An architecture for privacy-preserving sharing of CTI with 3rd party analysis services

Fabio Giubilo; Ali Sajjad; Mark Shackleton; David W. Chadwick; Wenjun Fan; Rogerio De Lemos

doi:10.23919/ICITST.2017.8356404

An architecture for privacy-preserving sharing of CTI with 3^rd party analysis services

Fabio Giubilo, Ali Sajjad, Mark Shackleton, David W. Chadwick, Wenjun Fan, Rogerio De Lemos

Research output: Chapter in Book or Report/Conference proceeding › Conference Proceeding › peer-review

6 Citations (Scopus)

Abstract

Increasing numbers of Small and Medium Enterprises (SME) are outsourcing or hosting their services on different Cloud Service Providers (CSP). They are also using different security services from these CSPs such as firewalls, intrusion detection/prevention systems and anti-malware. Although for the SMEs the main purpose of using these security services is to protect their cyber assets, either physical or virtual, from security threats and compromises, a very useful and valuable by-product of these security services is the wealth of Cyber Threat Information (CTI) that is collected over time. However, a common problem faced by SMEs is that they lack the resources and expertise for monitoring, analysing and reacting to any security notifications, alerts or events generated by the security services they have subscribed to. An obvious solution to this problem is that the SMEs outsource this problem to a cloud based service as well, by sharing their CTI with this service and allowing it to analyse the information and generate actionable reports or patches. The more CTI obtained from different SMEs, the better the analysis result. In this paper, we try to address some of the privacy and confidentiality issues that arise as a result of different SMEs sharing their CTI with such a third party analysis service for the aggregate analysis scenario we just described. We present the design and architecture of our solution that aims to allow SMEs to perform policy-based sharing of CTI, while also offering them flexible privacy and confidentiality controls.

Original language	English
Title of host publication	2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	293-297
Number of pages	5
ISBN (Electronic)	9781908320933
DOIs	https://doi.org/10.23919/ICITST.2017.8356404
Publication status	Published - 8 May 2018
Externally published	Yes
Event	12th International Conference for Internet Technology and Secured Transactions, ICITST 2017 - Cambridge, United Kingdom Duration: 11 Dec 2017 → 14 Dec 2017

Publication series

Name	2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017

Conference

Conference	12th International Conference for Internet Technology and Secured Transactions, ICITST 2017
Country/Territory	United Kingdom
City	Cambridge
Period	11/12/17 → 14/12/17

Keywords

analysis services
cyber threat information
data privacy and confidentiality
infrastructure architecture
policy based sharing

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.23919/ICITST.2017.8356404

Cite this

Giubilo, F., Sajjad, A., Shackleton, M., Chadwick, D. W., Fan, W., & De Lemos, R. (2018). An architecture for privacy-preserving sharing of CTI with 3^rd party analysis services. In 2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017 (pp. 293-297). (2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.23919/ICITST.2017.8356404

Giubilo, Fabio ; Sajjad, Ali ; Shackleton, Mark et al. / An architecture for privacy-preserving sharing of CTI with 3^rd party analysis services. 2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017. Institute of Electrical and Electronics Engineers Inc., 2018. pp. 293-297 (2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017).

@inproceedings{765bdcfa4e524d49868c970f05527272,

title = "An architecture for privacy-preserving sharing of CTI with 3rd party analysis services",

abstract = "Increasing numbers of Small and Medium Enterprises (SME) are outsourcing or hosting their services on different Cloud Service Providers (CSP). They are also using different security services from these CSPs such as firewalls, intrusion detection/prevention systems and anti-malware. Although for the SMEs the main purpose of using these security services is to protect their cyber assets, either physical or virtual, from security threats and compromises, a very useful and valuable by-product of these security services is the wealth of Cyber Threat Information (CTI) that is collected over time. However, a common problem faced by SMEs is that they lack the resources and expertise for monitoring, analysing and reacting to any security notifications, alerts or events generated by the security services they have subscribed to. An obvious solution to this problem is that the SMEs outsource this problem to a cloud based service as well, by sharing their CTI with this service and allowing it to analyse the information and generate actionable reports or patches. The more CTI obtained from different SMEs, the better the analysis result. In this paper, we try to address some of the privacy and confidentiality issues that arise as a result of different SMEs sharing their CTI with such a third party analysis service for the aggregate analysis scenario we just described. We present the design and architecture of our solution that aims to allow SMEs to perform policy-based sharing of CTI, while also offering them flexible privacy and confidentiality controls.",

keywords = "analysis services, cyber threat information, data privacy and confidentiality, infrastructure architecture, policy based sharing",

author = "Fabio Giubilo and Ali Sajjad and Mark Shackleton and Chadwick, {David W.} and Wenjun Fan and {De Lemos}, Rogerio",

note = "Publisher Copyright: {\textcopyright} 2017 Infonomics Society.; 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017 ; Conference date: 11-12-2017 Through 14-12-2017",

year = "2018",

month = may,

day = "8",

doi = "10.23919/ICITST.2017.8356404",

language = "English",

series = "2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "293--297",

booktitle = "2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017",

}

Giubilo, F, Sajjad, A, Shackleton, M, Chadwick, DW, Fan, W & De Lemos, R 2018, An architecture for privacy-preserving sharing of CTI with 3^rd party analysis services. in 2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017. 2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017, Institute of Electrical and Electronics Engineers Inc., pp. 293-297, 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017, Cambridge, United Kingdom, 11/12/17. https://doi.org/10.23919/ICITST.2017.8356404

An architecture for privacy-preserving sharing of CTI with 3^rd party analysis services. / Giubilo, Fabio; Sajjad, Ali; Shackleton, Mark et al.
2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017. Institute of Electrical and Electronics Engineers Inc., 2018. p. 293-297 (2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017).

Research output: Chapter in Book or Report/Conference proceeding › Conference Proceeding › peer-review

TY - GEN

T1 - An architecture for privacy-preserving sharing of CTI with 3rd party analysis services

AU - Giubilo, Fabio

AU - Sajjad, Ali

AU - Shackleton, Mark

AU - Chadwick, David W.

AU - Fan, Wenjun

AU - De Lemos, Rogerio

PY - 2018/5/8

Y1 - 2018/5/8

N2 - Increasing numbers of Small and Medium Enterprises (SME) are outsourcing or hosting their services on different Cloud Service Providers (CSP). They are also using different security services from these CSPs such as firewalls, intrusion detection/prevention systems and anti-malware. Although for the SMEs the main purpose of using these security services is to protect their cyber assets, either physical or virtual, from security threats and compromises, a very useful and valuable by-product of these security services is the wealth of Cyber Threat Information (CTI) that is collected over time. However, a common problem faced by SMEs is that they lack the resources and expertise for monitoring, analysing and reacting to any security notifications, alerts or events generated by the security services they have subscribed to. An obvious solution to this problem is that the SMEs outsource this problem to a cloud based service as well, by sharing their CTI with this service and allowing it to analyse the information and generate actionable reports or patches. The more CTI obtained from different SMEs, the better the analysis result. In this paper, we try to address some of the privacy and confidentiality issues that arise as a result of different SMEs sharing their CTI with such a third party analysis service for the aggregate analysis scenario we just described. We present the design and architecture of our solution that aims to allow SMEs to perform policy-based sharing of CTI, while also offering them flexible privacy and confidentiality controls.

AB - Increasing numbers of Small and Medium Enterprises (SME) are outsourcing or hosting their services on different Cloud Service Providers (CSP). They are also using different security services from these CSPs such as firewalls, intrusion detection/prevention systems and anti-malware. Although for the SMEs the main purpose of using these security services is to protect their cyber assets, either physical or virtual, from security threats and compromises, a very useful and valuable by-product of these security services is the wealth of Cyber Threat Information (CTI) that is collected over time. However, a common problem faced by SMEs is that they lack the resources and expertise for monitoring, analysing and reacting to any security notifications, alerts or events generated by the security services they have subscribed to. An obvious solution to this problem is that the SMEs outsource this problem to a cloud based service as well, by sharing their CTI with this service and allowing it to analyse the information and generate actionable reports or patches. The more CTI obtained from different SMEs, the better the analysis result. In this paper, we try to address some of the privacy and confidentiality issues that arise as a result of different SMEs sharing their CTI with such a third party analysis service for the aggregate analysis scenario we just described. We present the design and architecture of our solution that aims to allow SMEs to perform policy-based sharing of CTI, while also offering them flexible privacy and confidentiality controls.

KW - analysis services

KW - cyber threat information

KW - data privacy and confidentiality

KW - infrastructure architecture

KW - policy based sharing

UR - http://www.scopus.com/inward/record.url?scp=85048058143&partnerID=8YFLogxK

U2 - 10.23919/ICITST.2017.8356404

DO - 10.23919/ICITST.2017.8356404

M3 - Conference Proceeding

AN - SCOPUS:85048058143

T3 - 2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017

SP - 293

EP - 297

BT - 2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017

Y2 - 11 December 2017 through 14 December 2017

ER -

Giubilo F, Sajjad A, Shackleton M, Chadwick DW, Fan W, De Lemos R. An architecture for privacy-preserving sharing of CTI with 3^rd party analysis services. In 2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017. Institute of Electrical and Electronics Engineers Inc. 2018. p. 293-297. (2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017). doi: 10.23919/ICITST.2017.8356404