Schoffit, J., Pietzschmann, L., Prechtel, P., Eisermann, D., Wendzel, S., Kargl, F. and International Conference on Networked Systems (Ilmenau, 01.-04.09-2025) 2025. Enhancing client security in zero trust architectures: a device-agent policy enforcement point for compartmentalized network management.
Proceedings of the International Conference on Networked Systems 2025 (NetSys 2025): Technische Universität Ilmenau, 1 – 4 September 2025. (Aug. 2025), 29–32.
Zero Trust Architectures have recently attracted a lot of interest in the network community. However, access control is often not extending into client devices. In this paper, we propose an extension of Zero Trust Policy Enforcement Points that integrates a device agent to expand the zero trust security model to client devices. We have developed a generalized framework that integrates with multiple compartmentalization technologies, ensuring the isolation of processes and enforcement of network policies while maintaining application and user authentication. This approach minimizes the attack surface of malicious processes, as our Zero Trust Device Agent manages compartment lifecycles based on their behaviour within the network and integrates into the global access control framework, thereby improving the overall security of zero trust architectures.