BROWSE
Detail
Journal Article
Exploring Effective Zero Trust Architecture for Defense Cybersecurity: A Study
Cited 2 time in 
Share 
Share
- Authors
- Youngho Kim, Seon-Gyoung Sohn, Kyeong Tae Kim, Hae Sook Jeon, Sang-Min Lee, Yunkyung Lee, Jeongnyeo Kim
- Issue Date
- 2024-09
- Citation
- KSII Transactions on Internet and Information Systems, v.18, no.9, pp.2665-2691
- ISSN
- 1976-7277
- Publisher
- Korea Society of Internet Information
- Language
- English
- Type
- Journal Article
- Abstract
- The philosophy of Zero Trust in cybersecurity lies in the notion that nothing assumes to be trustworthy by default. This drives defense organizations to modernize their cybersecurity architecture through integrating with the zero-trust principles. The enhanced architecture is expected to shift protection strategy from static and perimeter-centric protection to dynamic and proactive measures depending on the logical contexts of users, assets, and infrastructure. Given the domain context of defense environment, we aim three challenge problems to tackle and identify four technical approaches by the security capabilities defined in the Zero Trust Architecture. First approach, dynamic access control manages visibility and accessibility to resources or services with Multi Factor Authentication and Software Defined Perimeter. Logical network separation approach divides networks on a functional basis by using Software Defined Network and Micro segmentation. Data-driven analysis approach enables machine-aided judgement by utilizing Artificial Intelligence, User and Entity Behavior Analytics. Lastly, Security Awareness approach observes fluid security context of all resources through Continuous Monitoring and Visualization. Based on these approaches, a comprehensive study of modern technologies is presented to materialize the concept that each approach intends to achieve. We expect this study to provide a guidance for defense organizations to take a step on the implementation of their own zero-trust architecture.
- KSP Keywords
- Challenge problem, Comprehensive study, Continuous monitoring, Dynamic access control, Entity behavior, Modern technology, Multi-factor authentication, Protection Strategy, Security Awareness, Software-Defined Networking(SDN), artificial intelligence