EIR: A Unified Theoretical Framework for Zero Trust Architectures

EIR：零信任架构的统一理论框架

• 批准号: 2200622
• 负责人: Onyema Osuagwu
• 金额: $ 30万
• 依托单位: Morgan State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-09-01 至 2025-08-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2200622&HistoricalAwards=false
• 关键词: EIR; Unified; Theoretical; Framework; Zero

Zero Trust, has generally been explained as a network in which capabilities and access among all of the participating systems are highly regulated or require a sufficiently high level of proof before permissions are granted for any period of time. As reassuring as these words are for many in this space, the implementation of such networks and architecture lags due to the lack of an rigorous ground truth for success. In other words, if you ask any number of people to show you how they ”implemented” their Zero Trust environment with the same initial specifications you will get at a minimum number of responses with varying levels of verifiable security. The multiple responses are not the problem in this case as much as the variability in the level of security due to the ill-posed question of trust in these systems. The failure to develop true resilience is strongly related to the lack of a unified theoretical framework born out of fundamental cybersecurity experiments and results. This work will first frame and identify the appropriate scale for the question of trust in the cybersecurity domain. The education and research goals of this project are designed to strongly support the engagement in the community.The proposed research task is to do the research and development of the mathematical rules and bounds, e.g., first-order logic, formal methods, etc. to accurately encapsulate all the requirements needed to achieve a “True Zero Trust” architecture for a networked environment. The second research challenge is to prototype, build, test and attack these “True Zero-Trust” networks and compare them to other standards. These research tasks require accurate, detailed, and reproducible testbed construction and validation paired with the architecture. They will use Amazon Web Services to design and test initial architectures across four phases. The third research challenge is to verify the “True Zero-Trust” architecture at scale during varied attack scenarios under high utilization stress. The fourth research challenge is to develop an “Equation of State” for these systems that provides a “Figure of Merit” when judging the security of these systems. This work is strongly aligned with the CISE directorate’s mission in particular the CCF program’s Foundations of Emerging Technology thrust and the SaTC program.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

零信任通常被解释为一种网络，其中所有参与系统之间的功能和访问都受到严格监管，或者在任何时间段内授予权限之前都需要足够高水平的证明，尽管这些词对许多人来说令人放心。在这个领域，由于缺乏严格的成功基础事实，此类网络和架构的实施滞后。换句话说，如果您要求任意数量的人向您展示他们如何使用相同的“实施”零信任环境。您至少可以获得的初始规格在这种情况下，由于对这些系统的不恰当的信任问题，多个响应并不是问题，而是安全级别的可变性。与缺乏基于基本网络安全实验和结果的统一理论框架密切相关。这项工作将首先框架并确定网络安全领域信任问题的适当范围。该项目的教育和研究目标旨在实现。强烈支持社区的参与。拟议的研究任务是进行研究数学规则和界限的开发，例如一阶逻辑、形式方法等，以准确封装实现网络环境“真正的零信任”架构所需的所有要求。构建、测试和攻击这些“真正的零信任”网络，并将其与其他标准进行比较。这些研究任务需要与架构相结合的准确、详细和可重复的测试床构建和验证。跨架构第三个研究挑战是在高利用率压力下的各种攻击场景中大规模验证“真正的零信任”架构。第四个研究挑战是为这些系统开发一个“状态方程”，以提供“图”。在评判这些系统的安全性时，这项工作与 CISE 理事会的使命密切相关，特别是 CCF 计划的新兴技术基础和 SaTC 计划。该奖项反映了 NSF 的法定使命，并被认为是值得的。通过使用基金会的智力优势和更广泛的影响审查标准进行评估来提供支持。