ABSTRACT
Cyber security management requires fast and cost efficient responses to threat alerts. Automation of cyber threat sensing and responding is one way to achieve immediate reactions to imminent threats. There are already tools for an extensive automation of threat sensing, e.g. threat intelligence sharing platforms. Methods, techniques and tools for reacting to menacing states and events, e.g. security-policy-controlled systems, have also been explored and published for some time. What is still missing, however, is the integration of these two approaches. This paper describes first steps towards an integration of threat intelligence sharing platforms and security-policy-controlled systems. We present a conceptual design for threat reaction strategies, security architectures and mechanisms and information representation requirements. We use two exemplary threat scenarios to demonstrate our proposals.
- Md Sahrom Abu, Siti Rahayu Selamat, Aswami Ariffin, and Robiah Yusof. 2018. Cyber Threat Intelligence--Issue and Challenges. Indonesian Journal of Electrical Engineering and Computer Science 10, 1 (2018), 371--379.Google ScholarCross Ref
- Peter Amthor. 2019. Aspect-oriented Security Engineering. Cuvillier Verlag, Göttingen, Germany. 260 pages. ISBN 978-3-7369-9980-0.Google Scholar
- James P. Anderson. 1972. Computer Security Technology Planning Study. Technical Report ESD-TR-73-51. Air Force Electronic Systems Division, Hanscom AFB, Bedford, MA, USA. Also available as Vol. I, DITCAD-758206. Vol. II DITCAD-772806.Google Scholar
- Syam Appala, Nancy Cam-Winget, David McGrew, and Jyoti Verma. 2015. An Actionable Threat Intelligence System Using a Publish-Subscribe Communications Model. In Proceedings of the 2Nd ACM Workshop on Information Sharing and Collaborative Security (WISCS '15). ACM, New York, NY, USA, 61--70. Google ScholarDigital Library
- D. Elliott Bell and Leonard J. LaPadula. 1976. Secure Computer System: Unified Exposition and Multics Interpretation. Technical Report AD-A023 588. MITRE.Google Scholar
- Guillaume Benats, Arosha Bandara, Yijun Yu, Jean-Noël Colin, and Bashar Nuseibeh. 2011. PrimAndroid: Privacy Policy Modelling and Analysis for Android Applications. In 2011 IEEE International Symposium on Policies for Distributed Systems and Networks (Policy 2011). IEEE, 129--132. Google ScholarDigital Library
- Elisa Bertino, Piero Andrea Bonatti, and Elena Ferrari. 2001. TRBAC: A Temporal Role-based Access Control Model. ACM Trans. Inf. Syst. Secur. 4, 3 (Aug. 2001), 191--233. Google ScholarDigital Library
- Sarah Brown, Joep Gommers, and Oscar Serrano. 2015. From Cyber Security Information Sharing to Threat Management. In Proceedings of the 2Nd ACM Workshop on Information Sharing and Collaborative Security (WISCS '15). ACM, New York, NY, USA, 43--49. Google ScholarDigital Library
- Liang Chen and Jason Crampton. 2012. Risk-Aware Role-based Access Control. In Proceedings of the 7th International Conference on Security and Trust Management (STM'11). Springer-Verlag, Berlin, Heidelberg, 140--156. Google ScholarDigital Library
- David Chismon and Martyn Ruks. 2015. Threat intelligence: Collecting, analysing, evaluating. Technical Report. Basingstoke, UK.Google Scholar
- Jason Crampton, Gregory Gutin, and Rémi Watrigant. 2016. Resiliency Policies in Access Control Revisited. In Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies (SACMAT '16). ACM, New York, NY, USA, 101--111. Google ScholarDigital Library
- Luc Dandurand and Oscar Serrano. 2013. Towards improved cyber security information sharing. In 2013 5th International Conference on Cyber Conflict (CYCON 2013). IEEE, 1--16.Google Scholar
- Maryam Davari and Elisa Bertino. 2018. Reactive Access Control Systems. In Proceedings of the 23nd ACM Symposium on Access Control Models and Technologies (SACMAT '18). ACM, New York, NY, USA, 205--207. Google ScholarDigital Library
- Daniel Díaz-López, Ginés Dólera-Tormo, Félix Gómez-Mármol, and Gregorio Martínez-Pérez. 2016. Dynamic Counter-measures for Risk-based Access Control Systems. Future Gener. Comput. Syst. 55, C (Feb. 2016), 321--335. Google ScholarDigital Library
- OASIS Cyber Threat Intelligence (CTI) Technical Committee (Ed.). 2017. STIX™ Version 2.0. Part 2: STIX Objects. Committee Specification 01. Retrieved April 1, 2019 from http://docs.oasis-open.org/cti/stix/v2.0/cs01/part2-stix-objects/stix-v2.0-cs01-part2-stix-objects.htmlGoogle Scholar
- ENISA. 2018. Exploring the opportunities and limitations of current Threat Intelligence Platforms. Technical Report. Heraklion, Greece.Google Scholar
- David Ferraiolo, Ramaswamy Chandramouli, Rick Kuhn, and Vincent Hu. 2016. Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC). In Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control (ABAC '16). ACM, New York, NY, USA, 13--24. Google ScholarDigital Library
- David Ferraiolo, D. Richard Kuhn, and Ramaswamy Chandramouli. 2007. Role-Based Access Control. Artech House. 381 pages. Second Edition, ISBN 978-1-59693-113-8. Google ScholarDigital Library
- David F. Ferraiolo, Serban I. Gavrila, and Wayne Jansen. 2015. Policy Machine: Features, Architecture, and Specification. Technical Report NIST Interagency/Internal Report (NISTIR) -- 7987 Rev 1. National Institute of Standards and Technology, Palo Alto, CA 94301.Google Scholar
- Jon Friedman and Mark Bouchard. 2015. Definitive guide to cyber threat intelligence. Technical Report. Annapolis, MD, USA.Google Scholar
- Joseph A. Goguen and José Meseguer. 1982. Security Policies and Security Models. In Proc. IEEE Symposium on Security and Privacy. IEEE, 11--20.Google Scholar
- Jeff Gothelf and Josh Seiden. 2017. Sense and Respond - How Successful Organizations Listen to Customers and Create New Products Continuously. Harvard Business Press, Boston, MA, USA.Google Scholar
- Roger A. Grimes and Jesper M. Johansson. 2007. Windows Vista Security: Securing Vista Against Malicious Attacks. John Wiley & Sons, Inc., New York, NY, USA. Google ScholarDigital Library
- Mathias Gschwandtner, Lukas Demetz, Matthias Gander, and Ronald Maier. 2018. Integrating Threat Intelligence to Enhance an Organization's Information Security Management. In Proceedings of the 13th International Conference on Availability, Reliability and Security (ARES 2018). ACM, New York, NY, USA, Article 37, 8 pages. Google ScholarDigital Library
- Andy Chunliang Hsu and Indrakshi Ray. 2016. Specification and Enforcement of Location-Aware Attribute-Based Access Control for Online Social Networks. In Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control (ABAC '16). ACM, New York, NY, USA, 25--34. Google ScholarDigital Library
- International Organization for Standardization. 2016. ISO/IEC 27035:2016: Information technology -- Security techniques -- Information security incident management. ISO 27035:2016. International Organization for Standardization (ISO), Geneva, Switzerland.Google Scholar
- Jesper M. Johansson. 2008. The Long-Term Impact of User Account Control. https://technet.microsoft.com/en-us/library/2007.09.securitywatch.aspx {Online; accessed 2017-11-10}.Google Scholar
- Chris Johnson, Lee Badger, David Waltermire, Julie Snyder, and Clem Skorupka. 2016. Guide to cyber threat information sharing. NIST special publication 800-150. Technical Report. Gaithersburg, MD, USA.Google Scholar
- Panos Kampanakis. 2014. Security automation and threat information-sharing options. IEEE Security & Privacy 12, 5 (2014), 42--51.Google ScholarCross Ref
- Winfried E. Kühnhauser. 2004. Root Kits: An Operating Systems Viewpoint. SIGOPS Operating Systems Review 38, 1 (Jan. 2004), 12--23. Google ScholarDigital Library
- Robert M. Lee. 2016. Intelligence Defined and its Impact on Cyber Threat Intelligence. Retrieved March 2, 2019 from http://robertmlee.org/intelligencedefined-and-its-impact-on-cyber-threat-intelligenceGoogle Scholar
- Peter A. Loscocco and Stephen D. Smalley. 2001. Integrating Flexible Support for Security Policies into the Linux Operating System. In 2001 USENIX Annual Technical Conference, Clem Cole (Ed.). 29--42. Google ScholarDigital Library
- Rob McMillan. 2013. Definition: Threat Intelligence. Retrieved March 29, 2019 from https://www.gartner.com/doc/2487216/definition-threat-intelligenceGoogle Scholar
- Florian Menges and Günther Pernul. 2018. A comparative analysis of incident reporting formats. Computers & Security 73 (2018), 87--101.Google ScholarCross Ref
- Jelena Mirkovic and Peter Reiher. 2004. A Taxonomy of DDoS Attack and DDoS Defense Mechanisms. SIGCOMM Computer Communication Review 34, 2 (April 2004), 39--53. Google ScholarDigital Library
- Aziz Mohaisen, Omar Al-Ibrahim, Charles Kamhoua, Kevin Kwiat, and Laurent Njilla. 2017. Rethinking Information Sharing for Threat Intelligence. In Proceedings of the Fifth ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies (HotWeb '17). ACM, New York, NY, USA, Article 6, 7 pages. Google ScholarDigital Library
- Raydel Montesino and Stefan Fenz. 2011. Information Security Automation: How Far Can We Go?. In 2011 Sixth International Conference on Availability, Reliability and Security. 280--285. Google ScholarDigital Library
- Qun Ni, Elisa Bertino, and Jorge Lobo. 2010. Risk-based Access Control Systems Built on Fuzzy Inferences. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS '10). ACM, New York, NY, USA, 250--260. Google ScholarDigital Library
- Ken Peffers, Tuure Tuunanen, Marcus A Rothenberger, and Samir Chatterjee. 2007. A design science research methodology for information systems research. Journal of management information systems 24, 3 (2007), 45--77. Google ScholarDigital Library
- Paul Poputa-Clean. 2015. Automated Defense - Using Threat Intelligence to Augment Security. Technical Report. Swansea, SA3 9BB, UK.Google Scholar
- Syed Zain R. Rizvi, Philip W.L. Fong, Jason Crampton, and James Sellwood. 2015. Relationship-Based Access Control for an Open-Source Medical Records System. In Proceedings of the 20th ACM Symposium on Access Control Models and Technologies (SACMAT '15). ACM, New York, NY, USA, 113--124. Google ScholarDigital Library
- John Rushby. 1992. Noninterference, Transitivity, and Channel-Control Security Policies. Technical Report. http://www.csl.sri.com/papers/csl-92-2/Google Scholar
- Giovanni Russello, Mauro Conti, Bruno Crispo, and Earlence Fernandes. 2012. MOSES: Supporting Operation Modes on Smartphones. In Proceedings of the 17th ACM symposium on Access Control Models and Technologies (SACMAT '12). ACM, New York, NY, USA, 3--12. Google ScholarDigital Library
- Clemens Sauerwein, Christian Sillaber, Andrea Mussmann, and Ruth Breu. 2017. Threat Intelligence Sharing Platforms: An Exploratory Study of Software Vendors and Research Perspectives. In Proceedings of the 13th International Conference on Wirtschaftsinformatik (WI 2017). 837--851.Google Scholar
- Oscar Serrano, Luc Dandurand, and Sarah Brown. 2014. On the design of a cyber security data sharing system. In Proceedings of the 2014 ACM Workshop on Information Sharing & Collaborative Security (WISCS '14). ACM, New York, NY, USA, 61--69. Google ScholarDigital Library
- Daniel Servos and Sylvia L. Osborn. 2017. Current Research and Open Problems in Attribute-Based Access Control. ACM Comput. Surv. 49, 4 (Jan. 2017), 65:1--65:45. Google ScholarDigital Library
- Giuseppe Settanni, Yegor Shovgenya, Florian Skopik, Roman Graf, Markus Wurzenberger, and Roman Fiedler. 2017. Acquiring Cyber Threat Intelligence through Security Information Correlation. In 2017 3rd IEEE International Conference on Cybernetics (CYBCONF). IEEE, 1--7.Google ScholarCross Ref
- Dave Shackleford. 2015. Who's using cyberthreat intelligence and how. Technical Report. Swansea, SA3 9BB, UK.Google Scholar
- Jonathan Shahen, Jianwei Niu, and Mahesh Tripunitara. 2015. Mohawk+T: Efficient Analysis of Administrative Temporal Role-Based Access Control (ATRBAC) Policies. In Proceedings of the 20th ACM Symposium on Access Control Models and Technologies (SACMAT '15). ACM, New York, NY, USA, 15--26. Google ScholarDigital Library
- Bilal Shebaro, Oyindamola Oluwatimi, and Elisa Bertino. 2014. Context-based Access Control Systems for Mobile Devices. IEEE Transactions on Dependable and Secure Computing 12, 2 (April 2014), 150--163.Google Scholar
- Florian Skopik, Giuseppe Settanni, and Roman Fiedler. 2016. A problem shared is a problem halved: A survey on the dimensions of collective cyber defense through security information sharing. Computers & Security 60 (2016), 154--176. Google ScholarDigital Library
- Wiem Tounsi and Helmi Rais. 2018. A survey on technical threat intelligence in the age of sophisticated cyber attacks. Computers & Security 72 (2018), 212--233. Google ScholarDigital Library
- Sabrina De Capitani di Vimercati, Pierangela Samarati, and Sushil Jajodia. 2005. Policies, Models, and Languages for Access Control. In 4th International Workshop on Databases in Networkes Information Systems (DNIS 2005). LNCS, Vol. 3433/2005. Springer, 225--237. Google ScholarDigital Library
- Rossouw von Solms and Johan van Niekerk. 2013. From information security to cyber security. IEEE Security & Privacy 38 (2013), 97--102. Cybercrime in the Digital Economy. Google ScholarDigital Library
- Cynthia Wagner, Alexandre Dulaunoy, Gérard Wagener, and Andras Iklody. 2016. MISP: The Design and Implementation of a Collaborative Threat Intelligence Sharing Platform. In Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security (WISCS '16). ACM, New York, NY, USA, 49--56. Google ScholarDigital Library
- Qihua Wang and Ninghui Li. 2010. Satisfiability and Resiliency in Workflow Authorization Systems. ACM Trans. Inf. Syst. Secur. 13, 4 (Dec. 2010), 40:1--40:35. Google ScholarDigital Library
- Giorgio Zanin and Luigi Vincenzo Mancini. 2004. Towards a Formal Model for Security Policies Specification and Validation in the SELinux System. In Proc. of the 9th ACM Symposium on Access Control Models and Technologies. ACM, 136--145. Google ScholarDigital Library
- Nickolai Zeldovich, Silas Boyd-Wickizer, and David Mazières. 2008. Securing Distributed Systems with Information Flow Control. In NSDI'08: Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation. USENIX Association, Berkeley, CA, USA, 293--308. Google ScholarDigital Library
- Guangsen Zhang and Manish Parashar. 2004. Context-aware Dynamic Access Control for Pervasive Applications. In Proceedings of the Communication Networks and Distributed Systems Modeling and Simulation Conference (CNDS 2004), 2004 Western MultiConference (WMC). San Diego, CA, USA. TASSL/Papers/automate-sesame-cnds-04.pdfGoogle Scholar
- Rui Zhang, Fausto Giunchiglia, Bruno Crispo, and Lingyang Song. 2010. Relation-Based Access Control: An Access Control Model for Context-Aware Computing Environment. Wireless Personal Communications 55, 1 (2010), 5--17. Google ScholarDigital Library
- Yongsheng S. Zhang, Mingfeng F. Wu, Lei Wu, and Yuanyuan Y. Li. 2014. Attribute-Based Access Control Security Model in Service-Oriented Computing. Springer New York, New York, NY, 1473--1479.Google Scholar
- Wanying Zhao and Gregory White. 2012. A collaborative information sharing framework for community cyber security. In 2012 IEEE Conference on Technologies for Homeland Security (HST). IEEE, 457--462.Google ScholarCross Ref
Index Terms
- Automated Cyber Threat Sensing and Responding: Integrating Threat Intelligence into Security-Policy-Controlled Systems
Recommendations
Security defense against long-term and stealthy cyberattacks
Highlights- We consider a dynamic game between a defender and a user who can be infected.
- The strategic hacker can stay undetected and steal data for a long time.
- Our equilibrium captures some characteristics of recent cyberattack incidents.
AbstractModern cyberattacks such as advanced persistent threats have become sophisticated. Hackers can stay undetected for an extended time and defenders do not have sufficient countermeasures to prevent advanced cyberattacks. Reflecting on this ...
The AI-Based Cyber Threat Landscape: A Survey
Recent advancements in artificial intelligence (AI) technologies have induced tremendous growth in innovation and automation. Although these AI technologies offer significant benefits, they can be used maliciously. Highly targeted and evasive attacks in ...
A Tripwire Grammar for Insider Threat Detection
MIST '16: Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security ThreatsThe threat from insiders is an ever-growing concern for organisations, and in recent years the harm that insiders pose has been widely demonstrated. This paper describes our recent work into how we might support insider threat detection when actions are ...
Comments