{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T04:07:19Z","timestamp":1760242039933,"version":"build-2065373602"},"reference-count":29,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2018,12,11]],"date-time":"2018-12-11T00:00:00Z","timestamp":1544486400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Seventh Framework Programme","award":["317550"],"award-info":[{"award-number":["317550"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Cryptography"],"abstract":"<jats:p>Online services are increasingly becoming a composition of different cloud services, making incident-handling difficult, as Cloud Service Providers (CSPs) with end-user customers need information from other providers about incidents that occur at upstream CSPs to inform their users. In this paper, we argue the need for commonly agreed-upon incident information exchanges between providers to improve accountability of CSPs, and present both such a format and a prototype implementing it. The solution can handle simple incident information natively as well as embed standard representation formats for incident-sharing, such as IODEF and STIX. Preliminary interviews show a desire for such a solution. The discussion considers both technical challenges and non-technical aspects related to improving the situation for incident response in cloud-computing scenarios. Our solution holds the potential of making incident-sharing more efficient.<\/jats:p>","DOI":"10.3390\/cryptography2040041","type":"journal-article","created":{"date-parts":[[2018,12,12]],"date-time":"2018-12-12T03:27:49Z","timestamp":1544585269000},"page":"41","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Security Incident Information Exchange for Cloud Service Provisioning Chains"],"prefix":"10.3390","volume":"2","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1287-2485","authenticated-orcid":false,"given":"Christian","family":"Fr\u00f8ystad","sequence":"first","affiliation":[{"name":"SINTEF Digital, Postbox 4760 Torgarden, 7465 Trondheim, Norway"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7599-0342","authenticated-orcid":false,"given":"Inger Anne","family":"T\u00f8ndel","sequence":"additional","affiliation":[{"name":"SINTEF Digital, Postbox 4760 Torgarden, 7465 Trondheim, Norway"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7127-6694","authenticated-orcid":false,"given":"Martin Gilje","family":"Jaatun","sequence":"additional","affiliation":[{"name":"SINTEF Digital, Postbox 4760 Torgarden, 7465 Trondheim, Norway"}]}],"member":"1968","published-online":{"date-parts":[[2018,12,11]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"759","DOI":"10.1016\/j.csi.2013.12.010","article-title":"Towards the design of secure and privacy-oriented information systems in the cloud: Identifying the major concepts","volume":"36","author":"Kalloniatis","year":"2014","journal-title":"Comput. Stand. Interfaces"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Grobauer, B., and Schreck, T. (2010, January 4\u20138). Towards Incident Handling in the Cloud. Proceedings of the 2010 ACM Workshop on Cloud Computing Security, Chicago, IL, USA.","DOI":"10.1145\/1866835.1866850"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Jaatun, M.G., and T\u00f8ndel, I.A. (2015, January 24\u201328). How Much Cloud Can You Handle?. Proceedings of the 10th International Conference on Availability, Reliability and Security (ARES), Toulouse, France.","DOI":"10.1109\/ARES.2015.38"},{"key":"ref_4","unstructured":"Gj\u00e6re, E.A., Meland, P.H., and Vilarinho, T. (2014, January 16\u201320). Notification Support Infrastructure for Self-Adapting Composite Services. Proceedings of the DEPEND 2014, The Seventh International Conference on Dependability, Lisbon, Portugal."},{"key":"ref_5","unstructured":"Torres, A. (2018, December 07). Incident Response: How to Fight Back A SANS Survey. Available online: http:\/\/westoninfosec.com\/landing-pages\/documents\/enterprise-security\/wp-sans-incident-response-fight-back.pdf."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"13","DOI":"10.1109\/MSP.2014.96","article-title":"On Computer Security Incident Response Teams","volume":"12","author":"Horne","year":"2014","journal-title":"Secur. Priv. IEEE"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Fr\u00f8ystad, C., Gj\u00e6re, E.A., T\u00f8ndel, I.A., and Jaatun, M.G. (2016, January 23\u201325). Security Incident Information Exchange for Cloud Services. Proceedings of the International Conference on Internet of Things and Big Data, Rome, Italy.","DOI":"10.5220\/0005953803910398"},{"key":"ref_8","unstructured":"The European Parliament and the Council of the European Union (2018, December 06). Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95\/46\/EC (General Data Protection Regulation) 2016. Available online: https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/?uri=celex:32016R0679."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Metzger, S., Hommel, W., and Reiser, H. (2011, January 10\u201312). Integrated Security Incident Management\u2014Concepts and Real-World Experiences. Proceedings of the 2011 Sixth International Conference on IT Security Incident Management and IT Forensics, Stuttgart, Germany.","DOI":"10.1109\/IMF.2011.15"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"68","DOI":"10.1145\/1592761.1592780","article-title":"Why IT managers don\u2019t go for cyber-insurance products","volume":"52","author":"Bandyopadhyay","year":"2009","journal-title":"Commun. ACM"},{"key":"ref_11","unstructured":"US-CERT (2015, May 04). Traffic Light Protocol (TLP) Matrix and Frequently Asked Questions, Available online: https:\/\/www.us-cert.gov\/tlp."},{"key":"ref_12","unstructured":"European Union Agency for Network and Information Security (ENISA) (2015, May 04). Information Disclosure. Available online: https:\/\/www.enisa.europa.eu\/activities\/cert\/support\/incident-management\/browsable\/incident-handling-process\/information-disclosure."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"68","DOI":"10.1093\/idpl\/ips006","article-title":"The influence of European data privacy standards outside Europe: Implications for globalization of Convention 108","volume":"2","author":"Greenleaf","year":"2012","journal-title":"Int. Data Priv. Law"},{"key":"ref_14","unstructured":"Hon, K., Kosta, E., Millard, C., and Stefanatou, D. (2018, December 07). White Paper on the Proposed Data Protection Regulation. Available online: http:\/\/cloudaccountability.eu\/sites\/default\/files\/D25.1%20White%20paper%20on%20new%20Data%20Protection%20Framework.pdf."},{"key":"ref_15","unstructured":"Brown, M.W., Stikvoort, D., Kossakowski, K.P., Killcrece, G., Ruefle, R., and Zajicek, M. (2003). Handbook for Computer Security Incident Response Teams (CSIRTs) | SEI Digital Library, Software Engineering Institute. Technical Report April."},{"key":"ref_16","unstructured":"Osborne, C. (2015, May 05). Threat-Sharing Cybersecurity Bill Unveiled\u2014ZDNet. Available online: http:\/\/www.zdnet.com\/article\/threat-sharing-cybersecurity-bill-unveiled\/."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"94","DOI":"10.1016\/j.cose.2016.04.008","article-title":"A survey of security solutions for distributed publish\/subscribe systems","volume":"61","author":"Uzunov","year":"2016","journal-title":"Comput. Secur."},{"key":"ref_18","unstructured":"Danyliw, R., Meijer, J., and Demchenko, Y. (2018, December 06). The Incident Object Description Exchange Format. Available online: http:\/\/www.ietf.org\/rfc\/rfc5070.txt."},{"key":"ref_19","unstructured":"US-CERT (2018, December 06). Federal Incident Notification Guidelines, Available online: https:\/\/www.us-cert.gov\/incident-notification-guidelines."},{"key":"ref_20","unstructured":"EuropeanUnion (2018, December 06). Commission Regulation (EU) No 611\/2013 of 24 June 2013 on the Measures Applicable to the Notification of Personal Data Breaches under Directive 2002\/58\/EC of the European Parliament and of the Council on Privacy and Electronic Communications. Available online: http:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/?uri=uriserv:OJ.L_.2013.173.01.0002.01.ENG."},{"key":"ref_21","unstructured":"Barnum, S. (2018, December 06). Standardizing Cyber Threat Intelligence Information with the Structured Threat Information eXpression (STIX\u2122). Available online: http:\/\/stix.mitre.org\/about\/documents\/STIX_Whitepaper_v1.0_(Draft).pdf."},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Floodeen, R., Haller, J., and Tjaden, B. (2013, January 12\u201314). Identifying a shared mental model among incident responders. Proceedings of the 7th International Conference on IT Security Incident Management and IT Forensics, IMF 2013, Nuremberg, Germany.","DOI":"10.1109\/IMF.2013.21"},{"key":"ref_23","unstructured":"Gamma, E., Helm, R., Johnson, R., and Vlissides, J. (1994). Design Patterns: Elements of Reusable Object-Oriented Software, Pearson Education."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Pulls, T., Peeters, R., and Wouters, K. (2013, January 4\u20138). Distributed Privacy-preserving Transparency Logging. Proceedings of the 12th ACM Workshop on Workshop on Privacy in the Electronic Society, Berlin, Germany.","DOI":"10.1145\/2517840.2517847"},{"key":"ref_25","unstructured":"SINTEF-Infosec (2015, December 14). Incident Information Sharing Tool. Available online: https:\/\/github.com\/SINTEF-Infosec\/Incident-Information-Sharing-Tool."},{"key":"ref_26","unstructured":"(2015, December 15). A4Cloud. Overview | Accountability for the Cloud. Available online: http:\/\/www.a4cloud.eu\/."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Fr\u00f8ystad, C. (2015). Exchange of Security Incident Information in the context of Cloud Services. [Master\u2019s Thesis, Norwegian University of Science and Technology].","DOI":"10.5220\/0005953803910398"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Cichonski, P., Millar, T., Grance, T., and Scarfone, K. (2012). Computer Security Incident Handling Guide: Recommendations of the National Institute of Standards and Technology, 800-61. Revision 2, Technical Report.","DOI":"10.6028\/NIST.SP.800-61r2"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Cusick, J.J., and Ma, G. (2010, January 15\u201317). Creating an ITIL inspired Incident Management approach: Roots, response, and results. Proceedings of the Network Operations and Management Symposium Workshops (NOMS Wksps), Daejeon, Korea.","DOI":"10.1109\/NOMSW.2010.5486589"}],"container-title":["Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2410-387X\/2\/4\/41\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T15:33:18Z","timestamp":1760196798000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2410-387X\/2\/4\/41"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,12,11]]},"references-count":29,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2018,12]]}},"alternative-id":["cryptography2040041"],"URL":"https:\/\/doi.org\/10.3390\/cryptography2040041","relation":{},"ISSN":["2410-387X"],"issn-type":[{"type":"electronic","value":"2410-387X"}],"subject":[],"published":{"date-parts":[[2018,12,11]]}}}