As digital infrastructures become increasingly dynamic and complex, traditional static access control mechanisms are no longer sufficient to counter advanced and persistent cyber threats. In response, Zero Trust Architecture (ZTA) emphasizes continuous verification and context-aware access decisions. To realize these principles in practice, this study introduces a Trust Score (TS)-based access control model as a systematic alternative to legacy, rule-driven approaches that lack adaptability in real-time environments. The proposed TS model quantifies the trustworthiness of users or devices based on four core factors—User Behavior (B), Network Environment (N), Device Status (D), and Threat History (T)—each derived from measurable operational attributes. These factors were carefully structured to reflect real-world Zero Trust environments, and a total of 20 detailed sub-metrics were developed to support their evaluation. This design enables accurate and granular trust assessment using live operational data, allowing for fine-tuned access control decisions aligned with Zero Trust principles. A comprehensive sensitivity analysis was conducted to evaluate the relative impact of each factor under different weight configurations and operational conditions. The results revealed that B and N are most influential in real-time evaluation scenarios, while B and T play a decisive role in triggering adaptive policy responses. This analysis provides a practical basis for designing and optimizing context-aware access control strategies. Empirical evaluations using the UNSW-NB15 dataset confirmed the TS model’s computational efficiency and scalability. Compared to legacy access control approaches, the TS model achieved significantly lower latency and higher throughput with minimal memory usage, validating its suitability for deployment in real-time, resource-constrained Zero Trust environments.
Jeong et al. (Sat,) studied this question.