Abstract
This master thesis investigates the practical implementation and systematic evaluationof a zero-trust architecture in comparison to traditional security models. Given the
increasing threats from lateral movement in networks and the limitations of perimeterbased security approaches, zero-trust is seen as a promising paradigm shift based on
the fundamental principle of “never trust, always verify”.
As part of the work, a functional prototype of a ticketing system was developed, which
was implemented both as a zero-trust architecture and in traditional variants (role-based
access management and network segmentation). The zero-trust implementation uses
modern technologies such as Istio Service Mesh and includes continuous authentication,
micro-segmentation and behavior-based anomaly detection.
A comparison of the traditional models was carried out using the CIS Critical
Security Controls (Center for Internet Security, Inc., 2025)1 and performance testing.
Subsequently, the extent to which zero trust principles contribute to meeting the
regulatory requirements of the General Data Protection Regulation and the NIS2
Directive was analyzed.
| Date of Award | 2025 |
|---|---|
| Original language | German (Austria) |
| Supervisor | Erik Pitzer (Supervisor) |
Studyprogram
- Software Engineering