This talk will describe an open source project to implement an additional security layer on https restful API’s between cloud apps. Cloud use will continue to grow, ipv6 use will grow, and https restful API’s will be the lingua franca among the cloud apps. I posit the ‘big box’ (or virtualized big box) security is not the solution and we need easily-implemented layers of security at the cloud app itself. The Cloud Security Alliance (CSA) defines five principles to create a Software Defined Perimeter (SDP): – Single Packet Authorization (SPA) – Mutual Transport Layer Security (mTLS) – Device Validation – Dynamic Pinhole Firewalls – Application Binding The CSA process hasn’t been as transparent as I would have liked, so I decided to code and open-source a specific SDP implementation for a server-server ipv6 https restful api between cowboy webservers in the cloud. The project is called eSDP since it is coded in erlang. This talk will cover the problem trying to be solved and review the proposed solution including links to the open source software under development. It will also include info on the CSA activities, including their $10K prize for hacking into their implementation.
Duncan Sparrell (@dsparrell) is a seasoned (aka old) network security evangelist with 38 years of expertise in conceiving, developing and delivering state-of-the art software platforms. Duncan graduated from RPI with Bachelor and Master Degrees in Electrical Engineering back when computers were the size of buildings and programmed with punch cards. He joined AT&T Bell Labs before most of the attendees were born and is now enjoying retirement and having time to get funny letters after his name (CSSIP, CSSLP, CCSK, PE) and to go to cons. Duncan has been doing cybersecurity since the first Gulf War where he worked red team projects that helped him recognize how far behind the blue team was. Working as the lead architect in Chief Security Office, Duncan architected many of AT&T’s network security technologies and programs. In 1994, the US Government awarded Duncan the Intelligence Seal Medallion and in 2010 AT&T awarded him the AT&T Science and Technology Medal. He resides in Virginia but summers on Lake Canandaigua. His passions include his family, genealogy, NoVa Hackers, cloud security, agile, secure software development, and the erlang programming language.