skip to main content
10.1145/3339252.3340509acmotherconferencesArticle/Chapter ViewAbstractPublication PagesaresConference Proceedingsconference-collections
research-article

Automated Cyber Threat Sensing and Responding: Integrating Threat Intelligence into Security-Policy-Controlled Systems

Published: 26 August 2019 Publication History

Abstract

Cyber security management requires fast and cost efficient responses to threat alerts. Automation of cyber threat sensing and responding is one way to achieve immediate reactions to imminent threats. There are already tools for an extensive automation of threat sensing, e.g. threat intelligence sharing platforms. Methods, techniques and tools for reacting to menacing states and events, e.g. security-policy-controlled systems, have also been explored and published for some time. What is still missing, however, is the integration of these two approaches. This paper describes first steps towards an integration of threat intelligence sharing platforms and security-policy-controlled systems. We present a conceptual design for threat reaction strategies, security architectures and mechanisms and information representation requirements. We use two exemplary threat scenarios to demonstrate our proposals.

References

[1]
Md Sahrom Abu, Siti Rahayu Selamat, Aswami Ariffin, and Robiah Yusof. 2018. Cyber Threat Intelligence--Issue and Challenges. Indonesian Journal of Electrical Engineering and Computer Science 10, 1 (2018), 371--379.
[2]
Peter Amthor. 2019. Aspect-oriented Security Engineering. Cuvillier Verlag, Göttingen, Germany. 260 pages. ISBN 978-3-7369-9980-0.
[3]
James P. Anderson. 1972. Computer Security Technology Planning Study. Technical Report ESD-TR-73-51. Air Force Electronic Systems Division, Hanscom AFB, Bedford, MA, USA. Also available as Vol. I, DITCAD-758206. Vol. II DITCAD-772806.
[4]
Syam Appala, Nancy Cam-Winget, David McGrew, and Jyoti Verma. 2015. An Actionable Threat Intelligence System Using a Publish-Subscribe Communications Model. In Proceedings of the 2Nd ACM Workshop on Information Sharing and Collaborative Security (WISCS '15). ACM, New York, NY, USA, 61--70.
[5]
D. Elliott Bell and Leonard J. LaPadula. 1976. Secure Computer System: Unified Exposition and Multics Interpretation. Technical Report AD-A023 588. MITRE.
[6]
Guillaume Benats, Arosha Bandara, Yijun Yu, Jean-Noël Colin, and Bashar Nuseibeh. 2011. PrimAndroid: Privacy Policy Modelling and Analysis for Android Applications. In 2011 IEEE International Symposium on Policies for Distributed Systems and Networks (Policy 2011). IEEE, 129--132.
[7]
Elisa Bertino, Piero Andrea Bonatti, and Elena Ferrari. 2001. TRBAC: A Temporal Role-based Access Control Model. ACM Trans. Inf. Syst. Secur. 4, 3 (Aug. 2001), 191--233.
[8]
Sarah Brown, Joep Gommers, and Oscar Serrano. 2015. From Cyber Security Information Sharing to Threat Management. In Proceedings of the 2Nd ACM Workshop on Information Sharing and Collaborative Security (WISCS '15). ACM, New York, NY, USA, 43--49.
[9]
Liang Chen and Jason Crampton. 2012. Risk-Aware Role-based Access Control. In Proceedings of the 7th International Conference on Security and Trust Management (STM'11). Springer-Verlag, Berlin, Heidelberg, 140--156.
[10]
David Chismon and Martyn Ruks. 2015. Threat intelligence: Collecting, analysing, evaluating. Technical Report. Basingstoke, UK.
[11]
Jason Crampton, Gregory Gutin, and Rémi Watrigant. 2016. Resiliency Policies in Access Control Revisited. In Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies (SACMAT '16). ACM, New York, NY, USA, 101--111.
[12]
Luc Dandurand and Oscar Serrano. 2013. Towards improved cyber security information sharing. In 2013 5th International Conference on Cyber Conflict (CYCON 2013). IEEE, 1--16.
[13]
Maryam Davari and Elisa Bertino. 2018. Reactive Access Control Systems. In Proceedings of the 23nd ACM Symposium on Access Control Models and Technologies (SACMAT '18). ACM, New York, NY, USA, 205--207.
[14]
Daniel Díaz-López, Ginés Dólera-Tormo, Félix Gómez-Mármol, and Gregorio Martínez-Pérez. 2016. Dynamic Counter-measures for Risk-based Access Control Systems. Future Gener. Comput. Syst. 55, C (Feb. 2016), 321--335.
[15]
OASIS Cyber Threat Intelligence (CTI) Technical Committee (Ed.). 2017. STIX™ Version 2.0. Part 2: STIX Objects. Committee Specification 01. Retrieved April 1, 2019 from http://docs.oasis-open.org/cti/stix/v2.0/cs01/part2-stix-objects/stix-v2.0-cs01-part2-stix-objects.html
[16]
ENISA. 2018. Exploring the opportunities and limitations of current Threat Intelligence Platforms. Technical Report. Heraklion, Greece.
[17]
David Ferraiolo, Ramaswamy Chandramouli, Rick Kuhn, and Vincent Hu. 2016. Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC). In Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control (ABAC '16). ACM, New York, NY, USA, 13--24.
[18]
David Ferraiolo, D. Richard Kuhn, and Ramaswamy Chandramouli. 2007. Role-Based Access Control. Artech House. 381 pages. Second Edition, ISBN 978-1-59693-113-8.
[19]
David F. Ferraiolo, Serban I. Gavrila, and Wayne Jansen. 2015. Policy Machine: Features, Architecture, and Specification. Technical Report NIST Interagency/Internal Report (NISTIR) -- 7987 Rev 1. National Institute of Standards and Technology, Palo Alto, CA 94301.
[20]
Jon Friedman and Mark Bouchard. 2015. Definitive guide to cyber threat intelligence. Technical Report. Annapolis, MD, USA.
[21]
Joseph A. Goguen and José Meseguer. 1982. Security Policies and Security Models. In Proc. IEEE Symposium on Security and Privacy. IEEE, 11--20.
[22]
Jeff Gothelf and Josh Seiden. 2017. Sense and Respond - How Successful Organizations Listen to Customers and Create New Products Continuously. Harvard Business Press, Boston, MA, USA.
[23]
Roger A. Grimes and Jesper M. Johansson. 2007. Windows Vista Security: Securing Vista Against Malicious Attacks. John Wiley & Sons, Inc., New York, NY, USA.
[24]
Mathias Gschwandtner, Lukas Demetz, Matthias Gander, and Ronald Maier. 2018. Integrating Threat Intelligence to Enhance an Organization's Information Security Management. In Proceedings of the 13th International Conference on Availability, Reliability and Security (ARES 2018). ACM, New York, NY, USA, Article 37, 8 pages.
[25]
Andy Chunliang Hsu and Indrakshi Ray. 2016. Specification and Enforcement of Location-Aware Attribute-Based Access Control for Online Social Networks. In Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control (ABAC '16). ACM, New York, NY, USA, 25--34.
[26]
International Organization for Standardization. 2016. ISO/IEC 27035:2016: Information technology -- Security techniques -- Information security incident management. ISO 27035:2016. International Organization for Standardization (ISO), Geneva, Switzerland.
[27]
Jesper M. Johansson. 2008. The Long-Term Impact of User Account Control. https://technet.microsoft.com/en-us/library/2007.09.securitywatch.aspx {Online; accessed 2017-11-10}.
[28]
Chris Johnson, Lee Badger, David Waltermire, Julie Snyder, and Clem Skorupka. 2016. Guide to cyber threat information sharing. NIST special publication 800-150. Technical Report. Gaithersburg, MD, USA.
[29]
Panos Kampanakis. 2014. Security automation and threat information-sharing options. IEEE Security & Privacy 12, 5 (2014), 42--51.
[30]
Winfried E. Kühnhauser. 2004. Root Kits: An Operating Systems Viewpoint. SIGOPS Operating Systems Review 38, 1 (Jan. 2004), 12--23.
[31]
Robert M. Lee. 2016. Intelligence Defined and its Impact on Cyber Threat Intelligence. Retrieved March 2, 2019 from http://robertmlee.org/intelligencedefined-and-its-impact-on-cyber-threat-intelligence
[32]
Peter A. Loscocco and Stephen D. Smalley. 2001. Integrating Flexible Support for Security Policies into the Linux Operating System. In 2001 USENIX Annual Technical Conference, Clem Cole (Ed.). 29--42.
[33]
Rob McMillan. 2013. Definition: Threat Intelligence. Retrieved March 29, 2019 from https://www.gartner.com/doc/2487216/definition-threat-intelligence
[34]
Florian Menges and Günther Pernul. 2018. A comparative analysis of incident reporting formats. Computers & Security 73 (2018), 87--101.
[35]
Jelena Mirkovic and Peter Reiher. 2004. A Taxonomy of DDoS Attack and DDoS Defense Mechanisms. SIGCOMM Computer Communication Review 34, 2 (April 2004), 39--53.
[36]
Aziz Mohaisen, Omar Al-Ibrahim, Charles Kamhoua, Kevin Kwiat, and Laurent Njilla. 2017. Rethinking Information Sharing for Threat Intelligence. In Proceedings of the Fifth ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies (HotWeb '17). ACM, New York, NY, USA, Article 6, 7 pages.
[37]
Raydel Montesino and Stefan Fenz. 2011. Information Security Automation: How Far Can We Go?. In 2011 Sixth International Conference on Availability, Reliability and Security. 280--285.
[38]
Qun Ni, Elisa Bertino, and Jorge Lobo. 2010. Risk-based Access Control Systems Built on Fuzzy Inferences. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS '10). ACM, New York, NY, USA, 250--260.
[39]
Ken Peffers, Tuure Tuunanen, Marcus A Rothenberger, and Samir Chatterjee. 2007. A design science research methodology for information systems research. Journal of management information systems 24, 3 (2007), 45--77.
[40]
Paul Poputa-Clean. 2015. Automated Defense - Using Threat Intelligence to Augment Security. Technical Report. Swansea, SA3 9BB, UK.
[41]
Syed Zain R. Rizvi, Philip W.L. Fong, Jason Crampton, and James Sellwood. 2015. Relationship-Based Access Control for an Open-Source Medical Records System. In Proceedings of the 20th ACM Symposium on Access Control Models and Technologies (SACMAT '15). ACM, New York, NY, USA, 113--124.
[42]
John Rushby. 1992. Noninterference, Transitivity, and Channel-Control Security Policies. Technical Report. http://www.csl.sri.com/papers/csl-92-2/
[43]
Giovanni Russello, Mauro Conti, Bruno Crispo, and Earlence Fernandes. 2012. MOSES: Supporting Operation Modes on Smartphones. In Proceedings of the 17th ACM symposium on Access Control Models and Technologies (SACMAT '12). ACM, New York, NY, USA, 3--12.
[44]
Clemens Sauerwein, Christian Sillaber, Andrea Mussmann, and Ruth Breu. 2017. Threat Intelligence Sharing Platforms: An Exploratory Study of Software Vendors and Research Perspectives. In Proceedings of the 13th International Conference on Wirtschaftsinformatik (WI 2017). 837--851.
[45]
Oscar Serrano, Luc Dandurand, and Sarah Brown. 2014. On the design of a cyber security data sharing system. In Proceedings of the 2014 ACM Workshop on Information Sharing & Collaborative Security (WISCS '14). ACM, New York, NY, USA, 61--69.
[46]
Daniel Servos and Sylvia L. Osborn. 2017. Current Research and Open Problems in Attribute-Based Access Control. ACM Comput. Surv. 49, 4 (Jan. 2017), 65:1--65:45.
[47]
Giuseppe Settanni, Yegor Shovgenya, Florian Skopik, Roman Graf, Markus Wurzenberger, and Roman Fiedler. 2017. Acquiring Cyber Threat Intelligence through Security Information Correlation. In 2017 3rd IEEE International Conference on Cybernetics (CYBCONF). IEEE, 1--7.
[48]
Dave Shackleford. 2015. Who's using cyberthreat intelligence and how. Technical Report. Swansea, SA3 9BB, UK.
[49]
Jonathan Shahen, Jianwei Niu, and Mahesh Tripunitara. 2015. Mohawk+T: Efficient Analysis of Administrative Temporal Role-Based Access Control (ATRBAC) Policies. In Proceedings of the 20th ACM Symposium on Access Control Models and Technologies (SACMAT '15). ACM, New York, NY, USA, 15--26.
[50]
Bilal Shebaro, Oyindamola Oluwatimi, and Elisa Bertino. 2014. Context-based Access Control Systems for Mobile Devices. IEEE Transactions on Dependable and Secure Computing 12, 2 (April 2014), 150--163.
[51]
Florian Skopik, Giuseppe Settanni, and Roman Fiedler. 2016. A problem shared is a problem halved: A survey on the dimensions of collective cyber defense through security information sharing. Computers & Security 60 (2016), 154--176.
[52]
Wiem Tounsi and Helmi Rais. 2018. A survey on technical threat intelligence in the age of sophisticated cyber attacks. Computers & Security 72 (2018), 212--233.
[53]
Sabrina De Capitani di Vimercati, Pierangela Samarati, and Sushil Jajodia. 2005. Policies, Models, and Languages for Access Control. In 4th International Workshop on Databases in Networkes Information Systems (DNIS 2005). LNCS, Vol. 3433/2005. Springer, 225--237.
[54]
Rossouw von Solms and Johan van Niekerk. 2013. From information security to cyber security. IEEE Security & Privacy 38 (2013), 97--102. Cybercrime in the Digital Economy.
[55]
Cynthia Wagner, Alexandre Dulaunoy, Gérard Wagener, and Andras Iklody. 2016. MISP: The Design and Implementation of a Collaborative Threat Intelligence Sharing Platform. In Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security (WISCS '16). ACM, New York, NY, USA, 49--56.
[56]
Qihua Wang and Ninghui Li. 2010. Satisfiability and Resiliency in Workflow Authorization Systems. ACM Trans. Inf. Syst. Secur. 13, 4 (Dec. 2010), 40:1--40:35.
[57]
Giorgio Zanin and Luigi Vincenzo Mancini. 2004. Towards a Formal Model for Security Policies Specification and Validation in the SELinux System. In Proc. of the 9th ACM Symposium on Access Control Models and Technologies. ACM, 136--145.
[58]
Nickolai Zeldovich, Silas Boyd-Wickizer, and David Mazières. 2008. Securing Distributed Systems with Information Flow Control. In NSDI'08: Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation. USENIX Association, Berkeley, CA, USA, 293--308.
[59]
Guangsen Zhang and Manish Parashar. 2004. Context-aware Dynamic Access Control for Pervasive Applications. In Proceedings of the Communication Networks and Distributed Systems Modeling and Simulation Conference (CNDS 2004), 2004 Western MultiConference (WMC). San Diego, CA, USA. TASSL/Papers/automate-sesame-cnds-04.pdf
[60]
Rui Zhang, Fausto Giunchiglia, Bruno Crispo, and Lingyang Song. 2010. Relation-Based Access Control: An Access Control Model for Context-Aware Computing Environment. Wireless Personal Communications 55, 1 (2010), 5--17.
[61]
Yongsheng S. Zhang, Mingfeng F. Wu, Lei Wu, and Yuanyuan Y. Li. 2014. Attribute-Based Access Control Security Model in Service-Oriented Computing. Springer New York, New York, NY, 1473--1479.
[62]
Wanying Zhao and Gregory White. 2012. A collaborative information sharing framework for community cyber security. In 2012 IEEE Conference on Technologies for Homeland Security (HST). IEEE, 457--462.

Cited By

View all
  • (2024)INTEGRATION AND AUTOMATION IN ACTIVE PROTECTION OF NETWORK RESOURCES: PROSPECTS FOR DEVELOPMENTBULLETIN Series of Physics & Mathematical Sciences10.51889/2959-5894.2024.86.2.01786:2Online publication date: Jun-2024
  • (2024)Enhancing Cyber-Threat Intelligence in the Arab World: Leveraging IoC and MISP IntegrationElectronics10.3390/electronics1313252613:13(2526)Online publication date: 27-Jun-2024
  • (2024)Sharing Is Caring: Hurdles and Prospects of Open, Crowd-Sourced Cyber Threat IntelligenceIEEE Transactions on Engineering Management10.1109/TEM.2023.3279274(1-20)Online publication date: 2024
  • Show More Cited By

Index Terms

  1. Automated Cyber Threat Sensing and Responding: Integrating Threat Intelligence into Security-Policy-Controlled Systems

        Recommendations

        Comments

        Information & Contributors

        Information

        Published In

        cover image ACM Other conferences
        ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security
        August 2019
        979 pages
        ISBN:9781450371643
        DOI:10.1145/3339252
        Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        Published: 26 August 2019

        Permissions

        Request permissions for this article.

        Check for updates

        Author Tags

        1. Conceptual Integration Design
        2. Cyber Threat Sensing and Responding
        3. Security Automation
        4. Security Policies
        5. Threat Intelligence Sharing Platforms

        Qualifiers

        • Research-article
        • Research
        • Refereed limited

        Conference

        ARES '19

        Acceptance Rates

        Overall Acceptance Rate 228 of 451 submissions, 51%

        Contributors

        Other Metrics

        Bibliometrics & Citations

        Bibliometrics

        Article Metrics

        • Downloads (Last 12 months)54
        • Downloads (Last 6 weeks)5
        Reflects downloads up to 15 Feb 2025

        Other Metrics

        Citations

        Cited By

        View all
        • (2024)INTEGRATION AND AUTOMATION IN ACTIVE PROTECTION OF NETWORK RESOURCES: PROSPECTS FOR DEVELOPMENTBULLETIN Series of Physics & Mathematical Sciences10.51889/2959-5894.2024.86.2.01786:2Online publication date: Jun-2024
        • (2024)Enhancing Cyber-Threat Intelligence in the Arab World: Leveraging IoC and MISP IntegrationElectronics10.3390/electronics1313252613:13(2526)Online publication date: 27-Jun-2024
        • (2024)Sharing Is Caring: Hurdles and Prospects of Open, Crowd-Sourced Cyber Threat IntelligenceIEEE Transactions on Engineering Management10.1109/TEM.2023.3279274(1-20)Online publication date: 2024
        • (2023)Actionable Cyber Threat Intelligence for Automated Incident ResponseSecure IT Systems10.1007/978-3-031-22295-5_20(368-385)Online publication date: 1-Jan-2023
        • (2022)Zero Trust Architecture (ZTA): A Comprehensive SurveyIEEE Access10.1109/ACCESS.2022.317467910(57143-57179)Online publication date: 2022
        • (2022)Blockchain-Based Automated and Robust Cyber Security ManagementJournal of Parallel and Distributed Computing10.1016/j.jpdc.2022.01.002Online publication date: Feb-2022
        • (2022)A Review of Cyber Threat (Artificial) Intelligence in Security ManagementArtificial Intelligence and Cybersecurity10.1007/978-3-031-15030-2_2(29-45)Online publication date: 8-Dec-2022
        • (2021)From Threat Data to Actionable Intelligence: An Exploratory Analysis of the Intelligence Cycle Implementation in Cyber Threat Intelligence Sharing PlatformsProceedings of the 16th International Conference on Availability, Reliability and Security10.1145/3465481.3470048(1-9)Online publication date: 17-Aug-2021
        • (2020)Distributed Security Framework for Reliable Threat Intelligence SharingSecurity and Communication Networks10.1155/2020/88337652020Online publication date: 1-Jan-2020

        View Options

        Login options

        View options

        PDF

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        Figures

        Tables

        Media

        Share

        Share

        Share this Publication link

        Share on social media