A Formal Model of Security Controls' Capabilities and Its Applications to Policy Refinement and Incident Management

TL;DR

This paper introduces the Security Capability Model (SCM), a formal framework for representing security controls, which facilitates policy refinement, control comparison, and incident management in networked systems.

Contribution

The paper presents a novel formal model, SCM, that abstracts security control features and supports automated policy translation and security task automation.

Findings

SCM enables precise security control comparison

Supports automated policy refinement and incident response

Validated effectiveness in real-world scenarios

Abstract

Enforcing security requirements in networked information systems relies on security controls to mitigate the risks from increasingly dangerous threats. Configuring security controls is challenging; even nowadays, administrators must perform it without adequate tool support. Hence, this process is plagued by errors that translate to insecure postures, security incidents, and a lack of promptness in answering threats. This paper presents the Security Capability Model (SCM), a formal model that abstracts the features that security controls offer for enforcing security policies, which includes an Information Model that depicts the basic concepts related to rules (i.e., conditions, actions, events) and policies (i.e., conditions' evaluation, resolution strategies, default actions), and a Data Model that covers the capabilities needed to describe different types of filtering and channel protection controls. Following state-of-the-art design patterns, the model allows for generating abstract versions of the security controls' languages and a model-driven approach for translating abstract policies into device-specific configuration settings. By validating its effectiveness in real-world scenarios, we show that SCM enables the automation of different and complex security tasks, i.e., accurate and granular security control comparison, policy refinement, and incident response. Lastly, we present opportunities for extensions and integration with other frameworks and models.