Intelligence and Information Sharing models


During the first half of 2021, WP6 (lead by CNR) has been continuing work on the ShareNET system. The team developed and integrated new components to enable secure and automated Cyber Threat Intelligence (CTI) sharing with third parties and an external Threat Intelligence Sharing Platform (TISP).

The sharing process implemented in the ShareNET system is based on the usage control concept (UCON), which ensures that only authorized entities can execute specific operations under certain conditions. For this reason, the ShareNET system enforces data-sharing agreements, and data-owners can define them in the form of controlled natural language. Indeed, ShareNET promotes data sovereignty for CTI.

In addition to that, data-owners can specify obligations, which may require the execution of data manipulation operations. ShareNET uses these obligations to execute privacy-preserving operations, like encryption, data shuffling, and other anonymization approaches. In this way, if a data-sharing agreement requires the execution of anonymization operation on the CTI record, the ShareNET communicates with the PrivacyNET using its API to perform a specified operation.

The ShareNET system provides a set of APIs, which allows stakeholders to define data-sharing agreements in the form of controlled natural language, upload and store their information as data-protected objects, and export it to external CTI sources, including Malware Information Sharing Platform (MISP).

The ShareNET integration has started with the communication with other components as well as the core CyberSANE infrastructure.

Leave a Reply

Your email address will not be published.