Advertisement

Journal of Network and Systems Management

, Volume 21, Issue 1, pp 47–64 | Cite as

On Game-Theoretic Network Security Provisioning

  • Stefan RassEmail author
Article

Abstract

Service level agreements occasionally come as qualitative claims rather than quantitative statements. Motivated by the well-known fact that different (security) service goals can be conflicting, we present an axiomatic approach to finding an optimal balance between interdependent service quality criteria with distinct performance indicators. As a by-product, we obtain network provisioning strategies that ensure the promised service level at optimized performance. Our results generally apply to any security infrastructure for which attack and provisioning strategy identification is feasible. Standard security audits can thus be exploited twice, because, apart from forming a convincing sales argument, they directly support security service level agreements.

Keywords

Network provisioning Service level agreement System security Risk management Multiobjective Game-Theory Decision support 

Notes

Acknowledgments

The author wishes to thank the anonymous reviewers for valuable comments that substantially improved the clarity of the paper, as well as for spotting some errors.

References

  1. 1.
    Alpcan, T., Başar, T.: Network Security: A Decision and Game Theoretic Approach. Cambridge University Press, Cambridge (2010)CrossRefGoogle Scholar
  2. 2.
    Stinson, D.R.: Cryptography: Theory and Practice. Chapman & Hall/CRC, London (2006)zbMATHGoogle Scholar
  3. 3.
    Elliott, C.: The DARPA quantum network (2007). arXiv:quant-ph/0412029v1Google Scholar
  4. 4.
    Poppe, A., Peev, M., Maurhart, O.: Outline of the SECOQC quantum-key-distribution network in Vienna. Int. J. Quantum Inf. 6(2), 209–218 (2008)CrossRefGoogle Scholar
  5. 5.
    Wang, Y., Desmedt, Y.: Perfectly secure message transmission revisited. IEEE Trans. Inf. Theory 54(6), 2582–2595 (2008)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Fitzi, M., Franklin, M.K., Garay, J., Vardhan, S.H.: Towards optimal and efficient perfectly secure message transmission. In: 4th Theory of Cryptography Conference, pp. 311–322. Springer, Berlin/Heidelberg, Germany (2007)Google Scholar
  7. 7.
    Fudenberg, D., Tirole, J.: Game Theory. MIT Press, London (1991)Google Scholar
  8. 8.
    Grunske, L., Joyce, D.: Quantitative risk-based security prediction for component-based systems with explicitly modeled attack profiles. J. Syst. Softw. 81(8), 1327–1345 (2008)CrossRefGoogle Scholar
  9. 9.
    Clark, K., Lee, C., Tyree, S., Hale, J.: Guiding threat analysis with threat source models. In: Information Assurance and Security Workshop IAW ’07 IEEE SMC, pp. 262–269 (2007)Google Scholar
  10. 10.
    Ghose, D.: A necessary and sufficient condition for pareto-optimal security strategies in multicriteria matrix games. J. Optim. Theory Appl. 68, 463–481 (1991)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Lozovanu, D., Solomon, D., Zelikovsky, A.: Multiobjective games and determining pareto-nash equilibria. Buletinul Academiei de Stiinte a Republicii Moldova Matematica 3(49), 115–122 (2005) ISSN 1024-7696MathSciNetGoogle Scholar
  12. 12.
    McKelvey, R.D., McLennan, A.M., Turocy, T.L.: Gambit: software tools for game theory, version 0.2007.12.04. URL: http://gambit.sourceforge.net (2007)
  13. 13.
    Ghose, D., Prasad, U.R.: Solution concepts in two-person multicriteria games. J. Optim. Theory Appl. 63, 167–189 (1989)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Voorneveld, M.: Pareto-optimal security strategies as minimax strategies of a standard matrix game. J. Optim. Theory Appl. 102(1), 203–210 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Ying, Z., Hanping, H., Wenxuan, G.: Network security transmission based on bimatrix game theory. Wuhan Univ. J. Nat. Sci. 11(3), 617–620 (2006)CrossRefGoogle Scholar
  16. 16.
    Sela, A.: Fictitious play in ‘one-against-all’ multi-player games. Econ. Theory 14, 635–651 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Henning, R.R.: Security service level agreements: quantifiable security for the enterprise? In: Proceedings of the 1999 Workshop on New Security Paradigms, pp. 54–60, ACM (1999)Google Scholar
  18. 18.
    Righi, R.R., Pelissari, F., Westphall, C.: Sec-SLA: specification and validation of metrics to security service level agreements. In: IV Workshop on Computer System Security, pp. 199–210. SBC Press, Porto Alegre, Brazil (2004)Google Scholar
  19. 19.
    Moroni, S., Figueroa, N., Jofre, A., Sahai, A., Chen, Y., Iyer, S.: A game-theoretic framework for creating optimal SLA/contract. Technical Report HPL-2007-126. HP Laboratories, Palo Alto (2007)Google Scholar
  20. 20.
    Figueroa, C., Figueroa, N., Jofre, A., Sahai, A., Chen, Y., Iyer, S.: A game theoretic framework for SLA negotiation. Technical Report HPL-2008-5. HP Laboratories, Palo Alto (2008)Google Scholar
  21. 21.
    Zheng, X., Martin, P., Powley, W., Brohman, K.: Applying bargaining game theory to web services negotiation. In: IEEE Interantional Conference on Services Computing (SCC), pp. 218–225 (2010)Google Scholar
  22. 22.
    Pouyllau, H., Douville, R.: End-to-end QoS negotiation in network federations. In: Network Operations and Management Symposium Workshops (NOMS) IEEE/IFIP, pp. 173–176 (2010)Google Scholar
  23. 23.
    Hasselmeyer, P., Mersch, H., Koller, B., Quyen, H., Schubert, L., Wieder, P.: Implementing an SLA negotiation framework. In Proceedings of the eChallenges Conference (e-2007), vol. 4, pp. 154–161. IOS Press, The Hague, The Netherlands (2007)Google Scholar
  24. 24.
    Hudert, S., Ludwig, H., Wirtz, G.: Negotiating SLAs—an approach for a generic negotiation framework for WS-agreement. J. Grid Comput. 7, 225–246 (2009)CrossRefGoogle Scholar
  25. 25.
    Sommers, J., Barford, P., Duffield, N., Ron, A.: Multiobjective monitoring for SLA compliance. IEEE/ACM Trans. Netw. 18, 652–665 (2010)CrossRefGoogle Scholar
  26. 26.
    Aparecida de Chaves, S., Becker Westphall, C., Rodrigo Lamin, F.: SLA perspective in security management for cloud computing. In: International Conference on Networking and Services, pp. 212–217 (2010)Google Scholar
  27. 27.
    Kaminski, H., Perry, M.: A framework for automatic SLA creation. Technical Report. The University of Western Ontario, Computer Science Faculty Publications (2008)Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2012

Authors and Affiliations

  1. 1.System Security GroupAlpen-Adria University KlagenfurtKlagenfurtAustria

Personalised recommendations