Building a Software Defined Perimeter (SDP) for Network Introspection

Building a Software Defined Perimeter (SDP) for Network Introspection

연구 분야: Networking

학회: 2021 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)

In this paper, we introduce a novel enhanced Software Defined Perimeter (SDP) architecture that provides defense-in-depth security controls across any network. SDP is a network paradigm that extends traditional perimeter security controls to protect services and systems that exist beyond the physical perimeter of a network. Primarily through authentication, standard SDP enhances security by effectively hiding systems and services on the public Internet from unauthorized packets. Our SDP architecture extends the SDP Specification by enhancing control channel messages to the SDP Controller. Through experiments in AWS, we show that by streaming real-time telemetry about the SDP data channel to the Controller, it can enable defense-in-depth functionality without significant impact to end-user bandwidth.