Master-slave Multi-chain with Risk Assessment based Access Control Model for Zero Trust Network

Abstract Zero trust aims to enable users in untrusted network areas to access trusted areas through authentication and policy control. When entering a zero trust network, no entity is inherently trusted, and resources are subject to continuous and dynamic evaluation during access. However, challenges such as dynamic access control decisions, multi-domain polymorphic access subjects, and continuous assessment of access behavior highlight the limitations of conventional zero trust networks in meeting evolving user demands for network security. In response to these challenges, we propose the master-slave multi-chain with risk assessment based access control (MMR-AC) model for zero trust network. This model introduces a unified identity management strategy through the design of access control contracts, facilitating seamless cross-domain access between different identity management systems. Additionally, the model leverages a master-slave multi-chain architecture to establish an Attribute-Based Access Control (ABAC) mechanism. To achieve continuous assessment of the access subject, the model utilizes the historical access records of the access subject as training data. Furthermore, it introduces an access risk assessment method using LightGBM. Experimental results with the proposed MMR-AC model demonstrate its capability to achieve a continuous and accurate assessment of user access risks.