Skip to main content

A cloud-edge based data security architecture for sharing and analyzing cyber threat information

Chadwick, David W., Fan, Wenjun, Constantino, Gianpiero, De Lemos, Rogério, Di Cerbo, Francesco, Herwono, Ian, Mori, Paolo, Sajjad, Ali, Wang, Xiao-Si, Manera, Mirko and others. (2019) A cloud-edge based data security architecture for sharing and analyzing cyber threat information. Future Generation Computer Systems, . ISSN 0167-739X. (doi:10.1016/j.future.2019.06.026) (KAR id:76431)

Abstract

Cyber-attacks affect every aspect of our lives. These attacks have serious consequences, not only for cyber-security, but also for safety, as the cyber and physical worlds are increasingly linked. Providing effective cyber-security requires cooperation and collaboration among all the entities involved. Increasing the amount of cyber threat information (CTI) available for analysis allows better prediction, prevention and mitigation of cyber-attacks. However, organizations are deterred from sharing their CTI over concerns that sensitive and confidential information may be revealed to others. We address this concern by providing a flexible framework that allows the confidential sharing of CTI for analysis between collaborators. We propose a five-level trust model for a cloud-edge based data sharing infrastructure. The data owner can choose an appropriate trust level and CTI data sanitization approach, ranging from plain text, through anonymization/pseudonymization to homomorphic encryption, in order to manipulate the CTI data prior to sharing it for analysis. Furthermore, this sanitization can be performed by either an edge device or by the cloud service provider, depending upon the level of trust the organization has in the latter. We describe our trust model, our cloud-edge infrastructure, and its deployment model, which are designed to satisfy the broadest range of requirements for confidential CTI data sharing. Finally we briefly describe our implementation and the testing that has been carried out so far by four pilot projects that are validating our infrastructure.

Item Type: Article
DOI/Identification number: 10.1016/j.future.2019.06.026
Projects: [UNSPECIFIED] Collaborative and Confidential Information Sharing and Analysis for Cyber Protection
Uncontrolled keywords: Data security architecture, Data outsourcing, Cyber threat information, Edge computing, Cloud-edge trust, Cloud security
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 75 Electronic computers. Computer science
Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming, > QA76.76 Computer software
Divisions: Faculties > Sciences > School of Computing > Security Group
Depositing User: D. Chadwick
Date Deposited: 12 Sep 2019 13:17 UTC
Last Modified: 09 Oct 2019 12:18 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/76431 (The current URI for this page, for reference purposes)
Chadwick, David W.: https://orcid.org/0000-0003-3145-055X
Fan, Wenjun: https://orcid.org/0000-0002-7363-9695
De Lemos, Rogério: https://orcid.org/0000-0002-0281-6308
  • Depositors only (login required):

Downloads

Downloads per month over past year