TY - GEN
T1 - Sharing is Caring
T2 - 11th IEEE International Congress on Conferences on Internet of Things, 14th IEEE International Conference on Green Computing and Communications, 11th IEEE International Conference on Cyber, Physical and Social Computing, 4th IEEE International Conference on Smart Data, 1st IEEE International Conference on Blockchain and 18th IEEE International Conference on Computer and Information Technology, iThings/GreenCom/CPSCom/SmartData/Blockchain/CIT 2018
AU - Webster, George D.
AU - Harris, Ryan L.
AU - Hanif, Zachary D.
AU - Hembree, Bruce A.
AU - Grossklags, Jens
AU - Eckert, Claudia
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/7
Y1 - 2018/7
N2 - For decades it has been acknowledged that sharing security information and collaboration between security practitioners are a necessity. Yet, effective sharing and collaboration are rare. A gamut of legislative acts, executive orders, academic works, and private sector initiatives have discussed aspects of the problem and aimed to be the catalyst needed to fix the situation. But almost 30 years since these efforts started, the state of sharing and collaboration is still technically complicated, slow, untrusted, and impeded by bureaucratic woes. This work identifies the challenges of sharing security artifacts and uses real-world examples to illustrate our findings. Based on this knowledge, we propose a new model for sharing and collaboration, CARE. The CARE architecture eases many of the privacy, secrecy, lineage, and structure issues that plague current sharing communities and platforms. We then build upon this foundation to introduce a marketplace based on smart contracts with transactional privacy over a distributed blockchain. Therefore, CARE incentivizes sharing, combats free riding, and provides an immutable ledger for the attribution of events. This paradigm shift, overcomes the challenges of sharing while providing new opportunities for business models, insurance risk assessments, and government backed incentivisation.
AB - For decades it has been acknowledged that sharing security information and collaboration between security practitioners are a necessity. Yet, effective sharing and collaboration are rare. A gamut of legislative acts, executive orders, academic works, and private sector initiatives have discussed aspects of the problem and aimed to be the catalyst needed to fix the situation. But almost 30 years since these efforts started, the state of sharing and collaboration is still technically complicated, slow, untrusted, and impeded by bureaucratic woes. This work identifies the challenges of sharing security artifacts and uses real-world examples to illustrate our findings. Based on this knowledge, we propose a new model for sharing and collaboration, CARE. The CARE architecture eases many of the privacy, secrecy, lineage, and structure issues that plague current sharing communities and platforms. We then build upon this foundation to introduce a marketplace based on smart contracts with transactional privacy over a distributed blockchain. Therefore, CARE incentivizes sharing, combats free riding, and provides an immutable ledger for the attribution of events. This paradigm shift, overcomes the challenges of sharing while providing new opportunities for business models, insurance risk assessments, and government backed incentivisation.
KW - Computer Security
KW - Information Sharing
KW - Malware
KW - Threat Intelligence
UR - http://www.scopus.com/inward/record.url?scp=85067872551&partnerID=8YFLogxK
U2 - 10.1109/Cybermatics_2018.2018.00240
DO - 10.1109/Cybermatics_2018.2018.00240
M3 - Conference contribution
AN - SCOPUS:85067872551
T3 - Proceedings - IEEE 2018 International Congress on Cybermatics: 2018 IEEE Conferences on Internet of Things, Green Computing and Communications, Cyber, Physical and Social Computing, Smart Data, Blockchain, Computer and Information Technology, iThings/GreenCom/CPSCom/SmartData/Blockchain/CIT 2018
SP - 1402
EP - 1409
BT - Proceedings - IEEE 2018 International Congress on Cybermatics
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 30 July 2018 through 3 August 2018
ER -