ZTA-inspired countermeasures

[netfl0]

• Access Mediation
  • Network Access Mediation
    • LAN Access Mediation
    • Routing Access Mediation
  • Network Resource Access Mediation
    • Web Server Access Mediation
      • Proxy-based Web Server Access Mediation (potentially future technique)
      • Endpoint-based Web Server Access Mediation (potentially future technique)
    • Remote File Access Mediation
  • System Call Mediation
    • Executable Allowlisting (Notional/ for discussion)
    • Local File Access Mediation
  • Subroutine Access Mediation
  • Physical Access Mediation
  • Access Reduction (?)
  • Access Confirmation (engage user)

Remaining decisions:

• Should we use Authorization instead of Mediation
• Determine what existing techniques to deprecate

[BlueNTheFaceSSE]

To the question of mediation or authorization.

In a tutorial and course taught, we've spoken to mediation as having four parts.

• Identification: name, label, or designation attached to an entity to distinguish from other like entities
• Authentication: Confirming the identify claimed
• Authorization: the operations allowed by a entity
• Entity-to-Authorization Binding: unambiguous association of entity to authorizations.

Flipping this to capability functions/"countermeasures": Identification -> need means to manage identities - such as for humans account management stuff. Bleeding a bit into authentication is credential issuance, but this is more probably on identification. Both hardware, software, and wetware can/will have credentials if you interpret credential broadly. Hardware, and even software may have embedded unique credentials - such as a hardware MAC address, but then that needs to be registered with the system - like if one uses a fingerprint or faceID for credential on human, that need to be registered with the system.

Authentication -> so an entity claims an identity - must verify that. Logging in is one such example. The various functions for authenticating go here. Anything with credential checking.

Authorization - for the functional context - there is:

• authorizing: assigning authorities to an entity
• validating: the entity requests. Depending on criticality and other factors either verify the entity is authenticated or if resource accessed is especially sensitive require re-authenticating before validating.
• enforcing authorization.

Entity to authorization binding - this goes to creating the policy that permits, and the integrity of how that policy (how is the policy file or database protected).

So should authorization be used instead of mediation? That wouldn't be standard language if done, at least not standard in certain circles. But it is just label otherwise so it's a call ...