PORTO @ Archivio Istituzionale della Ricerca

This paper presents the Capability Model - Channel Protection (CM-CP), a formal model to abstract the security capabilities of channel protection implementations. Using a Model-Driven Engineering approach, this model forms the basis of a generic policy translator, which converts secure communication policies, written in a vendor-agnostic language, into low-level configurations for specific implementations (known as Security Controls or Network Security Functions). As a result, network administrators can conceive these policies without acknowledging the underlying technologies, thus reducing the potential for errors arising from human intervention. The effectiveness of this work was validated with three state-of-the-art open-source Security Controls: XFRM, StrongSwan, and OpenVPN. As a result, the model's expressiveness and capacity to address concrete requirements for secure channel scenarios are verified.

A Formal Model of Security Capabilities towards Vendor-Agnostic Channel Protection / Colaiacomo, Davide; Basile, Cataldo. - ELETTRONICO. - (2025), pp. 36-44. ( 2025 IEEE 25th International Conference on Communication Technology Shenyang (CHN) 16-18 October 2025) [10.1109/ICCT67417.2025.11373984].

A Formal Model of Security Capabilities towards Vendor-Agnostic Channel Protection

Colaiacomo, Davide;Basile, Cataldo
2025

Abstract

This paper presents the Capability Model - Channel Protection (CM-CP), a formal model to abstract the security capabilities of channel protection implementations. Using a Model-Driven Engineering approach, this model forms the basis of a generic policy translator, which converts secure communication policies, written in a vendor-agnostic language, into low-level configurations for specific implementations (known as Security Controls or Network Security Functions). As a result, network administrators can conceive these policies without acknowledging the underlying technologies, thus reducing the potential for errors arising from human intervention. The effectiveness of this work was validated with three state-of-the-art open-source Security Controls: XFRM, StrongSwan, and OpenVPN. As a result, the model's expressiveness and capacity to address concrete requirements for secure channel scenarios are verified.
2025
979-8-3315-8578-5
4.1 Contributo in Atti di convegno
File in questo prodotto:
File Dimensione Formato  
CT3236.pdf

accesso aperto

Tipologia: 2. Post-print / Author's Accepted Manuscript
Licenza: Pubblico - Tutti i diritti riservati
Dimensione 186.72 kB
Formato Adobe PDF
Visualizza/Apri
186.72 kB Adobe PDF Visualizza/Apri
A_Formal_Model_of_Security_Capabilities_Towards_Vendor-Agnostic_Channel_Protection.pdf

accesso riservato

Tipologia: 2a Post-print versione editoriale / Version of Record
Licenza: Non Pubblico - Accesso privato/ristretto
Dimensione 363.56 kB
Formato Adobe PDF
  Visualizza/Apri   Richiedi una copia
363.56 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/3003247