Conference Paper
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

Nowadays, both the amount of cyberattacks and their sophistication have considerably increased, and their prevention concerns many organizations. Cooperation by means of information sharing is a promising strategy to address this problem, but unfortunately it poses many challenges. Indeed, looking for a win-win environment is not straightforward and organizations are not properly motivated to share information. This work presents a model to analyse the benefits and drawbacks of information sharing among organizations that present a certain level of dependency. The proposed model applies functional dependency network analysis to emulate attacks propagation and game theory for information sharing management. We present a simulation framework implementing the model that allows for testing different sharing strategies under several network and attack settings. Experiments using simulated environments show how the proposed model provides insights on which conditions and scenarios are beneficial for information sharing.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... However, central to all of them is to privately (without leaking any sensitive data) measure a relation between two members' data to offer an effective data exchange. We note that these algorithms are found to be effective in capturing input relations in datasets [21,22]. Data-dependent conditionals are implemented through private protocols (as defined in Table 2). ...
... Policy has been used in several contexts as a vehicle for representing configuration of secure groups [31], network management [40], threat mitigation [21,22], access control [16], patient-driven privacy control [8], data retrievel systems [19] and privileged-augmented detection [9]. These approaches define a schema for their target problem and mostly consider all or nothing proposition while sharing the data or establishing the partnerships. ...
Article
Full-text available
Data sharing among partners---users, organizations, companies---is crucial for the advancement of data analytics in many domains. Sharing through secure computation and differential privacy allows these partners to perform private computations on their sensitive data in controlled ways. However, in reality, there exist complex relationships among members. Politics, regulations, interest, trust, data demands and needs are one of the many reasons. Thus, there is a need for a mechanism to meet these conflicting relationships on data sharing. This paper presents Curie, an approach to exchange data among members whose membership has complex relationships. The CPL policy language that allows members to define the specifications of data exchange requirements is introduced. Members (partners) assert who and what to exchange through their local policies and negotiate a global sharing agreement. The agreement is implemented in a multi-party computation that guarantees sharing among members will comply with the policy as negotiated. The use of Curie is validated through an example of a health care application built on recently introduced secure multi-party computation and differential privacy frameworks, and policy and performance trade-offs are explored.
... (1) it may reveal vulnerabilities in the sharer's network attracting more targeted attacks [12], (2) it can compromise the privacy of the users [36], (3) it may violate existing data policy of organizations [34], (4) it potentially subjects organizations to government surveillance [11], (5) revealing vulnerabilities may damage an organization's reputation [20], and (6) competitors may acquire significant underlying intelligence from the data [12]. ...
... Yet another framework, called SKALD, [42] was developed by Webster et al., for real-time sharing. However, none of these preserve the privacy of the data making them undesirable [11,12,12,20,34,36]. CYBEX-P sets itself apart from these early works by providing a robust system architecture along with a novel privacy preservation mechanism. ...
Preprint
Full-text available
Cybersecurity information sharing (CIS) is envisioned to protect organizations more effectively from advanced cyberattacks. However, a completely automated CIS platform is not widely adopted. The major challenges are: (1) the absence of a robust cyberthreat language (CTL) and (2) the concerns over data privacy. This work introduces Cybersecurity Information Exchange with Privacy (CYBEX-P), as a CIS framework, to tackle these challenges. CYBEX-P allows organizations to share heterogeneous data with granular, attribute based privacy control. It correlates the data to automatically generate intuitive reports and defensive rules. To achieve such versatility, we have developed TAHOE-a graph based CTL. TAHOE is a structure for storing, sharing and analyzing threat data. It also intrinsically correlates the data. We have further developed a universal Threat Data Query Language (TDQL). In this paper, we propose the system architecture for CYBEX-P. We then discuss its scalability and privacy features along with a use case of CYBEX-P providing Infrastructure as a Service (IaaS). We further introduce TAHOE & TDQL as better alternatives to existing CTLs and formulate ThreatRank-an algorithm to detect new malicious events.
... The sharing of cybersecurity information has emerged as an effective strategy to improve the cybersecurity posture [78,79]. Enterprises can leverage their capabilities, practical experiences, and collective knowledge by getting additional cybersecurity information from multiple information sources and gain more comprehensive understanding about ongoing and potential threats. ...
... Studies also investigated directly security and privacy as an instance of value co-creation [169,170]. In a collaborative security approach, which is proposed in [79], information sharing could support the establishment of early prevention mechanisms. Furthermore, similar to the studies [171,172], which identified that the role of customers changes to proactive participation in value creation, in the cybersecurity information sharing ecosystem, the role of end users also changes towards proactive information sharing. ...
Article
Full-text available
Based on a comprehensive literature survey, the constructs of the cybersecurity information sharing ecosystem have been defined in detail. Using this ecosystem, the interrelationships among the stakeholders with respect to cybersecurity information sharing are analyzed, the value parameters are determined, the value functions are defined, and the values obtained by the stakeholders through simulation are calculated. Furthermore, it is investigated whether the stakeholders involved in this ecosystem can create sufficient value to sustain in the market. The outcome of this research includes an economic model for evaluating the value creation and distribution among the stakeholders. This model is a critical step forward to better align the values (i.e., utilities and profits) of stakeholders. The simulation results of the model show that end users are the main source of value generation. Cybersecurity solution providers and cybersecurity information providers get benefits from a growing installed base of end users. However, in saturated markets, there is a risk of un-sustainability of the ecosystem, as the cost of cybersecurity solutions and cybersecurity information cannot be recovered through their fees. The simulation model and the findings of this study can help business managers to make better decisions related to business strategies, sustainability, and pricing schemes for cybersecurity solution and cybersecurity information. Moreover, a working cybersecurity information sharing ecosystem is essential for the adoption of cloud computing and, especially, edge computing. It allows capturing, disseminating, and aggregating cybersecurity information from a large number of computing devices and computing providers reliably and accurately.
... Liu et al. [26], based on externally observable properties of an organization's network, aim to predict breaches without the organization's cooperation. Woods et al. [35] apply data mining to identify subsets of shared information that are semantically related, while Garrido et al. [17] introduce game-theoretic models to analyze the effects of cyber-security information sharing among organizations. Sirivianos et al. [32] propose a collaborative system that enables hosts with no email classification functionality to check whether a host is a spammer or not. ...
Article
Full-text available
Collaborative approaches to network defense are being increasingly advocated, aiming to proactively predict and speed up detection of attacks. In particular, a lot of attention has recently been given to the problem of predictive blacklisting, i.e., forecasting attack sources based on Intrusion Detection Systems (IDS) alerts contributed by different organizations. While collaboration allows the discovery of groups of correlated attacks targeting similar victims, it also raises important privacy and security challenges, thus motivating privacy-preserving approaches to the problem. Although recent work provides encouraging results on the feasibility of collaborative predictive blacklisting via limited data sharing, a number of open problems remain unaddressed, which this paper sets to address. We introduce a privacy-friendly system for predictive blacklisting featuring a semi-trusted authority that clusters organizations based on the similarity of their logs, without access to these logs. Entities in the same cluster then securely share relevant logs with each other, and build predictive blacklists. We present an extensive set of measurements as we experiment with prior work as well as with four different clustering algorithms and three privacy-preserving sharing strategies, using several million alerts collected from DShield.org over several months as our training and ground-truth datasets. Our results show that collaborating with similarly attacked organizations always significantly improves the prediction and that privacy protection does not actually limit this improvement. Finally, we discuss how different clustering and log sharing methods yield different trade-offs between precision and recall.
... In [22], Garrido-Pelaz et al. analyze the benefits and drawbacks of information sharing by proposing a model among organizations with the different level of dependency. The proposed model applies functional dependency network analysis to investigate the attacks propagation and game theory for information sharing management. ...
Article
Full-text available
Cybersecurity information sharing is a key factor of cyber threat intelligence, allowing organizations to detect and prevent malicious behaviors proactively. However, stimulating organizations to participate and deterring free-riding in such sharing is a big challenge. To this end, the sharing system should be equipped with a rewarding and participation-fees allocation mechanisms to encourage sharing behavior. The problem of cybersecurity information sharing as a non-cooperative game has been studied extensively. In contrast, in this paper, we model such a problem as a coalitional game. We investigate a rewarding and participation-fees calculation based on profit sharing in coalitional game theory. In particular, we formulate a coalitional game between organizations and analyze the well-known Shapley value and Nucleolus solution concepts in the cybersecurity information sharing system. Moreover, as the participation-fees may leak sensitive information about the organizations' cyber-infrastructure, we study the application of differential privacy in the coalitional game theory to protect the organization's fees while approximating the fairness.
... [25] analyses, from an economic point of view based on the investment, how sharing cybersecurity related information among firms has the potential to offset the tendency by firms to defer much of their cybersecurity investments until a cybersecurity breach occurs. Finally, works such as [21,24,32,59] study the interests, possibilities and implications of cybersecurity information sharing and to do so, they use, as many other works, game theory. ...
Article
Cooperative cyberdefense has been recognized as an essential strategy to fight against cyberattacks. Cybersecurity Information Sharing (CIS), especially about threats and incidents, is a key aspect in this regard. CIS provides members with an improved situational awareness to prepare for and respond to future cyberthreats. Privacy preservation is critical in this context, since organizations can be reluctant to share information otherwise. This is particularly critical when CIS is facilitated through an untrusted infrastructure provided by a third party (e.g., the cloud). Despite this, current data formats and protocols for CIS do not guarantee any form of privacy preservation to participants. In this paper we introduce PRACIS, a scheme for CIS networks that guarantees private data forwarding and aggregation. PRACIS leverages the well-known Structured Threat Information Expression (STIX) standard data format. Remarkably, PRACIS can be seamlessly integrated with existing STIX-based message brokering middleware such as publish-subscribe architectures. PRACIS achieves these goals by combining standard format-preserving and homomorphic encryption primitives. We discuss experimental results obtained with a prototype implementation developed for a subset of STIX. Results show that entities may create up to 689 incidents per minute, far beyond the estimated average of 81. Moreover, aggregation of 10⁴ incidents can be carried out in just 2.1 seconds, and the transmission overhead is just 13.5 kbps. Overall, these results suggest that the costs incurred by PRACIS are easily affordable in real-world scenarios.
... Authors of [7] have proposed a game theoretic model to determine the IT security investment levels and compare it with the outcome of a decision theoretic approach that considers various components, such as vulnerability, payoff from investment etc. Authors of [10] applied functional dependency network analysis to model the attack propagation for a set of correlated organizations and analyze the sharing behaviors. ...
Conference Paper
Full-text available
Cyber-threat landscape has become highly complex, due to which isolated attempts to understand, detect, and resolve cybersecurity issues are not feasible in making a time constrained decisions. Introduction of cyber-threat information (CTI) sharing has potential to handle this issue to some extent, where knowledge about security incidents is gathered, exchanged across organizations for deriving useful information regarding the threat actors and vulnerabilities. Although, sharing security information could allow organizations to make informed decision, it may not completely eliminate the risks. Therefore, organizations are also inclined toward considering cyber-insurance for transferring risks to the insurers. Also, in networked environment, adversaries may exploit the information sharing to successfully breach the participating organizations. In this paper, we consider these players, i.e. organizations, adversary, and insure, to model a three layer game, where players play sequentially to find out their optimal strategies. Organizations determine their optimal self-defense investment to make while participating in CTI sharing and cyber-insurance. The adversary looks for an optimal attack rate while the insurer targets to maximize its profit by offering suitable coverage level to the organizations. Using backward induction approach, we conduct subgame perfect equilibrium analysis to find optimal strategies for the involved players. We observe that when cyber-insurance is not considered, attacker prefers to increase its rate of attack. This motivates the organizations to consider cyber-insurance option for transferring the risks on their critical assets.
... The research presented in [9] has proposed an evolutionary game-theoretic framework for cyber-threat information sharing where CYBEX dynamically controls the participation cost so as to enhance participation in the sharing framework. Garrido-Pelaz et al. [10] presented a cybersecurity information sharing model for a set of correlated organizations, where functional dependency network analysis is opted for propagating attack information and a game model is used to decide whether to share information or not. Privacy issues in CYBEX have been studied in [11], [12]. ...
... Information about vulnerabilities can contain sensitive attributes like client or organizational data. Therefore, CTI has to be anonymized to avoid reputation deterioration which is a drawback in information sharing [7]. Even internally shared information should not reveal any PII to employees who do not possess adequate permission. ...
... Security co-creation is an important research topic [6]- [10]. In this paper, we investigate security and privacy co-creation as an instance of value co-creation. ...
... between two members' data to offer an effective data exchange. We note that these algorithms are found to be effective in capturing input relations in datasets [18,19]. Data-dependent conditionals are implemented through private protocols (as defined in Table 2). ...
Conference Paper
Full-text available
Data sharing among partners---users, companies, organizations---is crucial for the advancement of collaborative machine learning in many domains such as healthcare, finance, and security. Sharing through secure computation and other means allow these partners to perform privacy-preserving computations on their private data in controlled ways. However, in reality, there exist complex relationships among members (partners). Politics, regulations, interest, trust, data demands and needs prevent members from sharing their complete data. Thus, there is a need for a mechanism to meet these conflicting relationships on data sharing. This paper presents, an approach to exchange data among members who have complex relationships. A novel policy language, CPL, that allows members to define the specifications of data exchange requirements is introduced. With CPL, members can easily assert who and what to exchange through their local policies and negotiate a global sharing agreement. The agreement is implemented in a distributed privacy-preserving model that guarantees sharing among members will comply with the policy as negotiated. The use of Curie is validated through an example healthcare application built on recently introduced secure multi-party computation and differential privacy frameworks, and policy and performance trade-offs are explored.
... Several matrices were developed to anonymize the content of information such as k -Anonymity ( Sweeney, 2002 ), l -Diversity ( Machanavajjhala et al., 2007 ), t -Closeness ( Li et al., 2007 ), -Differential privacy ( Dwork, 2008 ), and Pseudonymization ( Biskup and Flegel, 2001;Neubauer and Heurix, 2011;Riedl et al., 2007 ). Stakeholders are still reluctant to share information about breaches because of fear that it could damage their reputation which is an important asset to protect ( Garrido-Pelaz et al., 2016 ). Another aspect of anonymity is the encryption of CTI when shared between stakeholders. ...
Article
Cyber Threat Intelligence (CTI) sharing has become a novel weapon in the arsenal of cyber defenders to proactively mitigate increasing cyber attacks. Automating the process of CTI sharing, and even the basic consumption, has raised new challenges for researchers and practitioners. This extensive literature survey explores the current state-of-the-art and approaches different problem areas of interest pertaining to the larger field of sharing cyber threat intelligence. The motivation for this research stems from the recent emergence of sharing cyber threat intelligence and the involved challenges of automating its processes. This work comprises a considerable amount of articles from academic and gray literature, and focuses on technical and non-technical challenges. Moreover, the findings reveal which topics were widely discussed, and hence considered relevant by the authors and cyber threat intelligence sharing communities.
... Accordingly, they claim that for a successful collaborative approach, security managers need to adopt collaborative leadership skills and approaches. More recently, Garrido-Pelaz et al. (2016) propose a collaborative security approach through the perspective of information sharing which can help to develop early prevention mechanisms. Therefore, they exploit a model for sharing cybersecurity information between dependent organizations that are impacted by different cyber-attacks. ...
Preprint
Full-text available
In this chapter, value cocreation (VCC) is investigated as a specialization of value creation and represents the close collaboration between two or more parties to generate value following an ordered set of value cogeneration processes inspired by Knowledge-Intensive Business Services (KIBS). Although a plethora of research exists aiming at depicting the fundamentals of VCC, few contributions exist in the area of modeling language for supporting VCC design and deployment. Nevertheless, a common model is needed to facilitate communication among the many different actors. Such a model and modeling language are necessary to describe and to visualize of different components of the information system, as well as their underlying relationships and dependencies. As a result, the goal for such a modeling language is to support the process of decision making and to allow understanding and analyzing the impacts associated to a change of the system architecture on the whole information system. We propose such a VCC modeling language as an extension of ArchiMate, a standardized enterprise architecture modeling language. ArchiMate is an open, independent and non-sector specific language maintained by The Open Group. It supports the description, analysis and visualization of architecture sin an unambiguous way, by structuring the enterprise elements on different layers. These layers cover the business concepts (like the collaboration, the process,…) down to the very technical one (like the network, the servers,…). In particular, ArchiMate proposes two extension mechanisms that allow extending the model and the language to various field of interest like IS governance or risk analysis. In that context, ArchiMate appears to be appropriate as a language to express the value creation, and by the way, the value cocreation. To illustrate the designed language extension, a case study related to the development of value cocreation in a Smart Airport is proposed. The airport systems support the complete operations of the airport, including in particular arrival and departure control system (such as assignment of planes to gates), on-site check-in, baggage handling, and security control. In parallel, the airline management systems supports the activities of the airline companies in offering transport services to its customers and in particular supports ticketing, online check-in and passenger management. Both airport and airline systems are essential for supporting the execution of the air transport. These systems continuously provide data to facilitate proactive decision-making based on the real context. In parallel, the operation module uses anonymous passenger data to trace passenger flow.
... Accordingly, they claim that for a successful collaborative approach, security managers need to adopt collaborative leadership skills and approaches. More recently, Garrido-Pelaz et al. (2016) propose a collaborative security approach through the perspective of information sharing which can help to develop early prevention mechanisms. Therefore, they exploit a model for sharing cybersecurity information between dependent organizations that are impacted by different cyber-attacks. ...
Article
Full-text available
Traditionally, the relationship between the company and its providers have for objective to generate value at the company side in exchange of money. This relationship is largely investigated through the vector of value chain. In this article, security and privacy cocreation (SPCC) is investigated as a specialization of value cocreation. Although it is an important research topic, and despite a plethora of research aiming at depicting the fundamental of SPCC, few contributions have been appeared until now in the area of a language to support SPCC design and deployment. However, such a language is necessary to describe elements of the information system, as well as their underlying dependencies. As a result, this article proposes extending an existing enterprise architecture language to support the process of decision-making and to allow understanding and analysis of the impacts associated to a change of the system architecture as a whole.
... Authors in [19] present an information-sharing model, information sharing is first proposed by [20], and later by [21]- [23]. The main challenge with cybersecurity information sharing is that none of the organizations share attack information with others due to reputational damage. ...
Conference Paper
Full-text available
Threats of cyber attacks are very real today and greatly impact everything including the public health sector, economics, electric grids, internet of things (IoT), and national security. The number of new evolving threats and reported vulnerabilities has severely increased in the last few years [1]. Perpetually refined cyber-attacks have set data, organizational assets, organizations, and individuals at considerable risk. Protecting sophisticated networks and interdependent systems, or reducing the impact of cyber-attacks has become a major challenge , where today's effective countermeasures can be completely ineffective tomorrow. The various risk assessment frameworks and methodologies are either high-level, missing risk metrics values, not suitable for all kinds of networks, or publicly not available. To address this issue, we present a quantitative risk assessment model, that helps to model the organizational security posture, evaluates the security controls in place, and provides an understanding of the associated risks. We further provide a detailed explanation of the formulations and evaluate the proposed model on an industrial scenario.
... Increased voluntary information sharing is widely viewed as desirable [14][15][16], but there is less consensus about what prevents it from happening. Barriers identified in the literature include free-riding [14,17], lack of standards [18], reputation damage [19], and social norms [13]. Rather than trying to explain why a phenomena does not happen, we identify determinants of when it does by conducting a case-study of one of the longest standing cybersecurity information sharing institutions. ...
Conference Paper
Full-text available
Information sharing is widely held to improve cybersecurity outcomes whether its driven by market forces or by cooperation among firms and individuals. Formal institutions may be established to facilitate cooperative information sharing. This paper presents a case-study of such an institution, the CERT Coordination Center (CERT/CC), and provides quantitative insights based on the meta data of 434K emails passing through CERT/CC since 1993. Our longitudinal results show how the volume and proportion of emails about different products and vendors has varied over time. We also analyse the distributions of information sharing volume, participation, and duration across 46K vulnerabilities. Finally, we run regressions to understand how the volume of information sharing and decision to coordinate vary based on properties of the vulnerability and the affected vendors. We discuss what has changed, the appropriateness of a competitive or cooperative framing, and limitations.
Article
Full-text available
In this survey, we review the cybersecurity information-sharing literature, categorizing the identified papers based on their main focus and methodological approaches implemented to the cybersecurity information-sharing problem. We constitute our research framework on the major considerations of firms, governments, citizens, and adversaries. This includes actors involved, types of information to be shared, current legal baseline, information-sharing organizations/policies/architectures, benefits of sharing, and concerns/costs/barriers of sharing. We observe that both qualitative and quantitative approaches are implemented in the literature. In general, quantitative approaches have been dedicated to discuss the challenges and barriers of public/private collaboration in information sharing, such as privacy and liability, and to propose secure and effective sharing mechanisms. On the other hand, quantitative approaches have been more interested in developing models that balance cybersecurity investment and information sharing as well as provide effective incentive mechanisms. This review summarizes the academic efforts in cybersecurity information sharing by analyzing 82 identified papers with their methodological approaches. The papers using game-theoretical models are dominant in the literature as we spend more time summarizing those efforts. We conclude the review by providing potential research gaps and future research directions.
Thesis
Full-text available
The first idea for this research started to evolve during on the cyber security exercise course at JAMK University of Applied Sciences in spring 2017, when it was noticed that the existing exercise tools were not good enough for keeping up the situation awareness of the exercise a decent level regardless of the team where one is a participant. It was difficult follow what was going on in each team. The research focused on two different themes: to understand how current tools in the realistic global cyber environment RGCE were used by defender teams for situation awareness during cyber security exercise. The second research theme focused on how defender teams collected, analyzed and shared cyber threat intelligence during the cyber security exercise. The research was conducted as empirical study containing both qualitative and quantitative approaches. Cyber security exercise course was used as a case study and two different surveys were sent to the members of the defender teams in the cyber security exercise. As a result, it was found out what the most used tools for the situation awareness were during a cyber security exercise. It was possible to identify which were the most important situation awareness tools and methods at individual level and at the team level as well. It was not possible to identify if the controlled sharing of cyber security threat intelligence in cyber exercise improve the situation awareness, as the defender teams failed to collect relevant cyber security threat intelligence. There is a need for further research how defender teams handle the cyber threat intelligence in cyber exercises to understand what issues needs to be considered when planning cyber exercises.
Conference Paper
The literature on cyber security information sharing enumerates an extensive list of potential benefits for organisations in both the public and private sectors. However, despite the potential benefits, successful cyber security information sharing has been difficult to achieve. We report upon a study that sought to measure the extent to which the benefits and barriers suggested by the cyber security information sharing literature are reflected in the attitudes of practising security managers and analysts. A self-administered online survey was used. The survey consisted of: several questions about the participants' experience with cyber security information sharing; and two sets of Likert-type scale items to measure the respondents' attitudes regarding the benefits and barriers identified in the literature. Our findings aim to highlight the gap between the theory and practice of information sharing and provide input for future research into design principles for information sharing systems and ways to mitigate threat information sharing challenges.
Article
Blocklists constitute a widely-used Internet security mechanism to filter undesired network traffic based on IP/domain reputation and behavior. Many blocklists are distributed in open source form by threat intelligence providers who aggregate and process input from their own sensors, but also from third-party feeds or providers. Despite their wide adoption, many open-source blocklist providers lack clear documentation about their structure, curation process, contents, dynamics, and inter-relationships with other providers. In this paper, we perform a transparency and content analysis of 2,093 free and open source blocklists with the aim of exploring those questions. To that end, we perform a longitudinal 6-month crawling campaign yielding more than 13.5M unique records. This allows us to shed light on their nature, dynamics, inter-provider relationships, and transparency. Specifically, we discuss how the lack of consensus on distribution formats, blocklist labeling taxonomy, content focus, and temporal dynamics creates a complex ecosystem that complicates their combined crawling, aggregation and use. We also provide observations regarding their generally low overlap as well as acute differences in terms of liveness (i.e., how frequently records get indexed and removed from the list) and the lack of documentation about their data collection processes, nature and intended purpose. We conclude the paper with recommendations in terms of transparency, accountability, and standardization.
Chapter
Effective cyber defense requires stakeholders to collaborate with each other and share cyber threat intelligence. Sharing such intelligence can improve the community’s cybersecurity posture, preventing others from being hacked or compromised. However, intelligence sharing is still relatively uncommon due in part to the associated costs as well as other legitimate concerns. In this paper, we ask how a central authority could employ monetary incentives to promote intelligence sharing among competitive firms. We propose a novel game-theoretic model of intelligence sharing and derive the minimal incentive payments which ensure that firms profitably share with their competitors. We investigate the value of being able to differentiate incentives among firms (i.e., paying a different amount to each firm), and show formally that the ability to differentiate is the most valuable when the network among firms is highly heterogeneous. Finally, we show that our results are sharp in an important sense: if the authority offers less than the minimal incentive to every firm, this can render no-sharing as the unique Nash equilibrium.
Chapter
The international community is too often focused on responding to the latest cyber-attack instead of addressing the reality of pervasive and persistent cyber conflict. From ransomware against the city government of Baltimore to state-sponsored campaigns targeting electrical grids in Ukraine and the U.S., we seem to have relatively little bandwidth left over to ask what we can hope for in terms of 'peace' on the Internet, and how to get there. It's also important to identify the long-term implications for such pervasive cyber insecurity across the public and private sectors, and how they can be curtailed. This edited volume analyzes the history and evolution of cyber peace and reviews recent international efforts aimed at promoting it, providing recommendations for students, practitioners and policymakers seeking an understanding of the complexity of international law and international relations involved in cyber peace. This title is also available as Open Access on Cambridge Core.
Conference Paper
Full-text available
The initiative to protect against future cyber crimes requires a collaborative effort from all types of agencies spanning industry, academia, federal institutions, and military agencies. Therefore, a Cybersecurity Information Exchange (CYBEX) framework is required to facilitate breach/patch related information sharing among the participants (firms) to combat cyber attacks. In this paper, we formulate a non-cooperative cybersecurity information sharing game that can guide: (i) the firms (players) 1 to independently decide whether to " participate in CYBEX and share " or not; (ii) the CYBEX framework to utilize the participation cost dynamically as incentive (to attract firms toward self-enforced sharing) and as a charge (to increase revenue). We analyze the game from an evolutionary game-theoretic strategy and determine the conditions under which the players' self-enforced evolutionary stability can be achieved. We present a distributed learning heuristic to attain the evolutionary stable strategy (ESS) under various conditions. We also show how CYBEX can wisely vary its pricing for participation to increase sharing as well as its own revenue, eventually evolving toward a win-win situation.
Conference Paper
Full-text available
The sharing of cyber security information between organizations, both public and private, and across sectors and borders is required to increase situational awareness, reduce vulnerabilities, manage risk and enhance cyber resilience. However, the notion of information sharing often is a broad and multi-faceted concept. This chapter describes an analytic framework for sharing cyber security information. A decomposition of the information sharing needs with regard to information exchange elements is mapped to a grid whose vertical dimension spans the strategic/policy, tactical and operational/technical levels and whose horizontal dimension spans the incident response cycle. The framework facilitates organizational and legal discussions about the types of cyber security information that can be shared with other entities along with the terms and conditions of information sharing. Moreover, the framework helps identify important aspects that are missing in existing information exchange standards.
Article
Full-text available
Finding reliable partners to interact with in open environments is a challenging task for software agents, and trust and reputation mechanisms are used to handle this issue. From this viewpoint, we can observe the growing body of research on this subject, which indicates that these mechanisms can be considered key elements to design multiagent systems (MASs). Based on that, this article presents an extensive but not exhaustive review about the most significant trust and reputation models published over the past two decades, and hundreds of models were analyzed using two perspectives. The first one is a combination of trust dimensions and principles proposed by some relevant authors in the field, and the models are discussed using an MAS perspective. The second one is the discussion of these dimensions taking into account some types of interaction found in MASs, such as coalition, argumentation, negotiation, and recommendation. By these analyses, we aim to find significant relations between trust dimensions and types of interaction so it would be possible to construct MASs using the most relevant dimensions according to the types of interaction, which may help developers in the design of MASs.
Article
Full-text available
Security is oftentimes centrally managed. An alternative trend of using collaboration in order to improve security has gained momentum over the past few years. Collaborative security is an abstract concept that applies to a wide variety of systems and has been used to solve security issues inherent in distributed environments. Thus far, collaboration has been used in many domains such as intrusion detection, spam filtering, botnet resistance, and vulnerability detection. In this survey, we focus on different mechanisms of collaboration and defense in collaborative security. We systematically investigate numerous use cases of collaborative security by covering six types of security systems. Aspects of these systems are thoroughly studied, including their technologies, standards, frameworks, strengths and weaknesses. We then present a comprehensive study with respect to their analysis target, timeliness of analysis, architecture, network infrastructure, initiative, shared information and interoperability. We highlight five important topics in collaborative security, and identify challenges and possible directions for future research. Our work contributes the following to the existing research on collaborative security with the goal of helping to make collaborative security systems more resilient and efficient. This study (1) clarifies the scope of collaborative security, (2) identifies the essential components of collaborative security, (3) analyzes the multiple mechanisms of collaborative security, and (4) identifies challenges in the design of collaborative security.
Book
Full-text available
The failure of a national critical infrastructure may seriously impact the health and well-being of citizens, the economy, the environment, and the functioning of the government. Moreover, critical infrastructures increasingly depend on information and communication technologies (ICT) or, in short, cyber. Cyber security and resilience are therefore seen as increasingly important governance topics and major challenges for today’s societies, as the threat landscape is continuously changing. Sharing cyber security related information between organisations – in a critical sector, cross-sector, nationally and internationally – is widely perceived as an effective measure in support of managing the cyber security challenges of organisations. Information sharing, however, is not an easy topic. It comes with many facets. For example, information sharing spans strategic, tactical, operational and technical levels; spans all phases of the cyber incident response cycle (proactive, pre-emption, prevention, preparation, incident response, recovery, aftercare/ follow up); is highly dynamic; crosses the boundary of public and private domains; and concerns sensitive information which can be potentially harmful for one organisation on the one hand, while being very useful to others. This Good Practice on information sharing discusses many of these facets. Its aim is to assist you as public and private policy-makers, middle management, researchers, and cyber security practitioners, and to steer you away from pitfalls. Reflect on the earlier lessons identified to find your own effective and efficient arrangements for information sharing which fit your specific situation.
Article
Full-text available
The analysis of risks associated with communications, and information security for a system-of-systems is a challenging endeavor. This difficulty is due to the complex interdependencies that exist in the communication and operational dimensions of the system-of-systems network, where disruptions on nodes and links can give rise to cascading failure modes. In this paper, we propose the modification of a functional dependency analysis tool, as a means of analyzing system-of-system operational and communication architectures. The goal of this research is to quantify the impact of attacks on communications, and information flows on the operability of the component systems, and to evaluate and compare different architectures with respect to their reliability and robustness under attack. Based on the topology of the network, and on the properties of the dependencies, our method quantifies the operability of each system as a function of the availability and correctness of the required input, and of the operability of the other systems in the network. The model accounts for partial capabilities and partial degradation. Robustness of the system-of-systems is evaluated in terms of its capability to maintain an adequate level of operability following a disruption in communications. Hence, different architectures can be compared based on their sensitivity to attacks, and the method can be used to guide decision both in architecting the system-of-systems and in planning updates and modifications, accounting for the impact of interdependencies on the robustness of the system-of-systems. Synthetic examples show conceptual application of the method.
Conference Paper
Full-text available
Although sharing data across organizational boundaries has often been advocated as a promising way to enhance security, collaborative initiatives are rarely put into practice owing to confidentiality, trust, and liability challenges. In this paper, we investigate whether collaborative threat mitigation can be realized via a controlled data sharing approach, whereby organizations make informed decisions as to whether or not, and how much, to share. Using appropriate cryptographic tools, entities can estimate the benefits of collaborating and agree on what to share in a privacy-preserving way, without having to disclose their entire datasets. We focus on collaborative predictive blacklisting, i.e., forecasting attack sources also based on logs contributed by other organizations and study the impact of different sharing strategies by experimenting on a real-world dataset of two billion suspicious IP addresses collected from Dshield over two months. We find that controlled data sharing yields up to an average 105% accuracy improvement, while also reducing the false positive rate.
Article
Full-text available
Critical considerations in engineering enterprise systems are identifying, representing, and measuring dependencies between suppliers of technologies and providers of services to consumers and users. The importance of this problem is many-fold. Primary is enabling the study of ripple effects of failure in one capability on other dependent capabilities across the enterprise. Providing mechanisms to anticipate these effects early in design enables engineers to minimize dependency risks that, if realized, can have cascading negative effects on the ability of an enterprise to deliver services to users. The approach to this problem is built upon concepts from graph theory. Graph theory enables (1) a visual representation of complex interrelationships between entities and (2) the design of analytical formalisms that trace the effects of dependencies between entities as they affect many parts and paths in a graph. In this context, an engineering system is represented as a directed graph whose entities are nodes that depict direction, strength, and criticality of supplier-provider relationships. Algorithms are designed to measure capability operability (or inoperability) due to degraded performance (or failure) in supplier and program nodes within capability portfolios that characterize the system. Capturing and analyzing dependencies is not new in systems engineering. New is tackling this problem (1) in an enterprise systems engineering context where multidirectional dependencies can exist at many levels in a system's capability portfolio and (2) by creating a flexible analysis and measurement approach applicable to any system's capability portfolio, whose supplier-provider relationships can be represented by graph theoretic formalisms. The methodology is named Functional Dependency Network Analysis (FDNA). Its formulation is motivated, in part, by concepts from Leontief systems, the Inoperability Input-Output Model (IIM), Failure Modes and Effects Analysis (FMEA), and Design Structured Matrices (DSM). FDNA is a new analytic approach. One that enables management to study and anticipate the ripple effects of losses in supplier-program contributions on a system's dependent capabilities before risks that threaten these suppliers are realized. An FDNA analysis identifies whether the level of operability loss, if such risks occur, is tolerable. This enables management to better target risk resolution resources to those supplier programs that face high risk and are most critical to a system's operational capabilities. KEY WORDS: Risk, capability risk, capability portfolio, dependencies, operability, inoperability, engineering systems, Leontief matrix, design structured matrix (DSM), failure mode and effects analysis (FMEA), inoperability input-output model (IIM), functional dependency network analysis (FDNA).
Article
Full-text available
The cybersecurity information exchange framework, known as CYBEX, is currently undergoing its first iteration of standardization efforts within ITU-T. The framework describes how cybersecurity information is exchanged between cybersecurity entities on a global scale and how the exchange is assured. The worldwide implementation of the framework will eventually minimize the disparate availability of cybersecurity information. This paper provides a specification overview, use cases, and the current status of CYBEX.
Chapter
Analytical game theory assumes that players choose strategies which maximize the utility of game outcomes, based on their beliefs about what others players will do, given the economic structure of the game and history; in equilibrium, these beliefs are correct. Analytical game theory is enormously powerful, but it has two shortcomings as a complete model of behaviour by people (and other possible players, including non-human animals and organizations).
Article
FABR´ICIOFABR´FABR´ICIO ENEMBRECK, PPGIa: Graduate Program on Informatics – Pontifical Catholic University of ParanáParan´Paraná – PUCPR Finding reliable partners to interact with in open environments is a challenging task for software agents, and trust and reputation mechanisms are used to handle this issue. From this viewpoint, we can observe the growing body of research on this subject, which indicates that these mechanisms can be considered key elements to design multiagent systems (MASs). Based on that, this article presents an extensive but not exhaustive review about the most significant trust and reputation models published over the past two decades, and hundreds of models were analyzed using two perspectives. The first one is a combination of trust dimensions and principles proposed by some relevant authors in the field, and the models are discussed using an MAS perspective. The second one is the discussion of these dimensions taking into account some types of interaction found in MASs, such as coalition, argumentation, negotiation, and recommendation. By these analyses, we aim to find significant relations between trust dimensions and types of interaction so it would be possible to construct MASs using the most relevant dimensions according to the types of interaction, which may help developers in the design of MASs.
Conference Paper
We investigate the incentives behind investments by competing companies in discovery of their security vulnerabilities and sharing of their findings. Specifically, we consider a game between competing firms that utilise a common platform in their systems. The game consists of two stages: firms must decide how much to invest in researching vulnerabilities, and thereafter, how much of their findings to share with their competitors. We fully characterise the Perfect Bayesian Equilibria (PBE) of this game, and translate them into realistic insights about firms’ strategies. Further, we develop a monetary-free sharing mechanism that encourages both investment and sharing, a missing feature when sharing is arbitrary or opportunistic. This is achieved via a light-handed mediator: it receives a set of discovered bugs from each firm and moderate the sharing in a way that eliminates firms’ concerns on losing competitive advantages. This research provides an understanding of the origins of inefficiency and paves the path towards more efficient sharing of cyber-intelligence among competing entities.
Conference Paper
New regulations mandating firms to share information on security breaches and security practices with authorities are high on the policy agenda around the globe. These initiatives are based on the hope that authorities can effectively advise and warn other firms, thereby strengthening overall defense and response to cyberthreats in an economy. If this mechanism works (as assumed in this paper with varying effectiveness), it has consequences on security investments of rational firms. We devise an economic model that distinguishes between investments in detective and preventive controls, and analyze its Nash equilibria. The model suggests that firms subject to mandatory security information sharing 1) over-invest in security breach detection as well as under-invest in breach prevention, and 2), depending on the enforcement practices, may shift investment priorities from detective to preventive controls. We also identify conditions where the regulation increases welfare.
Article
Among authors, researchers and governmental agencies, information sharing and collaboration have been recognised as a critical part for improving crisis response effectiveness and efficiency, since no single organisation has all the necessary resources, possesses all the relevant information or owns expertise to cope with all types of extreme events. This work presents a review study on general issues and barriers to information sharing and collaboration during CI crisis response. Emerging concepts and capabilities that are promising for making an improvement in the field, such as NEO, SOA and SOA-based NEO, are also presented and discussed. Possible contribution to CI protection and resilience (CIP/R) is discussed concerning the importance of matching organisational structure characteristics, technological capabilities and sociological influence. The needs and opportunities for future research are also highlighted, emphasising the need for a comprehensive framework of analysis and deployment.
Conference Paper
Central to any collaboration problem are the twin issues of firstly understanding what information needs to be communicated and secondly what are the methods or information conduits through which the information needs to pass. For example, what information is key to the capabilities of an insurgent network, which has the information and how is it communicated to the others within and without the network. The same analysis can be applied to the FEMA and other emergency response networks established in the aftermath of events such as Hurricane Katrina and 9/11 where there was a need to understand what information was available, how it could be communicated and what the effect of proposed changes would be across the networks. This paper describes a dependency based network model which allows the explicit modeling of information/knowledge content, the conduits through which information passes, and the impact on the inter-dependent network of people, organizations, locations, resources and concepts if the content or the conduits are modified. The dependency model handles both quantitative and qualitative node outputs enabling it to identify the key dependent nodes and information content within the network. This analysis allows the development of Plan Models which capture the changes required in the network to bring about desired effects. Plan Models identify the mechanisms and/or resources that should be used to bring about the desired effects either directly by affecting a node outputs or indirectly by affecting the outputs of the nodes they are dependent upon. An example taken from a counter insurgency scenario is used to illustrate the benefits of the approach and range and scope of its applicability.
Article
The modeling and analysis of critical infrastructures and their interdependencies are essential to discovering hidden vulnerabilities and the related threats to national and international security. Over the past few years, several approaches have been proposed to address this problem. The so-called holistic approaches are relatively abstract, but are easily validated using real economic data. Other approaches based on agent-based models provide deeper views of the interdependencies existing between subsystems of different infrastructures. However, agent-based models are often difficult to validate because quantitative data of the appropriate granularity may not be available. This paper presents an agent-based input–output inoperability model designed to overcome the limitations of the holistic and agent-based paradigms. In order to provide a detailed and expressive framework, the exchange of resources between infrastructures is explicitly modeled while inoperability becomes an internal parameter. Nevertheless, the model is easily transformed into a fine-grained, input–output inoperability model whose coefficients can be obtained based on real data.
Article
Coupled biological and chemical systems, neural networks, social interacting species, the Internet and the World Wide Web, are only a few examples of systems composed by a large number of highly interconnected dynamical units. The first approach to capture the global properties of such systems is to model them as graphs whose nodes represent the dynamical units, and whose links stand for the interactions between them. On the one hand, scientists have to cope with structural issues, such as characterizing the topology of a complex wiring architecture, revealing the unifying principles that are at the basis of real networks, and developing models to mimic the growth of a network and reproduce its structural properties. On the other hand, many relevant questions arise when studying complex networks’ dynamics, such as learning how a large ensemble of dynamical systems that interact through a complex wiring topology can behave collectively. We review the major concepts and results recently achieved in the study of the structure and dynamics of complex networks, and summarize the relevant applications of these ideas in many different disciplines, ranging from nonlinear science to biology, from statistical mechanics to medicine and engineering.
Article
People deviate from the predictions of game theory in two systematic ways. They are not purely self-interested (they care about fairness and try to cooperate with others), and they do not always consider what other players will do before making choices. However, with experience, these deviations sometimes disappear. People learn when they can afford to be unfair and what others will do; their behavior often converges to a game-theoretic equilibrium. A behavioral game theory that explains the initial deviations (and their disappearance) could be useful, especially if the learning process is modeled carefully and better data are gathered.
Article
Corruption in the public sector erodes tax compliance and leads to higher tax evasion. Moreover, corrupt public officials abuse their public power to extort bribes from the private agents. In both types of interaction with the public sector, the private agents are bound to face uncertainty with respect to their disposable incomes. To analyse effects of this uncertainty, a stochastic dynamic growth model with the public sector is examined. It is shown that deterministic excessive red tape and corruption deteriorate the growth potential through income redistribution and public sector inefficiencies. Most importantly, it is demonstrated that the increase in corruption via higher uncertainty exerts adverse effects on capital accumulation, thus leading to lower growth rates.
Article
At any given time, the stability of a community depends on the right balance of trust and distrust. Furthermore, we face information overload, increased uncertainty and risk taking as a prominent feature of modern living. As members of society, we cope with these complexities and uncertainties by relying trust, which is the basis of all social interactions. Although a small number of trust models have been proposed for the virtual medium, we find that they are largely impractical and artificial. In this paper we provide and discuss a trust model that is grounded in real-world social trust characteristics, and based on a reputation mechanism, or word-of-mouth. Our proposed model allows agents to decide which other agents' opinions they trust more and allows agents to progressively tune their understanding of another agent's subjective recommendations.
National and homeland security presidential directives 2008. NSPD-54/HSPD-23. U. S. A. White-House. National and homeland security presidential directives
  • U S A White-House
U. S. A. White-House. National and homeland security presidential directives, 2008. NSPD-54/HSPD-23.
2016 cost of data breach study: global analysis
  • P Institue
Mandatory security information sharing with authorities: Implications on investments in internal controls
  • S Laube
  • R Böhme
Collaborative security: A survey and taxonomy
  • G Meng
  • Y Liu
  • J Zhang
  • A Pokluda
  • R Boutaba
deloitte-nascio cybersecurity study. state governments at risk: time to move forward
  • S Subramanian
  • D E Robinson
S. Subramanian and D. e. a. Robinson. 2014 deloitte-nascio cybersecurity study. state governments at risk: time to move forward. Technical report, Deloitte, NASCIO, 2014.
Asymmetric payoff mechanism and information effects in water sharing interactions: A game theoretic model of collective
  • Y Wang
  • C Ng
Y. WANG and C. Ng. Asymmetric payoff mechanism and information effects in water sharing interactions: A game theoretic model of collective. In International Komosozu Society, Mt. Fuji, Japan, 2013, page 68. IASC, 2013.
Directive of the european parliament and of the council concerning measures for a high common level of security of network and information systems across the union
  • E U European Parliament
E. U. European Parliament. Directive of the european parliament and of the council concerning measures for a high common level of security of network and information systems across the union, 2016. PE 26 2016 INIT -2013/027 (OLP).
Annual incident reports
  • C Karsberg
  • C Skouloudi
C. Karsberg and C. Skouloudi. Annual incident reports 2014. Technical report, ENISA, 2015.
dictionary of game theory terms
  • M Shor
GNU Octave version 4.0.0 manual: a high-level interactive language for numerical computations
  • J W Eaton
  • D Bateman
  • S Hauberg
  • R Wehbring
J. W. Eaton, D. Bateman, S. Hauberg, and R. Wehbring. GNU Octave version 4.0.0 manual: a high-level interactive language for numerical computations. 2015.
cost of data breach study: global analysis
  • P Institue
P. Institue. 2016 cost of data breach study: global analysis. Technical report, Ponemon Institute, 2016.
Sharing cyber security information. (March) 2015. A. K. Eric Luiijf. Sharing cyber security information
  • A K Eric Luiijf
(OLP). E. U. European Parliament. Directive of the european parliament and of the council concerning measures for a high common level of security of network and information systems across the union
  • E U European Parliament