ZTSFC: A Service Function Chaining-Enabled Zero Trust Architecture
Recently, zero trust security has received notable attention in the security community. However, while many networks use monitoring and security functions like firewalls, their integration in the design of zero trust architectures remains largely unaddressed. In this article, we contribute with resp...
Main Authors: | , , |
---|---|
Format: | Article |
Language: | English |
Published: |
IEEE
2023-01-01
|
Series: | IEEE Access |
Subjects: | |
Online Access: | https://ieeexplore.ieee.org/document/10310190/ |
_version_ | 1797627841325563904 |
---|---|
author | Leonard Bradatsch Oleksandr Miroshkin Frank Kargl |
author_facet | Leonard Bradatsch Oleksandr Miroshkin Frank Kargl |
author_sort | Leonard Bradatsch |
collection | DOAJ |
description | Recently, zero trust security has received notable attention in the security community. However, while many networks use monitoring and security functions like firewalls, their integration in the design of zero trust architectures remains largely unaddressed. In this article, we contribute with respect to this aspect a novel network security architecture called Zero Trust Service Function Chaining (ZTSFC). With ZTSFC, we achieve three main improvements over zero trust architectures: (1) the zero trust components can directly integrate other monitoring and security functions into their access decisions, (2) an efficient flow of information between zero trust components, monitoring, and security functions are achieved, and (3) ZTSFC improves the performance with respect to hardware load and user experience. As proof of concept, we implemented a publicly available ZTSFC prototype based on HTTPS and the policy language ALFA. Using this prototype, we demonstrate the achievement of all three improvements in representative use cases. In addition, our performance evaluation compares ZTSFC with a regular zero trust network without ZTSFC. The results indicate that ZTSFC can reduce CPU usage by 25% for specific monitoring and security functions in certain scenarios. Overall, we also observed a 30% decrease in the time it takes to access services with ZTSFC. |
first_indexed | 2024-03-11T10:31:12Z |
format | Article |
id | doaj.art-f25fbdd574b74166ba68fd8a3a821eb8 |
institution | Directory Open Access Journal |
issn | 2169-3536 |
language | English |
last_indexed | 2024-03-11T10:31:12Z |
publishDate | 2023-01-01 |
publisher | IEEE |
record_format | Article |
series | IEEE Access |
spelling | doaj.art-f25fbdd574b74166ba68fd8a3a821eb82023-11-15T00:00:45ZengIEEEIEEE Access2169-35362023-01-011112530712532710.1109/ACCESS.2023.333070610310190ZTSFC: A Service Function Chaining-Enabled Zero Trust ArchitectureLeonard Bradatsch0https://orcid.org/0000-0001-7120-6557Oleksandr Miroshkin1https://orcid.org/0000-0003-0264-6676Frank Kargl2https://orcid.org/0000-0003-3800-8369Institute of Distributed Systems, Ulm University, Ulm, GermanyCommunication and Information Centre, Ulm University, Ulm, GermanyInstitute of Distributed Systems, Ulm University, Ulm, GermanyRecently, zero trust security has received notable attention in the security community. However, while many networks use monitoring and security functions like firewalls, their integration in the design of zero trust architectures remains largely unaddressed. In this article, we contribute with respect to this aspect a novel network security architecture called Zero Trust Service Function Chaining (ZTSFC). With ZTSFC, we achieve three main improvements over zero trust architectures: (1) the zero trust components can directly integrate other monitoring and security functions into their access decisions, (2) an efficient flow of information between zero trust components, monitoring, and security functions are achieved, and (3) ZTSFC improves the performance with respect to hardware load and user experience. As proof of concept, we implemented a publicly available ZTSFC prototype based on HTTPS and the policy language ALFA. Using this prototype, we demonstrate the achievement of all three improvements in representative use cases. In addition, our performance evaluation compares ZTSFC with a regular zero trust network without ZTSFC. The results indicate that ZTSFC can reduce CPU usage by 25% for specific monitoring and security functions in certain scenarios. Overall, we also observed a 30% decrease in the time it takes to access services with ZTSFC.https://ieeexplore.ieee.org/document/10310190/Network performancenetwork securityzero trustaccess controlservice function chaining |
spellingShingle | Leonard Bradatsch Oleksandr Miroshkin Frank Kargl ZTSFC: A Service Function Chaining-Enabled Zero Trust Architecture IEEE Access Network performance network security zero trust access control service function chaining |
title | ZTSFC: A Service Function Chaining-Enabled Zero Trust Architecture |
title_full | ZTSFC: A Service Function Chaining-Enabled Zero Trust Architecture |
title_fullStr | ZTSFC: A Service Function Chaining-Enabled Zero Trust Architecture |
title_full_unstemmed | ZTSFC: A Service Function Chaining-Enabled Zero Trust Architecture |
title_short | ZTSFC: A Service Function Chaining-Enabled Zero Trust Architecture |
title_sort | ztsfc a service function chaining enabled zero trust architecture |
topic | Network performance network security zero trust access control service function chaining |
url | https://ieeexplore.ieee.org/document/10310190/ |
work_keys_str_mv | AT leonardbradatsch ztsfcaservicefunctionchainingenabledzerotrustarchitecture AT oleksandrmiroshkin ztsfcaservicefunctionchainingenabledzerotrustarchitecture AT frankkargl ztsfcaservicefunctionchainingenabledzerotrustarchitecture |