#Security Policy Transition Framework

Software-defined networking (SDN) controllers are quickly maturing to offer greater abstractions and more intuitive programming for network operators seeking to develop their own network applications. Likewise, security-based research within the SDN community is a growing field with SDN security solutions becoming an ever growing commodity. Yet, while these solutions often detect and block clients who violate network policies, they frequently fail to consider how policy enforcements will be revoked or updated once the flagged client addresses the violation for which they were flagged. As a result, no clear path exists for a client's re-instantiation to the network beyond having the network operator manually remove the policy enforcement or reset the SDN controller. For the network operator, such requirements are tedious and error-prone. Additionally, these efforts cost valuable time that could be better utilized for more complex network tasks. Hence, this chapter discusses a security policy transition framework for reducing wait times and automating the revocation of policy enforcements in SDN environments for clients who are approved to rejoin the network.

For notes on setup, see the Wiki!

See how this transition framework is being used for Rogue Access Point (RAP) Security.

Learn more about Ryuretic.