Attribute-Based Access Control (ABAC) has become the most suitable access control method for cloud environments due to its flexibility and fine-grained advantages. However, it suffers from issues such as insufficient dynamic adaptability and a lack of risk perception capabilities. The Zero Trust Architecture (ZTA) provides a new approach to addressing these problems through continuous trust evaluation, but its high dependence on the Policy Decision Point (PDP) component in the control plane introduces new security risks. To this end, this paper proposes a Zero-Trust Access Control Model based on Attributes and dynamic user Trust scores (AT-ZTAC). The model incorporates a trust evaluation module, which quantifies the user’s trustworthiness in real time through positive trust values and negative risk values, and dynamically integrates this quantification into access decisions to achieve fine-grained, dynamic, and secure authorization. In addition, to address the single-point trust risk of the PDP component, the model adopts a BLS-based threshold signature scheme to ensure the normal operation of the control plane even under limited intrusions, while supporting decision traceability. Theoretical analysis shows that this model significantly improves the overall security of the control plane. Experiments demonstrate that AT-ZTAC outperforms comparative models in terms of trust evaluation effectiveness, access decision throughput (reaching 1850 req/s, a 54% increase compared to traditional ABAC), and access control accuracy (reaching 96.8%). Compared with traditional solutions, it has advantages in flexibility, accuracy, and efficiency, demonstrating its potential for applications in cloud environments.
Mao et al. (Tue,) studied this question.