HackSDP.com: Hacking contest for Software Defined Perimeter Starts February 24, 2014
The workshop will provide a detailed demo and explanation of SDP, and will kick off a ‘hackathon’ contest, which will last until 3pm PST on February 27, challenging attendees to hack the SDP protocol, modeled after military-grade networks.
The SDP Hackathon gives participants the IP addresses of the target file server as well as the SDP components protecting them. This in effect will simulate an ‘insider attack’ – one of the most difficult to prevent – on both private cloud and public cloud infrastructure. Participants will also have access to a reference SDP system to learn how the system works to plan their attack.
The first participant to successfully capture the target information on the protected server will receive an expenses paid trip to DEF CON ® 22, held in Las Vegas August 7-10, 2014.
Monday, February 24th, 2:00pm – 3:00pm
Moscone West, Room 2008
The SDP workshop will provide participants a hands-on overview of the SDP protocol as well as detailed view of the SDP Hackathon. Workshop participants will be provided with an introductory overview of server blackening and ephemeral access techniques incorporated into the Software Defined Perimeter concept.
If you wish to attend this free workshop, please contact us at [email protected].
Introduction to the Software Defined Perimeter Working Group (SDP)
The Software Defined Perimeter (SDP) is a proposed security framework under development that can be deployed to protect application infrastructure from network-based attacks. The SDP will incorporate security standards from organizations such as NIST and OASIS as well as security concepts from organizations such as the U.S. Department of Defense into an integrated framework. Cloud Security Alliance (CSA) will make this research freely available for use without license fees or restrictions.
The Software Defined Perimeter brings together standard security capabilities such as PKI, TLS, SAML, XML, as well as, concepts such as federation, device attestation and geo-location to enable connectivity from any device to any infrastructure. Connectivity in a Software Defined Perimeter is based on a need-to-know model in which device posture and identity is verified before access to application infrastructure is granted. Application infrastructure is effectively black with no visible DNS information or IP addresses, enabling the mitigation of many common attacks.
We look forward to participation from the Cloud Security Alliance community to further define and complete the Software Defined Perimeter.
Software Defined Perimeter Working Group Leadership
Bob Flores, former CTO of the Central Intelligence Agency
Junaid Islam, CTO, Vidder
Join the Software Defined Perimeter Working Group
- Join the Software Defined Perimeter Working Group email announcement list.
- Access the Software Defined Perimeter Working Group Basecamp site.
Software Defined Perimeter Working Group Calendar | Events are PST
Download Software Defined Perimeter Working Group Related Documents
This document outlines a Cloud Security Alliance (CSA) initiated protocol for the Software Defined Perimeter specification, and requests discussion and suggestions for improvements.
Release Date: April 30, 2014
The CSA SDP Hackathon challenged hackers to attack a server defended by a software defined perimeter. Of the billions of packets fired at the server, not one attacker penetrated even the first layer of security. The whitepaper outlines how this is possible.
Release Date: April 17, 2014
This document explains the software defined perimeter (SDP) security framework and how it can be deployed to protect application infrastructure from network-based attacks. The SDP incorporates security standards from organizations such as the National Institute of Standards and Technology (NIST) as well as security concepts from organizations such as the U.S. Department of Defense (DoD) into an integrated framework.
Release Date: December 01, 2013
Software Defined Perimeter Working Group News
April 07, 2015
Cloud Security Alliance to Host Third Software Defined Perimeter (SDP) Hackathon– Top Prize of $10,000 Available
The first Hackathon participant to gain access to Bob’s account gets $10,000! Full contest rules and registration will be available April 20th 12:00pm PDT.
August 27, 2014
Hackathon On! Cloud Security Alliance Challenges Hackers to Break its Software Defined Perimeter (SDP) at CSA Congress 2014
Successful breach of SDP Protected Public Cloud will earn a prize of $10,000!
May 01, 2014
The SDP Version 1.0 Implementation Specification and SDP Hackathon Results Report provide important updates on the SDP security framework and are now available for download.
December 05, 2013
New white paper outlines best practices to deploy an SDP to protect application infrastructure from network-based attacks.
November 13, 2013
A project to develop an architecture for creating highly secure and trusted end-to-end networks between any IP addressable entities, allowing for systems that are highly resilient to network attacks.
Software Defined Perimeter Press Coverage
November 13, 2013 SearchCloudApplications
November 13, 2013 Business Cloud
November 13, 2013 SearchCloudSecurity