We found a match
Your institution may have access to this item. Find your institution then sign in to continue.
- Title
Hybrid isolation model for device application sandboxing deployment in Zero Trust architecture.
- Authors
Zhang, Jingci; Zheng, Jun; Zhang, Zheng; Chen, Tian; Qiu, Kefan; Zhang, Quanxin; Li, Yuanzhang
- Abstract
With recent cyber security attacks, the "border defense" security protection mechanism has often penetrated and broken through, and the "borderless" security defense idea—Zero Trust was proposed. The device application sandbox deployment model is one of the four essential Zero Trust architecture device deployment models. The isolation of the application sandbox directly affects the security of trusted applications. Given the security risks, such as sandbox escape in the sandbox application, we propose a hybrid isolation model based on access behavior and give the formal definition and security characteristics of the model. The model dynamically determines the security identity of the subject according to the access behavior and controls the access operation of the application sandbox. Therefore, the sandbox meets the characteristics of autonomous security, domain isolation, and integrity, ensuring that the system is always in an isolated safe state and easy to use. Finally, we implement the security model based on the container and Linux security module, and test the network and disk performance of this model. What is more, we make security comparison experiments based on the same container escape vulnerability. The experimental results show that the security model proposed in this paper effectively enhances the security of the device application sandboxing deployment model in Zero Trust architecture, and has a better performance compared with Container‐SELinux.
- Subjects
TRUST; CYBERTERRORISM; INTERNET security; NETWORK performance; ACCESS control
- Publication
International Journal of Intelligent Systems, 2022, Vol 37, Issue 12, p11167
- ISSN
0884-8173
- Publication type
Article
- DOI
10.1002/int.23037