Improvement of Privacy Preserved Rule-Based Risk Analysis via Secure Multi-Party Computation

2017 12th Asia Joint Conference on Information Security (AsiaJCIS) Pub Date : 2017-08-01 DOI:10.1109/AsiaJCIS.2017.18

Soushirou Sakumoto, Akira Kanaoka

{"title":"Improvement of Privacy Preserved Rule-Based Risk Analysis via Secure Multi-Party Computation","authors":"Soushirou Sakumoto, Akira Kanaoka","doi":"10.1109/AsiaJCIS.2017.18","DOIUrl":null,"url":null,"abstract":"Currently, when companies conduct risk analysis of own networks and systems, it is common to outsource risk analysis to third-party experts. At that time, the company passes the information used for risk analysis including confidential information such as network configuration to third-party expert. It raises the risk of leakage and abuse of confidential information. Therefore, a method of risk analysis by using secure computation without passing confidential information of company has been proposed. Although Liu's method have firstly achieved secure risk analysis method using multiparty computation and attack tree analysis, it has several problems to be practical. In this paper, improvement of secure risk analysis method is proposed. It can dynamically reduce compilation time, enhance scale of target network and system without increasing execution time. Experimental work is carried out by prototype implementation. As a result, we achieved improved performance in compile time and enhance scale of target with equivalent performance on execution time.","PeriodicalId":108636,"journal":{"name":"2017 12th Asia Joint Conference on Information Security (AsiaJCIS)","volume":"60 2","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 12th Asia Joint Conference on Information Security (AsiaJCIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AsiaJCIS.2017.18","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Currently, when companies conduct risk analysis of own networks and systems, it is common to outsource risk analysis to third-party experts. At that time, the company passes the information used for risk analysis including confidential information such as network configuration to third-party expert. It raises the risk of leakage and abuse of confidential information. Therefore, a method of risk analysis by using secure computation without passing confidential information of company has been proposed. Although Liu's method have firstly achieved secure risk analysis method using multiparty computation and attack tree analysis, it has several problems to be practical. In this paper, improvement of secure risk analysis method is proposed. It can dynamically reduce compilation time, enhance scale of target network and system without increasing execution time. Experimental work is carried out by prototype implementation. As a result, we achieved improved performance in compile time and enhance scale of target with equivalent performance on execution time.

查看原文本刊更多论文

基于安全多方计算的隐私保护规则风险分析改进

目前，企业在对自己的网络和系统进行风险分析时，通常会将风险分析外包给第三方专家。此时，公司将用于风险分析的信息，包括网络配置等机密信息，转交给第三方专家。这增加了泄露和滥用机密信息的风险。因此，本文提出了一种不传递公司机密信息的安全计算风险分析方法。Liu的方法虽然首次实现了使用多方计算和攻击树分析的安全风险分析方法，但在实际应用中存在一些问题。本文对安全风险分析方法进行了改进。它可以在不增加执行时间的情况下动态减少编译时间，提高目标网络和系统的规模。实验工作通过样机实现进行。因此，我们在编译时获得了改进的性能，并在执行时获得了相同的性能，从而增强了目标的规模。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 12th Asia Joint Conference on Information Security (AsiaJCIS)

自引率

0.00%

发文量