ES-SDPC: A secure and trusted SDP framework

Software-Defined Perimeter (SDP) provided a logical perimeter to restrict trusted access to the service. However, because of unknown security vulnerabilities in the controller, the authentication and authorization information has been maliciously tampered with, resulting in SDP controller failure. T...

Full description

Saved in:
Bibliographic Details
Published in:Computer networks (Amsterdam, Netherlands : 1999) Netherlands : 1999), 2025-02, Vol.258, p.111038, Article 111038
Main Authors: Zhang, Zheng, Ren, Quan, Lu, Jie, Hu, Yuxiang, Chen, Hongchang
Format: Article
Language:English
Subjects:
Endogenous security
Security metrics
Semi-Markov Chain
Software-defined networking
Software-Defined Perimeter
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Software-Defined Perimeter (SDP) provided a logical perimeter to restrict trusted access to the service. However, because of unknown security vulnerabilities in the controller, the authentication and authorization information has been maliciously tampered with, resulting in SDP controller failure. Therefore, this paper first proposes a flexible and secure Intrinsic Security SDP Controller (ES-SDPC) architecture. The ES-SDPC architecture consists of an endogenous secure SDP controller, which is authorized by the master controller and backed up by the slave controller to avoid the delay increase of multiple control information updates. Secondly, this paper proposes an evaluation model for ES-SDPC to theoretically analyze the intrinsic security performance of the ES-SDPC architecture. Finally, this paper implements ES-SDPC in a prototype system and conducts simulations and experiments in different language groups. The evaluation results indicate that, under reasonable configuration, ES-SDPC can ensure high reliability for 1724.68 h and provide 92.4% secure connections in environments facing three malicious attacks. When facing differential mode attacks, the throughput of ES-SDPC is 18.78% higher than that of Byzantine fault-tolerant systems, and the latency overhead is 16.16% lower. •A secure and trusted architecture for SDP.•A quantitative security evaluation model for SDP controller.•Performance and robustness are significantly better than existing solutions.
ISSN:1389-1286
DOI:10.1016/j.comnet.2025.111038