Senior Researcher, Hewlett Packard Enterprise Labs
March 18th, 2016, 11am-12pm, DBH 3011
Trusted sharing of threat related data among organizations
Sharing of threat and security related data holds promise to defend, as a community, better against sophisticated cyber-attacks. In the first part of the talk we review how information sharing helps counter common attacks with a particular focus on network-security. Which information should be shared? Which cross-correlation and analysis techniques should be applied to shared data and how can they be used to shore up defenses? We also look at several real world sharing communities to identify the challenges for creating, analyzing and acting on shared threat intelligence. Challenges include reducing false positive rates, incentivizing users to contribute rather than just consume, as well as properly "contextualizing" lower level indicators such as IP addresses and domain names.
We created Threat Central to address at least some of these challenges and will demonstrate its key features. Threat Central is a platform with now several hundred users that supports trusted, automated and manual information sharing.
In the last part of the talk we focus on privacy and trust concerns. Threat Central enables private communities, i.e. communities in which members can privately exchange threat data with each other. In at least some cases it is desired that even Threat Central (i.e. the cloud provider) does not see the data the private community exchanges. In many cases both Threat Central and the private community will nevertheless benefit from controlled information flows between a centralized intelligence repository and threat data shared within the private community. Building on existing work on Private Set Intersection we present a new cryptographic protocol that fits this scenario.
We conclude with a list of open problems that would benefit from further research.
Dr. Tomas Sander is a senior researcher at Hewlett Packard Enterprise Labs in Princeton, New Jersey. He is a member of the Security and Manageability Lab at HPE which conducts research in security, privacy and cloud technologies. Before joining HP, he worked for STAR Lab, the research lab of InterTrust Technologies in Santa Clara, California on a broad range of topics relevant to advanced digital rights management (DRM). Tomas Sander received a doctoral degree in Mathematics from the University of Dortmund, Germany in 1996. From September 1996 to September 1999 he was a postdoctoral researcher at the International Computer Science Institute (ICSI) in Berkeley, California. His research interests include computer security and privacy and cryptography. In the last few years he has been researching and developing technology to implement good privacy practices in large organizations. Based on this research a privacy decision support tool is now deployed globally across HP that assists employees in making proper decisions for handling PII.
Tomas is the lead scientist for the creation of HPE's Threat Central solution, a platform developed for automated and manual threat information sharing. In 2014 Tomas founded the ACM Workshop on Information Sharing and Collaborative Security (WISCS 2014), the first scientific workshop focused on the topic.