Threat information sharing is considered as one of the proactive defensive approaches for enhancing the overall security of trusted partners. Trusted partner organizations can provide access to past and current cybersecurity threats for reducing the risk of a potential cyberattack - the requirements for threat information sharing range from simplistic sharing of documents to threat intelligence sharing. Therefore, the storage and sharing of highly sensitive threat information raises considerable concerns regarding constructing a secure, trusted threat information exchange infrastructure. Establishing a trusted ecosystem for threat sharing will promote the validity, security, anonymity, scalability, latency efficiency, and traceability of the stored information that protects it from unauthorized disclosure. This paper proposes a system that ensures the security principles mentioned above by utilizing a distributed ledger technology that provides secure decentralized operations through smart contracts and provides a privacy-preserving ecosystem for threat information storage and sharing regarding the MITRE ATT\&CK framework.
翻译:受信任的伙伴组织可以提供接触过去和目前的网络安全威胁的机会,以减少潜在的网络攻击的风险 -- -- 威胁信息共享的要求从简单的文件共享到威胁情报共享不等,因此,高度敏感威胁信息的储存和共享引起对建设安全、可信赖的威胁信息交流基础设施的极大关切。建立共享威胁的受信任生态系统将促进保护其不受未经授权的披露的储存信息的有效性、安全性、匿名性、可缩放性、延缓性效率以及可追踪性。本文件提议建立一个系统,利用分布式分类账技术确保上述安全原则,通过智能合同提供安全的分散作业,并为MITRE ATTCK框架的威胁信息存储和共享提供隐私保护生态系统。