The Software Defined Perimeter (SDP) research group of Cloud Security Alliance (CSA) is a collaboration among more than 100 U.S. government organizations and companies, including Coca-Cola, Verizon Communications Inc., Mazda Motor Corp., and Vidder, to develop specifications for the new perimeter security.
The SDP specifications use a framework of security controls that mitigates network-based attacks on Internet-accessible applications by eliminating connectivity to them until devices and users are authenticated and authorized, creating dynamically provisioned perimeters for clouds, demilitarized zones, and data center infrastructures.
The SDP has been designed to be highly complementary to Software Defined Networks (SDN), the popular network layer construct which decouples routing and architectural decisions from the underlying equipment to create virtual networks.
SDP traverses several OSI layers to tie applications and users with trusted networks, using vetted security models.
In this Hackathon, an SDP was used to protect a high value file server against credential theft.
Former CIA's CTO, Bob Flores, provided his name and password to a file server, with instructions to claim the $10,000 prize. At the conclusion of this Hackathon, the SDP remained undefeated—validating the architecture's success in defending against credential theft.