In Whom Do We Trust - Sharing Security Events

Jessica Steinberger; Benjamin Kuhnert; Anna Sperotto; Harald Baier; Aiko Pras

doi:10.1007/978-3-319-39814-3_11

In Whom Do We Trust - Sharing Security Events

Jessica Steinberger
, Benjamin Kuhnert
, Anna Sperotto
, Harald Baier
, Aiko Pras

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

7 Citations (Scopus)

82 Downloads (Pure)

Abstract

Security event sharing is deemed of critical importance to counteract large-scale attacks at Internet service provider (ISP) networks as these attacks have become larger, more sophisticated and frequent. On the one hand, security event sharing is regarded to speed up organization's mitigation and response capabilities. On the other hand, it is currently done on an ad-hoc basis via email, member calls or in personal meetings only under the premise that participating partners are personally known to each other. As a consequence, mitigation and response actions are delayed and thus security events are not processed in time. One approach to reduce this delay and the time for manual processing is to disseminate security events among trusted partners. However, exchanging security events and semi-automatically deploying mitigation is currently not well established as a result of two shortcomings. First, the personal knowledge of each sharing partner to develop trust does not scale very well. Second, current exchange formats and protocols often are not able to use security mechanisms (e.g., encryption and signature) to ensure both confidentiality and integrity of the security event information and its remediation. The goal of this paper is to present a trust model that determines a trust and a knowledge level of a security event in order to deploy semi-automated remediations and facilitate the dissemination of security event information using the exchange format FLEX in the context of ISPs. We show that this trust model is scalable and helps to build a trust community in order to share information about threats and its remediation suggestions.

Original language	English
Title of host publication	Proceedings of the 10th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2016)
Place of Publication	London
Publisher	Springer
Pages	111-124
Number of pages	14
ISBN (Print)	978-3-319-39813-6
DOIs	https://doi.org/10.1007/978-3-319-39814-3_11
Publication status	Published - 21 Jun 2016
Event	10th IFIP WG 6.6 International Conference on Management and Security in the Age of Hyperconnectivity, AIMS 2016 - Munich, Germany Duration: 20 Jun 2016 → 23 Jun 2016 Conference number: 10

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer Verlag
Volume	9701
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	10th IFIP WG 6.6 International Conference on Management and Security in the Age of Hyperconnectivity, AIMS 2016
Abbreviated title	AIMS 2016
Country/Territory	Germany
City	Munich
Period	20/06/16 → 23/06/16

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

SDG 9 Industry, Innovation, and Infrastructure

Keywords

IR-100706
METIS-317208
EWI-27040

Access to Document

10.1007/978-3-319-39814-3_11

7 Citations
1 Book editing
1 PhD Thesis - Research UT, graduation UT

Distributed DDoS Defense - A collaborative Approach at Internet Scale
Steinberger, J., 19 Sept 2018, University of Twente. 209 p.
Research output: Thesis › PhD Thesis - Research UT, graduation UT

Open Access
File

2735 Downloads (Pure)
SPRING 2016, Darmstadt, Germany: Proceedings of the 11th SPRING graduate workshop of the special interest group Security – Intrusion Detection and Response (SIDAR) of the German informatics Society (GI)
Steinberger, J. (Editor), Jun 2016, Germany: German Informatics Society (GI). 22 p. (SIDAR-Reports; vol. SR-2016-01)
Research output: Book/Report › Book editing › Academic

Open Access
File

Cite this

@inproceedings{a70f67de8b13424a9beb0a2d30db2a41,

title = "In Whom Do We Trust - Sharing Security Events",

abstract = "Security event sharing is deemed of critical importance to counteract large-scale attacks at Internet service provider (ISP) networks as these attacks have become larger, more sophisticated and frequent. On the one hand, security event sharing is regarded to speed up organization's mitigation and response capabilities. On the other hand, it is currently done on an ad-hoc basis via email, member calls or in personal meetings only under the premise that participating partners are personally known to each other. As a consequence, mitigation and response actions are delayed and thus security events are not processed in time. One approach to reduce this delay and the time for manual processing is to disseminate security events among trusted partners. However, exchanging security events and semi-automatically deploying mitigation is currently not well established as a result of two shortcomings. First, the personal knowledge of each sharing partner to develop trust does not scale very well. Second, current exchange formats and protocols often are not able to use security mechanisms (e.g., encryption and signature) to ensure both confidentiality and integrity of the security event information and its remediation. The goal of this paper is to present a trust model that determines a trust and a knowledge level of a security event in order to deploy semi-automated remediations and facilitate the dissemination of security event information using the exchange format FLEX in the context of ISPs. We show that this trust model is scalable and helps to build a trust community in order to share information about threats and its remediation suggestions.",

keywords = "IR-100706, METIS-317208, EWI-27040",

author = "Jessica Steinberger and Benjamin Kuhnert and Anna Sperotto and Harald Baier and Aiko Pras",

year = "2016",

month = jun,

day = "21",

doi = "10.1007/978-3-319-39814-3\_11",

language = "English",

isbn = "978-3-319-39813-6",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "111--124",

booktitle = "Proceedings of the 10th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2016)",

address = "Germany",

note = "10th IFIP WG 6.6 International Conference on Management and Security in the Age of Hyperconnectivity, AIMS 2016, AIMS 2016 ; Conference date: 20-06-2016 Through 23-06-2016",

}

Steinberger, J, Kuhnert, B, Sperotto, A, Baier, H & Pras, A 2016, In Whom Do We Trust - Sharing Security Events. in Proceedings of the 10th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2016). Lecture Notes in Computer Science, vol. 9701, Springer, London, pp. 111-124, 10th IFIP WG 6.6 International Conference on Management and Security in the Age of Hyperconnectivity, AIMS 2016, Munich, Germany, 20/06/16. https://doi.org/10.1007/978-3-319-39814-3_11

In Whom Do We Trust - Sharing Security Events. / Steinberger, Jessica; Kuhnert, Benjamin; Sperotto, Anna et al.
Proceedings of the 10th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2016). London: Springer, 2016. p. 111-124 (Lecture Notes in Computer Science; Vol. 9701).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - In Whom Do We Trust - Sharing Security Events

AU - Steinberger, Jessica

AU - Kuhnert, Benjamin

AU - Sperotto, Anna

AU - Baier, Harald

AU - Pras, Aiko

N1 - Conference code: 10

PY - 2016/6/21

Y1 - 2016/6/21

N2 - Security event sharing is deemed of critical importance to counteract large-scale attacks at Internet service provider (ISP) networks as these attacks have become larger, more sophisticated and frequent. On the one hand, security event sharing is regarded to speed up organization's mitigation and response capabilities. On the other hand, it is currently done on an ad-hoc basis via email, member calls or in personal meetings only under the premise that participating partners are personally known to each other. As a consequence, mitigation and response actions are delayed and thus security events are not processed in time. One approach to reduce this delay and the time for manual processing is to disseminate security events among trusted partners. However, exchanging security events and semi-automatically deploying mitigation is currently not well established as a result of two shortcomings. First, the personal knowledge of each sharing partner to develop trust does not scale very well. Second, current exchange formats and protocols often are not able to use security mechanisms (e.g., encryption and signature) to ensure both confidentiality and integrity of the security event information and its remediation. The goal of this paper is to present a trust model that determines a trust and a knowledge level of a security event in order to deploy semi-automated remediations and facilitate the dissemination of security event information using the exchange format FLEX in the context of ISPs. We show that this trust model is scalable and helps to build a trust community in order to share information about threats and its remediation suggestions.

AB - Security event sharing is deemed of critical importance to counteract large-scale attacks at Internet service provider (ISP) networks as these attacks have become larger, more sophisticated and frequent. On the one hand, security event sharing is regarded to speed up organization's mitigation and response capabilities. On the other hand, it is currently done on an ad-hoc basis via email, member calls or in personal meetings only under the premise that participating partners are personally known to each other. As a consequence, mitigation and response actions are delayed and thus security events are not processed in time. One approach to reduce this delay and the time for manual processing is to disseminate security events among trusted partners. However, exchanging security events and semi-automatically deploying mitigation is currently not well established as a result of two shortcomings. First, the personal knowledge of each sharing partner to develop trust does not scale very well. Second, current exchange formats and protocols often are not able to use security mechanisms (e.g., encryption and signature) to ensure both confidentiality and integrity of the security event information and its remediation. The goal of this paper is to present a trust model that determines a trust and a knowledge level of a security event in order to deploy semi-automated remediations and facilitate the dissemination of security event information using the exchange format FLEX in the context of ISPs. We show that this trust model is scalable and helps to build a trust community in order to share information about threats and its remediation suggestions.

KW - IR-100706

KW - METIS-317208

KW - EWI-27040

U2 - 10.1007/978-3-319-39814-3_11

DO - 10.1007/978-3-319-39814-3_11

M3 - Conference contribution

SN - 978-3-319-39813-6

T3 - Lecture Notes in Computer Science

SP - 111

EP - 124

BT - Proceedings of the 10th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2016)

PB - Springer

CY - London

T2 - 10th IFIP WG 6.6 International Conference on Management and Security in the Age of Hyperconnectivity, AIMS 2016

Y2 - 20 June 2016 through 23 June 2016

ER -

In Whom Do We Trust - Sharing Security Events

Abstract

Publication series

Conference

UN SDGs

Keywords

Access to Document

Fingerprint

Research output

Distributed DDoS Defense - A collaborative Approach at Internet Scale

SPRING 2016, Darmstadt, Germany: Proceedings of the 11th SPRING graduate workshop of the special interest group Security – Intrusion Detection and Response (SIDAR) of the German informatics Society (GI)

Cite this