The context aware security policy language for Zero Trust Network

Abstract

With the development of the pervasive computing, the number of devices accessing to network is increasing. Though this condition brings us a more convenient and intelligent lifestyle, accompanying with it is the higher possibility of information breach no matter it is intentional or inadvertent. Moreover, as traditional constructs of on-site employees and on-premises solutions fade, the traditional perimeter security model no longer fit into modern networks and usage pattern. To mitigate this issue, a more effective model, Zero Trust Networking (ZTN) was proposed. Through the guiding principle of “never trust, always verify”, the network is assumed as a hostile place needing to deal with threads from both outside and inside. The massive context attributes and complicated security requirements result in the difficulty of manually implementing every access control rule. There is an immediate need of a policy language specification that enables automatically generating access control rules, using context information. Extensive research works have been proposed, focusing on policy language. Nevertheless, few of them are optimised for ZTN scenarios. The project aims to enable context-aware features in an access control system (implemented with a dedicated policy language) for ZTN