Loading [a11y]/accessibility-menu.js
Adoption of the Software-Defined Perimeter (SDP) Architecture for Infrastructure as a Service | IEEE Journals & Magazine | IEEE Xplore

Adoption of the Software-Defined Perimeter (SDP) Architecture for Infrastructure as a Service


Abstract:

The use of cloud Infrastructure as a Service (IaaS) for enterprise applications is at an all-time high and is charted to continue growing to approximately 73% by 2022. Ia...Show More

Abstract:

The use of cloud Infrastructure as a Service (IaaS) for enterprise applications is at an all-time high and is charted to continue growing to approximately 73% by 2022. IaaS suffers from several security concerns, such as hypervisor hijacking, virtual machine (VM) hopping, and account hijacking. With such a large percentage of enterprise traffic on the cloud, a strong security framework is demanded. To secure IaaS, this article proposes a software-defined perimeter (SDP) as a solution. SDP provides a logical perimeter to restrict access to services with a layer of authentication and authorization to allow. Only authorized clients may connect to services hidden by SDP gateways. SDP is implemented and verified in an AWS cloud environment. Port scanning is used to verify SDP behavior as well. The results demonstrate the SDP’s ability to “darken” services behind a gateway. The performance of SDP against a denial-of-service (DoS) attack is demonstrated in a local environment. The test results demonstrate that SDP is indeed capable of resisting DoS attacks while allowing legitimate user traffic even under the duration of the attack. These results lead to a discussion on future research for SDP in IaaS.
Published in: Canadian Journal of Electrical and Computer Engineering ( Volume: 43, Issue: 4, Fall 2020)
Page(s): 357 - 363
Date of Publication: 26 October 2020
Print ISSN: 0840-8688

Contact IEEE to Subscribe

References

References is not available for this document.