为基础设施即服务采用软件定义周界(SDP)体系结构

Jaspreet Singh, A. Refaey, J. Koilpillai
{"title":"为基础设施即服务采用软件定义周界(SDP)体系结构","authors":"Jaspreet Singh, A. Refaey, J. Koilpillai","doi":"10.1109/CJECE.2020.3005316","DOIUrl":null,"url":null,"abstract":"The use of cloud Infrastructure as a Service (IaaS) for enterprise applications is at an all-time high and is charted to continue growing to approximately 73% by 2022. IaaS suffers from several security concerns, such as hypervisor hijacking, virtual machine (VM) hopping, and account hijacking. With such a large percentage of enterprise traffic on the cloud, a strong security framework is demanded. To secure IaaS, this article proposes a software-defined perimeter (SDP) as a solution. SDP provides a logical perimeter to restrict access to services with a layer of authentication and authorization to allow. Only authorized clients may connect to services hidden by SDP gateways. SDP is implemented and verified in an AWS cloud environment. Port scanning is used to verify SDP behavior as well. The results demonstrate the SDP’s ability to “darken” services behind a gateway. The performance of SDP against a denial-of-service (DoS) attack is demonstrated in a local environment. The test results demonstrate that SDP is indeed capable of resisting DoS attacks while allowing legitimate user traffic even under the duration of the attack. These results lead to a discussion on future research for SDP in IaaS.","PeriodicalId":55287,"journal":{"name":"Canadian Journal of Electrical and Computer Engineering-Revue Canadienne De Genie Electrique et Informatique","volume":null,"pages":null},"PeriodicalIF":1.7000,"publicationDate":"2020-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1109/CJECE.2020.3005316","citationCount":"19","resultStr":"{\"title\":\"Adoption of the Software-Defined Perimeter (SDP) Architecture for Infrastructure as a Service\",\"authors\":\"Jaspreet Singh, A. Refaey, J. Koilpillai\",\"doi\":\"10.1109/CJECE.2020.3005316\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The use of cloud Infrastructure as a Service (IaaS) for enterprise applications is at an all-time high and is charted to continue growing to approximately 73% by 2022. IaaS suffers from several security concerns, such as hypervisor hijacking, virtual machine (VM) hopping, and account hijacking. With such a large percentage of enterprise traffic on the cloud, a strong security framework is demanded. To secure IaaS, this article proposes a software-defined perimeter (SDP) as a solution. SDP provides a logical perimeter to restrict access to services with a layer of authentication and authorization to allow. Only authorized clients may connect to services hidden by SDP gateways. SDP is implemented and verified in an AWS cloud environment. Port scanning is used to verify SDP behavior as well. The results demonstrate the SDP’s ability to “darken” services behind a gateway. The performance of SDP against a denial-of-service (DoS) attack is demonstrated in a local environment. The test results demonstrate that SDP is indeed capable of resisting DoS attacks while allowing legitimate user traffic even under the duration of the attack. These results lead to a discussion on future research for SDP in IaaS.\",\"PeriodicalId\":55287,\"journal\":{\"name\":\"Canadian Journal of Electrical and Computer Engineering-Revue Canadienne De Genie Electrique et Informatique\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":1.7000,\"publicationDate\":\"2020-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://sci-hub-pdf.com/10.1109/CJECE.2020.3005316\",\"citationCount\":\"19\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Canadian Journal of Electrical and Computer Engineering-Revue Canadienne De Genie Electrique et Informatique\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CJECE.2020.3005316\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"Engineering\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Canadian Journal of Electrical and Computer Engineering-Revue Canadienne De Genie Electrique et Informatique","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CJECE.2020.3005316","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"Engineering","Score":null,"Total":0}
引用次数: 19

摘要

云基础设施即服务(IaaS)在企业应用程序中的使用正处于历史最高水平,预计到2022年将继续增长至约73%。IaaS存在几个安全问题,例如管理程序劫持、虚拟机(VM)跳转和帐户劫持。由于云上有如此大比例的企业流量,因此需要一个强大的安全框架。为了保护IaaS,本文提出了一个软件定义边界(SDP)作为解决方案。SDP提供了一个逻辑边界,通过一层身份验证和授权来限制对服务的访问。只有经过授权的客户端才能连接到SDP网关隐藏的业务。在AWS云环境中实现并验证SDP。端口扫描也用于验证SDP行为。结果证明了SDP在网关后面“暗化”服务的能力。在本地环境中演示了SDP抵御拒绝服务攻击的性能。测试结果表明,SDP确实能够抵抗DoS攻击,即使在攻击期间也允许合法用户的流量。这些结果引发了对IaaS中SDP未来研究的讨论。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Adoption of the Software-Defined Perimeter (SDP) Architecture for Infrastructure as a Service
The use of cloud Infrastructure as a Service (IaaS) for enterprise applications is at an all-time high and is charted to continue growing to approximately 73% by 2022. IaaS suffers from several security concerns, such as hypervisor hijacking, virtual machine (VM) hopping, and account hijacking. With such a large percentage of enterprise traffic on the cloud, a strong security framework is demanded. To secure IaaS, this article proposes a software-defined perimeter (SDP) as a solution. SDP provides a logical perimeter to restrict access to services with a layer of authentication and authorization to allow. Only authorized clients may connect to services hidden by SDP gateways. SDP is implemented and verified in an AWS cloud environment. Port scanning is used to verify SDP behavior as well. The results demonstrate the SDP’s ability to “darken” services behind a gateway. The performance of SDP against a denial-of-service (DoS) attack is demonstrated in a local environment. The test results demonstrate that SDP is indeed capable of resisting DoS attacks while allowing legitimate user traffic even under the duration of the attack. These results lead to a discussion on future research for SDP in IaaS.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
27
期刊介绍: The Canadian Journal of Electrical and Computer Engineering (ISSN-0840-8688), issued quarterly, has been publishing high-quality refereed scientific papers in all areas of electrical and computer engineering since 1976
期刊最新文献
Design and Construction of an Advanced Tracking Wheel for Insulator Materials Testing Implementation of Ultrahigh-Speed Decimators Noncoherent Distributed Beamforming in Decentralized Two-Way Relay Networks Fetal ECG Extraction Using Input-Mode and Output-Mode Adaptive Filters With Blind Source Separation Design Consideration to Achieve Wide-Speed-Range Operation in a Switched Reluctance Motor
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1