Application of Data Collected by Endpoint Detection and Response Systems for Implementation of a Network Security System based on Zero Trust Principles and the EigenTrust Algor

by   Nitesh Kumar, et al.

Traditionally, security systems for enterprises have implicit access based on strong cryptography, authentication and key sharing, wherein access control is based on Role Based Access Control (RBAC), in which roles such as manager, accountant and so on provide a way of deciding a subject's authority. However, years of post-attack analysis on enterprise networks has shown that a majority of times, security breaches occur intentionally or accidently due to implicitly trusted people of an enterprise itself. Zero Trust Architecture works on the principle of never granting trust implicitly, but rather continuously evaluating the trust parameters for each resource access request and has a strict, but not rigid, set of protocols for access control of a subject to resources. Endpoint Detection and Response (EDR) systems are tools that collect a large number of attributes in and around machines within an enterprise network to have close visibility into sophisticated intrusion. In our work, we seek to deploy EDR systems and build trust algorithms using tactical provenance analysis, threshold cryptography and reputation management to continuously record data, evaluate trust of a subject, and simultaneously analyze them against a database of known threat vectors to provide conditional access control. However, EDR tools generate a high volume of data that leads to false alarms, misdetections and correspondingly a high backlog of tasks that makes it infeasible, which is addressed using tactical provenance analysis and information theory.


Zero Trust Federation: Sharing Context under User Control toward Zero Trust in Identity Federation

To securely control access to systems, the concept of Zero Trust has bee...

Intelligent Zero Trust Architecture for 5G/6G Tactical Networks: Principles, Challenges, and the Role of Machine Learning

In this position paper, we discuss the critical need for integrating zer...

SCC5G: A PQC-based Architecture for Highly Secure Critical Communication over Cellular Network in Zero-Trust Environment

5G made a significant jump in cellular network security by offering enha...

Zero Trust Architecture for 6G Security

The upcoming sixth generation (6G) network is envisioned to be more open...

Enabling Secure and Effective Biomedical Data Sharing through Cyberinfrastructure Gateways

Dynaswap project reports on developing a coherently integrated and trust...

A Trust Management System for the IoT domain

In modern internet-scale computing, interaction between a large number o...

TDACS: an ABAC and Trust-based Dynamic Access Control Scheme in Hadoop

The era of big data has promoted the vigorous development of many indust...

Please sign up or login with your details

Forgot password? Click here to reset