Policy Design in Zero-Trust Distributed Networks: Challenges and Solutions

TL;DR

This paper examines the challenges of designing effective security policies in zero-trust distributed networks, emphasizing formal verification and accountability to enhance security in IoT and AI-integrated systems.

Contribution

It introduces a framework for policy design in ZTDN, including formal verification methods and discusses accountability aspects for improved security.

Findings

Formal verification of policies using UPPAAL improves security assurance.

Challenges in policy design can lead to unauthorized access if unaddressed.

Accountability mechanisms are crucial for system security in ZTDN.

Abstract

Traditional security architectures are becoming more vulnerable to distributed attacks due to significant dependence on trust. This will further escalate when implementing agentic AI within the systems, as more components must be secured over a similar distributed space. These scenarios can be observed in consumer technologies, such as the dense Internet of things (IoT). Here, zero-trust architecture (ZTA) can be seen as a potential solution, which relies on a key principle of not giving users explicit trust, instead always verifying their privileges whenever a request is made. However, the overall security in ZTA is managed through its policies, and unverified policies can lead to unauthorized access. Thus, this paper explores challenges and solutions for ZTA policy design in the context of distributed networks, which is referred to as zero-trust distributed networks (ZTDN). This is followed by a case-study on formal verification of policies using UPPAAL. Subsequently, the importance of accountability and responsibility in the system's security is discussed.