Moving assets to the cloud: A game theoretic approach based on trust

2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA) Pub Date : 2015-06-08 DOI:10.1109/CyberSA.2015.7166120

Louai A. Maghrabi, E. Pfluegel

{"title":"Moving assets to the cloud: A game theoretic approach based on trust","authors":"Louai A. Maghrabi, E. Pfluegel","doi":"10.1109/CyberSA.2015.7166120","DOIUrl":null,"url":null,"abstract":"Increasingly, organisations and individuals are relying on external parties to store, maintain and protect their critical assets. The use of public clouds is commonly considered advantageous in terms of flexibility, scalability and cost effectiveness. On the other hand, the security aspects are complex and many resulting challenges remain unresolved. In particular, one cannot rule out the existence of internal attacks carried out by a malicious cloud provider. In this paper, we use game theory in order to aid assessing the risk involved in moving critical assets of an IT system to a public cloud. Adopting a user perspective, we model benefits and costs that arise due to attacks on the user's asset, exploiting vulnerabilities on either the user's system or the cloud. A novel aspect of our approach is the use of the trust that the user may have in the cloud provider as an explicit parameter T in the model. For some specific values of T, we show the existence of a pure Nash equilibrium and compute a mixed equilibrium corresponding to an example scenario.","PeriodicalId":432356,"journal":{"name":"2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)","volume":"68 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CyberSA.2015.7166120","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

Abstract

Increasingly, organisations and individuals are relying on external parties to store, maintain and protect their critical assets. The use of public clouds is commonly considered advantageous in terms of flexibility, scalability and cost effectiveness. On the other hand, the security aspects are complex and many resulting challenges remain unresolved. In particular, one cannot rule out the existence of internal attacks carried out by a malicious cloud provider. In this paper, we use game theory in order to aid assessing the risk involved in moving critical assets of an IT system to a public cloud. Adopting a user perspective, we model benefits and costs that arise due to attacks on the user's asset, exploiting vulnerabilities on either the user's system or the cloud. A novel aspect of our approach is the use of the trust that the user may have in the cloud provider as an explicit parameter T in the model. For some specific values of T, we show the existence of a pure Nash equilibrium and compute a mixed equilibrium corresponding to an example scenario.

查看原文本刊更多论文

将资产转移到云端:基于信任的博弈论方法

越来越多的组织和个人依靠外部各方来存储、维护和保护他们的关键资产。公共云的使用通常被认为在灵活性、可伸缩性和成本效益方面具有优势。另一方面，安全问题错综复杂，许多挑战尚未解决。特别是，不能排除恶意云提供商进行内部攻击的可能性。在本文中，我们使用博弈论来帮助评估将IT系统的关键资产转移到公共云所涉及的风险。我们采用用户视角，对攻击用户资产(利用用户系统或云上的漏洞)所产生的收益和成本进行建模。我们方法的一个新颖方面是使用用户对云提供商的信任作为模型中的显式参数T。对于某些特定的T值，我们证明了纯纳什均衡的存在性，并计算了与示例场景相对应的混合均衡。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)

自引率

0.00%

发文量