Otupy: A flexible, portable, and extensible framework for remote control of security functions

The growing proliferation of heterogeneous security functions ensures diversity, robustness, and adaptivity in addressing cyber-threats, but also poses management and integration challenges. OpenC2 defines a vendor- and application-agnostic abstract language for remote command and control of cyber-defense technologies. Its architecture supports multiple encoding and transfer options, but this might complicate its implementation and usage. This paper describes Otupy, a flexible and extensible implementation of the OpenC2 language specification. Otupy defines an Application Programming Interface (API) that allows programmers to focus on the control and business logic of security functions, rather than the communication syntax, protocol, and encoding. The design of Otupy leverages an abstract data notation, an inheritance model, and meta-serialization to simplify the development of extensions for specific profiles of security functions, as well as additional encoding and transfer protocols. We evaluate the correctness of our implementation by validating its output against both a syntax schema and external good and bad samples provided by a third party. Our analysis points out unclear and ambiguous aspects of OpenC2 that deserve further attention by its technical committee.