Skip to main content
SpringerLink
Log in

Game Theoretic Approaches to Mitigate Cloud Security Risks: An Initial Insight

  • Conference paper
  • First Online:
Business Intelligence (CBI 2021)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 416))

Included in the following conference series:

  • The original version of this chapter was revised: The author Driss Ait Omar was included erroneously in the author list of the original publication and the name has now been removed. The correction to this chapter is available at https://doi.org/10.1007/978-3-030-76508-8_33

Abstract

Cloud computing is one of the most promising innovations impacting data storage and processing. And with it, clients rely on the IT solutions offered by an external provider instead of on-premise applications. Despite its enormous impacts, customers are still reluctant to outsource their business processes because of security concerns. As data is typically stored and governed by cloud vendors, users need to deal with security issues linked to the loss of control over their sensitive data. Cloud providers need to implement the appropriate security measures that might attract more clients while making the minimum investment. While used in various disciplines, game theory has recently expanded to investigate the effect of the defenders’ and attackers’ behaviors on strategic decision-making. This study aims to develop insights into how game theory can develop better security policies in cloud computing. First, we perform threat modeling to identify the potential threats facing cloud. Second, we identify the limitations of existing game based solutions and then suggest an improved model define an adequate strategy that would figure out the right balance between the required security level and the profit margins. Besides, we present future directions that can be explored to build highly reliable and optimal strategies for cloud services.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Change history

  • 10 June 2021

    In the originally published version of chapter 24, the author Driss Ait Omar was erroneously included in the author list. This has now been corrected.

References

  1. Mell, P., Grance, T.: The NIST definition of cloud computing. Technical report, National Institute of Standards and Technology, vol. 15, pp. 1–3 (2009)

    Google Scholar 

  2. Cloud Security Alliance, Security guidance for critical areas of focus in cloud computing V4.0, Cloud Security Alliance, Seattle, WA, USA (2017)

    Google Scholar 

  3. Mazhar, A., Samee, U.K., Athanasios, V.: Security in cloud computing: opportunities and challenges. Inf. Sci. 305, 357–383 (2015)

    Google Scholar 

  4. Fernandes, D., Soares, L., Gomes, J., Freire, M.M., Inácio, P.: Security issues in cloud environments: a survey. Int. J. Inf. Secur. 13(2), 113–170 (2013). https://doi.org/10.1007/s10207-013-0208-7

    Article  Google Scholar 

  5. Pearson, S., Benameur, A.: Privacy, security and trust issues arising from cloud computing. In: Proceedings of the IEEE Second International Conference on Cloud Computing Technology and Science (CLOUDCOM), Washington, DC, pp. 693–702. IEEE Computer Society (2010)

    Google Scholar 

  6. Xiao, L., Xu, D., Mandayam, N.B., Poor, H.V.: Cloud storage defense against advanced persistent threats: a prospect theoretic study. IEEE J. Sel. Areas Commun. 35(3), 534–544 (2017)

    Article  Google Scholar 

  7. Singh, A., Chatterjee, K.: Cloud security issues and challenges: a survey. J. Netw. Comput. Appl. 79, 88–115 (2017)

    Article  Google Scholar 

  8. Radwan, T., Azer, M.A., Abdelbaki, N.: Cloud computing security: challenges and future trends. Int. J. Comput. Appl. Technol. 55(2), 158–172 (2017)

    Article  Google Scholar 

  9. Kwiat, L., Kamhoua, C.A., Kwiat, K.A., Tang, J., Martin, A.P.: Security-aware virtual machine allocation in the cloud: a game theoretic approach. In: Proceedings of the 8th IEEE International conference on Cloud Computing, CLOUD 2015, New York City, NY, USA, pp. 556–563 (2015)

    Google Scholar 

  10. Pillai, P.S., Rao, S.: Resource allocation in cloud computing using the uncertainty principle of game theory. IEEE Syst. J. 10(2), 637–648 (2016)

    Article  Google Scholar 

  11. Li, Y.P., Tan, S.Y., Deng, Y., Wu, J.: Attacker-defender game from a network science perspective. Chaos: Interdisc. J. Nonlinear Sci. 28(5), Article ID 051102 (2018)

    Google Scholar 

  12. Do, C.T., et al.: Game theory for cyber security and privacy. ACM Comput. Surv. 50(2), Article 30 (2017)

    Google Scholar 

  13. Wu, H., Wang, W., Wen, C., Li, Z.: Game theoretical security detection strategy for networked systems. Inf. Sci. 453, 346–363 (2018)

    Article  MathSciNet  Google Scholar 

  14. Cheng, L., Ma, D.H., Zhang, H.Q.: Optimal strategy selection for moving target defense based on markov game. IEEE Access 5, 156–169 (2017)

    Article  Google Scholar 

  15. Roy, S., Ellis, C., Shiva, S., Dasgupta, D., Shandilya, V., Wu, Q.: A survey of game theory as applied to network security. In: Proceedings of the International Conference on 43rd Hawaii International Conference, pp. 1–10 (2010)

    Google Scholar 

  16. Alan Nochenson, C.F., Heimann, L.: Simulation and game-theoretic analysis of an attacker-defender game. In: Grossklags, J., Walrand, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 138–151. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34266-0_8

    Chapter  Google Scholar 

  17. Nguyen, K.C., Alpcan, T., Basar, T.: Stochastic games for security in networks with interdependent nodes. In: Proceedings of the International Conference on Game Theory for Networks, GameNets 2009, pp. 697–703. IEEE (2009)

    Google Scholar 

  18. Meng, S., Wiens, M., Schultmann, F.: A Game-theoretic approach to assess adversarial Risks. WIT Trans. Inf. Commun. Technol. 47, 141–152 (2014)

    Google Scholar 

  19. Musman, S., Turner, A.: A game theoretic approach to cyber security risk management. J. Defense Model. Simul. Appl. Methodol. Technol. 15(2), 127–146 (2018)

    Google Scholar 

  20. Wang, B., Zheng, Y., Lou, W., Hou, Y.T.: DDoS attack protection in the era of cloud computing and software defined networking. Comput. Netw. 81, 308–319 (2015)

    Article  Google Scholar 

  21. Jakóbik, A., Palmieri, F., Kołodziej, J.: Stackelberg games for modeling defense scenarios against cloud security threats. J. Netw. Comput. Appl. 110, 99–107 (2018)

    Article  Google Scholar 

  22. Jakobiki, A.: Stackelberg game modeling of cloud security defending strategy in the case of information leaks and corruption. Simul. Model. Pract. Theory 103, Artile ID 102071 (2020)

    Google Scholar 

  23. Sun, P.J.: Research on the optimization management of cloud privacy strategy based on evolution game. Secur. Commun. Netw. 2020, 18, Article ID 6515328 (2020)

    Google Scholar 

  24. Djebaili, B., Kiennert, C., Leneutre, J., Chen, L.: Data integrity and availability verification game in untrusted cloud storage. In: Poovendran, R., Saad, W. (eds.) GameSec 2014. LNCS, vol. 8840, pp. 287–306. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-12601-2_16

    Chapter  Google Scholar 

  25. Esposito, C., Ficco, M., Palmieri, F., Castiglione, A.: Smart cloud storage service selection based on fuzzy logic, theory of evidence and game theory. IEEE Trans. Comput. 65(8), 2348–2362 (2016)

    Article  MathSciNet  Google Scholar 

  26. Ismail, Z., Kiennert, C., Leneutre, J., Chen, L.: Auditing a cloud providers compliance with data backup requirements: a game theoretical analysis. IEEE Trans. Inf. Forensics Secur. 11(8), 1685–1699 (2016)

    Article  Google Scholar 

  27. Jalaparti, V., Nguyen, G.D.: Cloud resource allocation games (2019)

    Google Scholar 

  28. Kamhoua, C.A., Kwiat, L., Kwiat, K.A., Park, J., Zhao, S.M., Rodriguez, M.: Game theoretic modeling of security and interdependency in a public cloud. In: Proceedings of IEEE 7th International Conference on Cloud Computing, pp. 514–521 (2014)

    Google Scholar 

  29. Tosh, D.K., Sengupta, S., Kamhoua, C.A., Kwiat, K.A.: Establishing evolutionary game models for cyber security information exchange (CYBEX). J. Comput. Syst. Sci. 98, 27–52 (2018)

    Article  MathSciNet  Google Scholar 

  30. ISO/IEC 27005: Information technology security techniques information security risk management (2008)

    Google Scholar 

  31. Chang, V., Kuo, Y., Ramachandran, M.: Cloud computing adoption framework: a security framework for business clouds. Future Gener. Comput. Syst. 57, 24–41 (2016)

    Article  Google Scholar 

  32. Ravi Kumar, P., Herbert Raj, P., Jelciana, P.: Exploring security issues and solutions in cloud computing services: a survey. Cybern. Inf. Technol. 17(4), 3–31 (2016)

    Google Scholar 

  33. Birje, M.N., Challagidad, P.S., Goudar, R.H., Tapale, M.T.: Cloud computing review: concepts, technology, challenges and security. Int. J. Cloud Comput. 6(1), 32–57 (2017)

    Article  Google Scholar 

  34. Julian, J.J., Surya, N.: A survey of emerging threats in cybersecuirty. J. Comput. Syst. Sci. 80(5), 973–993 (2014)

    Google Scholar 

  35. Saripalli, P., Walters, B.: QUIRC: a quantitative impact and risk assessment framework for cloud security. In: Proceedings of International Conference on Cloud Computing, Miami, FL (2010)

    Google Scholar 

  36. Meetei, M.Z.: Mathematical model of security approaches on cloud computing. Int. J. Cloud Comput. 6(3), 187–210 (2017)

    Article  Google Scholar 

  37. Grossklags, J., Christin, N., Chuang, J.: Secure or insure? A game-theoretic analysis of information security games. In: Proceedings of International Conference World Wide Web Conference (WWW 2008), Beijing, China, pp. 209–218, April 2008

    Google Scholar 

  38. Njilla, L.Y., Pissinou, N., Makki, K.: Game theoretic modeling of security and trust relationship in cyberspace. Int. J. Commun. Syst. 29, 1500–1512 (2016)

    Article  Google Scholar 

  39. Lv, K., Chen, Y., Hu, C.: Dynamic defense strategy against advanced persistent threat under heterogeneous networks. Inf. Fusion 49, 216–226 (2019)

    Article  Google Scholar 

  40. Al Mannai, W.I., Lewis, T.G.: A general defender-attacker risk model for networks. J. Risk Finan. 9(3), 244–261 (2008)

    Article  Google Scholar 

  41. Halevy, N.: Resolving attacker-defender conflicts through intergroup negotiation. Behav. Brain Sci. 42, E124 (2019)

    Article  Google Scholar 

  42. Zarreha, A., Saygina, C., Wana, H., Leea, Y., Brachoa, A.: A game theory based cybersecurity assessment model for advanced manufacturing systems. Procedia Manuf. 26, 1255–1264 (2018)

    Article  Google Scholar 

  43. Cressman, R., Apaloo, J.: Evolutionary game theory. In: Başar, T., Zaccour, G. (eds.) Handbook of Dynamic Game Theory, pp. 461–510. Springer International Publishing, Cham (2018). https://doi.org/10.1007/978-3-319-44374-4_6

    Chapter  Google Scholar 

  44. Khalifa, N.B., El-Azouzi, R., Hayel, Y., Mabrouki, I.: Evolutionary games in interacting communities. Dyn. Games Appl. 7(2), 131–156 (2017)

    Article  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. TIAD Laboratory, FST, Sultan Moulay Slimane University, Beni Mellal, Morocco

    Abdelkarim Ait Temghart & M’hamed Outanoute

  2. Smart Systems Laboratory, ENSIAS, Mohammed V, Rabat, Morocco

    Mbarek Marwan

Authors
  1. Abdelkarim Ait Temghart
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. M’hamed Outanoute
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mbarek Marwan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Université Sultan Moulay Slimane, Beni-Mellal, Morocco

    Mohamed Fakir

  2. Université Sultan Moulay Slimane, Beni-Mellal, Morocco

    Mohamed Baslam

  3. Université Sultan Moulay Slimane, Beni-Mellal, Morocco

    Rachid El Ayachi

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ait Temghart, A., Outanoute, M., Marwan, M. (2021). Game Theoretic Approaches to Mitigate Cloud Security Risks: An Initial Insight. In: Fakir, M., Baslam, M., El Ayachi, R. (eds) Business Intelligence. CBI 2021. Lecture Notes in Business Information Processing, vol 416. Springer, Cham. https://doi.org/10.1007/978-3-030-76508-8_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-76508-8_24

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-76507-1

  • Online ISBN: 978-3-030-76508-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation