Controlled and Secure Sharing Threat Intelligence

Detalhes bibliográficos
Autor(a) principal: Fernandes, Ricardo
Data de Publicação: 2021
Tipo de documento: Dissertação
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10400.22/19297
Resumo: Cyber threat information sharing platforms have become a useful weapon for dealing with cyberattacks, proactively mitigating them and thus reducing risk exposure. These allow multiple agencies to connect with each other, forming a community, and share that same intrusion information regarding cyberattacks or threats with each other. The Malware Information Sharing Platform (MISP) is particularly developed to promote the open dissemination of information such as intrusion indicators within a community. This exchange of information related to threats or incidents is treated as a data synchronisation procedure between di erent MISP instances, which may belong to one or more communities, companies or organisations. However, this platform presents limitations if its information is considered as classi ed or shared only for a certain period of time. This implies that this information should be treated only in encrypted form. One solution is to use MISP with searchable encryption techniques to impose greater control over information sharing. In this document, it is present a system that guarantees a controlled synchronisation of information between entities through the use of encrypted search techniques to guarantee the con dentiality of the information present in the MISP platform and also the use of synchronisation policies to control the way information is exchanged.
id RCAP_0588de0d35675ea3413cba00f8f06be0
oai_identifier_str oai:recipp.ipp.pt:10400.22/19297
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling Controlled and Secure Sharing Threat IntelligenceSearchable encryptionClassi ed informationInformation sharingInformáticaCyber threat information sharing platforms have become a useful weapon for dealing with cyberattacks, proactively mitigating them and thus reducing risk exposure. These allow multiple agencies to connect with each other, forming a community, and share that same intrusion information regarding cyberattacks or threats with each other. The Malware Information Sharing Platform (MISP) is particularly developed to promote the open dissemination of information such as intrusion indicators within a community. This exchange of information related to threats or incidents is treated as a data synchronisation procedure between di erent MISP instances, which may belong to one or more communities, companies or organisations. However, this platform presents limitations if its information is considered as classi ed or shared only for a certain period of time. This implies that this information should be treated only in encrypted form. One solution is to use MISP with searchable encryption techniques to impose greater control over information sharing. In this document, it is present a system that guarantees a controlled synchronisation of information between entities through the use of encrypted search techniques to guarantee the con dentiality of the information present in the MISP platform and also the use of synchronisation policies to control the way information is exchanged.Pinto, António Alberto dos SantosRepositório Científico do Instituto Politécnico do PortoFernandes, Ricardo2022-01-04T16:27:59Z202120212021-01-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10400.22/19297TID:202884783enginfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-03-13T13:13:28Zoai:recipp.ipp.pt:10400.22/19297Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T17:39:23.360601Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv Controlled and Secure Sharing Threat Intelligence
title Controlled and Secure Sharing Threat Intelligence
spellingShingle Controlled and Secure Sharing Threat Intelligence
Fernandes, Ricardo
Searchable encryption
Classi ed information
Information sharing
Informática
title_short Controlled and Secure Sharing Threat Intelligence
title_full Controlled and Secure Sharing Threat Intelligence
title_fullStr Controlled and Secure Sharing Threat Intelligence
title_full_unstemmed Controlled and Secure Sharing Threat Intelligence
title_sort Controlled and Secure Sharing Threat Intelligence
author Fernandes, Ricardo
author_facet Fernandes, Ricardo
author_role author
dc.contributor.none.fl_str_mv Pinto, António Alberto dos Santos
Repositório Científico do Instituto Politécnico do Porto
dc.contributor.author.fl_str_mv Fernandes, Ricardo
dc.subject.por.fl_str_mv Searchable encryption
Classi ed information
Information sharing
Informática
topic Searchable encryption
Classi ed information
Information sharing
Informática
description Cyber threat information sharing platforms have become a useful weapon for dealing with cyberattacks, proactively mitigating them and thus reducing risk exposure. These allow multiple agencies to connect with each other, forming a community, and share that same intrusion information regarding cyberattacks or threats with each other. The Malware Information Sharing Platform (MISP) is particularly developed to promote the open dissemination of information such as intrusion indicators within a community. This exchange of information related to threats or incidents is treated as a data synchronisation procedure between di erent MISP instances, which may belong to one or more communities, companies or organisations. However, this platform presents limitations if its information is considered as classi ed or shared only for a certain period of time. This implies that this information should be treated only in encrypted form. One solution is to use MISP with searchable encryption techniques to impose greater control over information sharing. In this document, it is present a system that guarantees a controlled synchronisation of information between entities through the use of encrypted search techniques to guarantee the con dentiality of the information present in the MISP platform and also the use of synchronisation policies to control the way information is exchanged.
publishDate 2021
dc.date.none.fl_str_mv 2021
2021
2021-01-01T00:00:00Z
2022-01-04T16:27:59Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10400.22/19297
TID:202884783
url http://hdl.handle.net/10400.22/19297
identifier_str_mv TID:202884783
dc.language.iso.fl_str_mv eng
language eng
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799131481892716544

Registros relacionados