Collaboration is a keystone of defense in the field of cybersecurity. A collaborative detection system allows multiple collaborators or service providers to share their security-incident-response data, in order to effectively identify and isolate stealthy malicious actors who hide their traffic under the umbrella of legitimate Internet data transmissions. The fundamental challenge in the design of a collaborative system is ensuring the privacy of collaborators in a decentralized setting without incurring substantial computation and communication overheads. In this paper, we use healthcare as a case study and present Sharing Is Caring (SIC), a framework that allows multiple healthcare organizations to share their security defense and attack data with other organizations for the collaborative defense against common attackers without compromising the privacy of their system configurations and user data. The SIC framework ensures two essential properties: (1) it ensures that no party should learn how a particular healthcare organization has reacted to suspected IP addresses, attacks or security incidents; and (2) it performs operations in a decentralized setting, without relying on a trusted third party. We provide an analysis of the privacy and security properties of our framework against honest-but-curious as well as malicious players. We prototype the proposed system and evaluate its performance in terms of computation time and communication bandwidth. The reasonable computation cost and bandwidth overhead make the SIC framework a feasible choice for the privacy-preserving exchange of security information among the collaborating healthcare organizations.

合作是网络安全领域防御的基石。协作检测系统允许多个协作者或服务提供商共享其安全事件响应数据，以便有效地识别和隔离隐匿恶意行为者，这些行为者将其流量隐藏在合法Internet数据传输的保护下。协作系统设计中的基本挑战是在分散的环境中确保协作者的隐私，而又不会产生大量的计算和通信开销。在本文中，我们以医疗保健为案例研究，并提出了“共享关怀”（SIC），一个框架，该框架允许多个医疗保健组织与其他组织共享其安全防御和攻击数据，以针对常见攻击者进行协作防御，而不会损害其系统配置和用户数据的隐私。SIC框架确保两个基本属性：（1）确保任何一方都不应该了解特定的医疗保健组织对可疑IP地址，攻击或安全事件的反应；（2）它在分散的环境中执行操作，而无需依赖受信任的第三方。我们提供了针对诚实，好奇和恶意玩家的框架隐私和安全性分析。我们对提出的系统进行原型设计，并根据计算时间和通信带宽评估其性能。