The increased connectivity and potential insider threats make traditional network defense vulnerable. Instead of assuming that everything behind the security perimeter is safe, the zero-trust security model verifies every incoming request before granting access. This chapter draws attention to the cyber resilience within the zero-trust model. We introduce the evolution from traditional perimeter-based security to zero trust and discuss their difference. Two key elements of the zero-trust engine are trust evaluation (TE) and policy engine (PE). We introduce the design of the two components and discuss how their interplay would contribute to cyber resilience. Dynamic game theory and learning are applied as quantitative approaches to achieve automated zero-trust cyber resilience. Several case studies and implementations are introduced to illustrate the benefits of such a security model.

翻译：增加的网络连接和潜在内部威胁使得传统网络防御变得脆弱。零信任安全模型不再假设安全边界内部的一切都是安全的，而是在授予访问权限之前验证每一个传入请求。本章关注零信任模型中的网络安全弹性。我们介绍了从传统基于边界的安全到零信任的演变过程，并讨论了两者之间的区别。零信任引擎的两个关键要素是信任评估（TE）和策略引擎（PE）。我们介绍了这两个组件的设计，并讨论了它们之间的相互作用如何有助于网络安全弹性。动态博弈理论和学习被用作实现自动化零信任网络安全弹性的量化方法。通过若干案例研究和实现，展示了这种安全模型所带来的优势。