nach oben

Erschienen in:

2024 | OriginalPaper | Buchkapitel

Modeling and Analyzing Zero Trust Architectures Regarding Performance and Security

verfasst von : Nicolas Boltz, Larissa Schmid, Bahareh Taghavi, Christopher Gerking, Robert Heinrich

Erschienen in: Software Architecture

Verlag: Springer Nature Switzerland

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Zero Trust is considered a powerful strategy for securing systems by emphasizing distrust of all resource access requests. There are different approaches to integrating ZTAs into a system, differing in their components, assembly, and allocation. Early evaluation and selection of the right approach can reduce the costs of resources. In this paper, we propose a novel zero trust architecture (ZTA) metamodel based on literature and industry applications. We introduce our proposed metamodel elements and provide a model instance using the Palladio Component Model (PCM). We describe the requirements for enabling two existing approaches to performance simulation and security data flow analysis on the architectural level and outline how we realize them in our PCM-based implementation. Our evaluation demonstrates the applicability of our ZTA metamodel. It can represent real-world ZTA approaches in various domains, enabling the simulation of performance impact and analysis of the correct implementation of zero trust principles at the architectural level.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Software Architecture Assessment for Sustainability: A Case Study

Nächstes Kapitel Towards Secure Management of Edge-Cloud IoT Microservices Using Policy as Code

Alagappan, A., Venkatachary, S.K., Andrews, L.J.B.: Augmenting zero trust network architecture to enhance security in virtual power plants. Energy Rep. 8, 1309–1320 (2022)CrossRef

Alshareef, H., et al.: Precise analysis of purpose limitation in data flow diagrams. In: ARES (2022)

Becker, M., Becker, S., Meyer, J.: SimuLizar: design-time modeling and performance analysis of self-adaptive systems (2013)

Becker, S., Koziolek, H., Reussner, R.: Model-based performance prediction with the palladio component model. In: WOSP, pp. 54–65 (2007)

Bhuiyan, E.A., et al.: Towards next generation virtual power plant: technology review and frameworks. Renew. Sustain. Energy Rev. 150 (2021)

Boltz, N., et al.: An extensible framework for architecture-based data flow analysis for information security. In: Tekinerdoğan, B., Spalazzese, R., Sözer, H., Bonfanti, S., Weyns, D. (eds.) ECSA 2023. LNCS, vol. 14590, pp. 342–358. Springer, Cham (2024). https://doi.org/10.1007/978-3-031-66326-0_21CrossRef

Chen, B., et al.: A security awareness and protection system for 5G smart healthcare based on zero-trust architecture. IEEE IoT J. 8(13), 10248–10263 (2020)

Chen, X., et al.: Zero trust architecture for 6G security. IEEE Netw. (2023)

Cholakov, E.: Modelling and analysing zero-trust-architectures regarding performance and security. Master’s thesis (2024). https://doi.org/10.5445/IR/1000171583

10.

Cortellessa, V., Trubiani, C., Mostarda, L., Dulay, N.: An architectural framework for analyzing tradeoffs between software security and performance. In: Giese, H. (ed.) ISARCS 2010. LNCS, vol. 6150, pp. 1–18. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13556-9_1CrossRef

11.

Cybersecurity and Infrastructure Security Agency (CISA), CISA Zero Trust Maturity Model (2023). https://www.cisa.gov/sites/default/files/2023-04/zero_trust_maturity_model_v2_508.pdf. Accessed 23 Feb 2024

12.

DeMarco, T.: Structure analysis and system specification. In: Tekinerdoğan, B., Spalazzese, R., Sözer, H., Bonfanti, S., Weyns, D. (eds.) ECSA 2023. LNCS, vol. 14590, pp. 255–288. Springer, Cham (1979). https://doi.org/10.1007/978-3-031-66326-0_21CrossRef

13.

Fernandez, E.B., Brazhuk, A.: A critical analysis of zero trust architecture (ZTA). Comput. Stand. Interfaces 89, 103832 (2024)CrossRef

14.

Ferraiolo, D.F., et al.: Proposed NIST standard for role-based access control. TISSEC 4(3), 224–274 (2001)CrossRef

15.

Ghate, N., et al.: Advanced zero trust architecture for automating fine-grained access control with generalized attribute relation extraction. IEICE Proc. Ser. 68(C1-5) (2021)

16.

Google Cloud: BeyondCorp (2024). http://cloud.google.com/beyondcorp

17.

Gorsler, F., Brosig, F., Kounev, S.: Controlling the Palladio Bench using the Descartes Query Language. In: KPDAYS, pp. 109–118 (2013)

18.

Heinrich, R., et al.: Composing Model-Based Analysis Tools. Springer, Heidelberg (2021). https://doi.org/10.1007/978-3-030-81915-6CrossRef

19.

Heinrich, R. et al.: The palladio-bench for modeling and simulating software architectures. In: ICSE-C, pp. 37–40 (2018)

20.

IoT - Market data analysis and forecasts. https://de.statista.com/statistik/studie/id/109209/dokument/internet-der-dinge-market-outlook-report/

21.

Jung, B.G. et al.: ZTA-based federated policy control paradigm for enterprise wireless network infrastructure. In: APCC, pp. 1–5 (2022)

22.

Lee, B. et al.: Situational awareness based risk-adapatable access control in enterprise networks. arXiv preprint arXiv:1710.09696 (2017)

23.

Microsoft Corporation, Evolving Zero Trust (2021). https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWJJdT. Accessed 23 Feb 2024

24.

National Cyber Security Centre UK, ZTA design principles. https://www.ncsc.gov.uk/collection/zero-trust-architecture. Accessed 23 Feb 2024

25.

Osborn, B. et al.: BeyondCorp: design to deployment at google. USENIX Association: login: Magazine (2016)

26.

Paul, B., Rao, M.: Zero-trust model for smart manufacturing industry. Appl. Sci. 13(1), 221 (2022)CrossRef

27.

Ramezanpour, K., Jagannath, J.: Intelligent ZTA for 5G/6G networks: principles, challenges, and the role of machine learning in the context of O-RAN. Comput. Netw. 217, 109358 (2022)CrossRef

28.

Reussner, R.H., et al.: Modeling and Simulating Software Architectures: The Palladio Approach. MIT Press, Cambridge (2016)

29.

Rodigari, S., et al.: Performance analysis of zero-trust multi-cloud. In: 2021 IEEE 14th International Conference on Cloud Computing (CLOUD), pp. 730–732 (2021)

30.

Rose, S., et al.: Zero Trust Architecture. NIST Special Publication (2020). https://doi.org/10.6028/NIST.SP.800-207

31.

Runeson, P., et al.: Case Study Research in Software Engineering: Guidelines and Examples. Wiley, Hoboken (2012)CrossRef

32.

Seifermann, S., et al.: Detecting violations of access control and information flow policies in data flow diagrams. J. Syst. Softw. 184, 111138 (2022)CrossRef

33.

Sharma, V.S., Trivedi, K.S.: Quantifying software performance, reliability and security: an architecture-based approach. J. Syst. Softw. (2007)

34.

Sion, L. et al.: Solution-aware data flow diagrams for security threat modeling. In: SAC, pp. 1425–1432 (2018)

35.

Strittmatter, M., Kechaou, A.: The media store 3 case study system. KIT (2016)

36.

Teerakanok, S., Uehara, T., Inomata, A.: Migrating to zero trust architecture: reviews and challenges. Secur. Commun. Netw. (2021)

37.

Tuma, K., Scandariato, R., Balliu, M.: Flaws in flows: unveiling design flaws via information flow analysis. In: ICSA, pp. 191–200 (2019)

38.

Ward, R., Beyer, B.: BeyondCorp: a new approach to enterprise security. USENIX Association: login: Magazine (2014)

39.

WG: SDP and Zero Trust, Integrating SDP and DNS Enhanced Zero Trust Policy Enforcement. CSA (2022). https://cloudsecurityalliance.org/artifacts/integrating-sdp-and-dns-enhanced-zero-trust-policy-enforcement/

40.

WG: SDP and Zero Trust, SDP Specification v2.0. CSA (2022). https://cloudsecurityalliance.org/artifacts/software-defined-perimeter-zero-trustspecification-v2/

Titel: Modeling and Analyzing Zero Trust Architectures Regarding Performance and Security
verfasst von: Nicolas Boltz
Larissa Schmid
Bahareh Taghavi
Christopher Gerking
Robert Heinrich
Verlag: Springer Nature Switzerland
Buch: Software Architecture
Print ISBN: 978-3-031-70796-4

Electronic ISBN: 978-3-031-70797-1

Copyright-Jahr: 2024
DOI: https://doi.org/10.1007/978-3-031-70797-1_17

Premium Partner

Bildnachweise

Rittal/© Rittal, NTT Data/© NTT Data, Wildix/© Wildix, Ceyoniq Technology GmbH/© Ceyoniq Technology GmbH, arvato Systems GmbH/© arvato Systems GmbH, Ninox Software GmbH/© Ninox Software GmbH, Everyday Software S.L./© Everyday Software S.L., Redgate/© Redgate, CELONIS Labs GmbH, DC-Datacenter-Group GmbH/© DC-Datacenter-Group GmbH, all for one/© all for one, G Data CyberDefense/© G Data CyberDefense, FAST LTA/© FAST LTA, Vendosoft/© Vendosoft, Kumavision/© Kumavision, Noriis Network AG/© Noriis Network AG, WSW Software GmbH/© WSW Software GmbH

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"