Towards a library of composable models to estimate the performance of security solutions