In this session, we will first introduce the concept of zero trust, starting from the basic concept of dynamic risk, and then understanding its security assumptions and derived security mechanisms. However, there is no silver bullet solution in the field of information security, and similarly, zero trust cannot solve all security issues. Therefore, we will introduce the scope of zero trust defense and clarify common misconceptions so that the audience can evaluate the correctness and maturity of their own zero trust mechanisms.

Next, we will delve into the implementation of the architecture and dynamic access policies. The zero trust architecture highly relies on its core engine, and if there are vulnerabilities in the core engine, it will lead to overall security issues. Finally, the design of dynamic access policies is one of the core methods of zero trust mechanisms, but it is rarely discussed. Therefore, we will share our research on dynamic access policies.