论文信息 - An architecture for privacy-preserving sharing of CTI with 3rd party analysis services

An architecture for privacy-preserving sharing of CTI with 3rd party analysis services

Increasing numbers of Small and Medium Enterprises (SME) are outsourcing or hosting their services on different Cloud Service Providers (CSP). They are also using different security services from these CSPs such as firewalls, intrusion detection/prevention systems and anti-malware. Although for the SMEs the main purpose of using these security services is to protect their cyber assets, either physical or virtual, from security threats and compromises, a very useful and valuable by-product of these security services is the wealth of Cyber Threat Information (CTI) that is collected over time. However, a common problem faced by SMEs is that they lack the resources and expertise for monitoring, analysing and reacting to any security notifications, alerts or events generated by the security services they have subscribed to. An obvious solution to this problem is that the SMEs outsource this problem to a cloud based service as well, by sharing their CTI with this service and allowing it to analyse the information and generate actionable reports or patches. The more CTI obtained from different SMEs, the better the analysis result. In this paper, we try to address some of the privacy and confidentiality issues that arise as a result of different SMEs sharing their CTI with such a third party analysis service for the aggregate analysis scenario we just described. We present the design and architecture of our solution that aims to allow SMEs to perform policy-based sharing of CTI, while also offering them flexible privacy and confidentiality controls.

[1] Xiaohong Yuan,et al. Cloud computing and security challenges , 2012, ACM-SE '12.

[2] Ilaria Matteucci,et al. Towards safer information sharing in the cloud , 2014, International Journal of Information Security.

[3] Jorge Lobo,et al. The Coalition Policy Management Portal for Policy Authoring, Verification, and Deployment , 2008, 2008 IEEE Workshop on Policies for Distributed Systems and Networks.

[4] Zhi Li,et al. Cloud computing risk assessment method based on game theory , 2015 .

[5] Keke Chen,et al. Privacy-Preserving Multiparty Collaborative Mining with Geometric Data Perturbation , 2009, IEEE Transactions on Parallel and Distributed Systems.

[6] Renaud Sirdey,et al. Armadillo: A Compilation Chain for Privacy Preserving Applications , 2015, IACR Cryptol. ePrint Arch..

[7] Y. Hasuda R. Fuchs. Fundamental Modelling Concept for IVT Analysis and Control Development , 2002 .

[8] Fabio Martinelli,et al. A Formal Support for Collaborative Data Sharing , 2012, CD-ARES.

[9] Ilaria Matteucci,et al. CNL4DSA: a controlled natural language for data sharing agreements , 2010, SAC '10.

[10] Marinella Petrocchi,et al. Legal and Technical Perspectives in Data Sharing Agreements Definition , 2015, APF.

[11] Tyler Moore,et al. Measuring the Cost of Cybercrime , 2012, WEIS.

[12] Theodosis Dimitrakos,et al. Integrating Security Services in Cloud Service Stores , 2015, IFIPTM.