Abstract
Security response centre (SRC) is an important solution for enterprises to ensuring their network security. The existing security response centres can be mainly divided into two types, the third-party vulnerability reporting platforms and xSRCs of each enterprise. Normally, hackers find and submit valuable information to a vulnerability reporting platform or xSRC. However, the hackers who submit vulnerabilities probably disagree with the assessment results of vulnerability level by enterprises or the third-party platform experts entrusted by enterprises, which may lead to some dangerous situations that can threat the enterprise’s network security. This paper proposes a security intelligence trading platform based on blockchain and IPFS (Inter Planetary File System), and applies it to a specific example. Due to the decentralization and immutability of blockchain technology and IPFS, it can make the vulnerability level assessment fair and just, which will protect the interests and privacy of both hackers and enterprises. The example proves that the proposed method is simple and feasible, and has theoretical and practical value to the exploration of security information transaction mechanism.
Similar content being viewed by others
References
You, L., Lin, Z., Yue, L., et al.: Design and implementation of security emergency response center platform. Softw. Eng. 01, 24–27 (2018). (in Chinese)
Zhou, M.: SRCMS: enterprise emergency response and defect management system (2017). https://github.com/martinzhou2015/SRCMS
Bai, G.: How does the security emergency response center (SRC) work? China Inf Secur 07, 61–62 (2016). (in Chinese)
Anderson, R.: Why information security is hard-an economic perspective. In: Computer Security Applications Conference, 2001. ACSAC 2001. Proceedings 17th Annual. IEEE, pp. 358–365 (2001)
Anderson, R., Moore, T.: The economics of information security. Science 314(5799), 610–613 (2006)
Schneier: Economics and Information Security (2006/6/29)[2009/8/1]. http://www.schneier.com/blog/archives/2006/06/economics_and_i_1.html
Camp, L.J., Wolfram, C.: Pricing security. In: Economics of Information Security, pp. 17–34 (2004)
Ozment, A.: Bug auctions: vulnerability markets reconsidered. In: Third Workshop on the Economics of Information Security (2004)
Bohme, R.: A comparison of market approaches to software vulnerability disclosure. Lect. Notes Comput. Sci. 3995, 298–311 (2006)
Zhu, L.: Design and Implementation of Distributed Network Emergency Response Management System CHAIRS. Southeast University, Nanjing (2015). (in Chinese)
Yuan, C., Zhou, Y., Ji, Y., et al.: Construction of snational cyber security emergency response organization against virus threat. Inf. Netw. Secur. 09, 7–10 (2009). (in Chinese)
Huang, C.: Developing China’s cyber security emergency response system. Inf. Netw. Secur. 03, 27–28 (2005). (in Chinese)
Martin: How to build safe emergency response centre from scratch? (2018). https://www.zhihu.com/question/40673882/answer/137885278
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Consulted (2009)
Jan: Ethereum: next generation smart contract and decentralized application platform (2015). https://ethfans.org/posts/ethereum-whitepaper
Hetao: Why Ethereum is the representative of blockchain 2.0? (2018). https://www.jianshu.com/p/ea82669974de
Xiong, T.: Fully understand Ethereum smart contract (2018). https://learnblockchain.cn/2018/01/04/understanding-smart-contracts
Liang: Brief introduction of IPFs development and practical operation (2018). https://www.jianshu.com/p/48a2739bade2
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Xu, H., Jiang, B. Study on a security intelligence trading platform based on blockchain and IPFS. J Comput Virol Hack Tech 17, 131–137 (2021). https://doi.org/10.1007/s11416-020-00375-7
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11416-020-00375-7