Skip to main content

Security and Interdependency in a Public Cloud: A Game-Theoretic Approach

Part of the Static & Dynamic Game Theory: Foundations & Applications book series (SDGTFA)

Abstract

As cloud computing thrives, many organizations - both large and small - are taking advantage of the multiple benefits of joining a public cloud. Public cloud computing is cost-effective: a cloud user can reduce spending on technology infrastructure and have easy access to their information without an up-front or long-term commitment of resources. Despite such benefits, concern over cyber security deters many large organizations with sensitive information to use a public cloud such as the Department of Defense. This is because different public cloud users share a common platform such as the hypervisor. An attacker can compromise a virtual machine (VM) to launch an attack on the hypervisor which, if compromised, can instantly yield the compromising of all the VMs running on top of that hypervisor. In this paper we evaluate the cloud user-attacker dynamic using game theory, which models competition among rational agents. This work will show that there are multiple Nash equilibria of the public cloud game. The Nash equilibrium profile that results will be shown to depend on several factors, including the probability that the hypervisor is compromised given a successful attack on a user and the total expense required to invest in security.

This is a preview of subscription content, log in via an institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   129.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Handbook, Handbook, Occupational Outlook, Bureau of labor statistics, United States Department of Labor, Spring (2008).

    Google Scholar 

  2. Charles Kamhoua, Luke Kwiat, Kevin Kwiat, Joon Park, Ming Zhao, Manuel Rodriguez, “Game Theoretic Modeling of Security and Interdependency in a Public Cloud” in the proceedings of IEEE International Conference on Cloud Computing, (IEEE CLOUD 2014) Anchorage, Alaska, June 2014.

    Google Scholar 

  3. R. Anderson, “Why Information Security is Hard – an Economic Perspective,” Working paper, Computer Laboratory, Cambridge. 2001

    Google Scholar 

  4. C. Everett, “Cloud computing–A question of trust,” Computer Fraud & Security 2009.6 (2009): 5–7.

    Article  Google Scholar 

  5. J. Horrigan, “Use of cloud computing applications and services,” Pew Internet & American Life project memo, September 2008.

    Google Scholar 

  6. R. Myerson (1991). “Game Theory: Analysis of Conflict,” Harvard University Press, p. 1.

    Google Scholar 

  7. D. Clemente, “Cyber Security and Global Interdependence: What is Critical?”, Chatham House, 2013.

    Google Scholar 

  8. K. Cukier, “Ensuring and Insuring Critical Information Infrastructure Protection: A Report of the 2005 Rueschlikon Conference on Information Policy,” The Rueschlikon Conference, 2005.

    Google Scholar 

  9. F. Hare, “The Interdependent Nature of National Cyber Security: Motivating Private Action for a Public Good,” PhD Dissertation, School of Public Policy, George Mason University, (2011).

    Google Scholar 

  10. Federal Register / Vol. 78, No. 33 / Tuesday, February 19, 2013 / Presidential Documents

    Google Scholar 

  11. G. Heal, H. Kunreuther. “You only die once: Managing discrete interdependent risks,” No. w9885. National Bureau of Economic Research, 2003.

    Google Scholar 

  12. H. Kunreuther, H. Geoffrey “Interdependent Security: the Case of Identical Agents,” Working paper, Columbia Business School and Wharton Risk Management and Decision Processes Center. Journal of Risk and Uncertainty, forthcoming, Special Issue on Terrorist Risks, 2002.

    Google Scholar 

  13. W. Sun, X. Kong, D. He, X. You. “Information security problem research based on game theory,” International Symposium on Publication Electronic Commerce and Security, 2008.

    Book  Google Scholar 

  14. C. Kamhoua, N. Pissinou, K. Makki. “Game theoretic modeling and evolution of trust in autonomous multi-hop networks: Application to network security and privacy,” IEEE International Conference on Communications (ICC), 2011.

    Google Scholar 

  15. P. Tailor, L. Jonker “Evolutionary Stable Strategies and Game Dynamic,” Mathematical Biosciences, 5:455–484, 1978.

    Google Scholar 

  16. T. Alpcan, T. Başar. “Network security: A decision and game-theoretic approach,” Cambridge University Press, 2010.

    MATH  Google Scholar 

  17. N. Leavitt, “Is cloud computing really ready for prime time,” Growth 27.5 (2009).

    Google Scholar 

  18. P. Mell, T. Grance. “The NIST definition of cloud computing (draft),” NIST special publication 800.145 (2011): 7.

    Google Scholar 

  19. S. Pearson, A. Benameur. “Privacy, security and trust issues arising from cloud computing,” IEEE Second International Conference on Cloud Computing Technology and Science (CloudCom) 2010.

    Google Scholar 

  20. Zissis, Dimitrios, and Dimitrios Lekkas. “Addressing cloud computing security issues,” Future Generation Computer Systems 28.3 (2012): 583–592.

    Article  Google Scholar 

  21. T. Ristenpart, E. Tromer, H. Shacham, S. Savage. “Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds,” In the proceedings of the 16th ACM Conference on Computer and Communications Security, CCS’09, Chicago, IL, USA, October 2009.

    Google Scholar 

  22. A. Bates, B. Mood, J. Pletcher, H. Pruse, M. Valafar, K. Butler “Detecting Co-Residency with Active Traffic Analysis Techniques,” in the proceedings of the 2012 ACM Cloud Computing Security Workshop (CCSW) in conjunction with the 19th ACM Conference on Computer and Communications Security, October 2012, Raleigh, North Carolina, USA.

    Google Scholar 

  23. C. Li, A. Raghunathan, N. Jha, “A Trusted Virtual Machine in an Untrusted Management Environment,” IEEE Transactions on Services Computing, vol. 5, no. 4, pp. 472–483, Fourth Quarter 2012.

    Article  Google Scholar 

  24. A. Azab, P. Ning, Z. Wang, X. Jiang, X. Zhang, N. Skalsky “HyperSentry: enabling stealthy in-context measurement of hypervisor integrity,” In Proceedings of the 17th ACM conference on Computer and communications security (CCS ’10). ACM, New York, NY, USA.

    Google Scholar 

  25. Y. Zhang, A. Juels, A. Oprea, M. Reiter “HomeAlone: Co-Residency Detection in the Cloud via Side-Channel Analysis,” in the proceedings of IEEE Symposium on Security and Privacy, May 2011, Oakland, California, USA.

    Google Scholar 

  26. L. Carin, G. Cybenko, J. Hughes, “Cybersecurity Strategies: The QuERIES Methodology,” Computer, vol.41, no.8, pp.20–26, Aug. 2008.

    Google Scholar 

  27. United States Securities and Exchange Commission, https://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm [Retrieved: 28 September 2017]

  28. Cuong T. Do, Nguyen H. Tran, Choongseon Hong, Charles A. Kamhoua, Kevin A. Kwiat, Erik Blasch, Shaolei Ren, Niki Pissinou, Sundaraja Sitharama Iyengar “Game Theory for Cyber Security and Privacy” ACM Computing Surveys (CSUR), Volume 50, Issue 2, Article No. 30, June 2017.

    Google Scholar 

  29. Luke Kwiat, Charles A. Kamhoua, Kevin Kwiat, Jian Tang, Andrew Martin “Security-aware Virtual Machine Allocation in the Cloud: A Game Theoretic Approach” in the proceedings of the IEEE International Conference on Cloud Computing, (IEEE CLOUD 2015), New York, June 2015.

    Google Scholar 

  30. Charles A. Kamhoua, Anbang Ruan, Andrew Martin, Kevin A. Kwiat “On the Feasibility of an Open-Implementation Cloud Infrastructure: A Game Theoretic Analysis” in the proceedings of the 2015 IEEE/ACM International Conference on Utility and Cloud Computing (UCC 2015), Limassol, Cyprus, December 2015.

    Google Scholar 

  31. Deepak K. Tosh, Shamik Sengupta, Charles A. Kamhoua, Kevin A. Kwiat “Game Theoretic Modeling to Enforce Security Information Sharing among Firms” in the proceedings of the IEEE International Conference on Cyber Security and Cloud Computing (CSCloud 2015), New York, November 2015.

    Google Scholar 

  32. Charles A. Kamhoua, Andrew Martin, Deepak Tosh, Kevin A. Kwiat, Chad Heitzenrater, Shamik Sengupta “Cyber-threats Information Sharing in Cloud Computing: A game Theoretic Approach” in the proceedings of the IEEE International Conference on Cyber Security and Cloud Computing (CSCloud 2015), New York, November 2015.

    Google Scholar 

  33. Carlo Di Giulio, Charles A. Kamhoua, Roy H. Campbell, Read Sprabery, Kevin Kwiat, Masooda N. Bashir “Cloud Standards in Comparison: Are New Security Frameworks Improving Cloud Security?” in the proceedings of the 2017 IEEE International Conference on Cloud Computing (CLOUD), Honolulu, Hawaii, June 2017.

    Google Scholar 

  34. Carlo Di Giulio, Charles A. Kamhoua, Roy H. Campbell, Read Sprabery, Kevin Kwiat, Masooda N. Bashir “IT Security and Privacy Standards in Comparison: Improving FedRAMP Authorization for Cloud Service Providers” in the proceedings of the 2017 International Workshop on Assured Cloud Computing and QoS aware Big Data (WACC 2017), in conjunction with the 2017 IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), Madrid, Spain, May 2017.

    Google Scholar 

  35. Carlo Di Giulio, Read Sprabery, Charles A. Kamhoua, Kevin Kwiat, Roy H. Campbell, Masooda N. Bashir “Cloud Security Certifications: A Comparison to Improve Cloud Service Provider Security” in the proceedings of the International Conference on Internet of Things, Data and Cloud Computing (ICC 2017), Cambridge city, Churchill College, University of Cambridge, UK, March 2017.

    Google Scholar 

  36. Xueping Liang, Sachin Shetty, Deepak Tosh, Charles A. Kamhoua, Kevin Kwiat, Laurent Njilla, “ProvChain: A Blockchain-based Data Provenance Architecture in Cloud Environment with Enhanced Privacy and Availability” in the proceedings of the 2017 IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), Madrid, Spain, May 2017.

    Google Scholar 

  37. Deepak Tosh, Sachin Shetty, Xueping Liang, Charles A. Kamhoua, Kevin Kwiat, Laurent Njilla, “Security Implications of Blockchain Cloud with Analysis of Block Withholding Attack” in the proceedings of the 2017 IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), Madrid, Spain, May 2017.

    Google Scholar 

  38. Sachin Shetty, Val Red, Charles A. Kamhoua, Kevin Kwiat, Laurent Njilla “Data Provenance Assurance in Cloud using Blockchain” in the proceedings of the 2017 SPIE Disruptive Technologies in Sensors and Sensor Systems, Anaheim, California, April 2017.

    Google Scholar 

  39. Deepak Tosh, Sachin Shetty, Xueping Liang, Charles A. Kamhoua, Laurent Njilla “Consensus protocols for Blockchain based Cloud data provenance- Challenges and Opportunities” in the proceedings of the 2017 IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), New York City, NY, October 2017.

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Charles A. Kamhoua .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2018 This is a U.S. government work and its text is not subject to copyright protection in the United States; however, its text may be subject to foreign copyright protection

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Kamhoua, C.A., Kwiat, L., Kwiat, K.A., Park, J.S., Zhao, M., Rodriguez, M. (2018). Security and Interdependency in a Public Cloud: A Game-Theoretic Approach. In: Rass, S., Schauer, S. (eds) Game Theory for Security and Risk Management. Static & Dynamic Game Theory: Foundations & Applications. Birkhäuser, Cham. https://doi.org/10.1007/978-3-319-75268-6_11

Download citation

Publish with us

Policies and ethics