Enabling modular application development for management and security in software-defined networks
Cox, Jacob Hascal
MetadataShow full item record
This dissertation leverages the capabilities of software-defined networking (SDN) and network functions virtualization (NFV) to enhance network security and management. By first exploring SDN-based security solutions and then systematically building an SDN-based programming framework and a security policy transition framework, this research makes possible a security/management system for SDNs that is also capable of reducing network operator workloads. With this work’s programming framework, Ryuretic, network operators are offered more intuitive abstractions for creating their own network applications using fewer lines of code. Additionally, network operator configuration requirements are reduced by the incorporation of an automated security policy transition framework, enabled through NFV, which automatically updates or revokes policy enforcements–subsequently helping to reduce human errors on the network. Together, these features allow network operators to create complete security/management solutions that incorporate both passive and active network testing methods into an automated system for managing the state transitions of policy enforcements on software-defined networks.