eSDP – Rings Around Things in the Cloud presented at BsidesROC 2016

by Duncan Sparrell,

Summary : This talk will describe an open source project to implement an additional security layer on https restful API’s between cloud apps. Cloud use will continue to grow, ipv6 use will grow, and https restful API’s will be the lingua franca among the cloud apps. I posit the ‘big box’ (or virtualized big box) security is not the solution and we need easily-implemented layers of security at the cloud app itself. The Cloud Security Alliance (CSA) defines five principles to create a Software Defined Perimeter (SDP): – Single Packet Authorization (SPA) – Mutual Transport Layer Security (mTLS) – Device Validation – Dynamic Pinhole Firewalls – Application Binding The CSA process hasn’t been as transparent as I would have liked, so I decided to code and open-source a specific SDP implementation for a server-server ipv6 https restful api between cowboy webservers in the cloud. The project is called eSDP since it is coded in erlang. This talk will cover the problem trying to be solved and review the proposed solution including links to the open source software under development. It will also include info on the CSA activities, including their $10K prize for hacking into their implementation.