Check out the new USENIX Web site. next up previous
Next: Introduction

Privacy-Preserving Sharing and Correlation of
Security Alerts

Patrick Lincoln1 & Phillip Porras2 & Vitaly Shmatikov3

SRI International

Abstract:

We present a practical scheme for Internet-scale collaborative analysis of information security threats which provides strong privacy guarantees to contributors of alerts. Wide-area analysis centers are proving a valuable early warning service against worms, viruses, and other malicious activities. At the same time, protecting individual and organizational privacy is no longer optional in today's business climate. We propose a set of data sanitization techniques that enable community alert aggregation and correlation, while maintaining privacy for alert contributors. Our approach is practical, scalable, does not rely on trusted third parties or secure multiparty computation schemes, and does not require sophisticated key management.





Vitaly Shmatikov 2004-05-18