Abstract

Zero Trust Architecture (ZTA) is a novel security approach for building secure systems. ZTA-based systems are built with specific security mechanisms to enforce their basic tenets, for example, explicit verification and least privilege. Although existing security mechanisms have been useful in building ZTA-based systems, the current literature does not provide clear guidance on which security mechanisms should be used by developers of these systems. This article describes the design and results of a systematic mapping study to identify the security mechanisms used in the building of ZTA-based systems. The review yielded 290 articles, of which 30 primary studies were selected. Key findings are: (i) 24 different security mechanisms were reported; (ii) 37% of them are classified into access control techniques to implement ZTA least priveleges tenet; (iii) ABAC and AIM are the most used mechanisms; (iv) over half of security mechanisms (69%) focus on resisting attacks (instead of detecting or recovering); and (v) experimentation is a predominant empirical strategy within ZTA security research. The identification of these security mechanisms will enable developers of ZTA-based systems to effectively address the security challenges associated with implementing ZTA tenets.