HL Hu,D Chen,CQ Huang

DOI: https://doi.org/10.1007/11428862_31

2005-01-01

Abstract:The open and anonymous of grid make the task of controlling access to sharing information more difficult, which cannot be addressed by traditional access control methods. In this paper, we identify access control requirements in such environments and propose a trust based access control framework for grid resource sharing. The framework is an integrated solution involving aspects of trust and recommendation models, based the discretionary access control (DAC), and are applied to grid resource-sharing systems. In this paper, we integrate technology of web services into idea of trust for describing resources.

David W. Chadwick,Wenjun Fan,Gianpiero Costantino,Rogerio de Lemos,Francesco Di Cerbo,Ian Herwono,Mirko Manea,Paolo Mori,Ali Sajjad,Xiao-Si Wang

DOI: https://doi.org/10.1016/j.future.2019.06.026

IF: 7.307

2020-01-01

Future Generation Computer Systems

Abstract:Cyber-attacks affect every aspect of our lives. These attacks have serious consequences, not only for cyber-security, but also for safety, as the cyber and physical worlds are increasingly linked. Providing effective cyber-security requires cooperation and collaboration among all the entities involved. Increasing the amount of cyber threat information (CTI) available for analysis allows better prediction, prevention and mitigation of cyber-attacks. However, organizations are deterred from sharing their CTI over concerns that sensitive and confidential information may be revealed to others. We address this concern by providing a flexible framework that allows the confidential sharing of CTI for analysis between collaborators. We propose a five-level trust model for a cloud-edge based data sharing infrastructure. The data owner can choose an appropriate trust level and CTI data sanitization approach, ranging from plain text, through anonymization/pseudonymization to homomorphic encryption, in order to manipulate the CTI data prior to sharing it for analysis. Furthermore, this sanitization can be performed by either an edge device or by the cloud service provider, depending upon the level of trust the organization has in the latter. We describe our trust model, our cloud-edge infrastructure, and its deployment model, which are designed to satisfy the broadest range of requirements for confidential CTI data sharing. Finally we briefly describe our implementation and the testing that has been carried out so far by four pilot projects that are validating our infrastructure.

Dichao Peng,Wei Chen,Qunsheng Peng

DOI: https://doi.org/10.1002/sec.521

IF: 1.968

2012-01-01

Security and Communication Networks

Abstract:ABSTRACTThe establishment of trust relations is recognized as an important approach to initiate cooperation between unfamiliar entities in distributed computing environments. Particularly, trust relations can play a key role to help nodes make decisions on service discoveries in wireless environments. Visualizing trust relations can help us understand and analyze the real‐time threats that the distributed system is facing and consequently identify the attacks in order to deploy corresponding countermeasures. The main challenges to visualize trust in such distributed environments are as follows: (i) visually reorganizing and presenting trust relations to show underlying cooperation between attackers; (ii) mapping attacker behaviors to visual patterns in an ambiguity‐free manner; (iii) properly organizing and encoding other contextual information to analyze how these factors play along with trust. In this paper, we introduce TrustVis, a tool that helps users visually analyze trust relations to identify attacks in a semi‐automatic fashion. In parallel with a running trust evaluation engine that actively monitors trust relations, TrustVis reorganizes and presents trust relations with a matrix to map the cooperative attack schemes to visual patterns. By coordinating the trust matrix and other contextual information into a multi‐faceted view, TrustVis incorporates the intelligence of domain experts to interactively monitor the networked system toward identifying both the attackers' identities and the adopted attack schemes. Copyright © 2012 John Wiley & Sons, Ltd.

Kealan Dunnett,Shantanu Pal,Guntur Dharma Putra,Zahra Jadidi,Raja Jurdak

DOI: https://doi.org/10.48550/arXiv.2208.12031

2022-08-25

Abstract:Cyber Threat Intelligence (CTI) is the knowledge of cyber and physical threats that help mitigate potential cyber attacks. The rapid evolution of the current threat landscape has seen many organisations share CTI to strengthen their security posture for mutual benefit. However, in many cases, CTI data contains attributes (e.g., software versions) that have the potential to leak sensitive information or cause reputational damage to the sharing organisation. While current approaches allow restricting CTI sharing to trusted organisations, they lack solutions where the shared data can be verified and disseminated `differentially' (i.e., selective information sharing) with policies and metrics flexibly defined by an organisation. In this paper, we propose a blockchain-based CTI sharing framework that allows organisations to share sensitive CTI data in a trusted, verifiable and differential manner. We discuss the limitations associated with existing approaches and highlight the advantages of the proposed CTI sharing framework. We further present a detailed proof of concept using the Ethereum blockchain network. Our experimental results show that the proposed framework can facilitate the exchange of CTI without creating significant additional overheads.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Dincy R. Arikkat,Mert Cihangiroglu,Mauro Conti,Rafidha Rehiman K. A.,Serena Nicolazzo,Antonino Nocera,Vinod P

2024-06-20

Abstract:The rise of IT-dependent operations in modern organizations has heightened their vulnerability to cyberattacks. As a growing number of organizations include smart, interconnected devices in their systems to automate their processes, the attack surface becomes much bigger, and the complexity and frequency of attacks pose a significant threat. Consequently, organizations have been compelled to seek innovative approaches to mitigate the menaces inherent in their infrastructure. In response, considerable research efforts have been directed towards creating effective solutions for sharing Cyber Threat Intelligence (CTI). Current information-sharing methods lack privacy safeguards, leaving organizations vulnerable to leaks of both proprietary and confidential data. To tackle this problem, we designed a novel framework called SeCTIS (Secure Cyber Threat Intelligence Sharing), integrating Swarm Learning and Blockchain technologies to enable businesses to collaborate, preserving the privacy of their CTI data. Moreover, our approach provides a way to assess the data and model quality, and the trustworthiness of all the participants leveraging some validators through Zero Knowledge Proofs. An extensive experimental campaign demonstrates our framework's correctness and performance, and the detailed attack model discusses its robustness against attacks in the context of data and model quality.

Cryptography and Security

Lakshmi Rama Kiran Pasumarthy,Hisham Ali,William J Buchanan,Jawad Ahmad,Audun Josang,Vasileios Mavroeidis,Mouad Lemoudden

DOI: https://doi.org/10.48550/arXiv.2403.05210

2024-03-08

Abstract:There is an increasing need to share threat information for the prevention of widespread cyber-attacks. While threat-related information sharing can be conducted through traditional information exchange methods, such as email communications etc., these methods are often weak in terms of their trustworthiness and privacy. Additionally, the absence of a trust infrastructure between different information-sharing domains also poses significant challenges. These challenges include redactment of information, the Right-to-be-forgotten, and access control to the information-sharing elements. These access issues could be related to time bounds, the trusted deletion of data, and the location of accesses. This paper presents an abstraction of a trusted information-sharing process which integrates Attribute-Based Encryption (ABE), Homomorphic Encryption (HE) and Zero Knowledge Proof (ZKP) integrated into a permissioned ledger, specifically Hyperledger Fabric (HLF). It then provides a protocol exchange between two threat-sharing agents that share encrypted messages through a trusted channel. This trusted channel can only be accessed by those trusted in the sharing and could be enabled for each data-sharing element or set up for long-term sharing.

Cryptography and Security

Chunxiao Jiang,Yong Ren,Hsiao-Hwa Chen,Guizani Moshen

DOI: https://doi.org/10.1109/icc.2016.7511092

2016-01-01

Abstract:In a cooperative network, users share information with each other to achieve a common target. Due to the concerns of privacy and cost, users may be reluctant to share genuine information with each other, which incurs the information trustworthiness problem. Most of the existing research attempts have proposed various mechanisms targeting to enhance the information credibility in various scenarios. However, the users' information sharing inclinations have not been well considered and modeled, which closely determine the information credibility in the network. In this paper, we study a trustworthy situation in cooperative networks and utilize the concept of reputation to model users' behaviors. Specifically, we propose two reputation learning methods based on both the peer-to-peer Bayesian learning and the social non-Bayesian learning models, and also propose a trustworthiness learning method based on the posterior estimation. Finally, simulations are conducted to verify the correctness and effectiveness of our theoretical analysis.

Hisham Ali,Pavlos Papadopoulos,Jawad Ahmad,Nikolaos Pitropakis,Zakwan Jaroucheh,William J. Buchanan

DOI: https://doi.org/10.48550/arXiv.2112.10092

2021-12-19

Abstract:Threat information sharing is considered as one of the proactive defensive approaches for enhancing the overall security of trusted partners. Trusted partner organizations can provide access to past and current cybersecurity threats for reducing the risk of a potential cyberattack - the requirements for threat information sharing range from simplistic sharing of documents to threat intelligence sharing. Therefore, the storage and sharing of highly sensitive threat information raises considerable concerns regarding constructing a secure, trusted threat information exchange infrastructure. Establishing a trusted ecosystem for threat sharing will promote the validity, security, anonymity, scalability, latency efficiency, and traceability of the stored information that protects it from unauthorized disclosure. This paper proposes a system that ensures the security principles mentioned above by utilizing a distributed ledger technology that provides secure decentralized operations through smart contracts and provides a privacy-preserving ecosystem for threat information storage and sharing regarding the MITRE ATT\&CK framework.

Cryptography and Security

Robson de Oliveira Albuquerque,Luis Javier García Villalba,Ana Lucila Sandoval Orozco,Fábio Buiati,Tai-Hoon Kim

DOI: https://doi.org/10.3390/s141222754

2014-12-01

Abstract:Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity and availability, the well-known CIA triad. In addition, information security is a risk management job; the task is to manage the inherent risks of information disclosure. Current information security platforms do not deal with the different facets of information technology. This paper presents a layered trust information security architecture (TISA) and its creation was motivated by the need to consider information and security from different points of view in order to protect it. This paper also extends and discusses security information extensions as a way of helping the CIA triad. Furthermore, this paper suggests information representation and treatment elements, operations and support components that can be integrated to show the various risk sources when dealing with both information and security. An overview of how information is represented and treated nowadays in the technological environment is shown, and the reason why it is so difficult to guarantee security in all aspects of the information pathway is discussed.

Joanna F DeFranco,Joshua Roberts,David Ferraiolo,D Chris Compton

DOI: https://doi.org/10.1093/jamiaopen/ooae040

2024-05-15

JAMIA Open

Abstract:Objective: To address database interoperability challenges to improve collaboration among disparate organizations. Materials and methods: We developed a lightweight system to allow broad but well-controlled data sharing while preserving local data protection policies. We used 2 NIST-developed technologies-Next-generation Database Access Control (NDAC) and the Data Block Matrix (DBM)-to create a proof-of-concept system called the Secure Federated Data Sharing System (SFDS). NDAC controls access to database resources down to the field level based on attributes assigned to users. The DBM manages and shares authoritative user-attribute assignments across a federation of organizations, implemented using a modified open-source permissioned blockchain, to manage and share authoritative user-attribute assignments across a federation of organizations. We used synthetic data to demonstrate a clinical research data-sharing use case using the SFDS. Results: We demonstrated, through consent, the onboarding of previously unknown users into NDAC via assignments to their DBM-validated attributes, allowing those users policy-preserving access to local database resources. The SFDS main system components-NDAC and DBM-also showed excellent performance metrics. Discussion: The SFDS provides a generic data-sharing infrastructure that effectively and securely achieves data-sharing objectives. It is completely transparent to the otherwise normal business operations of participating organizations. It requires no changes to database management systems or existing methods of authenticating and authorizing local user access to local resources. Conclusion: This efficiency, flexibility of deployment, and granularity of control make this new infrastructure solution practical for meeting the data-sharing and protection objectives of the clinical research community.

Lu Chen,Qing Zhou,Gaofeng Huang,Liqiang Zhang

DOI: https://doi.org/10.1109/CIS.2014.47

2014-01-01

Abstract:Resource sharing is one of the main applications of network. How to establish a trust relationship between resources requestor and provider, and enforce authority is the key issue of efficient resource sharing. Existing models and methods are mostly focus on identity, recommendation and other information, but lack of the considering of resource requestor's conduct and environment of computing. And once authorized, it will not be able to track and control user behavior dynamically. It may cause more risks when sharing resources. Aiming to resolve the above problems, a trust-role based context aware access control model is proposed relying on the measurement and verification of the \"trust credentials and evidences\" which embody the context information of user behavior and platform environment to achieve the security, dependable and dynamic access control for resource sharing.

Will Abramson,Adam James Hall,Pavlos Papadopoulos,Nikolaos Pitropakis,William J Buchanan

DOI: https://doi.org/10.1007/978-3-030-58986-8_14

2020-06-04

Abstract:When training a machine learning model, it is standard procedure for the researcher to have full knowledge of both the data and model. However, this engenders a lack of trust between data owners and data scientists. Data owners are justifiably reluctant to relinquish control of private information to third parties. Privacy-preserving techniques distribute computation in order to ensure that data remains in the control of the owner while learning takes place. However, architectures distributed amongst multiple agents introduce an entirely new set of security and trust complications. These include data poisoning and model theft. This paper outlines a distributed infrastructure which is used to facilitate peer-to-peer trust between distributed agents; collaboratively performing a privacy-preserving workflow. Our outlined prototype sets industry gatekeepers and governance bodies as credential issuers. Before participating in the distributed learning workflow, malicious actors must first negotiate valid credentials. We detail a proof of concept using Hyperledger Aries, Decentralised Identifiers (DIDs) and Verifiable Credentials (VCs) to establish a distributed trust architecture during a privacy-preserving machine learning experiment. Specifically, we utilise secure and authenticated DID communication channels in order to facilitate a federated learning workflow related to mental health care data.

Cryptography and Security,Computers and Society,Distributed, Parallel, and Cluster Computing,Computer Science and Game Theory,Machine Learning

Alcaraz, Cristina,Meskini, Iman Hasnaouia,Lopez, Javier

DOI: https://doi.org/10.1007/s10207-024-00912-1

2024-11-08

International Journal of Information Security

Abstract:Digital Twin (DT) technology empowers organizations to create virtual counterparts of their physical assets, thereby magnifying their analytical, optimization and decision-making capabilities. More specifically, the simulation capabilities of a DT generate high-quality data that not only benefit the DT owner organization, but also increase the potential of similar organizations by leveraging the DT's capabilities when sharing its simulation results This collaborative sharing boosts the capabilities of each participating organization, fostering a collective intelligence that amplifies their competitive advantage. Nonetheless, data exchange must rigorously safeguard each organization's data confidentiality, and access to this data must be thoroughly controlled. Thus, this paper introduces the novel concept of DT communities and proposes a hybrid access control architecture. This architecture seamlessly integrates the strengths of both Role Based Access Control (RBAC) and Organizational Based Access Control (OrBAC), facilitating secure, authorized intra- and inter-organizational information sharing in the context of Industry 5.0, combining the strengths of local DT communication and other organization's DTs as well. Moreover, in order to show the feasibility of the approach for critical corporate organizations and their systems, in this paper we provide a proof-of-concept implementation of this architecture. To validate its functionality and efficiency, we perform a number of experimental studies showing how various entities can benefit from securely sharing DT models based on the concept of "community".

computer science, information systems, theory & methods, software engineering

Geetanjali Rathee,Sahil Garg,Georges Kaddoum,Bong Jun Choi,Mohammad Mehedi Hassan,Salman A. AlQahtani

DOI: https://doi.org/10.1109/tii.2022.3173006

IF: 12.3

2022-11-13

IEEE Transactions on Industrial Informatics

Abstract:Many IoT-based applications have inherited the artificial intelligence of things (AIoT) techniques to explore new services and benefits of smart recording and monitoring generated information. However, hundreds of hacking incidents caused by highly sophisticated attackers have generated serious risks, where they compromised various IoT sensors for their benefits, impeding the growth of AIoT. Various security schemes have been proposed in the literature; however, it is critical to determine the legitimacy of AIoT devices in real-time scenarios during the initial deployment of the network. Therefore, this article aims to provide a secure, reliable, and trusted decision-making scheme using multiattribute methods in collaborative AIoT. The proposed system uses backpropagation and Bayesian's rule to ensure a fast and accurate decision. In addition, agent-based modeling and population-based modeling trust schemes are used to compute the legitimacy of the communicating model. Further, the proposed system is validated over various security measures against the various decision-based conventional methods such as Fuzzy c-means, REPTree, and random tree in terms of time, accuracy, replay attack, data falsification attack, recall, region of convergence, and F-Measure. The proposed mechanism achieves 93% improvement over accuracy and attack identification against existing mechanisms.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Xukai Zou,Yuan-shun Dai,Yi Pan

DOI: https://doi.org/10.1142/9789812790880

2008-01-01

Abstract:Computer networks are compromised by various unpredictable factors, such as hackers, viruses, spam, faults, and system failures, hindering the full utilization of computer systems for collaborative computing one of the objectives for the next generation of the Internet. It includes the functions of data communication, resource sharing, group cooperation, and task allocation. One popular example of collaborative computing is grid computing. This monograph considers the latest efforts to develop a trusted environment with the high security and reliability needed for collaborative computing. The important modules treated include secure group communication, access control, dependability, grid computing, key management, intrusion detection, and trace back. In addition, a real project for developing a nationwide medical information system with high dependability and security is described. Contents: Secure Group Communication (SGC); Cryptography Based Access Control; Intrusion Detection and Defence; Security in Grid Computing; Trusted and Seamless Medical Information Systems.

Hamza Maatouk,Sebastian Uschmann,Sven Festag,Tim Schneider,Anna Weber,Ngo Manh Khoi,Sven Bock,Stephan M Jonas,Cord Spreckelsen,Friederike Klan

DOI: https://doi.org/10.3233/SHTI230472

2023-06-29

Abstract:Ensuring data quality and protecting data are key requirements when working with health-related data. Re-identification risks of feature-rich data sets have led to the dissolution of the hard boundary between data protected by data protection laws (GDPR) and anonymized data sets. To solve this problem, the TrustNShare project is creating a transparent data trust that acts as a trusted intermediary. This allows for secure and controlled data exchange, while offering flexible datasharing options, considering trustworthiness, risk tolerance, and healthcare interoperability. Empirical studies and participatory research will be conducted to develop a trustworthy and effective data trust model.

Dah-Kwei Liou,Wen-Hai Chih,Li-Chun Hsu,Chia-Yi Huang

DOI: https://doi.org/10.1007/s10257-015-0279-2

2015-03-10

Abstract:Social networking sites are built and designed to provide online services and a platform for people to social interacts and exchange information. This study used the social capital theory as a foundation to explore the social interaction factors and individual factors such as shared value, community identification, and information privacy concerns, and examine the mediating role of the desire to give information between trust on websites/members and information sharing behaviour in the proposed model. This research sample consists of seven hundred and twenty-seven members who have used the Facebook fan page for at least 6 months. This study adopted structural equation modeling to test the research hypotheses. The results of this study show that shared value, community identification, and information privacy concern directly influence trust on websites and members. Trust on websites and members directly influenced the desire to get/give information. Desire to give information directly influences information sharing behaviour. The desire to give information plays important mediating roles between trust on websites/members and information sharing behaviour. Finally, we provide conclusions and managerial implications of the findings.

management,business

Christos-Minas Mathas,Costas Vassilakis,Nicholas Kolokotronis

DOI: https://doi.org/10.1109/SERVICES48979.2020.00047

2021-09-04

Abstract:In modern internet-scale computing, interaction between a large number of parties that are not known a-priori is predominant, with each party functioning both as a provider and consumer of services and information. In such an environment, traditional access control mechanisms face considerable limitations, since granting appropriate authorizations to each distinct party is infeasible both due to the high number of grantees and the dynamic nature of interactions. Trust management has emerged as a solution to this issue, offering aids towards the automated verification of actions against security policies. In this paper, we present a trust- and risk-based approach to security, which considers status, behavior and associated risk aspects in the trust computation process, while additionally it captures user-to-user trust relationships which are propagated to the device level, through user-to-device ownership links.

Cryptography and Security