A Model for Secure and Mutually Beneficial Software Vulnerability Sharing

Alexander Davidson, Gregory Fenn, Carlos Cid

Research output: Chapter in Book/Report/Conference proceedingConference contribution

324 Downloads (Pure)


In this work we propose a model for conducting efficient and mutually beneficial information sharing between two competing entities, focusing specifically on software vulnerability sharing. We extend the two-stage game-theoretic model proposed by Khouzani et al. [18] for bug sharing, addressing two key features: we allow security information to be associated with different categories and severities, but also remove a large proportion of player homogeneity assumptions the previous work makes. We then analyse how these added degrees of realism affect the trading dynamics of the game. Secondly, we develop a new private set operation (PSO) protocol that enables the removal of the trusted mediation requirement. The PSO functionality allows for bilateral trading between the two entities up to a mutually agreed threshold on the value of information shared, keeping all other input information secret. The protocol scales linearly with set sizes and we give an implementation that establishes the practicality of the design for varying input parameters. The resulting model and protocol provide a framework for practical and secure information sharing between competing entities.
Original languageEnglish
Title of host publicationWISCS '16 Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security
Number of pages12
ISBN (Print)978-1-4503-4565-1
Publication statusPublished - 24 Oct 2016
EventWISCS 2016 - 3rd ACM Workshop on Information Sharing and Collaborative Security - Vienna, Austria
Duration: 24 Oct 201624 Oct 2016


WorkshopWISCS 2016 - 3rd ACM Workshop on Information Sharing and Collaborative Security

Cite this