Downloads: 145

Files in This Item:
File Description SizeFormat 
PerComWorkshops51409.2021.9431116.pdf116.45 kBAdobe PDFView/Open
Title: Zero Trust Federation: Sharing Context under User Control towards Zero Trust in Identity Federation
Authors: Hatakeyama, Koudai
Kotani, Daisuke  kyouindb  KAKEN_id  orcid (unconfirmed)
Okabe, Yasuo
Author's alias: 畠山, 昂大
小谷, 大祐
岡部, 寿男
Keywords: Access controls
Identity Federation
Zero Trust
User Managed Access
Issue Date: 22-Mar-2021
Publisher: IEEE
Journal title: 2021 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops)
Start page: 514
End page: 519
Abstract: Perimeter models, which provide access control for protecting resources on networks, make authorization decisions using the source network of access requests as one of critical factors. However, such models are problematic because once a network is intruded, the attacker gains access to all of its resources. To overcome the above problem, a Zero Trust Network (ZTN) is proposed as a new security model in which access control is performed by authenticating users who request access and then authorizing such requests using various information about users and devices called contexts. To correctly make authorization decisions, this model must take a large amount of various contexts into account. However, in some cases, an access control mechanism cannot collect enough context to make decisions, e.g., when an organization that enforces access control joins the identity federation and uses systems operated by other organizations. This is because the contexts collected using the systems are stored in individual systems and no federation exists for sharing contexts. In this study, we propose the concept of a Zero Trust Federation (ZTF), which applies the concept of ZTN under the identity federation, and a method for sharing context among systems of organizations. Since context is sensitive to user privacy, we also propose a mechanism for sharing contexts under user control. We also verify context sharing by implementing a ZTF prototype.
Rights: © 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective.
This is not the published version. Please cite only the published version. この論文は出版社版でありません。引用の際には出版社版をご確認ご利用ください。
DOI(Published Version): 10.1109/PerComWorkshops51409.2021.9431116
Appears in Collections:Journal Articles

Show full item record

Export to RefWorks

Export Format: 

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.