As cloud computing thrives, many organizations - both large and small - are taking advantage of the multiple benefits of joining a public cloud. Public cloud computing is cost-effective: a cloud user can reduce spending on technology infrastructure and have easy access to their information without an up-front or long-term commitment of resources. Despite such benefits, concern over cyber security deters many large organizations with sensitive information to use a public cloud such as the Department of Defense. This is because different public cloud users share a common platform such as the hypervisor. An attacker can compromise a virtual machine (VM) to launch an attack on the hypervisor which, if compromised, can instantly yield the compromising of all the VMs running on top of that hypervisor. In this paper we evaluate the cloud user-attacker dynamic using game theory, which models competition among rational agents. This work will show that there are multiple Nash equilibria of the public cloud game. The Nash equilibrium profile that results will be shown to depend on several factors, including the probability that the hypervisor is compromised given a successful attack on a user and the total expense required to invest in security.
This is a preview of subscription content, access via your institution.
Tax calculation will be finalised at checkout
Purchases are for personal use onlyLearn about institutional subscriptions
Handbook, Handbook, Occupational Outlook, Bureau of labor statistics, United States Department of Labor, Spring (2008).
Charles Kamhoua, Luke Kwiat, Kevin Kwiat, Joon Park, Ming Zhao, Manuel Rodriguez, “Game Theoretic Modeling of Security and Interdependency in a Public Cloud” in the proceedings of IEEE International Conference on Cloud Computing, (IEEE CLOUD 2014) Anchorage, Alaska, June 2014.
R. Anderson, “Why Information Security is Hard – an Economic Perspective,” Working paper, Computer Laboratory, Cambridge. 2001
C. Everett, “Cloud computing–A question of trust,” Computer Fraud & Security 2009.6 (2009): 5–7.
J. Horrigan, “Use of cloud computing applications and services,” Pew Internet & American Life project memo, September 2008.
R. Myerson (1991). “Game Theory: Analysis of Conflict,” Harvard University Press, p. 1.
D. Clemente, “Cyber Security and Global Interdependence: What is Critical?”, Chatham House, 2013.
K. Cukier, “Ensuring and Insuring Critical Information Infrastructure Protection: A Report of the 2005 Rueschlikon Conference on Information Policy,” The Rueschlikon Conference, 2005.
F. Hare, “The Interdependent Nature of National Cyber Security: Motivating Private Action for a Public Good,” PhD Dissertation, School of Public Policy, George Mason University, (2011).
Federal Register / Vol. 78, No. 33 / Tuesday, February 19, 2013 / Presidential Documents
G. Heal, H. Kunreuther. “You only die once: Managing discrete interdependent risks,” No. w9885. National Bureau of Economic Research, 2003.
H. Kunreuther, H. Geoffrey “Interdependent Security: the Case of Identical Agents,” Working paper, Columbia Business School and Wharton Risk Management and Decision Processes Center. Journal of Risk and Uncertainty, forthcoming, Special Issue on Terrorist Risks, 2002.
W. Sun, X. Kong, D. He, X. You. “Information security problem research based on game theory,” International Symposium on Publication Electronic Commerce and Security, 2008.
C. Kamhoua, N. Pissinou, K. Makki. “Game theoretic modeling and evolution of trust in autonomous multi-hop networks: Application to network security and privacy,” IEEE International Conference on Communications (ICC), 2011.
P. Tailor, L. Jonker “Evolutionary Stable Strategies and Game Dynamic,” Mathematical Biosciences, 5:455–484, 1978.
T. Alpcan, T. Başar. “Network security: A decision and game-theoretic approach,” Cambridge University Press, 2010.
N. Leavitt, “Is cloud computing really ready for prime time,” Growth 27.5 (2009).
P. Mell, T. Grance. “The NIST definition of cloud computing (draft),” NIST special publication 800.145 (2011): 7.
S. Pearson, A. Benameur. “Privacy, security and trust issues arising from cloud computing,” IEEE Second International Conference on Cloud Computing Technology and Science (CloudCom) 2010.
Zissis, Dimitrios, and Dimitrios Lekkas. “Addressing cloud computing security issues,” Future Generation Computer Systems 28.3 (2012): 583–592.
T. Ristenpart, E. Tromer, H. Shacham, S. Savage. “Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds,” In the proceedings of the 16th ACM Conference on Computer and Communications Security, CCS’09, Chicago, IL, USA, October 2009.
A. Bates, B. Mood, J. Pletcher, H. Pruse, M. Valafar, K. Butler “Detecting Co-Residency with Active Traffic Analysis Techniques,” in the proceedings of the 2012 ACM Cloud Computing Security Workshop (CCSW) in conjunction with the 19th ACM Conference on Computer and Communications Security, October 2012, Raleigh, North Carolina, USA.
C. Li, A. Raghunathan, N. Jha, “A Trusted Virtual Machine in an Untrusted Management Environment,” IEEE Transactions on Services Computing, vol. 5, no. 4, pp. 472–483, Fourth Quarter 2012.
A. Azab, P. Ning, Z. Wang, X. Jiang, X. Zhang, N. Skalsky “HyperSentry: enabling stealthy in-context measurement of hypervisor integrity,” In Proceedings of the 17th ACM conference on Computer and communications security (CCS ’10). ACM, New York, NY, USA.
Y. Zhang, A. Juels, A. Oprea, M. Reiter “HomeAlone: Co-Residency Detection in the Cloud via Side-Channel Analysis,” in the proceedings of IEEE Symposium on Security and Privacy, May 2011, Oakland, California, USA.
L. Carin, G. Cybenko, J. Hughes, “Cybersecurity Strategies: The QuERIES Methodology,” Computer, vol.41, no.8, pp.20–26, Aug. 2008.
United States Securities and Exchange Commission, https://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm [Retrieved: 28 September 2017]
Cuong T. Do, Nguyen H. Tran, Choongseon Hong, Charles A. Kamhoua, Kevin A. Kwiat, Erik Blasch, Shaolei Ren, Niki Pissinou, Sundaraja Sitharama Iyengar “Game Theory for Cyber Security and Privacy” ACM Computing Surveys (CSUR), Volume 50, Issue 2, Article No. 30, June 2017.
Luke Kwiat, Charles A. Kamhoua, Kevin Kwiat, Jian Tang, Andrew Martin “Security-aware Virtual Machine Allocation in the Cloud: A Game Theoretic Approach” in the proceedings of the IEEE International Conference on Cloud Computing, (IEEE CLOUD 2015), New York, June 2015.
Charles A. Kamhoua, Anbang Ruan, Andrew Martin, Kevin A. Kwiat “On the Feasibility of an Open-Implementation Cloud Infrastructure: A Game Theoretic Analysis” in the proceedings of the 2015 IEEE/ACM International Conference on Utility and Cloud Computing (UCC 2015), Limassol, Cyprus, December 2015.
Deepak K. Tosh, Shamik Sengupta, Charles A. Kamhoua, Kevin A. Kwiat “Game Theoretic Modeling to Enforce Security Information Sharing among Firms” in the proceedings of the IEEE International Conference on Cyber Security and Cloud Computing (CSCloud 2015), New York, November 2015.
Charles A. Kamhoua, Andrew Martin, Deepak Tosh, Kevin A. Kwiat, Chad Heitzenrater, Shamik Sengupta “Cyber-threats Information Sharing in Cloud Computing: A game Theoretic Approach” in the proceedings of the IEEE International Conference on Cyber Security and Cloud Computing (CSCloud 2015), New York, November 2015.
Carlo Di Giulio, Charles A. Kamhoua, Roy H. Campbell, Read Sprabery, Kevin Kwiat, Masooda N. Bashir “Cloud Standards in Comparison: Are New Security Frameworks Improving Cloud Security?” in the proceedings of the 2017 IEEE International Conference on Cloud Computing (CLOUD), Honolulu, Hawaii, June 2017.
Carlo Di Giulio, Charles A. Kamhoua, Roy H. Campbell, Read Sprabery, Kevin Kwiat, Masooda N. Bashir “IT Security and Privacy Standards in Comparison: Improving FedRAMP Authorization for Cloud Service Providers” in the proceedings of the 2017 International Workshop on Assured Cloud Computing and QoS aware Big Data (WACC 2017), in conjunction with the 2017 IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), Madrid, Spain, May 2017.
Carlo Di Giulio, Read Sprabery, Charles A. Kamhoua, Kevin Kwiat, Roy H. Campbell, Masooda N. Bashir “Cloud Security Certifications: A Comparison to Improve Cloud Service Provider Security” in the proceedings of the International Conference on Internet of Things, Data and Cloud Computing (ICC 2017), Cambridge city, Churchill College, University of Cambridge, UK, March 2017.
Xueping Liang, Sachin Shetty, Deepak Tosh, Charles A. Kamhoua, Kevin Kwiat, Laurent Njilla, “ProvChain: A Blockchain-based Data Provenance Architecture in Cloud Environment with Enhanced Privacy and Availability” in the proceedings of the 2017 IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), Madrid, Spain, May 2017.
Deepak Tosh, Sachin Shetty, Xueping Liang, Charles A. Kamhoua, Kevin Kwiat, Laurent Njilla, “Security Implications of Blockchain Cloud with Analysis of Block Withholding Attack” in the proceedings of the 2017 IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), Madrid, Spain, May 2017.
Sachin Shetty, Val Red, Charles A. Kamhoua, Kevin Kwiat, Laurent Njilla “Data Provenance Assurance in Cloud using Blockchain” in the proceedings of the 2017 SPIE Disruptive Technologies in Sensors and Sensor Systems, Anaheim, California, April 2017.
Deepak Tosh, Sachin Shetty, Xueping Liang, Charles A. Kamhoua, Laurent Njilla “Consensus protocols for Blockchain based Cloud data provenance- Challenges and Opportunities” in the proceedings of the 2017 IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), New York City, NY, October 2017.
Editors and Affiliations
© 2018 This is a U.S. government work and its text is not subject to copyright protection in the United States; however, its text may be subject to foreign copyright protection
About this chapter
Cite this chapter
Kamhoua, C.A., Kwiat, L., Kwiat, K.A., Park, J.S., Zhao, M., Rodriguez, M. (2018). Security and Interdependency in a Public Cloud: A Game-Theoretic Approach. In: Rass, S., Schauer, S. (eds) Game Theory for Security and Risk Management. Static & Dynamic Game Theory: Foundations & Applications. Birkhäuser, Cham. https://doi.org/10.1007/978-3-319-75268-6_11
Publisher Name: Birkhäuser, Cham
Print ISBN: 978-3-319-75267-9
Online ISBN: 978-3-319-75268-6