MAPE-ZT: A Multi-Layer Access Policy Encryption System for Zero Trust Architectures

Organizations usually rely on stringent access control mechanisms where access policies are an important asset. Their storage or transmission in plaintext can compromise sensitive access rules. It is important in dynamic environments where access decisions are made in real time such as Zero Trust (ZT). Existing ZT approaches were found to oversee the aspect of securing these policies. This investigation presents a Multi-layer Access Policy Encryption System for ZT systems (MAPE-ZT). The first stage uses the trapdoor index to generate a secure index to find the applicable access policies. Advanced Encryption Standard-256 is used in counter mode for the encryption of the policies. They are re-encrypted using the Ciphertext-Policy Attribute-Based Encryption (CP-ABE) to allow decryption based on a matching set of attributes. Various experiments using quantitative metrics, including comparison with baseline access control systems simulation, scalability evaluation, storage overhead, etc., highlight the efficacy of the MAPE-ZT and establish new benchmarks. The result count entropy for the policies ranged 3.84–4.21 for different scales of policies. The evaluation in different scales of systems shows that the MAPE-ZT reduces various observable patterns even if the deployment size grows. Its unique design of securing policies makes this approach scalable for multi-domain integration.