Theses and Dissertations

Advisor

Mittal, Sudip

Committee Member

Gudla, Charan

Committee Member

Torri, Stephen

Committee Member

Trawick, George J.

Date of Degree

5-16-2025

Original embargo terms

Visible MSU Only 6 months

Document Type

Dissertation - Campus Access Only

Major

Computer Science

Degree Name

Doctor of Philosophy (Ph.D.)

College

James Worth Bagley College of Engineering

Department

Department of Computer Science and Engineering

Abstract

The position of the United States on the global stage is predicated on information dominance and the ability to project power through cooperative engagements with mission partners in both wartime and peacetime. Recent cyber-attacks highlighted the need for a more robust cybersecurity posture. As the United States progresses toward the adoption of Zero Trust, it is incumbent on the Department of Defense to assess the impact to the ability to share data across strategic partnerships while securing the data of both the United States and its partners. This paper proposes research into ensuring an environment rooted in Zero Trust and intended to support data sharing with mission partners across a variety of partnerships and mission sets is able to maintain the tenets of Zero Trust when augmented by weak integration with mission partners' identity solutions. This dissertation investigates the challenges and opportunities of implementing a weak federation in a Zero Trust architecture when mission need outweighs the associated cybersecurity risk. It is asserted that weak integration opens the aperture on the number of accounts capable of system access, which impacts the ability of the system to achieve the tenets of Zero Trust. Based on the assertion, which is demonstrated through simulation, a modification to the architecture is proposed to preregister users and standardize attributes as a means to mitigate the impacts to the authentication and authorization mechanisms. A mixed-method approach of mathematical analysis and simulation is used to assess the nonfederated, weak-integration and recommended architectures to determine the degree to which the negative impacts are mitigated. Additionally, it is asserted that a behavioral biometric-esque approach can be used to characterize the behavior of archetypes based on a standardized attribute model. A modified Adaptive Neuro Fuzzy Inference System was trained as a proof of concept to accept request data and user attributes to characterize behavior and provide a categorical context score that represents the likelihood that a request came from a user with the asserted attribute set. The expected contributions of this study include a strategy for improving cybersecurity posture while supporting weak integration attribute-based context generation that can be used to improve continuous authentication mechanisms.

Download

Share

COinS