ES-SDPC: A secure and trusted SDP framework

Software-Defined Perimeter (SDP) provided a logical perimeter to restrict trusted access to the service. However, because of unknown security vulnerabilities in the controller, the authentication and authorization information has been maliciously tampered with, resulting in SDP controller failure. Therefore, this paper first proposes a flexible and secure Intrinsic Security SDP Controller (ES-SDPC) architecture. The ES-SDPC architecture consists of an endogenous secure SDP controller, which is authorized by the master controller and backed up by the slave controller to avoid the delay increase of multiple control information updates. Secondly, this paper proposes an evaluation model for ES-SDPC to theoretically analyze the intrinsic security performance of the ES-SDPC architecture. Finally, this paper implements ES-SDPC in a prototype system and conducts simulations and experiments in different language groups. The evaluation results indicate that, under reasonable configuration, ES-SDPC can ensure high reliability for 1724.68 h and provide 92.4% secure connections in environments facing three malicious attacks. When facing differential mode attacks, the throughput of ES-SDPC is 18.78% higher than that of Byzantine fault-tolerant systems, and the latency overhead is 16.16% lower.