This topic addresses the challenges of securing modern network environments through Zero Trust Network Access. Even when strong perimeter defenses are in place, the lack of true end-to-end network traffic separation still leaves systems vulnerable to lateral movement. I am interested in developing architectures that enforce strict network isolation and verification. This may also include exploring unified policy frameworks to seamlessly synchronize security rules across both the core network infrastructure and the client endpoints. If you wish to explore this topic further, I invite you to contact me and we can then further discuss the specific focus of the thesis.

Zero Trust Architectures have recently attracted a lot of interest in the network community. However, access control is often not extending into client devices. In this paper, we propose an extension of Zero Trust Policy Enforcement Points that integrates a device agent to expand the zero trust security model to client devices. We have developed a generalized framework that integrates with multiple compartmentalization technologies, ensuring the isolation of processes and enforcement of network policies while maintaining application and user authentication. This approach minimizes the attack surface of malicious processes, as our Zero Trust Device Agent manages compartment lifecycles based on their behaviour within the network and integrates into the global access control framework, thereby improving the overall security of zero trust architectures.