Scalable Secure Multi-party Network Vulnerability Analysis via Symbolic Optimization

Threat propagation analysis is a valuable tool in improving the cyber resilience of enterprise networks. As these networks are interconnected and threats can propagate not only within but also across networks, a holistic view of the entire network can reveal threat propagation trajectories unobservable from within a single enterprise. However, companies are reluctant to share internal vulnerability measurement data as it is highly sensitive and (if leaked) possibly damaging. Secure Multi-Party Computation (MPC) addresses this concern. MPC is a cryptographic technique that allows distrusting parties to compute analytics over their joint data while protecting its confidentiality. In this work we apply MPC to threat propagation analysis on large, federated networks. To address the prohibitively high performance cost of general-purpose MPC we develop two novel applications of optimizations that can be leveraged to execute many relevant graph algorithms under MPC more efficiently: (1) dividing the computation into separate stages such that the first stage is executed privately by each party without MPC and the second stage is an MPC computation dealing with a much smaller shared network, and (2) optimizing the second stage by treating the execution of the analysis algorithm as a symbolic expression that can be optimized to reduce the number of costly operations and subsequently executed under MPC. We evaluate the scalability of this technique by analyzing the potential for threat propagation on examples of network graphs and propose several directions along which this work can be expanded.

[1]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 2: Basic Applications , 2001 .

[2]  Mayank Varia,et al.  Secure multi-party computation for analytics deployed as a lightweight web application , 2016 .

[3]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[4]  Azer Bestavros,et al.  Programming Support for an Integrated Multi-Party Computation and MapReduce Infrastructure , 2015, 2015 Third IEEE Workshop on Hot Topics in Web Systems and Technologies (HotWeb).

[5]  Avi Wigderson,et al.  Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation (Extended Abstract) , 1988, STOC.

[6]  Vitaly Shmatikov,et al.  Privacy-Preserving Graph Algorithms in the Semi-honest Model , 2005, ASIACRYPT.

[7]  J'anos Simon,et al.  Proceedings of the twentieth annual ACM symposium on Theory of computing , 1988, STOC 1988.

[8]  Xenofontas A. Dimitropoulos,et al.  SEPIA: Privacy-Preserving Aggregation of Multi-Domain Network Events and Statistics , 2010, USENIX Security Symposium.

[9]  J. A.,et al.  On Moore Graphs with Diameters 2 and 3 , 2022 .

[10]  Stratis Ioannidis,et al.  GraphSC: Parallel Secure Computation Made Easy , 2015, 2015 IEEE Symposium on Security and Privacy.

[11]  Ryan Kastner,et al.  Arithmetic Optimization Techniques for Hardware and Software Design: Fundamentals of digital arithmetic , 2010 .

[12]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System (Awarded Best Student Paper!) , 2004 .

[13]  Michael Hicks,et al.  Wysteria: A Programming Language for Generic, Mixed-Mode Multiparty Computations , 2014, 2014 IEEE Symposium on Security and Privacy.

[14]  Azer Bestavros,et al.  DEMO: Integrating MPC in Big Data Workflows , 2016, IACR Cryptol. ePrint Arch..

[15]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[16]  Abhi Shelat,et al.  Secure Computation from Millionaire , 2015, ASIACRYPT.

[17]  Ivan Damgård,et al.  Confidential Benchmarking Based on Multiparty Computation , 2016, Financial Cryptography.

[18]  Bryan Parno,et al.  Financial Cryptography and Data Security , 2011, Lecture Notes in Computer Science.

[19]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools (2nd Edition) , 2006 .

[20]  Dan Bogdanov,et al.  Sharemind: A Framework for Fast Privacy-Preserving Computations , 2008, ESORICS.

[21]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[22]  Joseph Bonneau,et al.  What's in a Name? , 2020, Financial Cryptography.

[23]  Kartik Nayak,et al.  ObliVM: A Programming Framework for Secure Computation , 2015, 2015 IEEE Symposium on Security and Privacy.

[24]  Marcel Keller,et al.  An architecture for practical actively secure MPC with dishonest majority , 2013, IACR Cryptol. ePrint Arch..

[25]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System , 2004, USENIX Security Symposium.

[26]  Benny Pinkas,et al.  Maturity and Performance of Programmable Secure Computation , 2016, IEEE Security & Privacy.

[27]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[28]  Kevin M. Carter,et al.  Probabilistic Threat Propagation for Network Security , 2014, IEEE Transactions on Information Forensics and Security.