Towards a zero-trust micro-segmentation network security strategy: an evaluation framework

Nardine Basta, Muhammad Ikram, Mohamed Ali Kaafar, Andy Walker

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

9 Citations (Scopus)

Abstract

Micro-segmentation is an emerging security technique that separates physical networks into isolated logical micro-segments (workloads). By tying fine-grained security policies to individual workloads, it limits the attacker's ability to move laterally through the network, even after infiltrating the perimeter defences. While micro-segmentation is proved to be effective for shrinking enterprise networks attack surface, its impact assessment is almost absent in the literature. This research is dedicated to developing an analytical framework to characterise and quantify the effectiveness of micro-segmentation on enhancing networks security. We rely on a twofold graph-feature-based framework of the network connectivity and attack graphs to evaluate the network exposure and robustness, respectively. Tracking the variations of formulated metrics values post the deployment of micro-segmentation reveals exposure reduction and robustness improvement in the range of 60% - 90%.

Original languageEnglish
Title of host publicationProceedings of the IEEE/IFIP Network Operations and Management Symposium 2022
Subtitle of host publicationnetwork and service management in the era of cloudification, softwarization and artificial intelligence
EditorsPal Varga, Lisandro Zambenedetti Granville, Alex Galis, Istvan Godor, Noura Limam, Prosper Chemouil, Jérôme François, Marc-Oliver Pahl
Place of PublicationPiscataway, NJ
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Number of pages7
ISBN (Electronic)9781665406017
ISBN (Print)9781665406024
DOIs
Publication statusPublished - 2022
Event2022 IEEE/IFIP Network Operations and Management Symposium, NOMS 2022 - Budapest, Hungary
Duration: 25 Apr 202229 Apr 2022

Publication series

Name
ISSN (Print)1542-1201
ISSN (Electronic)2374-9709

Conference

Conference2022 IEEE/IFIP Network Operations and Management Symposium, NOMS 2022
Country/TerritoryHungary
CityBudapest
Period25/04/2229/04/22

Fingerprint

Dive into the research topics of 'Towards a zero-trust micro-segmentation network security strategy: an evaluation framework'. Together they form a unique fingerprint.

Cite this