Skip to main content

Modeling and Analyzing Zero Trust Architectures Regarding Performance and Security

  • Conference paper
  • First Online:
Software Architecture (ECSA 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14889))

Included in the following conference series:

  • 551 Accesses

Abstract

Zero Trust is considered a powerful strategy for securing systems by emphasizing distrust of all resource access requests. There are different approaches to integrating ZTAs into a system, differing in their components, assembly, and allocation. Early evaluation and selection of the right approach can reduce the costs of resources. In this paper, we propose a novel zero trust architecture (ZTA) metamodel based on literature and industry applications. We introduce our proposed metamodel elements and provide a model instance using the Palladio Component Model (PCM). We describe the requirements for enabling two existing approaches to performance simulation and security data flow analysis on the architectural level and outline how we realize them in our PCM-based implementation. Our evaluation demonstrates the applicability of our ZTA metamodel. It can represent real-world ZTA approaches in various domains, enabling the simulation of performance impact and analysis of the correct implementation of zero trust principles at the architectural level.

N. Boltz, L. Schmid and B. Taghavi—The main authors contributed equally.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Alagappan, A., Venkatachary, S.K., Andrews, L.J.B.: Augmenting zero trust network architecture to enhance security in virtual power plants. Energy Rep. 8, 1309–1320 (2022)

    Article  Google Scholar 

  2. Alshareef, H., et al.: Precise analysis of purpose limitation in data flow diagrams. In: ARES (2022)

    Google Scholar 

  3. Becker, M., Becker, S., Meyer, J.: SimuLizar: design-time modeling and performance analysis of self-adaptive systems (2013)

    Google Scholar 

  4. Becker, S., Koziolek, H., Reussner, R.: Model-based performance prediction with the palladio component model. In: WOSP, pp. 54–65 (2007)

    Google Scholar 

  5. Bhuiyan, E.A., et al.: Towards next generation virtual power plant: technology review and frameworks. Renew. Sustain. Energy Rev. 150 (2021)

    Google Scholar 

  6. Boltz, N., et al.: An extensible framework for architecture-based data flow analysis for information security. In: Tekinerdoğan, B., Spalazzese, R., Sözer, H., Bonfanti, S., Weyns, D. (eds.) ECSA 2023. LNCS, vol. 14590, pp. 342–358. Springer, Cham (2024). https://doi.org/10.1007/978-3-031-66326-0_21

    Chapter  Google Scholar 

  7. Chen, B., et al.: A security awareness and protection system for 5G smart healthcare based on zero-trust architecture. IEEE IoT J. 8(13), 10248–10263 (2020)

    Google Scholar 

  8. Chen, X., et al.: Zero trust architecture for 6G security. IEEE Netw. (2023)

    Google Scholar 

  9. Cholakov, E.: Modelling and analysing zero-trust-architectures regarding performance and security. Master’s thesis (2024). https://doi.org/10.5445/IR/1000171583

  10. Cortellessa, V., Trubiani, C., Mostarda, L., Dulay, N.: An architectural framework for analyzing tradeoffs between software security and performance. In: Giese, H. (ed.) ISARCS 2010. LNCS, vol. 6150, pp. 1–18. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13556-9_1

    Chapter  Google Scholar 

  11. Cybersecurity and Infrastructure Security Agency (CISA), CISA Zero Trust Maturity Model (2023). https://www.cisa.gov/sites/default/files/2023-04/zero_trust_maturity_model_v2_508.pdf. Accessed 23 Feb 2024

  12. DeMarco, T.: Structure analysis and system specification. In: Tekinerdoğan, B., Spalazzese, R., Sözer, H., Bonfanti, S., Weyns, D. (eds.) ECSA 2023. LNCS, vol. 14590, pp. 255–288. Springer, Cham (1979). https://doi.org/10.1007/978-3-031-66326-0_21

    Chapter  Google Scholar 

  13. Fernandez, E.B., Brazhuk, A.: A critical analysis of zero trust architecture (ZTA). Comput. Stand. Interfaces 89, 103832 (2024)

    Article  Google Scholar 

  14. Ferraiolo, D.F., et al.: Proposed NIST standard for role-based access control. TISSEC 4(3), 224–274 (2001)

    Article  Google Scholar 

  15. Ghate, N., et al.: Advanced zero trust architecture for automating fine-grained access control with generalized attribute relation extraction. IEICE Proc. Ser. 68(C1-5) (2021)

    Google Scholar 

  16. Google Cloud: BeyondCorp (2024). http://cloud.google.com/beyondcorp

  17. Gorsler, F., Brosig, F., Kounev, S.: Controlling the Palladio Bench using the Descartes Query Language. In: KPDAYS, pp. 109–118 (2013)

    Google Scholar 

  18. Heinrich, R., et al.: Composing Model-Based Analysis Tools. Springer, Heidelberg (2021). https://doi.org/10.1007/978-3-030-81915-6

    Book  Google Scholar 

  19. Heinrich, R. et al.: The palladio-bench for modeling and simulating software architectures. In: ICSE-C, pp. 37–40 (2018)

    Google Scholar 

  20. IoT - Market data analysis and forecasts. https://de.statista.com/statistik/studie/id/109209/dokument/internet-der-dinge-market-outlook-report/

  21. Jung, B.G. et al.: ZTA-based federated policy control paradigm for enterprise wireless network infrastructure. In: APCC, pp. 1–5 (2022)

    Google Scholar 

  22. Lee, B. et al.: Situational awareness based risk-adapatable access control in enterprise networks. arXiv preprint arXiv:1710.09696 (2017)

  23. Microsoft Corporation, Evolving Zero Trust (2021). https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWJJdT. Accessed 23 Feb 2024

  24. National Cyber Security Centre UK, ZTA design principles. https://www.ncsc.gov.uk/collection/zero-trust-architecture. Accessed 23 Feb 2024

  25. Osborn, B. et al.: BeyondCorp: design to deployment at google. USENIX Association: login: Magazine (2016)

    Google Scholar 

  26. Paul, B., Rao, M.: Zero-trust model for smart manufacturing industry. Appl. Sci. 13(1), 221 (2022)

    Article  Google Scholar 

  27. Ramezanpour, K., Jagannath, J.: Intelligent ZTA for 5G/6G networks: principles, challenges, and the role of machine learning in the context of O-RAN. Comput. Netw. 217, 109358 (2022)

    Article  Google Scholar 

  28. Reussner, R.H., et al.: Modeling and Simulating Software Architectures: The Palladio Approach. MIT Press, Cambridge (2016)

    Google Scholar 

  29. Rodigari, S., et al.: Performance analysis of zero-trust multi-cloud. In: 2021 IEEE 14th International Conference on Cloud Computing (CLOUD), pp. 730–732 (2021)

    Google Scholar 

  30. Rose, S., et al.: Zero Trust Architecture. NIST Special Publication (2020). https://doi.org/10.6028/NIST.SP.800-207

  31. Runeson, P., et al.: Case Study Research in Software Engineering: Guidelines and Examples. Wiley, Hoboken (2012)

    Book  Google Scholar 

  32. Seifermann, S., et al.: Detecting violations of access control and information flow policies in data flow diagrams. J. Syst. Softw. 184, 111138 (2022)

    Article  Google Scholar 

  33. Sharma, V.S., Trivedi, K.S.: Quantifying software performance, reliability and security: an architecture-based approach. J. Syst. Softw. (2007)

    Google Scholar 

  34. Sion, L. et al.: Solution-aware data flow diagrams for security threat modeling. In: SAC, pp. 1425–1432 (2018)

    Google Scholar 

  35. Strittmatter, M., Kechaou, A.: The media store 3 case study system. KIT (2016)

    Google Scholar 

  36. Teerakanok, S., Uehara, T., Inomata, A.: Migrating to zero trust architecture: reviews and challenges. Secur. Commun. Netw. (2021)

    Google Scholar 

  37. Tuma, K., Scandariato, R., Balliu, M.: Flaws in flows: unveiling design flaws via information flow analysis. In: ICSA, pp. 191–200 (2019)

    Google Scholar 

  38. Ward, R., Beyer, B.: BeyondCorp: a new approach to enterprise security. USENIX Association: login: Magazine (2014)

    Google Scholar 

  39. WG: SDP and Zero Trust, Integrating SDP and DNS Enhanced Zero Trust Policy Enforcement. CSA (2022). https://cloudsecurityalliance.org/artifacts/integrating-sdp-and-dns-enhanced-zero-trust-policy-enforcement/

  40. WG: SDP and Zero Trust, SDP Specification v2.0. CSA (2022). https://cloudsecurityalliance.org/artifacts/software-defined-perimeter-zero-trustspecification-v2/

Download references

Acknowledgements

This publication is partially based on the research project SofDCar (19S21002), which is funded by the German Federal Ministry for Economic Affairs and Climate Action. This work was also supported by funding from the pilot program Core Informatics at KIT (KiKIT) and the topic Engineering Secure Systems of the Helmholtz Association (HGF), KASTEL Security Research Labs, and the German Research Foundation (DFG) under project number 499241390 (FeCoMASS).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Nicolas Boltz .

Editor information

Editors and Affiliations

Ethics declarations

Data Availability

We provide a data set (https://doi.org/10.5281/zenodo.11580654) containing all code artifacts, PCM instances of our ZTA modeling templates, and the used case study model instances.

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Boltz, N., Schmid, L., Taghavi, B., Gerking, C., Heinrich, R. (2024). Modeling and Analyzing Zero Trust Architectures Regarding Performance and Security. In: Galster, M., Scandurra, P., Mikkonen, T., Oliveira Antonino, P., Nakagawa, E.Y., Navarro, E. (eds) Software Architecture. ECSA 2024. Lecture Notes in Computer Science, vol 14889. Springer, Cham. https://doi.org/10.1007/978-3-031-70797-1_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-70797-1_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-70796-4

  • Online ISBN: 978-3-031-70797-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics