An architecture for privacy-preserving sharing of CTI with 3<sup>rd</sup> party analysis services

Giubilo, Fabio; Sajjad, Ali; Shackleton, Mark; Chadwick, David; Fan, Wenjun; Lemos, Rogério de

doi:10.23919/icitst.2017.8356404

Cited by 7 publications

(8 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [11] and [12], security analysis of CTI sharing with third party analysis platforms over cloud are presented. Both studies address the studies conducted towards this aim in the EU project of Collaborative and Confidential Information Sharing and Analysis for Cyber Protection (C3ISP).…”

Section: Related Workmentioning

confidence: 99%

Data Sanitisation and Redaction for Cyber Threat Intelligence Sharing Platforms

Yücel

Chalkias

Mallis

et al. 2021

2021 IEEE International Conference on Cyber Security and Resilience (CSR)

View full text Add to dashboard Cite

The recent technological advances and the recent changes in the daily human activities increased the production and sharing of data. In the ecosystem of interconnected systems, data can be circulated among systems for various reasons. This could lead to exchange of private or sensitive information between entities. Data Sanitisation involves processes and practices that remove sensitive and private information from documents before sharing them with entities that should not be exposed to the removed information. This paper presents the design and development of a data sanitisation and redaction solution for a Cyber Threat Intelligence sharing platform. The Data Sanitisation and Redaction Plugin has been designed with the purpose of operating as a plugin for the ECHO Project's Early Warning System platform and enhancing its operative capabilities during information sharing. This plugin aims to provide automated security and privacy-based controls to the concept of CTI sharing over a ticketing system. The plugin has been successfully tested and the results are presented in this paper.

show abstract

Section: Related Workmentioning

confidence: 99%

Data Sanitisation and Redaction for Cyber Threat Intelligence Sharing Platforms

Yücel

Chalkias

Mallis

et al. 2021

2021 IEEE International Conference on Cyber Security and Resilience (CSR)

View full text Add to dashboard Cite

show abstract

“…The quality of data of the shared feeds can be seen as a vector compiled by the criteria of timeliness, accuracy, scope, relevance and completeness are used in references [9], [10] to measure the quality of the data and further evaluate the available threat intelligent feeds. In [11], a threat score function is introduced to evaluate Indicators of Compromise (IoC) collected from various sources in order to support Security Operations Centre (SOC) analysts prioritise the incidents' analysis.…”

Section: A Cti Quality and Trustmentioning

confidence: 99%

“…In [11], a threat score function is introduced to evaluate Indicators of Compromise (IoC) collected from various sources in order to support Security Operations Centre (SOC) analysts prioritise the incidents' analysis. Another study [10] investigates the data quality dimensions of IoCs which are collected by several open sources in order to assess their effectiveness.…”

Section: A Cti Quality and Trustmentioning

confidence: 99%

Trust and Quality Computation for Cyber Threat Intelligence Sharing Platforms

Mavzer

Konieczná

Alves

et al. 2021

2021 IEEE International Conference on Cyber Security and Resilience (CSR)

View full text Add to dashboard Cite

Information sharing has been considered a critical solution against the ever-increasing complexity of cyber-attacks. In this effort Cyber Threat Intelligence is undergoing a process of increasing its maturity levels. The quantification of the quality of shared information and the assessment of trust amongst information sharing entities is an important part of the process. The Trust and Quality Tool has been designed as a tool with the aim of improving the trust in the relevancy of shared information by enabling an option to assess its trustworthiness and defining a set of metrics for trust and quality.

show abstract

“…Collaboration platforms are not limited to meetings or learning, and often aid users to achieve a common goal. Examples exist in the Intrusion Detection System (IDS) community, which has examined Collaborative Intrusion Detection Systems (CIDSs) for sharing Cyber Threat Intelligence (CTI) across different platforms (see Wagner et al, 2016;Giubilo et al, 2017;Happa, 2017;Nair et al, 2018). While these are driven by automation in sending event logs, the importance of making good use of the combination of automation and human analysts cognition cannot be understated.…”

Section: Introductionmentioning

confidence: 99%

Cyber Security Threats and Challenges in Collaborative Mixed-Reality

Happa

Glencross²,

Steed

2019

Front. ICT

View full text Add to dashboard Cite

Collaborative Mixed-Reality (CMR) applications are gaining interest in a wide range of areas including games, social interaction, design and health-care. To date, the vast majority of published work has focused on display technology advancements, software, collaboration architectures and applications. However, the potential security concerns that affect collaborative platforms have received limited research attention. In this position paper, we investigate the challenges posed by cyber-security threats to CMR systems. We focus on how typical network architectures facilitating CMR and how their vulnerabilities can be exploited by attackers, and discuss the degree of potential social, monetary impacts, psychological and other harms that may result from such exploits. The main purpose of this paper is to provoke a discussion on CMR security concerns. We highlight insights from a cyber-security threat modelling perspective and also propose potential directions for research and development toward better mitigation strategies. We present a simple, systematic approach to understanding a CMR attack surface through an abstraction-based reasoning framework to identify potential attack vectors. Using this framework, security analysts, engineers, designers and users alike (stakeholders) can identify potential Indicators of Exposures (IoE) and Indicators of Compromise (IoC). Our framework allows stakeholders to reduce their CMR attack surface as well understand how Intrusion Detection System (IDS) approaches can be adopted for CMR systems. To demonstrate the validity to our framework, we illustrate several CMR attack surfaces through a set of use-cases. Finally, we also present a discussion on future directions this line of research should take.

show abstract

An architecture for privacy-preserving sharing of CTI with 3^rd party analysis services

Cited by 7 publications

References 11 publications

Data Sanitisation and Redaction for Cyber Threat Intelligence Sharing Platforms

Data Sanitisation and Redaction for Cyber Threat Intelligence Sharing Platforms

Trust and Quality Computation for Cyber Threat Intelligence Sharing Platforms

Cyber Security Threats and Challenges in Collaborative Mixed-Reality

Contact Info

Product

Resources

About

An architecture for privacy-preserving sharing of CTI with 3rd party analysis services

Cited by 7 publications

References 11 publications

Data Sanitisation and Redaction for Cyber Threat Intelligence Sharing Platforms

Data Sanitisation and Redaction for Cyber Threat Intelligence Sharing Platforms

Trust and Quality Computation for Cyber Threat Intelligence Sharing Platforms

Cyber Security Threats and Challenges in Collaborative Mixed-Reality

Contact Info

Product

Resources

About

An architecture for privacy-preserving sharing of CTI with 3^rd party analysis services