One of PUZZLE‘s main goals is to provide secure information exchange services between stakeholders and SMEs&MEs inside the PUZZLE ecosystem. To achieve this, the Safe Information eXchange (SIX) component is responsible to exchange information about cyber-incidents using a secure and reliable communication mechanism based on a blockchain network and smart contracts functionalities.
The reference architecture for the SIX component (Figure 1) includes two distinct parts, the Security Context Broker (SCB) and the PUZZLE Blockchain network.
The flow of information between the said parts is comprised of the phases that include:
- The Risk Assessment Engine, which is in charge of discovering vulnerabilities and computing risks for all target assets in the target system, sends the resultant risk graph to the Policy Recommendation Engine, which creates an ideal set of attestation rules.
- By developing the chain code of the Smart Contract logic required for the deployment, execution, and sharing of the attestation tasks, the SCB serves as the trusted operator of the generated attestation policies and sends them to the Smart Contract Composition Engine for conversion into Smart Contracts. Additionally, SCB creates the collective threat intelligence output and provides it to the PUZZLE Blockchain.
- In order to confirm the accuracy of the measured traces, the Keycloak – Attribute-based Access Control (ABAC), which is used as verifier, compares them with a group of reliable reference values.
- The outcome of the attestation is used as the basis for the generation of an Attestation Report, which is then sent to the Blockchain Peer by the corresponding verification mechanism.
- The Blockchain Peer does an extra check to ensure that the attestation procedure was correctly carried out. If successful, the Orderer component records the outcome to the ledger. The attestation procedure is finished at this point.
- The SCB will get the querying user’s/certificate SMEs’ from the Blockchain CA in order to confirm if the user/SME is authorized to access the other user’s/attestation SMEs’ history.
- The Blockchain Peer fetches and provides the desired attestation report to the inquiring user if the certificate satisfies all requirements.
Therefore, the SIX component has the capability to gather threat intelligence information, which can then be used to identify new threats and vulnerabilities.
After being shared in PUZZLE Blockchain framework, the threat information can be retrieved and displayed with the services of the dashboard and the visualizer, respectively.
Author: FORTH – Institute for Computer Science.
Featured Photo by Geralt on Pixabay.