In Whom Do We Trust - Sharing Security Events

Jessica Steinberger, Benjamin Kuhnert, Anna Sperotto, Harald Baier, Aiko Pras

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    3 Citations (Scopus)
    34 Downloads (Pure)

    Abstract

    Security event sharing is deemed of critical importance to counteract large-scale attacks at Internet service provider (ISP) networks as these attacks have become larger, more sophisticated and frequent. On the one hand, security event sharing is regarded to speed up organization's mitigation and response capabilities. On the other hand, it is currently done on an ad-hoc basis via email, member calls or in personal meetings only under the premise that participating partners are personally known to each other. As a consequence, mitigation and response actions are delayed and thus security events are not processed in time. One approach to reduce this delay and the time for manual processing is to disseminate security events among trusted partners. However, exchanging security events and semi-automatically deploying mitigation is currently not well established as a result of two shortcomings. First, the personal knowledge of each sharing partner to develop trust does not scale very well. Second, current exchange formats and protocols often are not able to use security mechanisms (e.g., encryption and signature) to ensure both confidentiality and integrity of the security event information and its remediation. The goal of this paper is to present a trust model that determines a trust and a knowledge level of a security event in order to deploy semi-automated remediations and facilitate the dissemination of security event information using the exchange format FLEX in the context of ISPs. We show that this trust model is scalable and helps to build a trust community in order to share information about threats and its remediation suggestions.
    Original languageEnglish
    Title of host publicationProceedings of the 10th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2016)
    Place of PublicationLondon
    PublisherSpringer
    Pages111-124
    Number of pages14
    ISBN (Print)978-3-319-39813-6
    DOIs
    Publication statusPublished - 21 Jun 2016
    Event10th IFIP WG 6.6 International Conference on Management and Security in the Age of Hyperconnectivity, AIMS 2016 - Munich, Germany
    Duration: 20 Jun 201623 Jun 2016
    Conference number: 10

    Publication series

    NameLecture Notes in Computer Science
    PublisherSpringer Verlag
    Volume9701
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349

    Conference

    Conference10th IFIP WG 6.6 International Conference on Management and Security in the Age of Hyperconnectivity, AIMS 2016
    Abbreviated titleAIMS 2016
    CountryGermany
    CityMunich
    Period20/06/1623/06/16

    Fingerprint

    Remediation
    Internet service providers
    Electronic mail
    Cryptography
    Network protocols
    Processing

    Keywords

    • IR-100706
    • METIS-317208
    • EWI-27040

    Cite this

    Steinberger, J., Kuhnert, B., Sperotto, A., Baier, H., & Pras, A. (2016). In Whom Do We Trust - Sharing Security Events. In Proceedings of the 10th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2016) (pp. 111-124). (Lecture Notes in Computer Science; Vol. 9701). London: Springer. https://doi.org/10.1007/978-3-319-39814-3_11
    Steinberger, Jessica ; Kuhnert, Benjamin ; Sperotto, Anna ; Baier, Harald ; Pras, Aiko. / In Whom Do We Trust - Sharing Security Events. Proceedings of the 10th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2016). London : Springer, 2016. pp. 111-124 (Lecture Notes in Computer Science).
    @inproceedings{a70f67de8b13424a9beb0a2d30db2a41,
    title = "In Whom Do We Trust - Sharing Security Events",
    abstract = "Security event sharing is deemed of critical importance to counteract large-scale attacks at Internet service provider (ISP) networks as these attacks have become larger, more sophisticated and frequent. On the one hand, security event sharing is regarded to speed up organization's mitigation and response capabilities. On the other hand, it is currently done on an ad-hoc basis via email, member calls or in personal meetings only under the premise that participating partners are personally known to each other. As a consequence, mitigation and response actions are delayed and thus security events are not processed in time. One approach to reduce this delay and the time for manual processing is to disseminate security events among trusted partners. However, exchanging security events and semi-automatically deploying mitigation is currently not well established as a result of two shortcomings. First, the personal knowledge of each sharing partner to develop trust does not scale very well. Second, current exchange formats and protocols often are not able to use security mechanisms (e.g., encryption and signature) to ensure both confidentiality and integrity of the security event information and its remediation. The goal of this paper is to present a trust model that determines a trust and a knowledge level of a security event in order to deploy semi-automated remediations and facilitate the dissemination of security event information using the exchange format FLEX in the context of ISPs. We show that this trust model is scalable and helps to build a trust community in order to share information about threats and its remediation suggestions.",
    keywords = "IR-100706, METIS-317208, EWI-27040",
    author = "Jessica Steinberger and Benjamin Kuhnert and Anna Sperotto and Harald Baier and Aiko Pras",
    year = "2016",
    month = "6",
    day = "21",
    doi = "10.1007/978-3-319-39814-3_11",
    language = "English",
    isbn = "978-3-319-39813-6",
    series = "Lecture Notes in Computer Science",
    publisher = "Springer",
    pages = "111--124",
    booktitle = "Proceedings of the 10th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2016)",

    }

    Steinberger, J, Kuhnert, B, Sperotto, A, Baier, H & Pras, A 2016, In Whom Do We Trust - Sharing Security Events. in Proceedings of the 10th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2016). Lecture Notes in Computer Science, vol. 9701, Springer, London, pp. 111-124, 10th IFIP WG 6.6 International Conference on Management and Security in the Age of Hyperconnectivity, AIMS 2016, Munich, Germany, 20/06/16. https://doi.org/10.1007/978-3-319-39814-3_11

    In Whom Do We Trust - Sharing Security Events. / Steinberger, Jessica; Kuhnert, Benjamin; Sperotto, Anna; Baier, Harald; Pras, Aiko.

    Proceedings of the 10th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2016). London : Springer, 2016. p. 111-124 (Lecture Notes in Computer Science; Vol. 9701).

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    TY - GEN

    T1 - In Whom Do We Trust - Sharing Security Events

    AU - Steinberger, Jessica

    AU - Kuhnert, Benjamin

    AU - Sperotto, Anna

    AU - Baier, Harald

    AU - Pras, Aiko

    PY - 2016/6/21

    Y1 - 2016/6/21

    N2 - Security event sharing is deemed of critical importance to counteract large-scale attacks at Internet service provider (ISP) networks as these attacks have become larger, more sophisticated and frequent. On the one hand, security event sharing is regarded to speed up organization's mitigation and response capabilities. On the other hand, it is currently done on an ad-hoc basis via email, member calls or in personal meetings only under the premise that participating partners are personally known to each other. As a consequence, mitigation and response actions are delayed and thus security events are not processed in time. One approach to reduce this delay and the time for manual processing is to disseminate security events among trusted partners. However, exchanging security events and semi-automatically deploying mitigation is currently not well established as a result of two shortcomings. First, the personal knowledge of each sharing partner to develop trust does not scale very well. Second, current exchange formats and protocols often are not able to use security mechanisms (e.g., encryption and signature) to ensure both confidentiality and integrity of the security event information and its remediation. The goal of this paper is to present a trust model that determines a trust and a knowledge level of a security event in order to deploy semi-automated remediations and facilitate the dissemination of security event information using the exchange format FLEX in the context of ISPs. We show that this trust model is scalable and helps to build a trust community in order to share information about threats and its remediation suggestions.

    AB - Security event sharing is deemed of critical importance to counteract large-scale attacks at Internet service provider (ISP) networks as these attacks have become larger, more sophisticated and frequent. On the one hand, security event sharing is regarded to speed up organization's mitigation and response capabilities. On the other hand, it is currently done on an ad-hoc basis via email, member calls or in personal meetings only under the premise that participating partners are personally known to each other. As a consequence, mitigation and response actions are delayed and thus security events are not processed in time. One approach to reduce this delay and the time for manual processing is to disseminate security events among trusted partners. However, exchanging security events and semi-automatically deploying mitigation is currently not well established as a result of two shortcomings. First, the personal knowledge of each sharing partner to develop trust does not scale very well. Second, current exchange formats and protocols often are not able to use security mechanisms (e.g., encryption and signature) to ensure both confidentiality and integrity of the security event information and its remediation. The goal of this paper is to present a trust model that determines a trust and a knowledge level of a security event in order to deploy semi-automated remediations and facilitate the dissemination of security event information using the exchange format FLEX in the context of ISPs. We show that this trust model is scalable and helps to build a trust community in order to share information about threats and its remediation suggestions.

    KW - IR-100706

    KW - METIS-317208

    KW - EWI-27040

    U2 - 10.1007/978-3-319-39814-3_11

    DO - 10.1007/978-3-319-39814-3_11

    M3 - Conference contribution

    SN - 978-3-319-39813-6

    T3 - Lecture Notes in Computer Science

    SP - 111

    EP - 124

    BT - Proceedings of the 10th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2016)

    PB - Springer

    CY - London

    ER -

    Steinberger J, Kuhnert B, Sperotto A, Baier H, Pras A. In Whom Do We Trust - Sharing Security Events. In Proceedings of the 10th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2016). London: Springer. 2016. p. 111-124. (Lecture Notes in Computer Science). https://doi.org/10.1007/978-3-319-39814-3_11