Research On Security Applications Of Software-Defined Boundaries

In recent years,network security issues have become increasingly severe.The emergence of new technologies and architectures such as cloud computing,software-defined networking,and network function virtualization have brought new thinking to the solution of network security issues.At the same time,the rapid development of applications has brought about security issues that people are increasingly concerned about,such as authentication,access control,data privacy,and data integrity.As a new concept of network security,Software Defined Perimeter is proposed.Its whole central idea is identity based access control to deal with the problems of rough control and poor effectiveness brought by boundary fuzziness,which makes the application infrastructure invisible to unauthorized user security and resists many attacks,so as to achieve the purpose of protecting data security.This article will combine the hidden dangers of current network security and conduct research with Software Defined Perimeter,comprehensively compare the advantages of Software Defined Perimeter model structures,analyze some of the network security risks that Software Defined Perimeter can eliminate,and design relevant protocols to achieve their system architecture,and proposes application scenarios of Software Defined Perimeter.The main research contents of this article are as follows:1.This paper analyzes and discusses the challenges faced by the current network security,summarizes the current common network attack methods,compares the advantages and disadvantages of the current network defense mechanism,and collects the knowledge related to the learning Software Defined Perimeter as well as the knowledge and algorithm related to cryptography.2.To solve the problem of network security,this paper proposes a new concept,which is used to authenticate and authorize devices and users,two-way encrypted communication and dynamic configuration services.For unauthorized users,the idea of zero trust makes the protected services invisible to achieve the purpose of security protection.At the same time,for the traditional access model that connects first and then authenticates,a Single Packet Authorization method is proposed to implement identity verification before connection to prevent attackers from attacking the vulnerability through system scanning.3.In this paper,through research and analysis,a new structure of Single Packet Authorization is designed,which effectively enhances the security of the data packet,and the single-packet authorization method is applied to the Software Defined Perimeter to pre-authenticate and pre-authorize the components.And through the research and analysis of the concept of Software Defined Perimeter,a two-step authentication method is proposed to implement identity based access control,the relevant protocols of each component of the Software Defined Perimeter are designed,the client gateway model is implemented,and according to its model characteristics used in different scenarios.At the same time,two kinds of attacks are simulated by virtual test platform to test the security of the designed Software Defined Perimeter framework.The results show that the designed framework model effectively resists some attacks.