EIR: A Unified Theoretical Framework for Zero Trust Architectures

EIR：零信任架构的统一理论框架

• 批准号: 2200622
• 负责人: Onyema Osuagwu
• 金额: $ 30万
• 依托单位: Morgan State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-09-01 至 2025-08-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2200622&HistoricalAwards=false
• 关键词: EIR; Unified; Theoretical; Framework; Zero

Zero Trust, has generally been explained as a network in which capabilities and access among all of the participating systems are highly regulated or require a sufficiently high level of proof before permissions are granted for any period of time. As reassuring as these words are for many in this space, the implementation of such networks and architecture lags due to the lack of an rigorous ground truth for success. In other words, if you ask any number of people to show you how they ”implemented” their Zero Trust environment with the same initial specifications you will get at a minimum number of responses with varying levels of verifiable security. The multiple responses are not the problem in this case as much as the variability in the level of security due to the ill-posed question of trust in these systems. The failure to develop true resilience is strongly related to the lack of a unified theoretical framework born out of fundamental cybersecurity experiments and results. This work will first frame and identify the appropriate scale for the question of trust in the cybersecurity domain. The education and research goals of this project are designed to strongly support the engagement in the community.The proposed research task is to do the research and development of the mathematical rules and bounds, e.g., first-order logic, formal methods, etc. to accurately encapsulate all the requirements needed to achieve a “True Zero Trust” architecture for a networked environment. The second research challenge is to prototype, build, test and attack these “True Zero-Trust” networks and compare them to other standards. These research tasks require accurate, detailed, and reproducible testbed construction and validation paired with the architecture. They will use Amazon Web Services to design and test initial architectures across four phases. The third research challenge is to verify the “True Zero-Trust” architecture at scale during varied attack scenarios under high utilization stress. The fourth research challenge is to develop an “Equation of State” for these systems that provides a “Figure of Merit” when judging the security of these systems. This work is strongly aligned with the CISE directorate’s mission in particular the CCF program’s Foundations of Emerging Technology thrust and the SaTC program.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

零信托通常被解释为一个网络，在该网络中，所有参与系统之间的功能和访问受到高度监管，或者需要在任何时间段内授予权限之前获得足够高的证明。由于这些单词在这个领域中令人放心，因此由于缺乏成功的基础真相而导致此类网络和建筑的实施滞后。换句话说，如果您要求任何人向您展示他们如何以最小数量的响应数量来“实现”其零信任环境，并且具有不同级别的可验证安全性。在这种情况下，多个响应不是问题，而不是由于对这些系统的信任问题而引起的安全级别的可变性。未能发展真正的弹性与缺乏基本网络安全实验和结果所生的统一理论框架密切相关。工作将首先框架并确定网络安全领域信任问题的适当量表。该项目的教育和研究目标旨在强烈支持社区的参与。拟议的研究任务是进行数学规则和界限的研究和开发，例如一阶逻辑，正式方法等，以准确地封装在网络环境中实现“真正的零信任”体系结构所需的所有要求。第二项研究挑战是原型，构建，测试和攻击这些“真正的零信任”网络，并将其与其他标准进行比较。这些研究任务需要与体系结构配对的准确，详细和再现经过测试的结构和验证。他们将使用Amazon Web服务在四个阶段设计和测试初始体系结构。第三项研究挑战是在高利用压力下的各种攻击方案中验证“真正的零信任”架构。第四项研究挑战是为这些系统开发一个“国家方程式”，该系统在判断这些系统的安全性时提供了“优点”。这项工作与CISE董事会的使命尤其是CCF计划的新兴技术推力和SATC计划的基础。该奖项反映了NSF的法定任务，并认为值得通过基金会的知识分子优点和更广泛的审查标准通过评估来进行评估。