A Model for Secure and Mutually Beneficial Software Vulnerability Sharing. / Davidson, Alexander; Fenn, Gregory; Cid, Carlos.

WISCS '16 Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security. ACM, 2016. p. 3-14.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Published

Documents

Links

Abstract

In this work we propose a model for conducting efficient and mutually beneficial information sharing between two competing entities, focusing specifically on software vulnerability sharing. We extend the two-stage game-theoretic model proposed by Khouzani et al. [18] for bug sharing, addressing two key features: we allow security information to be associated with different categories and severities, but also remove a large proportion of player homogeneity assumptions the previous work makes. We then analyse how these added degrees of realism affect the trading dynamics of the game. Secondly, we develop a new private set operation (PSO) protocol that enables the removal of the trusted mediation requirement. The PSO functionality allows for bilateral trading between the two entities up to a mutually agreed threshold on the value of information shared, keeping all other input information secret. The protocol scales linearly with set sizes and we give an implementation that establishes the practicality of the design for varying input parameters. The resulting model and protocol provide a framework for practical and secure information sharing between competing entities.
Original languageEnglish
Title of host publicationWISCS '16 Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security
PublisherACM
Pages3-14
Number of pages12
ISBN (Print)978-1-4503-4565-1
DOIs
Publication statusPublished - 24 Oct 2016
EventWISCS 2016 - 3rd ACM Workshop on Information Sharing and Collaborative Security - Vienna, Austria
Duration: 24 Oct 201624 Oct 2016

Workshop

WorkshopWISCS 2016 - 3rd ACM Workshop on Information Sharing and Collaborative Security
CountryAustria
CityVienna
Period24/10/1624/10/16
This open access research output is licenced under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.

ID: 27035287