信任错位了吗？零信任调查

IF 23.2 1区计算机科学 Q1 ENGINEERING, ELECTRICAL & ELECTRONIC

Proceedings of the IEEE Pub Date : 2025-04-21 DOI:10.1109/JPROC.2025.3555131

Alexandre Poirrier;Laurent Cailleux;Thomas Heide Clausen

{"title":"信任错位了吗？零信任调查","authors":"Alexandre Poirrier;Laurent Cailleux;Thomas Heide Clausen","doi":"10.1109/JPROC.2025.3555131","DOIUrl":null,"url":null,"abstract":"Information technology (IT) security has been, and largely is, based on compartmentalization. To implement compartmentalization, system access privileges are granted depending on the topological location of systems, grouped into perimeters, with network mechanisms (firewalls, VLANs, ...) enforcing isolation between perimeters, thus implicitly trusting systems based on their location. However, history has shown that such trust is misplaced. This has led to the emergence of an alternative paradigm, called zero trust. After contextualizing the history of IT and the emergence of zero trust for securing networks, this article presents a taxonomy of zero trust models and architectures, summarizing the goals and core principles of zero trust. Furthermore, an in-depth description of state-of-the-art technologies and methods, for transforming perimeter-based architectures to mature zero-trust architectures, is provided. This article presents a formalization of zero trust and of optimal zero-trust architectures, to which traditional architectures migrate, as well as a method for positioning migrating architectures relative to this ideal of zero trust, with as purpose of enabling a clearer understanding of the benefits and risks induced by a migration to zero trust. Finally, this article analyses the benefits, and drawbacks, of zero trust, focusing on the security properties granted by zero trust, as well as the vulnerabilities introduced.","PeriodicalId":20556,"journal":{"name":"Proceedings of the IEEE","volume":"113 1","pages":"5-39"},"PeriodicalIF":23.2000,"publicationDate":"2025-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Is Trust Misplaced? A Zero-Trust Survey\",\"authors\":\"Alexandre Poirrier;Laurent Cailleux;Thomas Heide Clausen\",\"doi\":\"10.1109/JPROC.2025.3555131\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Information technology (IT) security has been, and largely is, based on compartmentalization. To implement compartmentalization, system access privileges are granted depending on the topological location of systems, grouped into perimeters, with network mechanisms (firewalls, VLANs, ...) enforcing isolation between perimeters, thus implicitly trusting systems based on their location. However, history has shown that such trust is misplaced. This has led to the emergence of an alternative paradigm, called zero trust. After contextualizing the history of IT and the emergence of zero trust for securing networks, this article presents a taxonomy of zero trust models and architectures, summarizing the goals and core principles of zero trust. Furthermore, an in-depth description of state-of-the-art technologies and methods, for transforming perimeter-based architectures to mature zero-trust architectures, is provided. This article presents a formalization of zero trust and of optimal zero-trust architectures, to which traditional architectures migrate, as well as a method for positioning migrating architectures relative to this ideal of zero trust, with as purpose of enabling a clearer understanding of the benefits and risks induced by a migration to zero trust. Finally, this article analyses the benefits, and drawbacks, of zero trust, focusing on the security properties granted by zero trust, as well as the vulnerabilities introduced.\",\"PeriodicalId\":20556,\"journal\":{\"name\":\"Proceedings of the IEEE\",\"volume\":\"113 1\",\"pages\":\"5-39\"},\"PeriodicalIF\":23.2000,\"publicationDate\":\"2025-04-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the IEEE\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10970721/\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"ENGINEERING, ELECTRICAL & ELECTRONIC\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the IEEE","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10970721/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}

引用次数: 0

摘要

信息技术（IT）安全一直是，而且在很大程度上是基于划分的。为了实现分区化，根据系统的拓扑位置授予系统访问权限，并将其分组到边界中，使用网络机制（防火墙、vlan等）强制边界之间的隔离，从而根据其位置隐式地信任系统。然而，历史表明，这种信任放错了地方。这导致了另一种范式的出现，称为零信任。在对IT的历史和零信任的出现进行了背景介绍之后，本文提出了零信任模型和体系结构的分类，总结了零信任的目标和核心原则。此外，还提供了将基于周界的体系结构转换为成熟的零信任体系结构的最新技术和方法的深入描述。本文提出了零信任和最优零信任体系结构的形式化，传统体系结构迁移到这些体系结构，以及一种相对于这种零信任理想定位迁移体系结构的方法，目的是能够更清楚地理解迁移到零信任所带来的好处和风险。最后，本文分析了零信任的优点和缺点，重点介绍了零信任所赋予的安全属性以及引入的漏洞。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Is Trust Misplaced? A Zero-Trust Survey

Information technology (IT) security has been, and largely is, based on compartmentalization. To implement compartmentalization, system access privileges are granted depending on the topological location of systems, grouped into perimeters, with network mechanisms (firewalls, VLANs, ...) enforcing isolation between perimeters, thus implicitly trusting systems based on their location. However, history has shown that such trust is misplaced. This has led to the emergence of an alternative paradigm, called zero trust. After contextualizing the history of IT and the emergence of zero trust for securing networks, this article presents a taxonomy of zero trust models and architectures, summarizing the goals and core principles of zero trust. Furthermore, an in-depth description of state-of-the-art technologies and methods, for transforming perimeter-based architectures to mature zero-trust architectures, is provided. This article presents a formalization of zero trust and of optimal zero-trust architectures, to which traditional architectures migrate, as well as a method for positioning migrating architectures relative to this ideal of zero trust, with as purpose of enabling a clearer understanding of the benefits and risks induced by a migration to zero trust. Finally, this article analyses the benefits, and drawbacks, of zero trust, focusing on the security properties granted by zero trust, as well as the vulnerabilities introduced.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the IEEE 工程技术-工程：电子与电气

CiteScore

46.40

自引率

1.00%

发文量

160

审稿时长

3-8 weeks

期刊介绍： Proceedings of the IEEE is the leading journal to provide in-depth review, survey, and tutorial coverage of the technical developments in electronics, electrical and computer engineering, and computer science. Consistently ranked as one of the top journals by Impact Factor, Article Influence Score and more, the journal serves as a trusted resource for engineers around the world.