This is an early access version, the complete PDF, HTML, and XML versions will be available soon.
Open AccessArticle
A Trust Score-Based Access Control Model for Zero Trust Architecture: Design, Sensitivity Analysis, and Real-World Performance Evaluation
by
Eunsu Jeong
Eunsu Jeong
Eunsu Jeong is an Assistant Professor in the Department of Digital Security at Cheongju University, [...]
Eunsu Jeong is an Assistant Professor in the Department of Digital Security at Cheongju University, Republic of Korea. He received his Ph.D. in Information Security from Korea University. He previously led national cybersecurity initiatives as Director of the Cyber Security Industry Division at the Ministry of Science and ICT and worked at SK Telecom for over 18 years in security technology development. His research interests include Zero Trust Architecture, trust-based access control, and AI-enhanced cybersecurity.
and
Daeheon Yang
Daeheon Yang
Daeheon Yang is a researcher in the Department of Information Security Convergence at Chonnam of He [...]
Daeheon Yang is a researcher in the Department of Information Security Convergence at Chonnam National University, Republic of Korea. He earned a B.Sc. from Hanyang University and completed integrated M.S./Ph.D. coursework in Information Security at Chonnam National University, where he is now pursuing his doctorate. Over the past twelve years he has served as a principal incident responder and digital-forensics analyst at the Korea Internet & Security Agency (KISA), leading major breach investigations, privacy-incident response, and cyber-policy advisory projects. He was seconded to the Ministry of Science and ICT and to the Ministry of Economy and Finance to support national cybersecurity strategy and budgeting. Earlier roles include security-operations-center analyst at SK Infosec (for SK Telecom) and information-security specialist in the Republic of Korea Army. Mr. Yang holds EnCE and FTK ACE certifications and has co-authored several governmental investigation guidelines and security policy reports. In 2024 he received a Commendation from the Deputy Prime Minister and Minister of Economy and Finance for outstanding contributions to national economic development. His research interests include zero-trust architecture, large language models, explainable AI (attention mechanisms, SHAP), dynamic trust scoring, and STIX-based cyber-threat-intelligence orchestration.
1
Department of Digital Security, Cheongju University, Cheongju 28503, Republic of Korea
2
Department of Information Security Convergence, Chonnam National University, Gwangju 61186, Republic of Korea
*
Author to whom correspondence should be addressed.
Appl. Sci. 2025, 15(17), 9551; https://doi.org/10.3390/app15179551 (registering DOI)
Submission received: 6 August 2025
/
Revised: 27 August 2025
/
Accepted: 29 August 2025
/
Published: 30 August 2025
Abstract
As digital infrastructures become increasingly dynamic and complex, traditional static access control mechanisms are no longer sufficient to counter advanced and persistent cyber threats. In response, Zero Trust Architecture () emphasizes continuous verification and context-aware access decisions. To realize these principles in practice, this study introduces a Trust Score ()-based access control model as a systematic alternative to legacy, rule-driven approaches that lack adaptability in real-time environments. The proposed model quantifies the trustworthiness of users or devices based on four core factors—User Behavior (B), Network Environment (N), Device Status (D), and Threat History (T)—each derived from measurable operational attributes. These factors were carefully structured to reflect real-world Zero Trust environments, and a total of 20 detailed sub-metrics were developed to support their evaluation. This design enables accurate and granular trust assessment using live operational data, allowing for fine-tuned access control decisions aligned with Zero Trust principles. A comprehensive sensitivity analysis was conducted to evaluate the relative impact of each factor under different weight configurations and operational conditions. The results revealed that B and N are most influential in real-time evaluation scenarios, while B and T play a decisive role in triggering adaptive policy responses. This analysis provides a practical basis for designing and optimizing context-aware access control strategies. Empirical evaluations using the UNSW-NB15 dataset confirmed the model’s computational efficiency and scalability. Compared to legacy access control approaches, the model achieved significantly lower latency and higher throughput with minimal memory usage, validating its suitability for deployment in real-time, resource-constrained Zero Trust environments.
Share and Cite
MDPI and ACS Style
Jeong, E.; Yang, D.
A Trust Score-Based Access Control Model for Zero Trust Architecture: Design, Sensitivity Analysis, and Real-World Performance Evaluation. Appl. Sci. 2025, 15, 9551.
https://doi.org/10.3390/app15179551
AMA Style
Jeong E, Yang D.
A Trust Score-Based Access Control Model for Zero Trust Architecture: Design, Sensitivity Analysis, and Real-World Performance Evaluation. Applied Sciences. 2025; 15(17):9551.
https://doi.org/10.3390/app15179551
Chicago/Turabian Style
Jeong, Eunsu, and Daeheon Yang.
2025. "A Trust Score-Based Access Control Model for Zero Trust Architecture: Design, Sensitivity Analysis, and Real-World Performance Evaluation" Applied Sciences 15, no. 17: 9551.
https://doi.org/10.3390/app15179551
APA Style
Jeong, E., & Yang, D.
(2025). A Trust Score-Based Access Control Model for Zero Trust Architecture: Design, Sensitivity Analysis, and Real-World Performance Evaluation. Applied Sciences, 15(17), 9551.
https://doi.org/10.3390/app15179551
Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details
here.
Article Metrics
Article Access Statistics
For more information on the journal statistics, click
here.
Multiple requests from the same IP address are counted as one view.
