Enforcing security requirements in networked information systems relies on security controls to mitigate the risks from increasingly dangerous threats. Configuring security controls is challenging; even nowadays, administrators must perform it without adequate tool support. Hence, this process is plagued by errors that translate to insecure postures, security incidents, and a lack of promptness in answering threats. This paper presents the Security Capability Model (SCM), a formal model that abstracts the features that security controls offer for enforcing security policies, which includes an Information Model that depicts the basic concepts related to rules (i.e., conditions, actions, events) and policies (i.e., conditions' evaluation, resolution strategies, default actions), and a Data Model that covers the capabilities needed to describe different types of filtering and channel protection controls. Following state-of-the-art design patterns, the model allows for generating abstract versions of the security controls' languages and a model-driven approach for translating abstract policies into device-specific configuration settings. By validating its effectiveness in real-world scenarios, we show that SCM enables the automation of different and complex security tasks, i.e., accurate and granular security control comparison, policy refinement, and incident response. Lastly, we present opportunities for extensions and integration with other frameworks and models.

翻译：在联网信息系统中执行安全需求依赖于安全控制措施来缓解日益危险的威胁所带来的风险。配置安全控制极具挑战性；即使在当今，管理员仍必须在缺乏充分工具支持的情况下完成此任务。因此，这一过程常因错误导致安全态势不佳、安全事件频发，以及对威胁响应不够及时等问题。本文提出了安全能力模型（SCM），这是一个形式化模型，抽象了安全控制在实施安全策略时提供的特性，包括描述规则（即条件、动作、事件）和策略（即条件评估、解决策略、默认操作）基本概念的信息模型，以及涵盖描述不同类型过滤和通道保护控制所需能力的数据模型。遵循最先进的设计模式，该模型能生成安全控制语言的抽象版本，并支持通过模型驱动方法将抽象策略转化为设备特定的配置设置。通过在真实场景中验证其有效性，我们证明SCM能够实现不同复杂安全任务的自动化，即精确且细粒度的安全控制比较、策略优化以及事件响应。最后，我们探讨了该模型与其他框架和模型的扩展与集成机会。