Archivio Istituzionale della RicercaThis paper presents the Capability Model - Channel Protection (CM-CP), a formal model to abstract the security capabilities of channel protection implementations. Using a Model-Driven Engineering approach, this model forms the basis of a generic policy translator, which converts secure communication policies, written in a vendor-agnostic language, into low-level configurations for specific implementations (known as Security Controls or Network Security Functions). As a result, network administrators can conceive these policies without acknowledging the underlying technologies, thus reducing the potential for errors arising from human intervention. The effectiveness of this work was validated with three state-of-the-art open-source Security Controls: XFRM, StrongSwan, and OpenVPN. As a result, the model's expressiveness and capacity to address concrete requirements for secure channel scenarios are verified.
A Formal Model of Security Capabilities towards Vendor-Agnostic Channel Protection / Colaiacomo, Davide; Basile, Cataldo. - ELETTRONICO. - (In corso di stampa). (Intervento presentato al convegno 2025 IEEE 25th International Conference on Communication Technology tenutosi a Shenyang (CHN) nel 16-18 October 2025).
A Formal Model of Security Capabilities towards Vendor-Agnostic Channel Protection
Colaiacomo, Davide;Basile, Cataldo
In corso di stampa
Abstract
This paper presents the Capability Model - Channel Protection (CM-CP), a formal model to abstract the security capabilities of channel protection implementations. Using a Model-Driven Engineering approach, this model forms the basis of a generic policy translator, which converts secure communication policies, written in a vendor-agnostic language, into low-level configurations for specific implementations (known as Security Controls or Network Security Functions). As a result, network administrators can conceive these policies without acknowledging the underlying technologies, thus reducing the potential for errors arising from human intervention. The effectiveness of this work was validated with three state-of-the-art open-source Security Controls: XFRM, StrongSwan, and OpenVPN. As a result, the model's expressiveness and capacity to address concrete requirements for secure channel scenarios are verified.
| File | Dimensione | Formato | |
|---|---|---|---|
|
CT3236.pdf
accesso aperto
Tipologia:
2. Post-print / Author's Accepted Manuscript
Licenza:
Pubblico - Tutti i diritti riservati
Dimensione
186.72 kB
Formato
Adobe PDF
|
186.72 kB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/3003247