超越静态安全：用于工业物联网访问控制的上下文感知和实时动态零信任架构

IF 8.9 1区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Internet of Things Journal Pub Date : 2025-06-12 DOI:10.1109/JIOT.2025.3579028

Fatemeh Stodt;Christoph Reich;Fabrice Theoleyre

{"title":"超越静态安全：用于工业物联网访问控制的上下文感知和实时动态零信任架构","authors":"Fatemeh Stodt;Christoph Reich;Fabrice Theoleyre","doi":"10.1109/JIOT.2025.3579028","DOIUrl":null,"url":null,"abstract":"In industrial environments, cyber threats are escalating at an unprecedented rate, yet many existing security solutions fail to account for both contextual factors and the criticality of different network segments. This challenge is especially pronounced in diverse, large-scale, and highly dynamic Industrial Internet of Things (IIoT) environments. This article presents a dynamic zero trust access control (ZTA) model that adapts to real-time device status, network conditions, and user behavior to enforce context-aware, security-driven access decisions. At its core, our framework combines mathematical threat assessment with fuzzy logic-based state management (FSM) to continuously adjust trust levels and access permissions. We validated our approach through a Proof-of-Concept using a cluster of virtual machines (VMs) to simulate a controlled environment. This setup demonstrates the ZTA model’s effectiveness in small-scale networks and provides a foundation for testing various access scenarios and evaluating security policies.","PeriodicalId":54347,"journal":{"name":"IEEE Internet of Things Journal","volume":"12 17","pages":"35380-35393"},"PeriodicalIF":8.9000,"publicationDate":"2025-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Beyond Static Security: A Context-Aware and Real-Time Dynamic Zero Trust Architecture for IIoT Access Control\",\"authors\":\"Fatemeh Stodt;Christoph Reich;Fabrice Theoleyre\",\"doi\":\"10.1109/JIOT.2025.3579028\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In industrial environments, cyber threats are escalating at an unprecedented rate, yet many existing security solutions fail to account for both contextual factors and the criticality of different network segments. This challenge is especially pronounced in diverse, large-scale, and highly dynamic Industrial Internet of Things (IIoT) environments. This article presents a dynamic zero trust access control (ZTA) model that adapts to real-time device status, network conditions, and user behavior to enforce context-aware, security-driven access decisions. At its core, our framework combines mathematical threat assessment with fuzzy logic-based state management (FSM) to continuously adjust trust levels and access permissions. We validated our approach through a Proof-of-Concept using a cluster of virtual machines (VMs) to simulate a controlled environment. This setup demonstrates the ZTA model’s effectiveness in small-scale networks and provides a foundation for testing various access scenarios and evaluating security policies.\",\"PeriodicalId\":54347,\"journal\":{\"name\":\"IEEE Internet of Things Journal\",\"volume\":\"12 17\",\"pages\":\"35380-35393\"},\"PeriodicalIF\":8.9000,\"publicationDate\":\"2025-06-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Internet of Things Journal\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/11032110/\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Internet of Things Journal","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/11032110/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

在工业环境中，网络威胁正以前所未有的速度升级，但许多现有的安全解决方案未能考虑到环境因素和不同网段的重要性。这一挑战在多样化、大规模和高度动态的工业物联网（IIoT）环境中尤为明显。本文介绍了一个动态零信任访问控制（ZTA）模型，该模型适应实时设备状态、网络条件和用户行为，以实施上下文感知的、安全驱动的访问决策。该框架的核心是将数学威胁评估与基于模糊逻辑的状态管理（FSM）相结合，以不断调整信任级别和访问权限。我们通过使用虚拟机集群（vm）来模拟受控环境的概念验证来验证我们的方法。此设置演示了ZTA模型在小规模网络中的有效性，并为测试各种访问场景和评估安全策略提供了基础。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Beyond Static Security: A Context-Aware and Real-Time Dynamic Zero Trust Architecture for IIoT Access Control

In industrial environments, cyber threats are escalating at an unprecedented rate, yet many existing security solutions fail to account for both contextual factors and the criticality of different network segments. This challenge is especially pronounced in diverse, large-scale, and highly dynamic Industrial Internet of Things (IIoT) environments. This article presents a dynamic zero trust access control (ZTA) model that adapts to real-time device status, network conditions, and user behavior to enforce context-aware, security-driven access decisions. At its core, our framework combines mathematical threat assessment with fuzzy logic-based state management (FSM) to continuously adjust trust levels and access permissions. We validated our approach through a Proof-of-Concept using a cluster of virtual machines (VMs) to simulate a controlled environment. This setup demonstrates the ZTA model’s effectiveness in small-scale networks and provides a foundation for testing various access scenarios and evaluating security policies.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Internet of Things Journal Computer Science-Information Systems

CiteScore

17.60

自引率

13.20%

发文量

1982

期刊介绍： The EEE Internet of Things (IoT) Journal publishes articles and review articles covering various aspects of IoT, including IoT system architecture, IoT enabling technologies, IoT communication and networking protocols such as network coding, and IoT services and applications. Topics encompass IoT's impacts on sensor technologies, big data management, and future internet design for applications like smart cities and smart homes. Fields of interest include IoT architecture such as things-centric, data-centric, service-oriented IoT architecture; IoT enabling technologies and systematic integration such as sensor technologies, big sensor data management, and future Internet design for IoT; IoT services, applications, and test-beds such as IoT service middleware, IoT application programming interface (API), IoT application design, and IoT trials/experiments; IoT standardization activities and technology development in different standard development organizations (SDO) such as IEEE, IETF, ITU, 3GPP, ETSI, etc.