Abstract
The Security Content Automation Protocol (SCAP) data model for source data stream collections standardizes the packagnt. However, no single data model can satisfy all requirements. The source data stream collection data model does not adequately meet the needs of SCAP content authors, and its implementation-specific syntax lacks the ability to express packaging subtleties critical to software developers and content authors. This chapter defines a new implementation-neutral information model that is easier to understand and does a better job at expressing relationships between objects comprising a source data stream collection. A new authoring data model for facilitating the implementation of SCAP content development software applications is derived from the information model. Also described is an application implementing the authoring data model that enables SCAP content developers to create source data stream collections using a friendly and intuitive syntax, which is then transformed into SCAP-standard-conforming content.
Chapter PDF
References
R. Andersen and T. Batova, The current state of component content management: An integrative literature review, IEEE Transactions on Professional Communication, vol. 58(3), pp. 247–270, 2015.
M. Bauer, Paranoid Penguin: AppArmor in Ubuntu 9, Linux Journal, issue 185, September 1, 2009.
H. Booth, M. Cook, S. Quinn, D. Waltermire and K. Scarfone, Security Content Automation Protocol (SCAP) Version 1.2 Content Style Guide: Best Practices for Creating and Maintaining SCAP 1.2 Content, NISTIR 8058 (Draft), National Institute of Standards and Technology, Gaithersburg, Maryland, 2015.
T. Bray, The JavaScript Object Notation (JSON) Data Interchange Format, RFC 8259, 2017.
DITA Open Toolkit Project, DITA Open Toolkit (www.dita-ot.org), 2018.
T. Eggebraaten, J. Tenner and J. Dubbels, A health-care data model based on the HL7 Reference Information Model, IBM Systems Journal, v ol. 46(1), pp. 5–18, 2007.
C. Fairchild and T. Harman, ROS Robotics by Example, Packt Publishing, Birmingham, United Kingdom, 2016.
Health Level Seven International, About HL7 International, Ann Arbor, Michigan (www.hl7.org), 2018.
International Organization for Standardization, Industrial Automation Systems and Integration – Product Data Representation and Exchange – Part 242: Application Protocol: Managed Model-Based 3D Engineering, ISO 10303-242:2014, Geneva, Switzerland, 2014.
International Organization for Standardization, Information Technology – Document Schema Definition Languages (DSDL) – Part 3: Rule-Based Validation – Schematron, ISO/IEC 19757-3:2016, Geneva, Switzerland, 2016.
E. Kimber, DITA for Practitioners, Volume 1, Architecture and Technology, XML Press, Laguna Hills, California, 2012.
S. Krima and J. Lubell, Flat versus hierarchical information models in PLM standardization frameworks, in Product Lifecycle Management for Digital Transformation of Industries, R. Harik, L. Rivest, A. Bernard, B. Eynard and A. Bouras (Eds.), Springer, Cham, Switzerland, pp. 121–133, 2016.
B. Kulvatunyou, N. Ivezic and V. Srinivasan, On architecting and composing engineering information services to enable smart manufacturing, Journal of Computing and Information Science in Engineering, vol. 16(3), pp. 031002-1–031002-13, 2016.
J. Lubell, Using DITA to create security configuration checklists: A case study, Proceedings of Balisage: The Markup Conference, vol. 19, 2017.
J. Lubell and T. Zimmerman, Challenges to automating security configuration checklists in manufacturing environments, in Critical Infrastructure Protection XI, M. Rice and S. Shenoi (Eds.), Springer, Cham, Switzerland, pp. 225–241, 2017.
Object Management Group, OMG Unified Modeling Language Version 2.5.1, Needham, Massachusetts (www.omg.org/spec/UML/2.5.1), 2017.
Open Applications Group, OAGi Integration Specification Release 10.4, Marietta, Georgia (www.oagi.org), 2018.
OpenSCAP Project, SCAP Security Guide: Baseline Compliance Content in SCAP Formats (https://github.com/OpenSCAP/scap-security-guide), 2018.
Organization for the Advancement of Structured Information Standards, XML Catalogs v1.1, OASIS Standard, Burlington, Massachusetts (www.oasis-open.org/standards#xmlcatalogsv1.1), 2005.
Organization for the Advancement of Structured Information Standards, Darwin Information Typing Architecture (DITA) v1.3, OASIS Standard, Burlington, Massachusetts (www.oasis-open.org/standards#ditav1.3), 2016.
OVAL Project, OVAL Documentation https://ovalproject.github.io, 2017.
A. Pras and J. Schoenwaelder, On the Difference Between Information Models and Data Models, RFC 3444, 2003.
M. Priestley and D. Schell, Specialization in DITA: Technology, process and policy, Proceedings of the Twentieth Annual International Conference on Computer Documentation, pp. 164–176, 2002.
S. Radack and R. Kuhn, Managing security: The Security Content Automation Protocol, IT Professional, v ol. 13(1), pp. 9–11, 2011.
A. Rockley and J. Gollner, An intelligent content strategy for the enterprise, Bulletin of the American Society for Information Science and Technology, v ol. 37(2), pp. 33–39, 2011.
ROS Industrial Consortium, ROS-Industrial, San Antonio, Texas (https://rosindustrial.org), 2018.
K. Stouffer and J. McCarthy, Capabilities Assessment for Securing Manufacturing Industrial Control Systems, Cybersecurity for Manufacturing, National Cybersecurity Center of Excellence, National Institute of Standards and Technology, Gaithersburg, Maryland, 2017.
D. Waltermire, S. Quinn, H. Booth, K. Scarfone and D. Prisaca, The Technical Specification for the Security Content Automation Protocol (SCAP) Version 1.3, NIST Special Publication 800-126, Revision 3, National Institute of Standards and Technology, Gaithersburg, Maryland, 2018.
D.Waltermire, C. Schmidt, K. Scarfone and N. Ziring, Specification for the Extensible Configuration Checklist Description Format (XCCDF), Version1.2, NISTIR 7275, Revision 4, National Institute of Standards and Technology, Gaithersburg, Maryland, 2012.
R. White, H. Christensen and M. Quigley, SROS: Securing ROS over the wire, in the graph and through the kernel, presented at the IEEE-RAS International Conference on Humanoid Robots, 2016.
World Wide Web Consortium, Extensible Markup Language (XML) 1.0 (Fifth Edition), W3C Recommendation, Massachusetts Institute of Technology, Cambridge, Massachusetts (www.w3.org/TR/REC-xml), November 26, 2008.
World Wide Web Consortium, Namespaces in XML 1.0 (Third Edition), W3C Recommendation, Massachusetts Institute of Technology, Cambridge, Massachusetts (www.w3.org/TR/xml-names), December 8, 2009.
T. Zimmerman, Metrics and Key Performance Indicators for Robotic Cybersecurity Performance Analysis, NISTIR 8177, National Institute of Standards and Technology, Gaithersburg, Maryland, 2017.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 This is a U.S. government work and not under copyright protection in the United States; foreign copyright protection may apply
About this paper
Cite this paper
Lubell, J. (2018). A New SCAP Information and Data Model for Content Authors. In: Staggs, J., Shenoi, S. (eds) Critical Infrastructure Protection XII. ICCIP 2018. IFIP Advances in Information and Communication Technology, vol 542. Springer, Cham. https://doi.org/10.1007/978-3-030-04537-1_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-04537-1_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-04536-4
Online ISBN: 978-3-030-04537-1
eBook Packages: Computer ScienceComputer Science (R0)