A Multi-Layer Zero-Trust Enforcement Model for Cloud-Integrated Web and Mobile Platforms
DOI:
https://doi.org/10.15680/IJCTECE.2021.0402003Keywords:
Zero Trust Architecture, Microsegmentation, Mutual TLS (mTLS), Policy-as-Code, Attribute-Based Access Control, Cloud Security, Lateral Movement PreventionAbstract
The migration of high-concurrency web and mobile applications to cloud and microservices architectures has rendered traditional perimeter-centric security models obsolete.1 This study proposes the Multi-Layer Zero-Trust Enforcement Model (ML-ZTEM), a novel security architecture that enforces the "never trust, always verify" principle across all critical system layers: Identity, Network/Microsegmentation, and Application/Workload. ML-ZTEM achieves deep, context-aware protection by integrating three distinct Policy Enforcement Points (PEPs) that operate sequentially to minimize the blast radius of any potential compromise. The model utilizes Mutual TLS (mTLS) for network-level identity, Policy-as-Code (PaC) for resource-level authorization, and a risk-based authentication engine that continuously monitors user and device posture. Through a simulated empirical analysis against a legacy VPC-based architecture, we demonstrate that ML-ZTEM achieves a $100\%$ success rate in blocking lateral movement and unauthorized cross-segment access, confirming its superior security efficacy while maintaining high-throughput capabilities essential for modern platforms. This work provides a structured, verifiable blueprint for securing complex, cloud-integrated environments against evolving cyber threats.
References
1. Hardt, D. (2012). The OAuth 2.0 authorization framework (RFC 6749). Internet Engineering Task Force.
2. Vangavolu, S. V. (2017). The Evolution of Backend Development with Node.Js, Docker, and Serverless. International Journal of Engineering Science and Advanced Technology (IJESAT), 17(12), 14-23.
3. Jones, M., Bradley, J., & Sakimura, N. (2015). JSON Web Token (JWT) (RFC 7519). Internet Engineering Task Force.
4. Kindervag, J. (2010). No more chewy centers: The zero trust model of information security. Forrester Research.
5. Kolla, S. . (2019). Serverless Computing: Transforming Application Development with Serverless Databases: Benefits, Challenges, and Future Trends. Turkish Journal of Computer and Mathematics Education (TURCOMAT), 10(1), 810–819. https://doi.org/10.61841/turcomat.v10i1.15043
6. Krintz, C., & Wolski, R. (2009). Using decoupled and asynchronous approaches to improve cloud performance and scalability. In Proceedings of the 2009 IEEE International Conference on Cloud Computing (CLOUD) (pp. 53–60). IEEE.
7. Rose, S., Borchert, O., Mitchell, S., & Connelly, S. (2020).9 Zero Trust Architecture (NIST Special Publication 800-207).10 National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-207
8. Wiesner, L., Pautasso, E., & Gschwind, S. (2020). The impact of authorization mechanisms on microservice performance: A comprehensive study. In Proceedings of the 13th IEEE International Conference on Cloud Computing (pp. 143–152). IEEE.
9. Vogels, W. (2008). A decade of Dynamo: Lessons from high-scale distributed systems. ACM Queue, 6(6).
10. Vinod Vangavolu, S. . (2020). Optimizing MongoDB Schemas for High-Performance MEAN Applications. Turkish Journal of Computer and Mathematics Education (TURCOMAT), 11(3), 3061–3068. https://doi.org/10.61841/turcomat.v11i3.15236
