Building a Software Defined Perimeter (SDP) for Network Introspection

In this paper, we introduce a novel enhanced Software Defined Perimeter (SDP) architecture that provides defense-in-depth security controls across any network. SDP is a network paradigm that extends traditional perimeter security controls to protect services and systems that exist beyond the physica...

Full description

Saved in:
Bibliographic Details
Published in2021 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN) pp. 91 - 95
Main Authors Lefebvre, Michael, Nair, Suku, Engels, Daniel W., Horne, Dwight
Format Conference Proceeding
LanguageEnglish
Published IEEE 09.11.2021
Subjects
Architecture
Authentication
Computer architecture
Internet
Logic gates
Network Function Virtualization (NFV)
Real-time systems
Software
Software Defined Networking (SDN)
Software Defined Perimeter (SDP)
Virtual Network Function (VNF)
Zero Trust Architecture (ZTA)
Online AccessGet full text

Cover

More Information
Summary:In this paper, we introduce a novel enhanced Software Defined Perimeter (SDP) architecture that provides defense-in-depth security controls across any network. SDP is a network paradigm that extends traditional perimeter security controls to protect services and systems that exist beyond the physical perimeter of a network. Primarily through authentication, standard SDP enhances security by effectively hiding systems and services on the public Internet from unauthorized packets. Our SDP architecture extends the SDP Specification by enhancing control channel messages to the SDP Controller. Through experiments in AWS, we show that by streaming real-time telemetry about the SDP data channel to the Controller, it can enable defense-in-depth functionality without significant impact to end-user bandwidth.
DOI:10.1109/NFV-SDN53031.2021.9665152