Towards the computer systems design based on Zero Trust Architecture

The work is devoted to theoretical and practical aspects of computer systems design based on the zero trust concept. Based on the system thinking of analyzing existing zero trust systems and theoretical models used in their design, the work describes key problems of implementing zero trust systems. Also, based on design and security patterns, the principles representation of the zero trust concept and the abstract access control model (pattern) of the Zero Trust Architecture are considered.

The principles representation can be used to mine abstract design and security patterns, and the access control pattern – to create derivative patterns and architectures of computer systems based on zero trust. An advance of the access control pattern is the capacity to more fully formulate functional requirements and represent the architectures of the designed systems due to the description of access control levels (network path, session, transaction).

1. Rose S., Borchert O., Mitchell S., Connelly S. Zero Trust Architecture. Special Publication (NIST SP-800-207). Gaithersburg, National Institute of Standards and Technology, 2020, 59 р.

2. Kindervag J. Build security into your network’s DNA: The zero trust network architecture. Forrester Research Inc., 2010, 27 р. Available at: chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/ https://www.virtualstarmedia.com/downloads/Forrester_zero_trust_DNA.pdf (accessed 14.05.2024).

3. Riley S., MacDonald N. Market guide for ZTNA. Gartner, 2020. Available at: https://www.gartner.com/en/documents/3986053 (accessed 14.05.2024).

4. Cunningham C. The zero trust eXtended (ZTX) ecosystem. Forrester, Cambridge, MA, 2018, 15 р. Available at: chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/ https://www.cisco.com/c/dam/m/en_sg/solutions/security/pdfs/forrester-ztx.pdf (accessed 14.05.2024).

5. Kucher V. A. Microsegmentation in information security. Molodoj issledovatel' Dona [Young Explorer of the Don], 2021, no. 3, pp. 54–56 (In Russ).

6. Muradova A. A. Reliability and security of the internet of things. SCHOLAR, 2023, vol. 1, no. 27, рр. 109–117 (In Russ).

7. Sejtkulov E., Satybaldina D., Bisenbaeva N., Kasenova M., Zhүzbaev S. Using artificial intelligence methods to ensure cybersecurity of cellular networks. Vestnik KazATK [Bulletin of KazATC], 2024, vol. 132, no. 3, рр. 319–328 (In Russ).

8. Nabiev B. R., Dashdamirova K. G. Intelligent analysis of cyber threats: problems and prospects. Optikojelektronnye pribory i ustrojstva v sistemah raspoznavanija obrazov i obrabotki izobrazhenij : sbornik materialov XVII Mezhdunarodnoj nauchno-tehnicheskoj konferencii, Kursk, 12–15 sentjabrja 2023 g. [Optical-electronic Devices and Apparatuses in Pattern Recognition and Image Processing Systems : Collection of Materials of the XVII International Scientific and Technical Conference, Kursk, 12–15 September 2023]. Kursk, 2023, рр. 166–168 (In Russ).

9. Assunção P. A zero trust approach to network security. Proceedings of the Digital Privacy and Security Conference, Porto, Protugal, 16 January 2019. Porto Protugal, 2019, pp. 65–72.

10. Karelova O. L., Lisin G. A. Comparative analysis of new generation firewalls. Vestnik UrFO. Bezopasnost' v informacionnoj sfere [Bulletin of the Ural Federal District. Security in the Information Sphere], 2024, vol. 1, no. 51, рр. 22–29 (In Russ).

11. Gluhova T. V., Gorina E. V., Ruchina O. M. The relevance of using SECURITY AS A SERVICE in modern realities. Innovacii v nauke [Innovations in Science], 2015, no. 11(48), рр. 115–120 (In Russ).

12. Osman A., Wasicek A., Köpsell S., Strufe T. Transparent microsegmentation in smart home {IoT} networks. 3rd USENIX Workshop on Hot Topics in Edge Computing (HotEdge 20), Online, 25–26 June 2020. USENIX Association, 2020. Available at: https://www.usenix.org/conference/hotedge20/presentation/osman (accessed 14.05.2024).

13. Urbanovich P. P., Plonkovski M. D. Elements of modern computer networks and network technologies. Peredovye tehnologii i materialy budushhego : sbornik statej IV Mezhdunarodnoj nauchno-tehnicheskoj konferencii «Minskie nauchnye chtenija-2021», Minsk, 9 dekabrja 2021 g. : v 3 tomah [Advanced Technologies and Materials of the Future : Collection of Articles of the IV International Scientific and Technical Conference "Minsk Scientific Readings-2021", Minsk, 9 December 2021 : in 3 Volumes]. Minsk, Belorusskij gosudarstvennyj tehnologicheskij universitet, 2021, vol. 3, рр. 240–246 (In Russ).

14. Nurudinov G. M. Adaptive traffic management in sdn networks using machine learning. Ekonomika i kachestvo sistem svyazi [Economy and Quality of Communication Systems], 2024, no. 1(31), рр. 114–122 (In Russ).

15. Nurusheva A., Safin R., Amrenov A., Satybaldina D. Proposing a strategy for a new reality: zero trust methodology. Vestnik KazATK [Bulletin of KazATC], 2023, vol. 127, no. 4, рр. 140–147 (In Russ).

16. Ward R., Beyer B. Beyondcorp: A new approach to enterprise security. Login: the magazine of USENIX & SAGE, 2014, vol. 39, no. 6, рр. 6–11.

17. Sallam A., Refaey A., Shami A. On the security of SDN: A completed secure and scalable framework using the software-defined perimeter. IEEE Access, 2019, vol. 7, рр. 146577–146587.

18. Fernandez E. B., Brazhuk A. A critical analysis of Zero Trust Architecture (ZTA). Computer Standards & Interfaces, 2024, vol. 89, р. 103832

19. Shitov A., Stelmakh N., Magomedov S. Software complex for risk-oriented attribute-based access control mechanism. International Journal of Open Information Technologies, 2024, vol. 12, no. 6, рр. 133–142.

20. Park J., Sandhu R. The UCONABC usage control model. ACM Transactions on Information and System Security (TISSEC), 2004, vol. 7, no. 1, рр. 128–174.

21. Fernandez-Buglioni E. Security Patterns in Practice: Designing Secure Architectures Using Software Patterns. John Wiley & Sons, 2013, 582 р.

22. Ivanov P. A., Kapger I. V., Shaburov A. S. Model for implementing access control to information assets in the zero trust concept. Vestnik Permskogo nacional'nogo issledovatel'skogo politekhnicheskogo universiteta. Elektrotekhnika, informacionnye tekhnologii, sistemy upravleniya [Perm National Research Polytechnic University Bulletin. Electrotechnics, Information Technologies, Control Systems], 2023, no. 45, рр. 147–163 (In Russ).

23. Mihnevich S. Yu., Tezhar A. A. Evolution of the concept of interoperability of open information systems. Cifrovaya transformaciya [Digital Transformation], 2023, vol. 29, no. 2, рр. 60–66 (In Russ).

24. Dulin S. K., Ryabcev A. B. Algorithm for improving structural interoperability consistency. Nadezhnost' [Reliability], 2024, vol. 24, no. 2, рр. 8–15 (In Russ).

25. Dang T. K., Ha X. S., Tran L. K. XACs-DyPol: Towards an XACML-based Access Control Model for Dynamic Security Policy, 2020. Available at: https://arxiv.org/abs/2005.07160 (accessed 14.05.2024).

26. Artamonov V. A., Artamonova E. V. Artificial intelligence and security: problems, misconceptions, reality and future. Rossiya: tendencii i perspektivy razvitiya [Russia: Development Trends and Prospects], 2022, iss. 17, part 1, рр. 585–594 (In Russ).

27. Saltzer J. H., Schroeder M. D. The protection of information in computer systems. Proceedings of the IEEE, 1975, vol. 63, no. 9, рр. 1278–1308.

28. Dobryshin M. M. Trends in the development of information security theory in the context of dynamic change in the paradigm of the use of information technology impacts. Ekonomika i kachestvo sistem svyazi [Economy and Quality of Communication Systems], 2022, no. 1(23), рр. 37–43 (In Russ).

29. Borovikov A. Yu., Maslov O. A., Mordvinov S. A., Esaf'ev A. A. Method for creating a trusted hardware and software platform for use in special-purpose information systems. Bezopasnost' informacionnyh tekhnologij [Information Technology Security], 2021, vol. 28, no. 4, рр. 104–117 (In Russ).

30. Gamma E., Helm R., Johnson R., Vlissides J. Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley Professional, 1994, 416 р.

31. Valeev S. S., Kondrat'eva N. V. Zero trust architecture design patterns. Inzhenernyj vestnik Dona [Engineering Bulletin of the Don], 2023, no. 9, р. 105 (In Russ).

32. Chernyshev S. A. Classification of common design patterns for multi-agent systems. Programmnye produkty i sistemy [Software Products and Systems], 2022, vol. 35, no. 4, рр. 670–679 (In Russ).

33. Ermochenko S. A., Korchevskaya E. A. Proektirovanie programmnogo obespecheniya. Software Design. Vitebsk, Vitebskij gosudarstvennyj universitet imeni P. M. Masherova, 2023, 51 р. (In Russ).

34. Brazhuk A. I., Olizarovich E. V. Ontological analysis in the problems of container applications threat modelling. Informatika [Informatics], 2023, vol. 20, no. 4, pp. 69−86 (In Russ.).

35. Pasynkova A. A., Vikent'eva O. L. Designing a monitoring system architecture based on design patterns. Trudy Instituta sistemnogo programmirovaniya RAN [Proceedings of the Institute of System Programming of the Russian Academy of Sciences], 2023, vol. 35, no. 3, рр. 137–150 (In Russ).

36. Brazhuk A., Fernandez E. B. An abstract security pattern for Zero Trust Access Control. Proceedings of the 29th International Conference on Pattern Languages of Programs (PLoP '22), Virtual Event, 17–24 October 2022. The Hillside Group, United States, 2022, article 2, рр. 1–5.