Open Command and Control (OpenC2) was designed to facilitate the orchestration of heterogeneous cyber-defense technologies through a vendor-agnostic language. However, while the standard integrates secure transfer protocols, it lacks a common prescriptive mechanism for (IAM). This choice leaves a significant architectural gap, jeopardizing the applicability of Managed Security Service (MSS), where cross-domain delegation is a critical issue. This paper addresses this gap by proposing a robust (IAM) framework based on the OAuth2 mechanism. Our work addresses the ‘impedance mismatch’ between the browser-centric approach of OAuth2 and automated, non-interactive OpenC2 controllers. To this end, we introduce a novel Headless User Agent component that manages user credentials without requiring human interaction via a browser or other tools. Additionally, we integrate fine-grained access control for the execution of OpenC2 commands, which implements the basic security principle of least privileges. The overall solution is implemented as a modular extension of the otupy OpenC2 library, and supports both HTTP and MQTT transfer bindings. Experimental validation demonstrates the functional correctness of the identity management and access control layers. At the same time, performance analysis quantifies the overhead introduced by per-request token introspection at approximately 14.5 ms, confirming the approach’s viability for real-time operational environments.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Homogeneous Control of Security Functions via Cross-Domain Delegation

  • Nicola Poidomani,
  • Daniele Canavese,
  • Daniele Bringhenti,
  • Fulvio Valenza,
  • Matteo Repetto

摘要

Open Command and Control (OpenC2) was designed to facilitate the orchestration of heterogeneous cyber-defense technologies through a vendor-agnostic language. However, while the standard integrates secure transfer protocols, it lacks a common prescriptive mechanism for (IAM). This choice leaves a significant architectural gap, jeopardizing the applicability of Managed Security Service (MSS), where cross-domain delegation is a critical issue. This paper addresses this gap by proposing a robust (IAM) framework based on the OAuth2 mechanism. Our work addresses the ‘impedance mismatch’ between the browser-centric approach of OAuth2 and automated, non-interactive OpenC2 controllers. To this end, we introduce a novel Headless User Agent component that manages user credentials without requiring human interaction via a browser or other tools. Additionally, we integrate fine-grained access control for the execution of OpenC2 commands, which implements the basic security principle of least privileges. The overall solution is implemented as a modular extension of the otupy OpenC2 library, and supports both HTTP and MQTT transfer bindings. Experimental validation demonstrates the functional correctness of the identity management and access control layers. At the same time, performance analysis quantifies the overhead introduced by per-request token introspection at approximately 14.5 ms, confirming the approach’s viability for real-time operational environments.