Skip to main content
SpringerLink
Log in

TATIS: Trustworthy APIs for Threat Intelligence Sharing with UMA and CP-ABE

  • Conference paper
  • First Online:
Book cover Foundations and Practice of Security (FPS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12056))

Included in the following conference series:

Abstract

Threat intelligence platforms offer cyber emergency teams and security stakeholders access to sightings of cyberthreats and indicators of compromise. Given the sensitivity of the information, access may be restricted to certain members within an organization, offered to the general public, or anything in between. Service providers that host such platforms typically expose APIs for threat event producers and consumers, and to enable interoperability with other threat intelligence platforms. Not only is API security a growing concern, the implied trust by threat event producers and consumers in the platform provider remains a non-trivial challenge. This paper addresses these challenges by offering protection against honest but curious platform providers, and putting the access control back into the hands of the owner or producer of the threat events. We present TATIS, a solution for fine-grained access control to protect threat intelligence APIs using User Managed Access (UMA) and Ciphertext-Policy Attribute-Based Encryption (CP-ABE). We test the feasibility of our solution using the Malware Information Sharing Platform (MISP). We validate our contribution from a security and privacy point of view. Experimental evaluation on a real-world OSINT threat intelligence dataset illustrates our solution imposes an acceptable performance overhead on the latency of API requests.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://docs.oasis-open.org/cti/stix/v2.0/stix-v2.0-part2-stix-objects.html.

  2. 2.

    https://www.us-cert.gov/tlp.

  3. 3.

    https://www.misp-project.org/.

  4. 4.

    https://www.circl.lu/doc/misp/automation/.

  5. 5.

    https://github.com/OWASP/API-Security/raw/develop/2019/en/dist/owasp-api-security-top-10.pdf.

  6. 6.

    https://www.keycloak.org/.

  7. 7.

    https://docs.kantarainitiative.org/uma/wg/rec-oauth-uma-grant-2.0.html.

References

  1. Bellare, M., Ristenpart, T., Rogaway, P., Stegers, T.: Format-preserving encryption. In: Jacobson, M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 295–312. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-05445-7_19

    Chapter  Google Scholar 

  2. Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: 2007 IEEE Symposium on Security and Privacy (SP 2007), pp. 321–334, May 2007

    Google Scholar 

  3. ENISA: Exploring the opportunities and limitations of current threat intelligence platforms. Technical report, December 2017. https://www.enisa.europa.eu/publications/exploring-the-opportunities-and-limitations-of-current-threat-intelligence-platforms

  4. Iklody, A., Wagener, G., Dulaunoy, A., Mokaddem, S., Wagner, C.: Decaying indicators of compromise. CoRR abs/1803.11052 (2018)

    Google Scholar 

  5. van de Kamp, T., Peter, A., Everts, M.H., Jonker, W.: Private sharing of IOCs and sightings. In: Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security, WISCS 2016, pp. 35–38. ACM, New York (2016)

    Google Scholar 

  6. Kellaris, G., Kollios, G., Nissim, K., O’Neill, A.: Generic attacks on secure outsourced databases. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 1329–1340. ACM, New York (2016)

    Google Scholar 

  7. Mokaddem, S., Wagener, G., Dulaunoy, A., Iklody, A.: Taxonomy driven indicator scoring in MISP threat intelligence platforms. CoRR abs/1902.03914 (2019)

    Google Scholar 

  8. Qamar, S., Anwar, Z., Rahman, M.A., Al-Shaer, E., Chu, B.T.: Data-driven analytics for cyber-threat intelligence and information sharing. Comput. Secur. 67(C), 35–58 (2017)

    Article  Google Scholar 

  9. Rissanen, E.: eXtensible Access Control Markup Language (XACML) Version 3.0. OASIS Standard, January 2013. http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html

  10. Sandall, T.: Open policy agent (2019). https://www.openpolicyagent.org/

  11. Sauerwein, C., Sillaber, C., Mussmann, A., Breu, R.: Threat intelligence sharing platforms: an exploratory study of software vendors and research perspectives. In: Leimeister, J.M., Brenner, W. (eds.) Towards Thought Leadership in Digital Transformation: 13. Internationale Tagung Wirtschaftsinformatik, WI 2017, St. Gallen, Switzerland, 12–15 February 2017 (2017)

    Google Scholar 

  12. Tounsi, W., Rais, H.: A survey on technical threat intelligence in the age of sophisticated cyber attacks. Comput. Secur. 72, 212–233 (2018)

    Article  Google Scholar 

  13. Wagner, C., Dulaunoy, A., Wagener, G., Iklody, A.: MISP: the design and implementation of a collaborative threat intelligence sharing platform. In: Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security, WISCS 2016, pp. 49–56. ACM, New York (2016)

    Google Scholar 

  14. Wang, J.: Java realization for ciphertext-policy attribute-based encryption (2012). https://github.com/junwei-wang/cpabe/

Download references

Acknowledgments

This research is partially funded by the Research Fund KU Leuven. Work for this paper was supported by the European Commission through the H2020 project CyberSec4Europe (https://www.cybersec4europe.eu/) under grant No. 830929.

Author information

Authors and Affiliations

  1. imec-DistriNet, KU Leuven, Celestijnenlaan 200A, 3001, Heverlee, Belgium

    Davy Preuveneers & Wouter Joosen

Authors
  1. Davy Preuveneers
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wouter Joosen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Davy Preuveneers .

Editor information

Editors and Affiliations

  1. Université Paul Sabatier (CNRS IRIT), Toulouse, France

    Abdelmalek Benzekri

  2. Carleton University, Ottawa, ON, Canada

    Michel Barbeau

  3. University of Waterloo, Waterloo, ON, Canada

    Guang Gong

  4. Université Paul Sabatier (CNRS IRIT), Toulouse, France

    Romain Laborde

  5. Telecom SudParis, IMT, Palaiseau, France

    Joaquin Garcia-Alfaro

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Preuveneers, D., Joosen, W. (2020). TATIS: Trustworthy APIs for Threat Intelligence Sharing with UMA and CP-ABE. In: Benzekri, A., Barbeau, M., Gong, G., Laborde, R., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2019. Lecture Notes in Computer Science(), vol 12056. Springer, Cham. https://doi.org/10.1007/978-3-030-45371-8_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-45371-8_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-45370-1

  • Online ISBN: 978-3-030-45371-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation