A scheme for the sticky policy representation supporting secure Cyber-Threat Intelligence analysis and sharing

Author (ESR): 
Oleksii Osliak (Consiglio Nazionale Delle Ricerche)
Oleksii Osliak
Fabio Martinelli
Andrea Saracino

The paper proposes a STIX-based data representation for privacy-preserving data analysis, to report format and semantics of specific data types, and to represent sticky policies in the format of embedded human-readable DSAs. More specifically, we exploit and extend the STIX standard, to represent in a structured way analysis-ready pieces of data and the attached privacy policies. The whole scheme is designed to be completely compatible with the STIX 2.0 standard for CTI representation. The proposed scheme will be implemented in this work by defining the complete scheme for representing an email, which is more expressive than the standard one defined for STIX, designed specifically for spam email analysis. Moreover, the paper provides a new scheme for general Data-Sharing Agreement representation that has been practically applied for the process of encoding specific attributes in different Cyber-Threat Intelligence reports. Due to the chosen approach, the research results may have limitations. Specifically, current practice for entity recognition has the limitation that was discovered during the research. However, its effect on process time was minimized. This paper has covered the existing gap including the lack of generality in DSA representation for privacy-preserving analysis of structured CTI. Therefore, the new model for DSA representation was introduced as well as its practical implementation.