A Formal Model of Security Controls' Capabilities and Its Applications to Policy Refinement and Incident Management
Cataldo Basile, Gabriele Gatti, Francesco Settanni
TL;DR
This paper introduces the Security Capability Model (SCM), a formal framework that abstracts security controls into capabilities using an Information Model and a Data Model to enable vendor-agnostic policy management. Through a model-driven translation approach and a central NSFCatalogue, SCM supports policy refinement and incident-response automation by translating abstract policies into device-specific configurations across diverse controls. Validation across three real-world-inspired scenarios demonstrates SCM's ability to reduce vendor lock-in, automate policy refinement, and orchestrate remediation playbooks. The work implies significant practical impact for automated, accurate, and scalable security policy enforcement in heterogeneous, evolving networks, with avenues for integration with existing standards and frameworks.
Abstract
Enforcing security requirements in networked information systems relies on security controls to mitigate the risks from increasingly dangerous threats. Configuring security controls is challenging; even nowadays, administrators must perform it without adequate tool support. Hence, this process is plagued by errors that translate to insecure postures, security incidents, and a lack of promptness in answering threats. This paper presents the Security Capability Model (SCM), a formal model that abstracts the features that security controls offer for enforcing security policies, which includes an Information Model that depicts the basic concepts related to rules (i.e., conditions, actions, events) and policies (i.e., conditions' evaluation, resolution strategies, default actions), and a Data Model that covers the capabilities needed to describe different types of filtering and channel protection controls. Following state-of-the-art design patterns, the model allows for generating abstract versions of the security controls' languages and a model-driven approach for translating abstract policies into device-specific configuration settings. By validating its effectiveness in real-world scenarios, we show that SCM enables the automation of different and complex security tasks, i.e., accurate and granular security control comparison, policy refinement, and incident response. Lastly, we present opportunities for extensions and integration with other frameworks and models.