Towards General Scheme for Data Sharing Agreements Empowering Privacy-Preserving Data Analysis of Structured CTI

  • Fabio Martinelli
  • Oleksii OsliakEmail author
  • Andrea SaracinoEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11387)


This paper proposes an extension to the standard STIX representation for Cyber Threat Information (CTI) which couples specific data attributes with privacy-preserving conditions expressed through Data Sharing Agreements (DSA). The proposed scheme allows, in fact, to define sharing and anonymization policies in the form of a human-readable DSA, bound to the specific CTI. The whole scheme is designed to be completely compatible with the STIX 2.0 standard for CTI representation. The proposed scheme will be implemented in this work by defining the complete scheme for representing an email, which is more expressive than the standard one defined for STIX, designed specifically for spam email analysis. Hence, an application to an email is presented, together with DSA definition and inclusion in a STIX record. Finally, a set of experiments will show the performance improvement related to data access, brought by the adoption of the proposed scheme.


Cyber threat intelligence Privacy-preserving Threat information sharing Data Sharing Agreements 



This work has been partially funded by EU Funded project H2020 NeCS, GA #675320 and H2020 C3ISP, GA #700294 and EIT Digital Trusted Cloud and Internet of Things.


  1. 1.
    Diday, E., Simon, J.C.: Clustering analysis. In: Fu, K.S. (ed.) Digital Pattern Recognition, pp. 47–94. Springer, Heideberg (1980). Scholar
  2. 2.
    Genes, R., Arrott, A., Sancho, D.: Stormy weather: a quantitative assessment of the storm web threat in 2007 (2011)Google Scholar
  3. 3.
    Han, W., Lei, C.: A survey on policy languages in network and security management. Comput. Netw. 56(1), 477–489 (2012)CrossRefGoogle Scholar
  4. 4.
    Johnson, C., Badger, L., Waltermire, D., Snyder, J., Skorupka, C.: Guide to cyber threat information sharing. NIST Spec. Publ. 800, 150 (2016)Google Scholar
  5. 5.
    Johnson, C.S., Feldman, L., Witte, G.A.: Cyber threat intelligence and information sharing. Technical report (2017)Google Scholar
  6. 6.
    Karjoth, G., Schunter, M., Waidner, M.: Platform for enterprise privacy practices: privacy-enabled management of customer data. In: Dingledine, R., Syverson, P. (eds.) PET 2002. LNCS, vol. 2482, pp. 69–84. Springer, Heidelberg (2003). Scholar
  7. 7.
    Kim, D., Woo, J.Y., Kim, H.K.: I know what you did before: general framework for correlation analysis of cyber threat incidents. In: IEEE Military Communications Conference, MILCOM 2016–2016, pp. 782–787. IEEE (2016)Google Scholar
  8. 8.
    Kokkonen, T., Hautamäki, J., Siltanen, J., Hämäläinen, T.: Model for sharing the information of cyber security situation awareness between organizations. In: 2016 23rd International Conference on Telecommunications (ICT), pp. 1–5. IEEE (2016)Google Scholar
  9. 9.
    Krishnan, R., Sandhu, R., Niu, J., Winsborough, W.H.: A conceptual framework for group-centric secure information sharing. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pp. 384–387. ACM (2009)Google Scholar
  10. 10.
    Martinelli, F., Saracino, A., Sheikhalishahi, M.: Modeling privacy aware information sharing systems: a formal and general approach. In: 2016 IEEE Trustcom/BigDataSE/I SPA, pp. 767–774. IEEE (2016)Google Scholar
  11. 11.
    Matteucci, I., Petrocchi, M., Sbodio, M.L., Wiegand, L.: A design phase for data sharing agreements. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds.) DPM/SETOP -2011. LNCS, vol. 7122, pp. 25–41. Springer, Heidelberg (2012). Scholar
  12. 12.
    McAfee: What is Typosquatting?
  13. 13.
    Seligman, L., Rosenthal, A., Caverlee, J.: Data service agreements: toward a data supply chain. In: Proceedings of the Information Integration on the Web workshop at the Very Large Database Conference, Toronto (2004)Google Scholar
  14. 14.
    Sheikhalishahi, M., Saracino, A., Mejri, M., Tawbi, N., Martinelli, F.: Fast and effective clustering of spam emails based on structural similarity. In: Garcia-Alfaro, J., Kranakis, E., Bonfante, G. (eds.) FPS 2015. LNCS, vol. 9482, pp. 195–211. Springer, Cham (2016). Scholar
  15. 15.
    Swamp, V., Seligman, L., Rosenthal, A.: Specifying data sharing agreements. In: Seventh IEEE International Workshop on Policies for Distributed Systems and Networks, Policy 2006, 4-p. IEEE (2006)Google Scholar
  16. 16.
    Swarup, V., Seligman, L., Rosenthal, A.: A data sharing agreement framework. In: Bagchi, A., Atluri, V. (eds.) ICISS 2006. LNCS, vol. 4332, pp. 22–36. Springer, Heidelberg (2006). Scholar
  17. 17.
    Wang, J., Herath, T., Chen, R., Vishwanath, A., Rao, H.R.: Research article phishing susceptibility: an investigation into the processing of a targeted spear phishing email. IEEE Trans. Prof. Commun. 55(4), 345–362 (2012)CrossRefGoogle Scholar
  18. 18.
    Zhao, W., White, G.: A collaborative information sharing framework for community cyber security. In: 2012 IEEE Conference on Technologies for Homeland Security (HST), pp. 457–462. IEEE (2012)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Istituto di Informatica e TelematicaConsiglio Nazionale delle RicerchePisaItaly

Personalised recommendations