Extending OpenC2 for the Unified Control of Modern Security Functions

Hani Zeid

Extending OpenC2 for the Unified Control of Modern Security Functions.

Rel. Daniele Bringhenti, Fulvio Valenza. Politecnico di Torino, Corso di laurea magistrale in Cybersecurity, 2026

Preview

PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives.
Download (1MB) | Preview

Abstract

OpenC2 has been proposed as a uniform language for remote command and control of security functions. It defines a common language and specific profiles for different classes of security functions, such as monitoring, firewalling, prevention, and scanning. Despite the great effort behind the language definition, it is still unclear to what extent a common language is able to abstract very different types of functions, since existing implementations are limited to simple cases only, such as stateless packet filtering. This thesis investigates the use of OpenC2 to control both legacy and more recent generations of security functions in modern computing environments. The work includes design, implementation, and validation phases.

The design phase reviewed existing OpenC2 drafts, which were used, extended, and redesigned to define the following profiles: a generic remote CLI profile that allows configuration files to be loaded and security functions to be started or stopped by invoking commands in a shell; a file monitoring profile for configuring the collection of logs, either locally or in a centralized location; and a network monitoring profile for configuring Netflow-compatible agents