< Terug naar vorige pagina


TATIS: Trustworthy APIs for Threat Intelligence Sharing with UMA and CP-ABE

Boekbijdrage - Boekhoofdstuk Conferentiebijdrage

Threat intelligence platforms offer cyber emergency teams and security stakeholders access to sightings of cyberthreats and indicators of compromise. Given the sensitivity of the information, access may be restricted to certain members within an organization, offered to the general public, or anything in between. Service providers that host such platforms typically expose APIs for threat event producers and consumers, and to enable interoperability with other threat intelligence platforms. Not only is API security a growing concern, the implied trust by threat event producers and consumers in the platform provider remains a non-trivial challenge. This paper addresses these challenges by offering protection against honest but curious platform providers, and putting the access control back into the hands of the owner or producer of the threat events. We present TATIS, a solution for fine-grained access control to protect threat intelligence APIs using User Managed Access (UMA) and Ciphertext-Policy Attribute-Based Encryption (CP-ABE). We test the feasibility of our solution using the Malware Information Sharing Platform (MISP). We validate our contribution from a security and privacy point of view. Experimental evaluation on a real-world OSINT threat intelligence dataset illustrates our solution imposes an acceptable performance overhead on the latency of API requests.
Boek: Foundations and Practice of Security. 12th International Symposium, FPS 2019, Toulouse, France, November 5–7, 2019, Revised Selected Papers
Pagina's: 1 - 17
Jaar van publicatie:2020