Adoption of the Software-Defined Perimeter (SDP) Architecture for Infrastructure as a Service

The use of cloud Infrastructure as a Service (IaaS) for enterprise applications is at an all-time high and is charted to continue growing to approximately 73% by 2022. IaaS suffers from several security concerns, such as hypervisor hijacking, virtual machine (VM) hopping, and account hijacking. With such a large percentage of enterprise traffic on the cloud, a strong security framework is demanded. To secure IaaS, this article proposes a software-defined perimeter (SDP) as a solution. SDP provides a logical perimeter to restrict access to services with a layer of authentication and authorization to allow. Only authorized clients may connect to services hidden by SDP gateways. SDP is implemented and verified in an AWS cloud environment. Port scanning is used to verify SDP behavior as well. The results demonstrate the SDP’s ability to “darken” services behind a gateway. The performance of SDP against a denial-of-service (DoS) attack is demonstrated in a local environment. The test results demonstrate that SDP is indeed capable of resisting DoS attacks while allowing legitimate user traffic even under the duration of the attack. These results lead to a discussion on future research for SDP in IaaS.

[1]  Scott Rose,et al.  Zero Trust Architecture , 2019 .

[2]  Lin Chen,et al.  Research of Security as a Service for VMs in IaaS Platform , 2018, IEEE Access.

[3]  Abdallah Shami,et al.  On the Security of SDN: A Completed Secure and Scalable Framework Using the Software-Defined Perimeter , 2019, IEEE Access.

[4]  Abdallah Shami,et al.  Software-Defined Perimeter (SDP): State of the Art Secure Solution for Modern Networks , 2019, IEEE Network.

[5]  Abdallah Shami,et al.  Multilevel Security Framework for NFV Based on Software Defined Perimeter , 2020, IEEE Network.

[6]  Joseph Idziorek,et al.  Exploiting Cloud Utility Models for Profit and Ruin , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[7]  Kim-Kwang Raymond Choo,et al.  Cloud Manufacturing: Security, Privacy, and Forensic Concerns , 2016, IEEE Cloud Computing.

[8]  Abdallah Shami,et al.  On IoT applications: a proposed SDP framework for MQTT , 2019 .

[9]  Xianbin Wang,et al.  A Sidechain-Based Decentralized Authentication Scheme via Optimized Two-Way Peg Protocol for Smart Community , 2020, IEEE Open Journal of the Communications Society.

[10]  Zahir Tari,et al.  Security and Privacy in Cloud Computing , 2014, IEEE Cloud Computing.

[11]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[12]  Piyush Maheshwari,et al.  Building smart cities applications using IoT and cloud-based architectures , 2016, 2016 International Conference on Industrial Informatics and Computer Systems (CIICS).

[13]  N. A. Vasanthi,et al.  Survey on various data integrity attacks in cloud environment and the solutions , 2013, 2013 International Conference on Circuits, Power and Computing Technologies (ICCPCT).

[14]  Douglas J. Leith,et al.  An Efficient Web Traffic Defence Against Timing-Analysis Attacks , 2019, IEEE Transactions on Information Forensics and Security.

[15]  Edgar R. Weippl,et al.  Network-Based Secret Communication in Clouds: A Survey , 2017, IEEE Communications Surveys & Tutorials.