Game theoretic modeling of security and interdependency in a public cloud

Charles A. Kamhoua, Luke Kwiat, Kevin A. Kwiat, Joon S. Park, Ming Zhao, Manuel Rodriguez

Research output: Chapter in Book/Report/Conference proceedingConference contribution

20 Citations (Scopus)

Abstract

As cloud computing thrives, many small organizations are joining a public cloud to take advantage of its multiple benefits. Cloud computing is cost efficient, i.e., cloud user can reduce spending on technology infrastructure and have easy access to their information without up-front or long-term commitment of resources. Moreover, a cloud user can dynamically grow and shrink the resources provisioned to an application on demand. Despite those benefits, cyber security concern is the main reason many large organizations with sensitive information such as the Department of Defense have been reluctant to join a public cloud. This is because different public cloud users share a common platform such as the hypervisor. A common platform intensifies the well-known problem of cyber security interdependency. In fact, an attacker can compromise a virtual machine (VM) to launch an attack on the hypervisor which if compromised can instantly yield the compromising of all the VMs running on top of that hypervisor. Therefore, a user that does not invest in cyber security imposes a negative externality on others. This research uses the mathematical framework of game theory to analyze the cause and effect of interdependency in a public cloud platform. This work shows that there are multiple possible Nash equilibria of the public cloud security game. However, the players use a specific Nash equilibrium profile depending on the probability that the hypervisor is compromised given a successful attack on a user and the total expense required to invest in security. Finally, there is no Nash equilibrium in which all the users in a public cloud will fully invest in security.

Original languageEnglish (US)
Title of host publicationProceedings - 2014 IEEE 7th International Conference on Cloud Computing, CLOUD 2014
PublisherIEEE Computer Society
Pages514-521
Number of pages8
ISBN (Print)9781479950638
DOIs
StatePublished - Dec 3 2014
Externally publishedYes
Event7th IEEE International Conference on Cloud Computing, CLOUD 2014 - Anchorage, United States
Duration: Jun 27 2014Jul 2 2014

Other

Other7th IEEE International Conference on Cloud Computing, CLOUD 2014
CountryUnited States
CityAnchorage
Period6/27/147/2/14

Fingerprint

Cloud computing
Game theory
Joining
Costs
Virtual machine

Keywords

  • Cloud computing
  • cyber security
  • externalities
  • game theory
  • interdependency

ASJC Scopus subject areas

  • Artificial Intelligence
  • Information Systems
  • Software

Cite this

Kamhoua, C. A., Kwiat, L., Kwiat, K. A., Park, J. S., Zhao, M., & Rodriguez, M. (2014). Game theoretic modeling of security and interdependency in a public cloud. In Proceedings - 2014 IEEE 7th International Conference on Cloud Computing, CLOUD 2014 (pp. 514-521). [6973781] IEEE Computer Society. https://doi.org/10.1109/CLOUD.2014.75

Game theoretic modeling of security and interdependency in a public cloud. / Kamhoua, Charles A.; Kwiat, Luke; Kwiat, Kevin A.; Park, Joon S.; Zhao, Ming; Rodriguez, Manuel.

Proceedings - 2014 IEEE 7th International Conference on Cloud Computing, CLOUD 2014. IEEE Computer Society, 2014. p. 514-521 6973781.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Kamhoua, CA, Kwiat, L, Kwiat, KA, Park, JS, Zhao, M & Rodriguez, M 2014, Game theoretic modeling of security and interdependency in a public cloud. in Proceedings - 2014 IEEE 7th International Conference on Cloud Computing, CLOUD 2014., 6973781, IEEE Computer Society, pp. 514-521, 7th IEEE International Conference on Cloud Computing, CLOUD 2014, Anchorage, United States, 6/27/14. https://doi.org/10.1109/CLOUD.2014.75
Kamhoua CA, Kwiat L, Kwiat KA, Park JS, Zhao M, Rodriguez M. Game theoretic modeling of security and interdependency in a public cloud. In Proceedings - 2014 IEEE 7th International Conference on Cloud Computing, CLOUD 2014. IEEE Computer Society. 2014. p. 514-521. 6973781 https://doi.org/10.1109/CLOUD.2014.75
Kamhoua, Charles A. ; Kwiat, Luke ; Kwiat, Kevin A. ; Park, Joon S. ; Zhao, Ming ; Rodriguez, Manuel. / Game theoretic modeling of security and interdependency in a public cloud. Proceedings - 2014 IEEE 7th International Conference on Cloud Computing, CLOUD 2014. IEEE Computer Society, 2014. pp. 514-521
@inproceedings{e2fce838386f45338f19a612fc6f07a0,
title = "Game theoretic modeling of security and interdependency in a public cloud",
abstract = "As cloud computing thrives, many small organizations are joining a public cloud to take advantage of its multiple benefits. Cloud computing is cost efficient, i.e., cloud user can reduce spending on technology infrastructure and have easy access to their information without up-front or long-term commitment of resources. Moreover, a cloud user can dynamically grow and shrink the resources provisioned to an application on demand. Despite those benefits, cyber security concern is the main reason many large organizations with sensitive information such as the Department of Defense have been reluctant to join a public cloud. This is because different public cloud users share a common platform such as the hypervisor. A common platform intensifies the well-known problem of cyber security interdependency. In fact, an attacker can compromise a virtual machine (VM) to launch an attack on the hypervisor which if compromised can instantly yield the compromising of all the VMs running on top of that hypervisor. Therefore, a user that does not invest in cyber security imposes a negative externality on others. This research uses the mathematical framework of game theory to analyze the cause and effect of interdependency in a public cloud platform. This work shows that there are multiple possible Nash equilibria of the public cloud security game. However, the players use a specific Nash equilibrium profile depending on the probability that the hypervisor is compromised given a successful attack on a user and the total expense required to invest in security. Finally, there is no Nash equilibrium in which all the users in a public cloud will fully invest in security.",
keywords = "Cloud computing, cyber security, externalities, game theory, interdependency",
author = "Kamhoua, {Charles A.} and Luke Kwiat and Kwiat, {Kevin A.} and Park, {Joon S.} and Ming Zhao and Manuel Rodriguez",
year = "2014",
month = "12",
day = "3",
doi = "10.1109/CLOUD.2014.75",
language = "English (US)",
isbn = "9781479950638",
pages = "514--521",
booktitle = "Proceedings - 2014 IEEE 7th International Conference on Cloud Computing, CLOUD 2014",
publisher = "IEEE Computer Society",

}

TY - GEN

T1 - Game theoretic modeling of security and interdependency in a public cloud

AU - Kamhoua, Charles A.

AU - Kwiat, Luke

AU - Kwiat, Kevin A.

AU - Park, Joon S.

AU - Zhao, Ming

AU - Rodriguez, Manuel

PY - 2014/12/3

Y1 - 2014/12/3

N2 - As cloud computing thrives, many small organizations are joining a public cloud to take advantage of its multiple benefits. Cloud computing is cost efficient, i.e., cloud user can reduce spending on technology infrastructure and have easy access to their information without up-front or long-term commitment of resources. Moreover, a cloud user can dynamically grow and shrink the resources provisioned to an application on demand. Despite those benefits, cyber security concern is the main reason many large organizations with sensitive information such as the Department of Defense have been reluctant to join a public cloud. This is because different public cloud users share a common platform such as the hypervisor. A common platform intensifies the well-known problem of cyber security interdependency. In fact, an attacker can compromise a virtual machine (VM) to launch an attack on the hypervisor which if compromised can instantly yield the compromising of all the VMs running on top of that hypervisor. Therefore, a user that does not invest in cyber security imposes a negative externality on others. This research uses the mathematical framework of game theory to analyze the cause and effect of interdependency in a public cloud platform. This work shows that there are multiple possible Nash equilibria of the public cloud security game. However, the players use a specific Nash equilibrium profile depending on the probability that the hypervisor is compromised given a successful attack on a user and the total expense required to invest in security. Finally, there is no Nash equilibrium in which all the users in a public cloud will fully invest in security.

AB - As cloud computing thrives, many small organizations are joining a public cloud to take advantage of its multiple benefits. Cloud computing is cost efficient, i.e., cloud user can reduce spending on technology infrastructure and have easy access to their information without up-front or long-term commitment of resources. Moreover, a cloud user can dynamically grow and shrink the resources provisioned to an application on demand. Despite those benefits, cyber security concern is the main reason many large organizations with sensitive information such as the Department of Defense have been reluctant to join a public cloud. This is because different public cloud users share a common platform such as the hypervisor. A common platform intensifies the well-known problem of cyber security interdependency. In fact, an attacker can compromise a virtual machine (VM) to launch an attack on the hypervisor which if compromised can instantly yield the compromising of all the VMs running on top of that hypervisor. Therefore, a user that does not invest in cyber security imposes a negative externality on others. This research uses the mathematical framework of game theory to analyze the cause and effect of interdependency in a public cloud platform. This work shows that there are multiple possible Nash equilibria of the public cloud security game. However, the players use a specific Nash equilibrium profile depending on the probability that the hypervisor is compromised given a successful attack on a user and the total expense required to invest in security. Finally, there is no Nash equilibrium in which all the users in a public cloud will fully invest in security.

KW - Cloud computing

KW - cyber security

KW - externalities

KW - game theory

KW - interdependency

UR - http://www.scopus.com/inward/record.url?scp=84919784577&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84919784577&partnerID=8YFLogxK

U2 - 10.1109/CLOUD.2014.75

DO - 10.1109/CLOUD.2014.75

M3 - Conference contribution

SN - 9781479950638

SP - 514

EP - 521

BT - Proceedings - 2014 IEEE 7th International Conference on Cloud Computing, CLOUD 2014

PB - IEEE Computer Society

ER -