Automated Cyber Defense - Open Command and Control (OpenC2)

Cyberattacks are increasingly sophisticated, less expensive to execute, dynamic and automated. The commission of cyber defense via statically configured products operating in isolation is untenable. Standardized interfaces, protocols and data models will facilitate the integration of the functional blocks within a system and between systems. Open Command and Control (OpenC2) is a concise and extensible language to enable machine communications for purposes of command and control of cyber defense components, subsystems and / or systems that are agnostic of the underlying products, technologies, transport mechanisms or other aspects of the implementation [1].


Master Thesis Topic:  This research will develop a new actuator profile for a specific cyber defense capability (eg, stateful packet filter), part of the OpenC2 standard.

This is subject to change. For example, a student with a background in programming could develop an OpenC2 Orchestrator that has the responsibility of issuing OpenC2 commands (Pub / Sub architecture and front-end)

Expected deliverables for this research are:

  • Language Specification document
  • Proof of Concept Code for specific actuator based on the language specification defined.

The student (s) will receive all the support needed from researchers at UiO who are on the OpenC2 technical committee and members of OASIS Open.

OpenC2 was initiated by the National Security Agency (NSA) or USA and now has more than 100 members working on it.

The student may need to attend video meetings with the OpenC2 partners.

This research may accommodate multiple students.

For more information contact -   vasileim [@] ifi [.] Uio [.] No


Background Information of OpenC2

OpenC2 is a suite of specifications that enables command and control of cyber defense systems and components. OpenC2 typically uses a request-response paradigm where a command is encoded by an OpenC2 producer (managing application) and transferred to an OpenC2 consumer (managed device or virtualized function) using a secure transport protocol, and the consumer can respond with status and any requested information. The contents of both the command and the response are fully described in schemas, allowing both parties to recognize the syntax constraints imposed on the exchange. OpenC2 allows the application to access the set of capabilities supported by the managed devices.These capabilities allow the managing application to adjust its behavior to the features exposed by the managed device.


For more information visit the OpenC2 official page.



[1] OpenC2 -

Emneord: OpenC2
Publisert 20. aug. 2019 13:49 - Sist endret 20. des. 2019 14:00


Omfang (studiepoeng)