TWC SBE: Small: Establishing market based mechanisms for CYBer security information EXchange (CYBEX)

TWC SBE：小型：建立基于市场的 CYBer 安全信息交换（CYBEX）机制

• 批准号: 1528167
• 负责人: Shamik Sengupta
• 金额: $ 32.97万
• 依托单位: Board of Regents, NSHE, obo University of Nevada, Reno
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-09-01 至 2019-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1528167&HistoricalAwards=false
• 关键词: TWC; SBE; Small; Establishing; market

Robust cybersecurity information sharing infrastructure is required to protect the firms from future cyber attacks which might be difficult to achieve via individual effort. The United States federal government clearly encourage the firms to share their discoveries on cybersecurity breach and patch related information with other federal and private firms for strengthening the nation's security infrastructure. The goal of this project is to develop an interdisciplinary research platform to investigate the framework and benefits of breach-related vulnerability information sharing and analyze the effect of not participating in the process of information exchange. The outcome of this project has a profound impact on the evolution of CYBer security information EXchange (CYBEX) architecture and the level of interaction desired among firms (private, public or federal) to defend proactively in the ever-growing cyberspace. The research has both direct and indirect impact on mentoring, hands-on learning, education and training. Graduate and Undergraduate students (including minority and women) participating in this project are involved in interdisciplinary research and learning problem solving skills taking into account different viewpoints, namely, cybersecurity, information-exchange, economics, decision analysis and practical system implementation.By using micro and macro-economic theory as a substrate, this project establishes market based mechanisms for enabling cyber security information exchange (CYBEX) among firms to protect the cyberspace proactively against cyber attacks. This research investigates how cyberinsurance can be modeled and thereafter can be augmented with the information sharing format and framework to encourage firms to participate in CYBEX more effectively. The transformative nature of the proposed research lies in its potential to identify, model, and analyze the multi-dimensional robust cybersecurity information sharing infrastructure along with development of CYBEX emulator environment. The information sharing framework is also extended to the cloud domain that carries challenges to model the cloud attackers and incentive mechanisms to motivate the firms toward such sharing behavior. More Specifically, the outcomes of the project demonstrate: a) the potential of CYBEX in sharing the burden of cybersecurity and making the cyberspace more robust; b) multi-layer competitions and dynamics among CYBEX entities infiltrated with malicious entities; c) necessity of cyberinsurance and market oriented approach for better cybersecurity information utilization; and, d) the far-reaching impacts of interdisciplinary CYBEX research in terms of socio-economic value, technology and educational outreach programs.

需要强大的网络安全信息共享基础设施来保护公司免受未来的网络攻击，而未来的网络攻击可能很难通过个人努力实现。美国联邦政府显然鼓励这些公司与其他联邦和私营公司分享他们在网络安全漏洞方面的发现，并修补相关信息，以加强国家的安全基础设施。该项目的目标是开发一个跨学科研究平台，以调查与漏洞相关的信息共享的框架和好处，并分析不参与信息交换过程的影响。该项目的结果对网络安全信息交换(Cybex)架构的演变以及公司(私营、公共或联邦)之间希望在不断增长的网络空间中主动防御的互动水平具有深远影响。这项研究对指导、实践学习、教育和培训都有直接和间接的影响。参与该项目的研究生和本科生(包括少数族裔和女性)将从网络安全、信息交流、经济学、决策分析和实际系统实施等不同角度参与跨学科研究和学习问题解决技能。该项目以微观和宏观经济理论为基础，建立基于市场的机制，使企业之间的网络安全信息交换(Cybex)能够主动保护网络空间免受网络攻击。这项研究调查了如何对网络保险进行建模，然后可以通过信息共享格式和框架来增强，以鼓励公司更有效地参与Cybex。随着Cybex仿真器环境的发展，该研究的变革性本质在于它具有识别、建模和分析多维稳健的网络安全信息共享基础设施的潜力。信息共享框架还扩展到云域，该领域面临着对云攻击者进行建模的挑战，以及激励公司采取此类共享行为的激励机制。更具体地说，该项目的成果表明：a)Cybex在分担网络安全负担和使网络空间更强大方面的潜力；b)Cybex实体之间渗透着恶意实体的多层次竞争和动态；c)网络保险和以市场为导向的方法对更好地利用网络安全信息的必要性；以及d)Cybex跨学科研究在社会经济价值、技术和教育推广计划方面的深远影响。