Abstract

Security event sharing is deemed of critical importance to counteract large-scale attacks at Internet service provider (ISP) networks as these attacks have become larger, more sophisticated and frequent. On the one hand, security event sharing is regarded to speed up organization's mitigation and response capabilities. On the other hand, it is currently done on an ad-hoc basis via email, member calls or in personal meetings only under the premise that participating partners are personally known to each other. As a consequence, mitigation and response actions are delayed and thus security events are not processed in time. One approach to reduce this delay and the time for manual processing is to disseminate security events among trusted partners. However, exchanging security events and semi-automatically deploying mitigation is currently not well established as a result of two shortcomings. First, the personal knowledge of each sharing partner to develop trust does not scale very well. Second, current exchange formats and protocols often are not able to use security mechanisms (e.g., encryption and signature) to ensure both confidentiality and integrity of the security event information and its remediation. The goal of this paper is to present a trust model that determines a trust and a knowledge level of a security event in order to deploy semi-automated remediations and facilitate the dissemination of security event information using the exchange format FLEX in the context of ISPs. We show that this trust model is scalable and helps to build a trust community in order to share information about threats and its remediation suggestions.
Original languageUndefined
Title of host publicationProceedings of the 10th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2016)
Place of PublicationLondon
PublisherSpringer Verlag
Pages111-124
Number of pages14
ISBN (Print)978-3-319-39813-6
DOIs
StatePublished - 21 Jun 2016

Publication series

NameLecture Notes in Computer Science
PublisherSpringer Verlag
Volume9701
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Fingerprint

Remediation
Internet service providers
Electronic mail
Cryptography

Keywords

  • IR-100706
  • METIS-317208
  • EWI-27040

Cite this

Steinberger, J., Kuhnert, B., Sperotto, A., Baier, H., & Pras, A. (2016). In Whom Do We Trust - Sharing Security Events. In Proceedings of the 10th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2016) (pp. 111-124). (Lecture Notes in Computer Science; Vol. 9701). London: Springer Verlag. DOI: 10.1007/978-3-319-39814-3_11

Steinberger, Jessica; Kuhnert, Benjamin; Sperotto, Anna; Baier, Harald; Pras, Aiko / In Whom Do We Trust - Sharing Security Events.

Proceedings of the 10th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2016). London : Springer Verlag, 2016. p. 111-124 (Lecture Notes in Computer Science; Vol. 9701).

Research output: Scientific - peer-reviewConference contribution

@inbook{a70f67de8b13424a9beb0a2d30db2a41,
title = "In Whom Do We Trust - Sharing Security Events",
abstract = "Security event sharing is deemed of critical importance to counteract large-scale attacks at Internet service provider (ISP) networks as these attacks have become larger, more sophisticated and frequent. On the one hand, security event sharing is regarded to speed up organization's mitigation and response capabilities. On the other hand, it is currently done on an ad-hoc basis via email, member calls or in personal meetings only under the premise that participating partners are personally known to each other. As a consequence, mitigation and response actions are delayed and thus security events are not processed in time. One approach to reduce this delay and the time for manual processing is to disseminate security events among trusted partners. However, exchanging security events and semi-automatically deploying mitigation is currently not well established as a result of two shortcomings. First, the personal knowledge of each sharing partner to develop trust does not scale very well. Second, current exchange formats and protocols often are not able to use security mechanisms (e.g., encryption and signature) to ensure both confidentiality and integrity of the security event information and its remediation. The goal of this paper is to present a trust model that determines a trust and a knowledge level of a security event in order to deploy semi-automated remediations and facilitate the dissemination of security event information using the exchange format FLEX in the context of ISPs. We show that this trust model is scalable and helps to build a trust community in order to share information about threats and its remediation suggestions.",
keywords = "IR-100706, METIS-317208, EWI-27040",
author = "Jessica Steinberger and Benjamin Kuhnert and Anna Sperotto and Harald Baier and Aiko Pras",
note = "eemcs-eprint-27040",
year = "2016",
month = "6",
doi = "10.1007/978-3-319-39814-3_11",
isbn = "978-3-319-39813-6",
series = "Lecture Notes in Computer Science",
publisher = "Springer Verlag",
pages = "111--124",
booktitle = "Proceedings of the 10th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2016)",

}

Steinberger, J, Kuhnert, B, Sperotto, A, Baier, H & Pras, A 2016, In Whom Do We Trust - Sharing Security Events. in Proceedings of the 10th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2016). Lecture Notes in Computer Science, vol. 9701, Springer Verlag, London, pp. 111-124. DOI: 10.1007/978-3-319-39814-3_11

In Whom Do We Trust - Sharing Security Events. / Steinberger, Jessica; Kuhnert, Benjamin; Sperotto, Anna; Baier, Harald; Pras, Aiko.

Proceedings of the 10th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2016). London : Springer Verlag, 2016. p. 111-124 (Lecture Notes in Computer Science; Vol. 9701).

Research output: Scientific - peer-reviewConference contribution

TY - CHAP

T1 - In Whom Do We Trust - Sharing Security Events

AU - Steinberger,Jessica

AU - Kuhnert,Benjamin

AU - Sperotto,Anna

AU - Baier,Harald

AU - Pras,Aiko

N1 - eemcs-eprint-27040

PY - 2016/6/21

Y1 - 2016/6/21

N2 - Security event sharing is deemed of critical importance to counteract large-scale attacks at Internet service provider (ISP) networks as these attacks have become larger, more sophisticated and frequent. On the one hand, security event sharing is regarded to speed up organization's mitigation and response capabilities. On the other hand, it is currently done on an ad-hoc basis via email, member calls or in personal meetings only under the premise that participating partners are personally known to each other. As a consequence, mitigation and response actions are delayed and thus security events are not processed in time. One approach to reduce this delay and the time for manual processing is to disseminate security events among trusted partners. However, exchanging security events and semi-automatically deploying mitigation is currently not well established as a result of two shortcomings. First, the personal knowledge of each sharing partner to develop trust does not scale very well. Second, current exchange formats and protocols often are not able to use security mechanisms (e.g., encryption and signature) to ensure both confidentiality and integrity of the security event information and its remediation. The goal of this paper is to present a trust model that determines a trust and a knowledge level of a security event in order to deploy semi-automated remediations and facilitate the dissemination of security event information using the exchange format FLEX in the context of ISPs. We show that this trust model is scalable and helps to build a trust community in order to share information about threats and its remediation suggestions.

AB - Security event sharing is deemed of critical importance to counteract large-scale attacks at Internet service provider (ISP) networks as these attacks have become larger, more sophisticated and frequent. On the one hand, security event sharing is regarded to speed up organization's mitigation and response capabilities. On the other hand, it is currently done on an ad-hoc basis via email, member calls or in personal meetings only under the premise that participating partners are personally known to each other. As a consequence, mitigation and response actions are delayed and thus security events are not processed in time. One approach to reduce this delay and the time for manual processing is to disseminate security events among trusted partners. However, exchanging security events and semi-automatically deploying mitigation is currently not well established as a result of two shortcomings. First, the personal knowledge of each sharing partner to develop trust does not scale very well. Second, current exchange formats and protocols often are not able to use security mechanisms (e.g., encryption and signature) to ensure both confidentiality and integrity of the security event information and its remediation. The goal of this paper is to present a trust model that determines a trust and a knowledge level of a security event in order to deploy semi-automated remediations and facilitate the dissemination of security event information using the exchange format FLEX in the context of ISPs. We show that this trust model is scalable and helps to build a trust community in order to share information about threats and its remediation suggestions.

KW - IR-100706

KW - METIS-317208

KW - EWI-27040

U2 - 10.1007/978-3-319-39814-3_11

DO - 10.1007/978-3-319-39814-3_11

M3 - Conference contribution

SN - 978-3-319-39813-6

T3 - Lecture Notes in Computer Science

SP - 111

EP - 124

BT - Proceedings of the 10th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2016)

PB - Springer Verlag

ER -

Steinberger J, Kuhnert B, Sperotto A, Baier H, Pras A. In Whom Do We Trust - Sharing Security Events. In Proceedings of the 10th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2016). London: Springer Verlag. 2016. p. 111-124. (Lecture Notes in Computer Science). Available from, DOI: 10.1007/978-3-319-39814-3_11