Software Defined Perimeter Working Group
Introduction to the Software Defined Perimeter Working Group
The Software Defined Perimeter (SDP) is a research initiative launched in December 2013 with the goal to develop a solution to stop network attacks against application infrastructure. With the adoption of cloud services the threat of network attacks against application infrastructure increases since servers can not be protected with traditional perimeter defense techniques. Cloud Security Alliance (CSA) will make this research freely available for use without license fees or restrictions.
To solve the problem of stopping network attacks on application infrastructure the SDP Workgroup developed a clean sheet approach that combines on device authentication, identity-based access and dynamically provisioned connectivity. While the security components in SDP are common place, the integration of the three components is fairly novel. More importantly, the SDP security model has been shown to stop all forms of network attacks including DDoS, Man-in-the-Middle, Server Query (OWASP10) as well as Advanced Persistent Threat (APT).
Organizational Structure & Goals
The SDP Workgroup is a volunteer team that has two meetings per year usually scheduled around the RSA security conference and CSA Congress. During the calendar year, the SDP volunteers form teams to focus on specific tasks. In 2014 the SDP volunteers published a 1.0 Specification as well as hosted two Hackathon’s to verify its security model. For 2015, the SDP volunteers plan to develop an open source code base focused on DDoS (conceptually a SDP 0.25).
Software Defined Perimeter Working Group Leadership
Software Defined Perimeter Co-chairs
Founder and CTO of Vidder
Junaid Islam has been leading player in the networking industry for over 20 years. He is the founder of Vidder, which developed the first cloud-based perimeter security solution for high value applications. Prior to founding Vidder, Junaid founded Bivio Networks which was the first programmable deep packet inspection (DPI) platform for security & surveillance applications.
Earlier in his career, Junaid played a leading role on the development & commercialization of Frame Relay, ATM & VoIP as an architect at StrataCom & Cisco. Junaid has also provided consulting to Fortune 500 companies and US government agencies on secure communications. Junaid currently serves as the Co-Chair of the Software Defined Perimeter Working Group for the Cloud Security Alliance.
Former CTO Central Intelligence Agency, Partner Cognitio
Software Defined Perimeter Working Group Initiatives
There are no open initiatives at this time.
Software Defined Perimeter Working Group Calendar
Software Defined Perimeter Working Group News
April 07, 2015
Cloud Security Alliance to Host Third Software Defined Perimeter (SDP) Hackathon– Top Prize of $10,000 Available
The first Hackathon participant to gain access to Bob’s account gets $10,000! Full contest rules and registration will be available April 20th 12:00pm PDT.
August 27, 2014
Hackathon On! Cloud Security Alliance Challenges Hackers to Break its Software Defined Perimeter (SDP) at CSA Congress 2014
Successful breach of SDP Protected Public Cloud will earn a prize of $10,000!
May 01, 2014
The SDP Version 1.0 Implementation Specification and SDP Hackathon Results Report provide important updates on the SDP security framework and are now available for download.
December 05, 2013
New white paper outlines best practices to deploy an SDP to protect application infrastructure from network-based attacks.
November 13, 2013
A project to develop an architecture for creating highly secure and trusted end-to-end networks between any IP addressable entities, allowing for systems that are highly resilient to network attacks.
Software Defined Perimeter Working Group Downloads
This document outlines a Cloud Security Alliance (CSA) initiated protocol for the Software Defined Perimeter specification, and requests discussion and suggestions for improvements.
Release Date: April 30, 2014
The CSA SDP Hackathon challenged hackers to attack a server defended by a software defined perimeter. Of the billions of packets fired at the server, not one attacker penetrated even the first layer of security. The whitepaper outlines how this is possible.
Release Date: April 17, 2014