Performance Analysis of SDP For Secure Internal Enterprises

Security has become of paramount importance in recent times, especially due to the advent of cloud computing and Internet of Things. With so many devices in the mix, users have the choice of working from anywhere they want. But it also raises the possibility of being able to multiply the impact of any attack by using all devices at hand. Another important aspect to consider is the prevention of access to sensitive data by unauthorized users using authorized machines. Software Defined Perimeter (SDP) provides one such solution. It aims to only allow traffic from authorized users and machines to a hidden resource. This paper discusses the SDP concept and analyzes its performance in the event of a Distributed Denial of Service (DDoS) attack under two different environments - one virtual and one real-world. The results indicate that SDP provides a resilient method for protection again DDoS attacks. While it requires slightly more time for connection setup, it is offset by its exceptional performance even under duress.

[1]  Nithun Chand O,et al.  A survey on resource inflated Denial of Service attack defense mechanisms , 2016, 2016 Online International Conference on Green Engineering and Technologies (IC-GET).

[2]  Dave Evans,et al.  How the Next Evolution of the Internet Is Changing Everything , 2011 .

[3]  Abdelkader H. Ouda,et al.  A resource scheduling model for cloud computing data centers , 2013, 2013 9th International Wireless Communications and Mobile Computing Conference (IWCMC).

[4]  Abdallah Shami,et al.  Software-Defined Perimeter (SDP): State of the Art Secure Solution for Modern Networks , 2019, IEEE Network.

[5]  Syh-Yuan Tan Comment on “Secure Data Access Control With Ciphertext Update and Computation Outsourcing in Fog Computing for Internet of Things” , 2018, IEEE Access.

[6]  Jelena Mirkovic,et al.  Combining Speak-Up with DefCOM for Improved DDoS Defense , 2008, 2008 IEEE International Conference on Communications.

[7]  Jelena Mirkovic,et al.  A Framework for a Collaborative DDoS Defense , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[8]  Christopher J. Novak,et al.  2009 Data Breach Investigations Report , 2009 .

[9]  Wenhao Wang,et al.  A Replay-Attack Resistant Authentication Scheme for the Internet of Things , 2017, 22017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC).

[10]  Yixian Yang,et al.  Secure Data Access Control With Ciphertext Update and Computation Outsourcing in Fog Computing for Internet of Things , 2017, IEEE Access.

[11]  Michael Walfish,et al.  DDoS defense by offense , 2006, SIGCOMM 2006.

[12]  Abdallah Shami,et al.  A map of the clouds: Virtual network mapping in cloud computing data centers , 2014, 2014 IEEE 27th Canadian Conference on Electrical and Computer Engineering (CCECE).

[13]  C. Carreras,et al.  Detecting masquerading attack in software and in hardware , 2006, MELECON 2006 - 2006 IEEE Mediterranean Electrotechnical Conference.

[14]  Abhilash Sonker,et al.  Internet Protocol Identification Number Based Ideal Stealth Port Scan Detection Using Snort , 2016, 2016 8th International Conference on Computational Intelligence and Communication Networks (CICN).

[15]  Abdelkader H. Ouda,et al.  Resource allocation in a network-based cloud computing environment: design challenges , 2013, IEEE Communications Magazine.