How to Enhance the Sharing of Cyber Incident Information via Fine-Grained Access Control

Salonen, Jarno; Niskanen, Tatu; Raitio, Pia

doi:10.5121/csit.2022.120717

Cited by 1 publication

(1 citation statement)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…) IODEF version 2 specified in RFC 7970 introduces new information points to this format (Danyliw, 2016). Salonen et al (2022) have introduced a somewhat primitive model to enhance the sharing of cyber incident information via FGAC, utilizing IODEF to achieve this goal. This article provides a more mature version of that model and extends it beyond IODEF and incident information sharing.…”

Section: Theoretical Backgroundmentioning

confidence: 99%

Enabling fine-grained access control in information sharing with structured data formats

Niskanen

Salonen

2023

eccws

View full text Add to dashboard Cite

The ongoing need for societal and industrial digital transformation requires rapidly expanding networks of interconnected organizations and dictates an increasing role for cybersecurity in information sharing. A typical setup consists of multiple stakeholders working closely together and needing efficient channels for sharing relevant information in a secure manner. This is especially prevalent with complex modern supply chains and critical information infrastructures. They often comprise of numerous co-operating organizations, people and in some cases smart devices having different levels of access to a variety of information. Granular access control plays a vital role when distributing information efficiently between stakeholders without revealing sensitive pieces of data to unwanted third parties. This article presents a novel framework for enabling fine-grained access control to share information efficiently and securely in these situations. Our motivation and use case for the framework originates from the secure sharing of cyber incident information in the maritime logistics industry. We present a novel solution to this problem by developing an information sharing platform and a meta-model, demonstrated using an implementation with structured JSON data formats, while supporting previously researched attribute-based encryption schemes. The proposed framework provides a broader context to the fine-grained data access control challenge in addition to the technical implementation.

show abstract

Section: Theoretical Backgroundmentioning

confidence: 99%