Intrusion Detection through Zero Trust Access Control
Intrusion Detection through Zero Trust Access Control
With the widespread adoption of telework, there has been a dramatic increase in remote access to business-critical data. The traditional security model, known as perimeter-based defense, established a boundary area called the Demilitarized Zone (DMZ) between internal corporate networks and the internet, using firewalls and intrusion detection systems to deny external access. However, with the mainstream adoption of mobile/IoT devices, cloud computing, and remote work, there is now a need for a security model that enables access regardless of time and location, without strictly dividing networks into internal and external zones. To deal with this, Zero Trust abandon the ambiguous concept of network boundaries and instead verify each data access attempt without inherent trust. Our laboratory conducts various research and development projects focused on Zero Trust Network access.
Zero Trust Access Control with Verifiable User Authenticity
In remote work environments, once a user completes account authentication, they can continue to view and edit confidential data without additional verification of access requests. This poses a risk to data confidentiality if the device or authentication credentials are intercepted or shared with third parties after the initial authentication. Traditional Zero Trust Access Control (ZTAC) systems have not been able to fully address diverse attack patterns because web biometrics were not originally designed with ZTAC implementation in mind.
Our laboratory researches Zero Trust Access Control that can verify user authenticity - whether the account operator is the legitimate account holder. In our proposed method, we measure behavioral and cognitive biometrics that are difficult to impersonate from web browser actions and verify them continuously. This system can immediately deny access requests and block data viewing/editing even if authentication credentials like IDs and passwords are leaked or if users are switched after authentication.
References
Taisho Sasada, Yuzo Taenaka, Youki Kadobayashi, Doudou Fall, “Web-Biometrics for User Authenticity Verification in Zero Trust Access Control”, IEEE Access, Vol. 12, pp. 129611 - 129622, June 2024. DOI: 10.1109/ACCESS.2024.3413696.
System Architecture Exercise Using Zero Trust Access Control
Implementing ZTAC requires personnel who not only understand organizational structure and business workflows but also possess specialized cybersecurity knowledge. These professionals must keep up with changes in security requirements and evolving attack trends, in addition to their regular duties. However, for companies that struggle to secure sufficient security personnel, it is challenging to practically build and maintain ZTAC systems.
Our laboratory also conducts research on cybersecurity exercises that help participants acquire fundamental system architect skills through the construction of ZTAC systems. The learning approach compares ZTAC with:
DAC (Discretionary Access Control) used for permission control of user-owned files in Linux
MAC (Mandatory Access Control) which enforces rules on Linux files, processes, and other actions based on defined policies, as seen in SELinux and AppArmor
RBAC (Role-Based Access Control) used in cloud environments
We designed this as a comprehensive cybersecurity exercise where participants can experience system architect duties through a combination of lectures, hands-on practice, and discussions. The proposed exercise has been tested with both graduate students and working professionals, and statistical factor analysis confirmed that it provides effective learning outcomes regardless of participants' prior security experience.
References