Abstract
This paper proposes an extension to the standard STIX representation for Cyber Threat Information (CTI) which couples specific data attributes with privacy-preserving conditions expressed through Data Sharing Agreements (DSA). The proposed scheme allows, in fact, to define sharing and anonymization policies in the form of a human-readable DSA, bound to the specific CTI. The whole scheme is designed to be completely compatible with the STIX 2.0 standard for CTI representation. The proposed scheme will be implemented in this work by defining the complete scheme for representing an email, which is more expressive than the standard one defined for STIX, designed specifically for spam email analysis. Hence, an application to an email is presented, together with DSA definition and inclusion in a STIX record. Finally, a set of experiments will show the performance improvement related to data access, brought by the adoption of the proposed scheme.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
untroubled.org/spam.
- 15.
References
Diday, E., Simon, J.C.: Clustering analysis. In: Fu, K.S. (ed.) Digital Pattern Recognition, pp. 47–94. Springer, Heideberg (1980). https://doi.org/10.1007/978-3-642-67740-3_3
Genes, R., Arrott, A., Sancho, D.: Stormy weather: a quantitative assessment of the storm web threat in 2007 (2011)
Han, W., Lei, C.: A survey on policy languages in network and security management. Comput. Netw. 56(1), 477–489 (2012)
Johnson, C., Badger, L., Waltermire, D., Snyder, J., Skorupka, C.: Guide to cyber threat information sharing. NIST Spec. Publ. 800, 150 (2016)
Johnson, C.S., Feldman, L., Witte, G.A.: Cyber threat intelligence and information sharing. Technical report (2017)
Karjoth, G., Schunter, M., Waidner, M.: Platform for enterprise privacy practices: privacy-enabled management of customer data. In: Dingledine, R., Syverson, P. (eds.) PET 2002. LNCS, vol. 2482, pp. 69–84. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36467-6_6
Kim, D., Woo, J.Y., Kim, H.K.: I know what you did before: general framework for correlation analysis of cyber threat incidents. In: IEEE Military Communications Conference, MILCOM 2016–2016, pp. 782–787. IEEE (2016)
Kokkonen, T., Hautamäki, J., Siltanen, J., Hämäläinen, T.: Model for sharing the information of cyber security situation awareness between organizations. In: 2016 23rd International Conference on Telecommunications (ICT), pp. 1–5. IEEE (2016)
Krishnan, R., Sandhu, R., Niu, J., Winsborough, W.H.: A conceptual framework for group-centric secure information sharing. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pp. 384–387. ACM (2009)
Martinelli, F., Saracino, A., Sheikhalishahi, M.: Modeling privacy aware information sharing systems: a formal and general approach. In: 2016 IEEE Trustcom/BigDataSE/I SPA, pp. 767–774. IEEE (2016)
Matteucci, I., Petrocchi, M., Sbodio, M.L., Wiegand, L.: A design phase for data sharing agreements. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds.) DPM/SETOP -2011. LNCS, vol. 7122, pp. 25–41. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28879-1_3
McAfee: What is Typosquatting? https://securingtomorrow.mcafee.com/
Seligman, L., Rosenthal, A., Caverlee, J.: Data service agreements: toward a data supply chain. In: Proceedings of the Information Integration on the Web workshop at the Very Large Database Conference, Toronto (2004)
Sheikhalishahi, M., Saracino, A., Mejri, M., Tawbi, N., Martinelli, F.: Fast and effective clustering of spam emails based on structural similarity. In: Garcia-Alfaro, J., Kranakis, E., Bonfante, G. (eds.) FPS 2015. LNCS, vol. 9482, pp. 195–211. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-30303-1_12
Swamp, V., Seligman, L., Rosenthal, A.: Specifying data sharing agreements. In: Seventh IEEE International Workshop on Policies for Distributed Systems and Networks, Policy 2006, 4-p. IEEE (2006)
Swarup, V., Seligman, L., Rosenthal, A.: A data sharing agreement framework. In: Bagchi, A., Atluri, V. (eds.) ICISS 2006. LNCS, vol. 4332, pp. 22–36. Springer, Heidelberg (2006). https://doi.org/10.1007/11961635_2
Wang, J., Herath, T., Chen, R., Vishwanath, A., Rao, H.R.: Research article phishing susceptibility: an investigation into the processing of a targeted spear phishing email. IEEE Trans. Prof. Commun. 55(4), 345–362 (2012)
Zhao, W., White, G.: A collaborative information sharing framework for community cyber security. In: 2012 IEEE Conference on Technologies for Homeland Security (HST), pp. 457–462. IEEE (2012)
Acknowledgments
This work has been partially funded by EU Funded project H2020 NeCS, GA #675320 and H2020 C3ISP, GA #700294 and EIT Digital Trusted Cloud and Internet of Things.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Martinelli, F., Osliak, O., Saracino, A. (2019). Towards General Scheme for Data Sharing Agreements Empowering Privacy-Preserving Data Analysis of Structured CTI. In: Katsikas, S., et al. Computer Security. SECPRE CyberICPS 2018 2018. Lecture Notes in Computer Science(), vol 11387. Springer, Cham. https://doi.org/10.1007/978-3-030-12786-2_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-12786-2_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12785-5
Online ISBN: 978-3-030-12786-2
eBook Packages: Computer ScienceComputer Science (R0)