Abstract
Cloud computing is one of the most promising innovations impacting data storage and processing. And with it, clients rely on the IT solutions offered by an external provider instead of on-premise applications. Despite its enormous impacts, customers are still reluctant to outsource their business processes because of security concerns. As data is typically stored and governed by cloud vendors, users need to deal with security issues linked to the loss of control over their sensitive data. Cloud providers need to implement the appropriate security measures that might attract more clients while making the minimum investment. While used in various disciplines, game theory has recently expanded to investigate the effect of the defenders’ and attackers’ behaviors on strategic decision-making. This study aims to develop insights into how game theory can develop better security policies in cloud computing. First, we perform threat modeling to identify the potential threats facing cloud. Second, we identify the limitations of existing game based solutions and then suggest an improved model define an adequate strategy that would figure out the right balance between the required security level and the profit margins. Besides, we present future directions that can be explored to build highly reliable and optimal strategies for cloud services.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Change history
10 June 2021
In the originally published version of chapter 24, the author Driss Ait Omar was erroneously included in the author list. This has now been corrected.
References
Mell, P., Grance, T.: The NIST definition of cloud computing. Technical report, National Institute of Standards and Technology, vol. 15, pp. 1–3 (2009)
Cloud Security Alliance, Security guidance for critical areas of focus in cloud computing V4.0, Cloud Security Alliance, Seattle, WA, USA (2017)
Mazhar, A., Samee, U.K., Athanasios, V.: Security in cloud computing: opportunities and challenges. Inf. Sci. 305, 357–383 (2015)
Fernandes, D., Soares, L., Gomes, J., Freire, M.M., Inácio, P.: Security issues in cloud environments: a survey. Int. J. Inf. Secur. 13(2), 113–170 (2013). https://doi.org/10.1007/s10207-013-0208-7
Pearson, S., Benameur, A.: Privacy, security and trust issues arising from cloud computing. In: Proceedings of the IEEE Second International Conference on Cloud Computing Technology and Science (CLOUDCOM), Washington, DC, pp. 693–702. IEEE Computer Society (2010)
Xiao, L., Xu, D., Mandayam, N.B., Poor, H.V.: Cloud storage defense against advanced persistent threats: a prospect theoretic study. IEEE J. Sel. Areas Commun. 35(3), 534–544 (2017)
Singh, A., Chatterjee, K.: Cloud security issues and challenges: a survey. J. Netw. Comput. Appl. 79, 88–115 (2017)
Radwan, T., Azer, M.A., Abdelbaki, N.: Cloud computing security: challenges and future trends. Int. J. Comput. Appl. Technol. 55(2), 158–172 (2017)
Kwiat, L., Kamhoua, C.A., Kwiat, K.A., Tang, J., Martin, A.P.: Security-aware virtual machine allocation in the cloud: a game theoretic approach. In: Proceedings of the 8th IEEE International conference on Cloud Computing, CLOUD 2015, New York City, NY, USA, pp. 556–563 (2015)
Pillai, P.S., Rao, S.: Resource allocation in cloud computing using the uncertainty principle of game theory. IEEE Syst. J. 10(2), 637–648 (2016)
Li, Y.P., Tan, S.Y., Deng, Y., Wu, J.: Attacker-defender game from a network science perspective. Chaos: Interdisc. J. Nonlinear Sci. 28(5), Article ID 051102 (2018)
Do, C.T., et al.: Game theory for cyber security and privacy. ACM Comput. Surv. 50(2), Article 30 (2017)
Wu, H., Wang, W., Wen, C., Li, Z.: Game theoretical security detection strategy for networked systems. Inf. Sci. 453, 346–363 (2018)
Cheng, L., Ma, D.H., Zhang, H.Q.: Optimal strategy selection for moving target defense based on markov game. IEEE Access 5, 156–169 (2017)
Roy, S., Ellis, C., Shiva, S., Dasgupta, D., Shandilya, V., Wu, Q.: A survey of game theory as applied to network security. In: Proceedings of the International Conference on 43rd Hawaii International Conference, pp. 1–10 (2010)
Alan Nochenson, C.F., Heimann, L.: Simulation and game-theoretic analysis of an attacker-defender game. In: Grossklags, J., Walrand, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 138–151. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34266-0_8
Nguyen, K.C., Alpcan, T., Basar, T.: Stochastic games for security in networks with interdependent nodes. In: Proceedings of the International Conference on Game Theory for Networks, GameNets 2009, pp. 697–703. IEEE (2009)
Meng, S., Wiens, M., Schultmann, F.: A Game-theoretic approach to assess adversarial Risks. WIT Trans. Inf. Commun. Technol. 47, 141–152 (2014)
Musman, S., Turner, A.: A game theoretic approach to cyber security risk management. J. Defense Model. Simul. Appl. Methodol. Technol. 15(2), 127–146 (2018)
Wang, B., Zheng, Y., Lou, W., Hou, Y.T.: DDoS attack protection in the era of cloud computing and software defined networking. Comput. Netw. 81, 308–319 (2015)
Jakóbik, A., Palmieri, F., Kołodziej, J.: Stackelberg games for modeling defense scenarios against cloud security threats. J. Netw. Comput. Appl. 110, 99–107 (2018)
Jakobiki, A.: Stackelberg game modeling of cloud security defending strategy in the case of information leaks and corruption. Simul. Model. Pract. Theory 103, Artile ID 102071 (2020)
Sun, P.J.: Research on the optimization management of cloud privacy strategy based on evolution game. Secur. Commun. Netw. 2020, 18, Article ID 6515328 (2020)
Djebaili, B., Kiennert, C., Leneutre, J., Chen, L.: Data integrity and availability verification game in untrusted cloud storage. In: Poovendran, R., Saad, W. (eds.) GameSec 2014. LNCS, vol. 8840, pp. 287–306. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-12601-2_16
Esposito, C., Ficco, M., Palmieri, F., Castiglione, A.: Smart cloud storage service selection based on fuzzy logic, theory of evidence and game theory. IEEE Trans. Comput. 65(8), 2348–2362 (2016)
Ismail, Z., Kiennert, C., Leneutre, J., Chen, L.: Auditing a cloud providers compliance with data backup requirements: a game theoretical analysis. IEEE Trans. Inf. Forensics Secur. 11(8), 1685–1699 (2016)
Jalaparti, V., Nguyen, G.D.: Cloud resource allocation games (2019)
Kamhoua, C.A., Kwiat, L., Kwiat, K.A., Park, J., Zhao, S.M., Rodriguez, M.: Game theoretic modeling of security and interdependency in a public cloud. In: Proceedings of IEEE 7th International Conference on Cloud Computing, pp. 514–521 (2014)
Tosh, D.K., Sengupta, S., Kamhoua, C.A., Kwiat, K.A.: Establishing evolutionary game models for cyber security information exchange (CYBEX). J. Comput. Syst. Sci. 98, 27–52 (2018)
ISO/IEC 27005: Information technology security techniques information security risk management (2008)
Chang, V., Kuo, Y., Ramachandran, M.: Cloud computing adoption framework: a security framework for business clouds. Future Gener. Comput. Syst. 57, 24–41 (2016)
Ravi Kumar, P., Herbert Raj, P., Jelciana, P.: Exploring security issues and solutions in cloud computing services: a survey. Cybern. Inf. Technol. 17(4), 3–31 (2016)
Birje, M.N., Challagidad, P.S., Goudar, R.H., Tapale, M.T.: Cloud computing review: concepts, technology, challenges and security. Int. J. Cloud Comput. 6(1), 32–57 (2017)
Julian, J.J., Surya, N.: A survey of emerging threats in cybersecuirty. J. Comput. Syst. Sci. 80(5), 973–993 (2014)
Saripalli, P., Walters, B.: QUIRC: a quantitative impact and risk assessment framework for cloud security. In: Proceedings of International Conference on Cloud Computing, Miami, FL (2010)
Meetei, M.Z.: Mathematical model of security approaches on cloud computing. Int. J. Cloud Comput. 6(3), 187–210 (2017)
Grossklags, J., Christin, N., Chuang, J.: Secure or insure? A game-theoretic analysis of information security games. In: Proceedings of International Conference World Wide Web Conference (WWW 2008), Beijing, China, pp. 209–218, April 2008
Njilla, L.Y., Pissinou, N., Makki, K.: Game theoretic modeling of security and trust relationship in cyberspace. Int. J. Commun. Syst. 29, 1500–1512 (2016)
Lv, K., Chen, Y., Hu, C.: Dynamic defense strategy against advanced persistent threat under heterogeneous networks. Inf. Fusion 49, 216–226 (2019)
Al Mannai, W.I., Lewis, T.G.: A general defender-attacker risk model for networks. J. Risk Finan. 9(3), 244–261 (2008)
Halevy, N.: Resolving attacker-defender conflicts through intergroup negotiation. Behav. Brain Sci. 42, E124 (2019)
Zarreha, A., Saygina, C., Wana, H., Leea, Y., Brachoa, A.: A game theory based cybersecurity assessment model for advanced manufacturing systems. Procedia Manuf. 26, 1255–1264 (2018)
Cressman, R., Apaloo, J.: Evolutionary game theory. In: Başar, T., Zaccour, G. (eds.) Handbook of Dynamic Game Theory, pp. 461–510. Springer International Publishing, Cham (2018). https://doi.org/10.1007/978-3-319-44374-4_6
Khalifa, N.B., El-Azouzi, R., Hayel, Y., Mabrouki, I.: Evolutionary games in interacting communities. Dyn. Games Appl. 7(2), 131–156 (2017)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Ait Temghart, A., Outanoute, M., Marwan, M. (2021). Game Theoretic Approaches to Mitigate Cloud Security Risks: An Initial Insight. In: Fakir, M., Baslam, M., El Ayachi, R. (eds) Business Intelligence. CBI 2021. Lecture Notes in Business Information Processing, vol 416. Springer, Cham. https://doi.org/10.1007/978-3-030-76508-8_24
Download citation
DOI: https://doi.org/10.1007/978-3-030-76508-8_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-76507-1
Online ISBN: 978-3-030-76508-8
eBook Packages: Computer ScienceComputer Science (R0)