Software-Defined Perimeter (SDP): State of the Art Secure Solution for Modern Networks

摘要

The boom in the evolution and adoption of new technologies, architectures, and paradigms such as cloud computing, SDN, and NFV in recent years has led to a new set of security and privacy challenges and concerns. These challenges/ concerns include proper authentication, access control, data privacy, and data integrity, among others. SDP has been proposed as a security model/framework to protect modern networks in a dynamic manner. This framework follows a need-to-know model where a device's identity is first verified and authenticated before gaining access to the application infrastructure. In this article, a brief discussion of the security and privacy challenges/concerns facing modern cloud-based networks is presented along with some of the related work from the literature. The SDP concept, architecture, possible implementations, and challenges are described. An SDP-based framework adopting a client-gateway architecture is proposed with its performance being evaluated using a virtualized network testbed for an internal enterprise scenario as a use case. To the best of our knowledge, no previous work has provided a quantitative performance evaluation of such a framework. Performance evaluation results show that the SDP-secured network is resilient to denial of service attacks and port scanning attacks despite needing longer initial connection setup time. The achieved results confirm the promising potential of SDP as a security model/framework that can dynamically protect current and future networks.