Published June 27, 2022 | Version v1
Conference paper Restricted

A model of capabilities of Network Security Functions


This paper presents a formal model of the features, named security capabilities, offered by the controls used for enforcing security policies in computer networks. It has been designed to support policy refinement and policy translation and address useful, practical tasks in a vendor-independent manner. The model adopts state-of-the-art design patterns and has been designed to be extensible. The model describes the actions that the controls can perform (e.g. deny packets or encrypt flows), the conditions to select on what to apply the actions, how to compose valid configuration rules from them, and how to build configurations from rules. It proved effective to model filtering controls and iptables.



The record is publicly accessible, but files are restricted to users with access.

Request access

If you would like to request access to these files, please fill out the form below.

You need to satisfy these conditions in order for this request to be accepted:

Copyrights hold by IEEE

You are currently not logged in. Do you have an account? Log in here

Additional details


FISHY – A coordinated framework for cyber resilient supply chain systems over complex ICT infrastructures 952644
European Commission