ABSTRACT
A novel model is presented in this paper to provide access control to sensitive data in Zero Trust Model (ZTM). In ZTM, there is no default trust for internal or external parties in the network. In this model, it is considered that threat to sensitive data may arise from inside and outside of the militarized zone. Outside locations include internet and cloud across a corporate network. Users from all locations may request access for the sensitive data. An access control proxy is introduced in this model to protect the sensitive data by controlling the access by analyzing access request, user type, device type, application type and data type. Accordingly new policies are implemented in ZTM to protect sensitive data. This model is found very effective in enhancing the security of sensitive data from unauthorized access and manipulation.
- European Parliament and Council, "Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016Google Scholar
- Ed Coyne and Timothy R. Weil, ABAC and RBAC: Scalable, Flexible, and Auditable Access, Management IT Pro May/June 2013.Google Scholar
- Ant, Allan. Technology Overview for Adaptive Access Control, 29 May 2014, Gartner ResearchGoogle Scholar
- J. Kindervag, No More Chewy Centers: Zero Trust Model of Information Security, March 23, 2016, Forrester Research.Google Scholar
- J. Kindervag, Build Security Into Your Network's DNA: The Zero Trust Network Architecture, November 5, 2010 Forrester Research.Google Scholar
- C. Cunninghum and J. Polard. The Eight Business and Security Benefit of Zero Trust, November 1, 2017, Forrester ResearchGoogle Scholar
- B. Lee, R. Vanickis, F. Rogelios and P. Jacob, "Situation Awarness based Risk Adaptable Access Control in Enterprise Netowrks," in 2nd International Conference on Internet of Things, Big Data and Security (IoTBS), Porto, 2017Google Scholar
- R Vanickis, P Jacob, S, Dehghanzadeh and B Lee(2018) Access Control Policy enforcement for Zero-Trust Networking, ISSC, Dec 2018 BelfastGoogle Scholar
- B. Osborn, J Mcwilliams, B Beyer and M. Saltonstall. Google Beyond Corp Design to Deployment, Login, Spring 2016 Vol 4, No 1Google Scholar
- S. Balaouras, C. Cunningham and P. Cerrato, Five steps of Zero Trust Network, October, 2018, Forrester Research.Google Scholar
- N. MacDonald, Zero Trust Is an Initial Step on the Roadmap to CARTA, 10 December, 2018, Gartner ResearchGoogle Scholar
- Vensmer and S. Kiesel, "DynFire: dynamic firewalling in heterogeneous networks," in Proceedings World Congress on Internet Security (WorldCIS), 2012Google Scholar
- Z. Zaheer, H. Chang, S. Mukherjee, and J. Van der Merwe (2018). eZTrust: Network-Independent Zero-Trust Parameterization for Microservices, SOSR, 19 April 03--04, 2019, San Jose, CA.Google Scholar
Index Terms
- Protection of Sensitive Data in Zero Trust Model
Recommendations
Privacy-Preserving Mechanism for Monitoring Sensitive Data
ITNG '15: Proceedings of the 2015 12th International Conference on Information Technology - New GenerationsThe warranty of privacy of a person's data is understood as the capacity of managing, altering, restricting or publishing for a group of individuals chosen by the person. The shared data can be sensitive revealing something private, which deserves ...
A collaborative approval process for accessing sensitive data
A collaborative environment to improve and streamline approval processes online is presented. A scenario for approving requests to access sensitive medical data records for research purposes from a medical data warehouse at a teaching hospital is used ...
PBDM: a flexible delegation model in RBAC
SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologiesRole-based access control (RBAC) is recognized as an efficient access control model for large organizations. Most organizations have some business rules related to access control policy. Delegation of authority is among these rules. RBDM0 and RDM2000 ...
Comments