The Cloud Security Alliance (CSA), a not-for-profit organization which promotes the use of best practices for providing security assurance within cloud computing, today announced it will hold its third Hackathon at the RSA Conference 2015 in San Francisco, to continue to test the CSA Software Defined Perimeter Specification V.1. A top prize of $10,000 is available to the first participant to gain access to a password provided account.
The CSA’s Software Defined Perimeter (SDP) research project represents a breakthrough approach to security, and is a collaboration among more than 100 companies and U.S. government organizations. Companies such as Coca-Cola, Verizon Communications Inc., Mazda Motor Corp. and other members of the CSA are contributing to a new standard for perimeter security. This approach is necessary because traditional enterprise security is being compromised by insecure by mobile devices, cloud services and outsourcing. In the previous two Hackathons, conducted last year, no one was able to circumvent even the first of the five SDP security controls layers (single packet authorization protocol), despite more than 5 billion packets being fired at the SDP.
Recent high-profile attacks, such as those at Sony and eBay, have leveraged stolen credentials to compromise systems and cause significant damage. The third SDP Hackathon will focus on credential theft, and aims to validate the device authentication capabilities of SDP to stop password-based attacks. In this month’s challenge, Hackathon participants will be provided the name and password to an account, which includes instructions to claim a $10,000 award. The name and password will be announced at the conclusion of the CSA Summit on Monday, April 20, at noon Pacific Daylight Time. Hackathon participants must bypass SDP’s device authentication capabilities to gain access to the server with the account.
“The SDP specification continues to gain credibility and momentum among our Enterprise User Group,” said Bob Flores, former CTO of the CIA, managing partner at Cognitio Corp., and co-Chair of the CSA SDP Working Group. “In this Hackathon, I’ll be providing my name and password to a file server with instructions to claim $10,000. I have high confidence in the SDP to protect against one of the most devastating kinds of attacks we are seeing today.”
“Stolen credentials and unauthorized access should no longer be synonymous,” said Junaid Islam, CTO of Vidder, Inc., and co-chair of the SDP Working Group. “We have seen that paradigm fail enterprises time and again. At the end of this Hackathon, we intend to demonstrate that organizations can and should be applying a different approach to authorization, leveraging device authentication, to reduce the ability for these types of attacks to be effective.”
The SDP specification uses a framework of security controls that mitigates network-based attacks on Internet-accessible applications by eliminating connectivity to them until devices and users are authenticated and authorized, creating dynamically provisioned perimeters for clouds, demilitarized zones, and data center infrastructures. The SDP has been designed to be highly complementary to Software Defined Networks (SDN), the popular network layer construct which decouples routing and architectural decisions from the underlying equipment to create virtual networks. SDP traverses several OSI layers to tie applications and users with trusted networks, using vetted security models.
To register for the Hackathon visit http://www.hacksdp.com/.
Full contest rules and registration are available at https://cloudsecurityalliance.org/research/sdp/.
The CSA will be hosting demonstrations of the SDP at its booth, #2621 (South Hall), at noon PDT each day of the RSA Conference (Apr 21-23) in San Francisco.