Taisho Sasada, Yuto Masuda, Yuzo Taenaka, Y. Kadobayashi, Doudou Fall
{"title":"Zero-Trust Access Control Focusing on Imbalanced Distribution in Browser Clickstreams","authors":"Taisho Sasada, Yuto Masuda, Yuzo Taenaka, Y. Kadobayashi, Doudou Fall","doi":"10.1109/SDS54264.2021.9732109","DOIUrl":null,"url":null,"abstract":"The further spread of cloud computing and telework has led to an increase in borderless activities, which has expanded the demand for constructing Zero-Trust Access Control (ZTAC). In this context, preventing information leakage is an important issue, and to protect sensitive data and confidential information in a zero-trust, it is necessary to monitor the user's behavior after authentication and make sequential decisions about authorization. In this research, we monitor account's behavior such clickstreams on the browser and incorporate it to evaluation of user's trust in access control system. Through the construction of behavior-based ZTAC system based on clickstreams, we have achieved access control that considers the naturalness of clicks without relying on the results of authentication. Moreover, toward solving the mismatch of click count between the system side and the end-user side, we synchronously updated the clickstream by the user-agent which observing and retrieving the click events in the DOM. As experimental evaluation, we verified that our ZTAC can deal with click count discrepancy and completely prevent various insider threat to sensitive data from even authenticated accounts. Also, we confirmed no significant differences in response time, memory usage, or CPU usage before and after the migration of zero-trust, indicating that it can be deployed in existing enterprise networks.","PeriodicalId":394607,"journal":{"name":"2021 Eighth International Conference on Software Defined Systems (SDS)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 Eighth International Conference on Software Defined Systems (SDS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SDS54264.2021.9732109","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
The further spread of cloud computing and telework has led to an increase in borderless activities, which has expanded the demand for constructing Zero-Trust Access Control (ZTAC). In this context, preventing information leakage is an important issue, and to protect sensitive data and confidential information in a zero-trust, it is necessary to monitor the user's behavior after authentication and make sequential decisions about authorization. In this research, we monitor account's behavior such clickstreams on the browser and incorporate it to evaluation of user's trust in access control system. Through the construction of behavior-based ZTAC system based on clickstreams, we have achieved access control that considers the naturalness of clicks without relying on the results of authentication. Moreover, toward solving the mismatch of click count between the system side and the end-user side, we synchronously updated the clickstream by the user-agent which observing and retrieving the click events in the DOM. As experimental evaluation, we verified that our ZTAC can deal with click count discrepancy and completely prevent various insider threat to sensitive data from even authenticated accounts. Also, we confirmed no significant differences in response time, memory usage, or CPU usage before and after the migration of zero-trust, indicating that it can be deployed in existing enterprise networks.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
