A policy language for context-aware access control in zero-trust network
Evolving computing technologies such as cloud, edge computing, and the Internet of Things (IoT) are creating a more complex, dispersed, and dynamic enterprise operational environment. New security enterprise architectures such as those based on the concept of Zero Trust (ZT) are emerging to meet the challenges posed by these changes. Context awareness is a notion from the field of ubiquitous computing that is used to capture and react to the situation of an entity, based on the dynamics of a particular application or system context. However, there is limited research and discussion about the overlap between context awareness and Zero Trust, with existing literature often treating them as separate entities, leading to potential inefficiencies. One of the main challenges in merging the two concepts is the inflexibility of the programming languages and systems used in crafting access control policies, which sometimes result in excessively rigid policies. Addressing this challenge could be achieved through a new programming language specifically designed for greater flexibility and a wider consideration of contextual factors, leading to more robust security measures that align more effectively with the principles of Zero Trust. This work conducts a systematic review of the previous research in context-aware access control to identify the various ways to capture and express context across different access control types and different application domains. Based on this review, it identifies how context can help provide dynamic policy-based solutions for zero trust applications. It extends a previous work which designed a policy language for risk-based access control in zero-trust networks. Specifically, this project extends the necessary language constructs to include and handle dynamic contextual attributes. Finally, it provides a proof of concept to demonstrate that the extended language can give the correct access decisions based on the evaluation of contextual information in zero-trust network.
The following license files are associated with this item: