In Whom Do We Trust - Sharing Security Events

Steinberger, Jessica; Kuhnert, Benjamin; Sperotto, Anna; Baier, Harald; Pras, Aiko

doi:10.1007/978-3-319-39814-3_11

Cited by 4 publications

(3 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Literature seems to indicate that trust is not a true requirement; furthermore, it is either "mostly neglected" [9] or is a soft barrier that is quickly ignored as long as there is confidentiality [25]. The term trust may also mean that information can be trustworthy and actual, rather than low-quality copies or not actionable or useful [33] (see Section II-C4. Trust may also mean that there is good faith in terms of the ratio sharing/consuming [5], [10], which is simply the "free-riding" problem discussed.…”

Section: ) Legal and Regulatory Constraintsmentioning

confidence: 99%

“…Essentially, reputation is a graph of relationships G = (V, E), where edges E can have only a few values which are, typically, trusted, nontrusted, marginal. The full graph of trust then takes advantage of trilateral A − B − C relationships to derive trust for any arbitrary node e ∈ E. Steinberger et al [33] propose MiRTrust that mirrors this approach by locally updating trust in sources (from the trust graph) as CTI information is confirmed or invalidated and broadcast to adjacent members. This approach is similar to what others call Traffic Light Protocol which is used, for example, in the U.K.'s CiSP platform, where a green light means encouragement to share anything as the trust level is high [25].…”

Section: ) Architectures and Trust Managementmentioning

confidence: 99%

See 1 more Smart Citation

Sharing Is Caring: Hurdles and Prospects of Open, Crowd-Sourced Cyber Threat Intelligence

Jesus,

Bains,

Chang

2024

IEEE Trans. Eng. Manage.

View full text Add to dashboard Cite

Cyber threat intelligence (CTI) is widely recognized as an important area in cybersecurity but it remains an area showing silos and reserved for large organizations. For an area whose strength is in open and responsive sharing, we see that the generation of feeds has a small scale, is secretive, and is nearly always from specialized businesses that have a commercial interest in not publicly sharing insights at a speed where it could be effective in raising preparedness or stopping an attack. This article has three purposes. First, we extensively review the state and challenges of open, crowd-sourced CTI, with a focus on the perceived barriers. Second, having identified that confidentiality (in multiple forms) is a key barrier, we perform a confidentiality threat analysis of existing sharing architectures and standards, including reviewing circa one million of real-world feeds between 2014 and 2022 from the popular open platform MISP toward quantifying the inherent risks. Our goal is to build the case that, either by redesigning sharing architectures or simply performing simple sanitization of shared information, the confidentiality argument is not as strong as one may have presumed. Third, after identifying key requirements for open crowd-based sharing of CTI, we propose a reference (meta-) architecture.Managerial Relevance-CTI is widely recognized as a key advantage toward cyber resilience in its multiple dimensions, from business continuity to reputation/regulatory protection. Furthermore, as we review in this article, there are strong indications that the next generation of approaches to cybersecurity will be centered on CTI. Whereas CTI is an established business area, we see little adoption, closed communities, or high costs that small businesses cannot afford. For an area that, intuitively, should be open, as velocity and accuracy of information is crucial, we shed light on why we have no significant open, crowd-sourced CTI. In other words, why is usage so lacking? We identify reasons and deconstruct unclear and unhelpful rationales by looking at a wide range of literature (research and professional) and an analysis of nearly ten years of open CTI data. Our findings from current data indicate two types of reasons. One, and dominant, is unhelpful perceptions (e.g., confidentiality), and another stems from market factors (e.g., "free-riding") that need collective movement as no single player may be able to break the cycle. After looking at motivations and barriers, we review existing technologies, elicit requirements, and propose a high-level open CTI sharing architecture that could be used as a reference for practitioners.

show abstract

Section: ) Legal and Regulatory Constraintsmentioning

confidence: 99%

Section: ) Architectures and Trust Managementmentioning

confidence: 99%

Sharing Is Caring: Hurdles and Prospects of Open, Crowd-Sourced Cyber Threat Intelligence

Jesus,

Bains,

Chang

2024

IEEE Trans. Eng. Manage.

View full text Add to dashboard Cite

show abstract

“…The program included papers with a high technical expertise, such as ''Analysis and Evaluation of OpenFlow Message Usage for Security Applications'' by Sebastian Seeber [7], which describes mitigation and defense mechanisms that are currently used in SDN 3 environments, analyzes their dependencies with respect to OpenFlow messages, and quantifies their performances with different implementations. It also covered papers related to high level methodologies, such as ''In Whom Do We Trust-Sharing Security Events'' by Jessica Steinberger [8], which specifies a trust model for security events in order to deploy semi-automated remediations and facilitate the dissemination of security event information, using the exchange format FLEX 4 in the context of ISPs. 5 The best paper award went to ''Cloud Flat Rates Enabled via Fair Multi-resource Consumption'' by Patrick Poullie and Burkhard Stiller (University of Zürich-Switzerland) [9], which proposes a fair multi-resource cloud sharing approach, and shows its enforcement to enable cloud flat rates.…”

Section: Technical Paper Sessionsmentioning

confidence: 99%