A New SCAP Information Model and Data Model for Content Authors

Published: December 18, 2018

Author(s)

Joshua Lubell

Abstract

The Security Content Automation Protocol (SCAP) data model for source data stream collections standardizes the packaging of security content into self-contained bundles for easy deployment. But no single data model can satisfy all requirements. The source data stream collection data model is not intended to meet the needs of SCAP content authors, and its implementation- specific syntax lacks the ability to express packaging subtleties critical to software developers and content authors alike. This paper defines a new implementation-neutral information model that is both easier to understand and does a better job expressing relationships between objects comprising a source data stream collection. A new authoring data model, derived from the information model, for facilitating implementation of SCAP content development software applications is also defined. Additionally, the paper discusses an application implementing the authoring data model that enables SCAP content developers to create source data stream collections using a friendly and intuitive syntax, which is then transformed into SCAP standard-conforming content.
Citation: Critical Infrastructure XII
Volume: 542
Publisher Info: Springer, Cham, -1
Pub Type: Book Chapters

Keywords

Security Content Automation Protocol, SCAP, Darwin Information Typing Architecture, DITA, cybersecurity, Industrial Control System, Industrial Internet of Things, information model, data model
Created December 18, 2018, Updated December 18, 2018