In Whom Do We Trust - Sharing Security Events

Abstract : Security event sharing is deemed of critical importance to counteract large-scale attacks at Internet service provider (ISP) networks as these attacks have become larger, more sophisticated and frequent. On the one hand, security event sharing is regarded to speed up organization’s mitigation and response capabilities. On the other hand, it is currently done on an ad-hoc basis via email, member calls or in personal meetings only under the premise that participating partners are personally known to each other. As a consequence, mitigation and response actions are delayed and thus security events are not processed in time. One approach to reduce this delay and the time for manual processing is to disseminate security events among trusted partners. However, exchanging security events and semi-automatically deploying mitigation is currently not well established as a result of two shortcomings. First, the personal knowledge of each sharing partner to develop trust does not scale very well. Second, current exchange formats and protocols often are not able to use security mechanisms (e.g., encryption and signature) to ensure both confidentiality and integrity of the security event information and its remediation. The goal of this paper is to present a trust model that determines a trust and a knowledge level of a security event in order to deploy semi-automated remediations and facilitate the dissemination of security event information using the exchange format FLEX in the context of ISPs. We show that this trust model is scalable and helps to build a trust community in order to share information about threats and its remediation suggestions.
Type de document :
Communication dans un congrès
Rémi Badonnel; Robert Koch; Aiko Pras; Martin Drašar; Burkhard Stiller. 10th IFIP International Conference on Autonomous Infrastructure, Management and Security (AIMS), Jun 2016, Munich, Germany. Springer International Publishing, Lecture Notes in Computer Science, LNCS-9701, pp.111-124, 2016, Management and Security in the Age of Hyperconnectivity. 〈10.1007/978-3-319-39814-3_11〉
Liste complète des métadonnées

Littérature citée [20 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01632748
Contributeur : Hal Ifip <>
Soumis le : vendredi 10 novembre 2017 - 15:27:53
Dernière modification le : vendredi 10 novembre 2017 - 15:31:10
Document(s) archivé(s) le : dimanche 11 février 2018 - 14:56:31

Fichier

 Accès restreint
Fichier visible le : 2019-01-01

Connectez-vous pour demander l'accès au fichier

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Jessica Steinberger, Benjamin Kuhnert, Anna Sperotto, Harald Baier, Aiko Pras. In Whom Do We Trust - Sharing Security Events. Rémi Badonnel; Robert Koch; Aiko Pras; Martin Drašar; Burkhard Stiller. 10th IFIP International Conference on Autonomous Infrastructure, Management and Security (AIMS), Jun 2016, Munich, Germany. Springer International Publishing, Lecture Notes in Computer Science, LNCS-9701, pp.111-124, 2016, Management and Security in the Age of Hyperconnectivity. 〈10.1007/978-3-319-39814-3_11〉. 〈hal-01632748〉

Partager

Métriques

Consultations de la notice

55