TY - JOUR
T1 - SoK
T2 - Context and Risk Aware Access Control for Zero Trust Systems
AU - Xiao, Shiyu
AU - Ye, Yuhang
AU - Kanwal, Nadia
AU - Newe, Thomas
AU - Lee, Brian
N1 - Publisher Copyright:
© 2022 Shiyu Xiao et al.
PY - 2022
Y1 - 2022
N2 - Evolving computing technologies such as cloud, edge computing, and the Internet of Things (IoT) are creating a more complex, dispersed, and dynamic enterprise operational environment. New security enterprise architectures such as those based on the concept of Zero Trust (ZT) are emerging to meet the challenges posed by these changes. ZT systems treat internal and external networks as untrusted and subject both to the same security checking and control to prevent data breaches and limit internal lateral movement. Context awareness is a notion from the field of ubiquitous computing that is used to capture and react to the situation of an entity, based on the dynamics of a particular application or system context. The idea has been incorporated into several access control models. However, the overlap between context-aware access control and zero-trust security has not been fully explored. In this SoK, we conduct a systematic examination of ZT, context awareness, and risk-based access control to explore the critical elements of each and to identify areas of overlap and synergy to enhance the operation and deployment of ZT systems.
AB - Evolving computing technologies such as cloud, edge computing, and the Internet of Things (IoT) are creating a more complex, dispersed, and dynamic enterprise operational environment. New security enterprise architectures such as those based on the concept of Zero Trust (ZT) are emerging to meet the challenges posed by these changes. ZT systems treat internal and external networks as untrusted and subject both to the same security checking and control to prevent data breaches and limit internal lateral movement. Context awareness is a notion from the field of ubiquitous computing that is used to capture and react to the situation of an entity, based on the dynamics of a particular application or system context. The idea has been incorporated into several access control models. However, the overlap between context-aware access control and zero-trust security has not been fully explored. In this SoK, we conduct a systematic examination of ZT, context awareness, and risk-based access control to explore the critical elements of each and to identify areas of overlap and synergy to enhance the operation and deployment of ZT systems.
UR - http://www.scopus.com/inward/record.url?scp=85134193976&partnerID=8YFLogxK
U2 - 10.1155/2022/7026779
DO - 10.1155/2022/7026779
M3 - Review article
AN - SCOPUS:85134193976
SN - 1939-0114
VL - 2022
JO - Security and Communication Networks
JF - Security and Communication Networks
M1 - 7026779
ER -