Software Defined Perimeter Working Group

Introduction to the Software Defined Perimeter Working Group

The Software Defined Perimeter (SDP) is a research initiative launched in December 2013 with the goal to develop a solution to stop network attacks against application infrastructure. With the adoption of cloud services the threat of network attacks against application infrastructure increases since servers can not be protected with traditional perimeter defense techniques. Cloud Security Alliance (CSA) will make this research freely available for use without license fees or restrictions.

Security Model

To solve the problem of stopping network attacks on application infrastructure the SDP Workgroup developed a clean sheet approach that combines on device authentication, identity-based access and dynamically provisioned connectivity. While the security components in SDP are common place, the integration of the three components is fairly novel. More importantly, the SDP security model has been shown to stop all forms of network attacks including DDoS, Man-in-the-Middle, Server Query (OWASP10) as well as Advanced Persistent Threat (APT).

Organizational Structure & Goals

The SDP Workgroup is a volunteer team that has two meetings per year usually scheduled around the RSA security conference and CSA Congress. During the calendar year, the SDP volunteers form teams to focus on specific tasks. In 2014 the SDP volunteers published a 1.0 Specification as well as hosted two Hackathon’s to verify its security model. For 2015, the SDP volunteers plan to develop an open source code base focused on DDoS (conceptually a SDP 0.25).

Software Defined Perimeter Working Group Leadership

Software Defined Perimeter Co-chairs

Junaid Islam

Junaid Islam

Junaid Islam is the CTO and founder of Vidder which provides distributed access control solutions to Fortune 500 companies. Prior to founding Vidder, Junaid founded Bivio Networks which developed the first Gigabit speed software based security platform in the industry. Earlier in his career Junaid helped create networking standards such as Frame Relay, ATM and MPLS while at StrataCom and Cisco.

In addition to his work in the technology industry Junaid has served at the local and national levels. Junaid served as the Human Relations Commissioner of Santa Clara Country (Silicon Valley) from 2002 to 2009. Currently Junaid is the Co-Chair of the Software Defined Perimeter (SDP) research group which supports a number of US national cyber security initiatives.

Contributions:
Co-chair of the SDP Working group; co-author and chief architect behind the SDP specification. Presenter at several events including U.S. Congress 2013, CSA Congress in 2014 and 2015 and CSA Summit Hack-a-thon host. Recipient of the Ron Knode Award.

Bob Flores

Bob Flores

Bob Flores is a co-founder and partner of Cognitio. Prior to this, Bob spent 31 years at the Central Intelligence Agency. While at CIA, Bob held various positions in the Directorate of Intelligence, Directorate of Support, and the National Clandestine Service. Toward the end of his career at the CIA, Bob spent three years as the CIA’s Chief Technology Officer where he was responsible for ensuring that the Agency’s technology investments matched the needs of its mission. Bob is the Co-chair of the Software Defined Perimeter (SDP) Working Group at the Cloud Security Alliance.

Software Defined Perimeter Working Group Initiatives

SDP for IaaS

Objective: Utilize SDP to manage user access and privileges in IaaS environments
Application: Enable security and compliance in hybrid and multi-cloud platforms
Membership: Open to the public
Information: All documents publicly available

Private Internet

Objective: Utilize SDP to build an overlay network across the public Internet
Application: Enable global supply chain security for Global 100 companies
Membership: Invitation Only
Information: Briefing available upon request

On Demand FISMA Moderate Services

Objective: Utilize SDP to enable virtualized FISMA moderate services
Application: Contractor access, coalition collaboration, emergency services
Membership: Open to US Federal Agencies
Information: Briefing available upon request (US Federal Agencies only)

Automotive Secure Communications

Objective: Utilize SDP for secure vehicle to cloud communications
Application: Secure telematics data transfer, OTA IVI software update
Membership: Open to automotive OEMs and suppliers
Information: Briefing available upon request

Open Source DDoS Initiative

Objective: Research SDP as a high speed Internet-based packet filter
Application: Enable access to mission critical sites during DDoS attacks
Membership: Open to the public
Information: All documents publicly available

Please contact Software Defined Perimeter Working Group Leadership for more information.

Want to contribute to the Software Defined Perimeter Working Group?

Fill out the form below to join today!


Other:

If you experience trouble using this form, please submit the information here.

Other ways to Connect

Software Defined Perimeter Working Group News

March 31, 2016

Cloud Security Alliance Releases Results of Software-Defined Perimeter Hackathon

CSA, The World’s Leading Cloud Organization Collaborated with Verizon and Vidder To Validate Security and Feasibility of High Availability Public Cloud Architecture at Fourth Annual CSA Hackathon at the RSA Conference 2016 SEATTLE, WA – March 31, 2016 – The Cloud Security Alliance (CSA), today released The Software Defined Perimeter (SDP) Hackathon #4 Report: High…

February 04, 2016

Cloud Security Alliance to Host Fourth Software Defined Perimeter Hackathon; Top Prize of $10,000 up for Grabs

Participants Invited to Attack Mission-Critical Cloud Application Architecture at RSA Conference; Verizon to Lead Testing Effort San Francisco, Calif. (RSA Conference Booth #S2614) – Feb. 4, 2016 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced it…

April 07, 2015

Cloud Security Alliance to Host Third Software Defined Perimeter (SDP) Hackathon– Top Prize of $10,000 Available

The first Hackathon participant to gain access to Bob’s account gets $10,000! Full contest rules and registration will be available April 20th 12:00pm PDT.

August 27, 2014

Hackathon On! Cloud Security Alliance Challenges Hackers to Break its Software Defined Perimeter (SDP) at CSA Congress 2014

Successful breach of SDP Protected Public Cloud will earn a prize of $10,000!

May 01, 2014

Cloud Security Alliance Releases Update to Software Defined Perimeter (SDP)

The SDP Version 1.0 Implementation Specification and SDP Hackathon Results Report provide important updates on the SDP security framework and are now available for download.

December 05, 2013

Cloud Security Alliance Releases Software Defined Perimeter (SDP) Framework Details

New white paper outlines best practices to deploy an SDP to protect application infrastructure from network-based attacks.

November 13, 2013

Cloud Security Alliance Announces Software Defined Perimeter (SDP) Initiative

A project to develop an architecture for creating highly secure and trusted end-to-end networks between any IP addressable entities, allowing for systems that are highly resilient to network attacks.

Software Defined Perimeter Working Group Downloads

Re-Think Security

Release Date: July 15, 2016

SDP Specification v1.0

SDP Specification v1.0

This document outlines a Cloud Security Alliance (CSA) initiated protocol for the Software Defined Perimeter specification, and requests discussion and suggestions for improvements.

Release Date: April 30, 2014

SDP Hackathon Whitepaper

SDP Hackathon Whitepaper

The CSA SDP Hackathon challenged hackers to attack a server defended by a software defined perimeter. Of the billions of packets fired at the server, not one attacker penetrated even the first layer of security. The whitepaper outlines how this is possible.

Release Date: April 17, 2014

Software Defined Perimeter

Software Defined Perimeter

This document explains the software defined perimeter (SDP) security framework and how it can be deployed to protect application infrastructure from network-based attacks. The SDP incorporates security standards from organizations such as the National Institute of Standards and Technology (NIST) as well as security concepts from organizations such as the U.S. Department of Defense (DoD) into an integrated framework.

Release Date: December 01, 2013