Abstract
Exploitations of zero-day vulnerabilities cause enormous damages to organizations. Hence, organizations would invest in buying zero-day vulnerabilities to patch their systems. On the other hand, hackers are interested in buying zero-day vulnerabilities to exploit their targets. Considering such a market, the vulnerability finder decides whether to sell the vulnerability information to the organizations or to the hackers in the black market. In this paper, we model the vulnerability market as a public-good auction where the organizations collaboratively bid for the vulnerability information. In this case, an organization determines how much to invest in the vulnerability information to maximize its payoff. First, we characterize the auction and study the bidding strategies in centralized and decentralized approaches, and then, we compare the efficiency of the coalition. Moreover, as the bidding value in such an auction is sensitive information, we present a novel privacy-preserving mechanism based on cryptographic primitives to protect the organizations’ bidding value. Our mechanism can also be applicable in other public-good auctions. Security analysis and performance evaluation are conducted showing the practicality of our proposed mechanism.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
