pp. 100-105, Aug, 2022.
[1] Z. Wang, W. Xie, B. Wang, J. Tao, and E. Wang, “Survey on [19] M. Gupta, F. Patwa, J. Benson, and R. Sandhu, “Multi-layer
recent advanced research of CPS security”, Applied Sciences, authorization framework for a representative Hadoop
vol. 11, no. 9, pp. 3751, 2021. ecosystem deployment”, ACM on Symposium on Access
Control Models and Technologies, vol. 22, pp. 183-190, June,
[2] A. Humayed, J. Lin, F. Li, and B. Luo, “Cyber-physical systems 2017.
security—A survey”, IEEE Internet of Things Journal, vol 4, no.
6, pp. 1802-1831, 2017. [20] M. M. Kocatürk, and T. İ. Gündem, “A fine-grained access
control system combining MAC and RBACK models for
[3] S.V. Sudarsan, O. Schelén, and U. Bodin, “Survey on delegated XML”, Informatica, vol. 19, no. 4, pp. 517-534, 2008.
and self-contained authorization techniques in CPS and IoT”,
IEEE Access, vol. 9, pp. 98169-98184, 2021. [21] B. A. Khalaf, S. A. Mostafa, A. Mustapha, A. Ismaila, M. A.
Mahmoud, M. A. Jubaira, and M. H. Hassan, “A simulation
[4] J. Kindervag, and S. Balaouras, “No more chewy centers: study of syn flood attack in cloud computing environment”,
Introducing the zero trust model of information AUS journal, vol. 26, no. 1, pp. 188-197, 2019
security” Forrester Research 3, 2010.
[22] D. Suzuki, S. Imai, and T. Katagiri, “new index of hidden
[5] Amoroso, and G. Edward, “From the enterprise perimeter to a workload for firewall rule processing on virtual machine”,
mobility-enabled secure cloud”, IEEE Security and Privacy, vol. International Conference on Computing, Networking and
11, no. 1, pp. 23-31, 2013. Communications (ICNC), pp. 632-637, Jan. 2017.

Copyright (c) IARIA, 2023. ISBN: 978-1-68558-092-6 6

You might also like