Software Defined Perimeter
HackSDP.com: Hacking contest for Software Defined Perimeter
The Software Defined Perimeter (SDP) Hackathon is now closed.
The CSA and SDP Workgroup volunteers would like to thank all of the participants who helped validate the SDP security model. The Hackathon was used to research the value of the following three security controls in a cloud-based environment: Single Packet Authentication (SPA), Mutual TLS DHE, and user credentials. During the 4 day contest, no participant was able to by-pass the Single Packet Authentication (SPA) control even after 10 Billion attempts.
As a follow on, the SDP Workgroup will be publishing a detailed report on the SPA attacks once we go through the logs in the coming weeks. Additionally we'll be planning a future Hackathon in which participants will be able to attack the SDP components separately as we weren't able to test the Mutual TLS nor credential components this time around.
Thanks again for the many participants who spent many hours test our prototype code.
The SDP Team.
Introduction to the Software Defined Perimeter Working Group (SDP)
The Software Defined Perimeter (SDP) is a proposed security framework under development that can be deployed to protect application infrastructure from network-based attacks. The SDP will incorporate security standards from organizations such as NIST and OASIS as well as security concepts from organizations such as the U.S. Department of Defense into an integrated framework. Cloud Security Alliance (CSA) will make this research freely available for use without license fees or restrictions.
The Software Defined Perimeter brings together standard security capabilities such as PKI, TLS, SAML, XML, as well as, concepts such as federation, device attestation and geo-location to enable connectivity from any device to any infrastructure. Connectivity in a Software Defined Perimeter is based on a need-to-know model in which device posture and identity is verified before access to application infrastructure is granted. Application infrastructure is effectively black with no visible DNS information or IP addresses, enabling the mitigation of many common attacks.
We look forward to participation from the Cloud Security Alliance community to further define and complete the Software Defined Perimeter.
Software Defined Perimeter Working Group Leadership
Bob Flores, former CTO of the Central Intelligence Agency
Junaid Islam, CTO, Vidder
Join the Software Defined Perimeter Working Group
- Join the Software Defined Perimeter Working Group email announcement list.
- Access the Software Defined Perimeter Working Group Basecamp site.
Software Defined Perimeter Working Group Calendar | Events are PST
Download Software Defined Perimeter Working Group Related Documents
This document explains the software defined perimeter (SDP) security framework and how it can be deployed to protect application infrastructure from network-based attacks. The SDP incorporates security standards from organizations such as the National Institute of Standards and Technology (NIST) as well as security concepts from organizations such as the U.S. Department of Defense (DoD) into an integrated framework.
Release Date: December 01, 2013
Software Defined Perimeter Working Group News
December 05, 2013
New white paper outlines best practices to deploy an SDP to protect application infrastructure from network-based attacks.
November 13, 2013
A project to develop an architecture for creating highly secure and trusted end-to-end networks between any IP addressable entities, allowing for systems that are highly resilient to network attacks.
Software Defined Perimeter Press Coverage
November 13, 2013 SearchCloudApplications
November 13, 2013 Business Cloud
November 13, 2013 SearchCloudSecurity