Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Register for CSA’s free Virtual Cloud Trust Summit to tackle enterprise challenges in cloud assurance.

CSA Official Press Release

Published 04/07/2015

Home
Press Releases
Cloud Security Alliance to Host Third Software Defined Perimeter (SDP) Hackathon– Top Prize of $10,000 Available

Cloud Security Alliance to Host Third Software Defined Perimeter (SDP) Hackathon– Top Prize of $10,000 Available

Participants Invited to Gain Access to Password Provided Account at RSA Conference; To Date No One Has Broken Alliance’s SDP Security Specification

San Francisco, Calif. (RSA Conference Booth 2621) – April 7, 2015 - The Cloud Security Alliance (CSA), a not-for-profit organization which promotes the use of best practices for providing security assurance within cloud computing, today announced it will hold its third Hackathon at the RSA Conference 2015 in San Francisco, to continue to test the CSA Software Defined Perimeter Specification V.1. A top prize of $10,000 is available to the first participant to gain access to a password provided account.

The CSA’s Software Defined Perimeter (SDP) research project represents a breakthrough approach to security, and is a collaboration among more than 100 companies and U.S. government organizations. Companies such as Coca-Cola, Verizon Communications Inc., Mazda Motor Corp. and other members of the CSA are contributing to a new standard for perimeter security. This approach is necessary because traditional enterprise security is being compromised by insecure by mobile devices, cloud services and outsourcing. In the previous two Hackathons, conducted last year, no one was able to circumvent even the first of the five SDP security controls layers (single packet authorization protocol), despite more than 5 billion packets being fired at the SDP.

Recent high-profile attacks, such as those at Sony and eBay, have leveraged stolen credentials to compromise systems and cause significant damage. The third SDP Hackathon will focus on credential theft, and aims to validate the device authentication capabilities of SDP to stop password-based attacks. In this month’s challenge, Hackathon participants will be provided the name and password to an account, which includes instructions to claim a $10,000 award. The name and password will be announced at the conclusion of the CSA Summit on Monday, April 20, at noon Pacific Daylight Time. Hackathon participants must bypass SDP's device authentication capabilities to gain access to the server with the account.

"The SDP specification continues to gain credibility and momentum among our Enterprise User Group," said Bob Flores, former CTO of the CIA, managing partner at Cognitio Corp., and co-Chair of the CSA SDP Working Group. "In this Hackathon, I’ll be providing my name and password to a file server with instructions to claim $10,000. I have high confidence in the SDP to protect against one of the most devastating kinds of attacks we are seeing today."

"Stolen credentials and unauthorized access should no longer be synonymous," said Junaid Islam, CTO of Vidder, Inc., and co-chair of the SDP Working Group. "We have seen that paradigm fail enterprises time and again. At the end of this Hackathon, we intend to demonstrate that organizations can and should be applying a different approach to authorization, leveraging device authentication, to reduce the ability for these types of attacks to be effective."

The SDP specification uses a framework of security controls that mitigates network-based attacks on Internet-accessible applications by eliminating connectivity to them until devices and users are authenticated and authorized, creating dynamically provisioned perimeters for clouds, demilitarized zones, and data center infrastructures. The SDP has been designed to be highly complementary to Software Defined Networks (SDN), the popular network layer construct which decouples routing and architectural decisions from the underlying equipment to create virtual networks. SDP traverses several OSI layers to tie applications and users with trusted networks, using vetted security models.

Registration for the Hackathon will be available April 20th at 12:00pm PDT at http://www.hacksdp.com/.

Full contest rules will also be accessible April 20th at 12:00pm PDT by visiting: https://cloudsecurityalliance.org/research/sdp/.

The CSA will be hosting demonstrations of the SDP at its booth, #2621 (South Hall), at noon PDT each day of the RSA Conference (Apr 21-23) in San Francisco.

About the Cloud Security Alliance

The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, visit us at https://cloudsecurityalliance.org, and follow us on Twitter @cloudsa.

Media Contact
[email protected]
650.269.8315

Share this content on your favorite social network today!

About Cloud Security Alliance

The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.

For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.