http://iet.metastore.ingenta.com
1887

Understanding software-defined perimeter

Understanding software-defined perimeter

For access to this article, please select a purchase option:

Buy chapter PDF
£10.00
(plus tax if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
Data Security in Cloud Computing — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

In network security, a perimeter of a network of computers and other equipment is formed as a secure barrier protecting digital assets in the network from being accessed and compromised by unauthorized users. In cloud computing, building such a perimeter is challenging due to a wider and likely unknown boundary of multiple overlay networks of cloud services, resources and devices communicating with each other. To overcome this challenge, the software-defined perimeter (SDP) proposed by the Cloud Security Alliance (CSA) can be used to build a manageable secure perimeter for cloud-connected services, resources and devices. So far, SDP has proved to be a strong defense against network attacks under simulated tests and security challenges, hackathons conducted by CSA. In this chapter, we present the SDP specification and also discuss its security features and components, including zero visibility, single packet authorization, mutual transport layer security, device validation, dynamic firewalls and application binding that are behind the successful defense of SDP and a potential solution for securing data in the cloud.

Chapter Contents:

  • Abstract
  • 7.1 Introduction
  • 7.2 Background and related work
  • 7.2.1 Firewalls
  • 7.2.2 Virtual private network
  • 7.2.3 Public key infrastructure
  • 7.2.4 Transport layer security
  • 7.2.5 Other SDP-like solutions
  • 7.2.5.1 Directory enabled networking
  • 7.2.5.2 BeyondCorp
  • 7.3 Software-defined perimeter
  • 7.3.1 Overview of the software-defined perimeter framework
  • 7.3.2 Software-defined perimeter architecture
  • 7.3.3 Software-defined perimeter configurations
  • 7.3.4 Software-defined perimeter workflow
  • 7.3.5 Software-defined perimeter protocol
  • 7.3.5.1 Single packet authentication
  • 7.3.5.2 Device validation
  • 7.3.5.3 AH-controller protocol
  • 7.3.5.4 IH-controller protocol
  • 7.3.5.5 IH-AH protocol
  • 7.4 SDP security
  • 7.5 Conclusion
  • References

Inspec keywords: cloud computing; authorisation; firewalls

Other keywords: cloud computing; CSA; single packet authorization; secure barrier; software-defined perimeter; mutual transport layer security; cloud-connected services; SDP; dynamic firewalls; cloud security alliance; network security

Subjects: Internet software; Information networks; Data security

Preview this chapter:
Zoom in
Zoomout

Understanding software-defined perimeter, Page 1 of 2

| /docserver/preview/fulltext/books/sc/pbse007e/PBSE007E_ch7-1.gif /docserver/preview/fulltext/books/sc/pbse007e/PBSE007E_ch7-2.gif

Related content

content/books/10.1049/pbse007e_ch7
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
This is a required field
Please enter a valid email address