NSF Award
2200622
Zero Trust, has generally been explained as a network in which capabilities and access among all of the participating systems are highly regulated or require a sufficiently high level of proof before permissions are granted for any period of time. As reassuring as these words are for many in this space, the implementation of such networks and architecture lags due to the lack of an rigorous ground truth for success. In other words, if you ask any number of people to show you how they ”implemented” their Zero Trust environment with the same initial specifications you will get at a minimum number of responses with varying levels of verifiable security. The multiple responses are not the problem in this case as much as the variability in the level of security due to the ill-posed question of trust in these systems. The failure to develop true resilience is strongly related to the lack of a unified theoretical framework born out of fundamental cybersecurity experiments and results. This work will first frame and identify the appropriate scale for the question of trust in the cybersecurity domain. The education and research goals of this project are designed to strongly support the engagement in the community.<br/><br/>The proposed research task is to do the research and development of the mathematical rules and bounds, e.g., first-order logic, formal methods, etc. to accurately encapsulate all the requirements needed to achieve a “True Zero Trust” architecture for a networked environment. The second research challenge is to prototype, build, test and attack these “True Zero-Trust” networks and compare them to other standards. These research tasks require accurate, detailed, and reproducible testbed construction and validation paired with the architecture. They will use Amazon Web Services to design and test initial architectures across four phases. The third research challenge is to verify the “True Zero-Trust” architecture at scale during varied attack scenarios under high utilization stress. The fourth research challenge is to develop an “Equation of State” for these systems that provides a “Figure of Merit” when judging the security of these systems. This work is strongly aligned with the CISE directorate’s mission in particular the CCF program’s Foundations of Emerging Technology thrust and the SaTC program.<br/><br/>This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
