Abstract
Service level agreements occasionally come as qualitative claims rather than quantitative statements. Motivated by the well-known fact that different (security) service goals can be conflicting, we present an axiomatic approach to finding an optimal balance between interdependent service quality criteria with distinct performance indicators. As a by-product, we obtain network provisioning strategies that ensure the promised service level at optimized performance. Our results generally apply to any security infrastructure for which attack and provisioning strategy identification is feasible. Standard security audits can thus be exploited twice, because, apart from forming a convincing sales argument, they directly support security service level agreements.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Alpcan, T., Başar, T.: Network Security: A Decision and Game Theoretic Approach. Cambridge University Press, Cambridge (2010)
Stinson, D.R.: Cryptography: Theory and Practice. Chapman & Hall/CRC, London (2006)
Elliott, C.: The DARPA quantum network (2007). arXiv:quant-ph/0412029v1
Poppe, A., Peev, M., Maurhart, O.: Outline of the SECOQC quantum-key-distribution network in Vienna. Int. J. Quantum Inf. 6(2), 209–218 (2008)
Wang, Y., Desmedt, Y.: Perfectly secure message transmission revisited. IEEE Trans. Inf. Theory 54(6), 2582–2595 (2008)
Fitzi, M., Franklin, M.K., Garay, J., Vardhan, S.H.: Towards optimal and efficient perfectly secure message transmission. In: 4th Theory of Cryptography Conference, pp. 311–322. Springer, Berlin/Heidelberg, Germany (2007)
Fudenberg, D., Tirole, J.: Game Theory. MIT Press, London (1991)
Grunske, L., Joyce, D.: Quantitative risk-based security prediction for component-based systems with explicitly modeled attack profiles. J. Syst. Softw. 81(8), 1327–1345 (2008)
Clark, K., Lee, C., Tyree, S., Hale, J.: Guiding threat analysis with threat source models. In: Information Assurance and Security Workshop IAW ’07 IEEE SMC, pp. 262–269 (2007)
Ghose, D.: A necessary and sufficient condition for pareto-optimal security strategies in multicriteria matrix games. J. Optim. Theory Appl. 68, 463–481 (1991)
Lozovanu, D., Solomon, D., Zelikovsky, A.: Multiobjective games and determining pareto-nash equilibria. Buletinul Academiei de Stiinte a Republicii Moldova Matematica 3(49), 115–122 (2005) ISSN 1024-7696
McKelvey, R.D., McLennan, A.M., Turocy, T.L.: Gambit: software tools for game theory, version 0.2007.12.04. URL: http://gambit.sourceforge.net (2007)
Ghose, D., Prasad, U.R.: Solution concepts in two-person multicriteria games. J. Optim. Theory Appl. 63, 167–189 (1989)
Voorneveld, M.: Pareto-optimal security strategies as minimax strategies of a standard matrix game. J. Optim. Theory Appl. 102(1), 203–210 (1999)
Ying, Z., Hanping, H., Wenxuan, G.: Network security transmission based on bimatrix game theory. Wuhan Univ. J. Nat. Sci. 11(3), 617–620 (2006)
Sela, A.: Fictitious play in ‘one-against-all’ multi-player games. Econ. Theory 14, 635–651 (1999)
Henning, R.R.: Security service level agreements: quantifiable security for the enterprise? In: Proceedings of the 1999 Workshop on New Security Paradigms, pp. 54–60, ACM (1999)
Righi, R.R., Pelissari, F., Westphall, C.: Sec-SLA: specification and validation of metrics to security service level agreements. In: IV Workshop on Computer System Security, pp. 199–210. SBC Press, Porto Alegre, Brazil (2004)
Moroni, S., Figueroa, N., Jofre, A., Sahai, A., Chen, Y., Iyer, S.: A game-theoretic framework for creating optimal SLA/contract. Technical Report HPL-2007-126. HP Laboratories, Palo Alto (2007)
Figueroa, C., Figueroa, N., Jofre, A., Sahai, A., Chen, Y., Iyer, S.: A game theoretic framework for SLA negotiation. Technical Report HPL-2008-5. HP Laboratories, Palo Alto (2008)
Zheng, X., Martin, P., Powley, W., Brohman, K.: Applying bargaining game theory to web services negotiation. In: IEEE Interantional Conference on Services Computing (SCC), pp. 218–225 (2010)
Pouyllau, H., Douville, R.: End-to-end QoS negotiation in network federations. In: Network Operations and Management Symposium Workshops (NOMS) IEEE/IFIP, pp. 173–176 (2010)
Hasselmeyer, P., Mersch, H., Koller, B., Quyen, H., Schubert, L., Wieder, P.: Implementing an SLA negotiation framework. In Proceedings of the eChallenges Conference (e-2007), vol. 4, pp. 154–161. IOS Press, The Hague, The Netherlands (2007)
Hudert, S., Ludwig, H., Wirtz, G.: Negotiating SLAs—an approach for a generic negotiation framework for WS-agreement. J. Grid Comput. 7, 225–246 (2009)
Sommers, J., Barford, P., Duffield, N., Ron, A.: Multiobjective monitoring for SLA compliance. IEEE/ACM Trans. Netw. 18, 652–665 (2010)
Aparecida de Chaves, S., Becker Westphall, C., Rodrigo Lamin, F.: SLA perspective in security management for cloud computing. In: International Conference on Networking and Services, pp. 212–217 (2010)
Kaminski, H., Perry, M.: A framework for automatic SLA creation. Technical Report. The University of Western Ontario, Computer Science Faculty Publications (2008)
Acknowledgments
The author wishes to thank the anonymous reviewers for valuable comments that substantially improved the clarity of the paper, as well as for spotting some errors.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Rass, S. On Game-Theoretic Network Security Provisioning. J Netw Syst Manage 21, 47–64 (2013). https://doi.org/10.1007/s10922-012-9229-1
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10922-012-9229-1