Louai A. Maghrabi, E. Pfluegel, Senna Fathima Noorji
{"title":"博弈论云安全评估的效用函数设计——以通用漏洞评分系统为例","authors":"Louai A. Maghrabi, E. Pfluegel, Senna Fathima Noorji","doi":"10.1109/CyberSecPODS.2016.7502351","DOIUrl":null,"url":null,"abstract":"In recent years, cloud computing has emerged as a key computing paradigm because of its ubiquitous, convenient and scalable on-demand access to a shared pool of computing resources. Although the use of the cloud has many advantages, a great number of security threats exist affecting assets that are present in a cloud environment. In order to mitigate these threats, frameworks have been developed to asses the security of an organisation, based on analysing risks to critical assets. However, these frameworks are not yet sufficiently developed to specifically address risks in cloud environments. In this paper, we advocate the use of game theory to improve the security assessment of cloud environments, in particular the risk analysis step in OCTAVE. We extend previous game-theoretic models for security risk assessment within cloud environments by designing cost and benefit functions that are to a large extent informed by the Common Vulnerability Scoring System (CVSS).","PeriodicalId":134449,"journal":{"name":"2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"Designing utility functions for game-theoretic cloud security assessment: a case for using the common vulnerability scoring system\",\"authors\":\"Louai A. Maghrabi, E. Pfluegel, Senna Fathima Noorji\",\"doi\":\"10.1109/CyberSecPODS.2016.7502351\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In recent years, cloud computing has emerged as a key computing paradigm because of its ubiquitous, convenient and scalable on-demand access to a shared pool of computing resources. Although the use of the cloud has many advantages, a great number of security threats exist affecting assets that are present in a cloud environment. In order to mitigate these threats, frameworks have been developed to asses the security of an organisation, based on analysing risks to critical assets. However, these frameworks are not yet sufficiently developed to specifically address risks in cloud environments. In this paper, we advocate the use of game theory to improve the security assessment of cloud environments, in particular the risk analysis step in OCTAVE. We extend previous game-theoretic models for security risk assessment within cloud environments by designing cost and benefit functions that are to a large extent informed by the Common Vulnerability Scoring System (CVSS).\",\"PeriodicalId\":134449,\"journal\":{\"name\":\"2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-06-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CyberSecPODS.2016.7502351\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CyberSecPODS.2016.7502351","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Designing utility functions for game-theoretic cloud security assessment: a case for using the common vulnerability scoring system
In recent years, cloud computing has emerged as a key computing paradigm because of its ubiquitous, convenient and scalable on-demand access to a shared pool of computing resources. Although the use of the cloud has many advantages, a great number of security threats exist affecting assets that are present in a cloud environment. In order to mitigate these threats, frameworks have been developed to asses the security of an organisation, based on analysing risks to critical assets. However, these frameworks are not yet sufficiently developed to specifically address risks in cloud environments. In this paper, we advocate the use of game theory to improve the security assessment of cloud environments, in particular the risk analysis step in OCTAVE. We extend previous game-theoretic models for security risk assessment within cloud environments by designing cost and benefit functions that are to a large extent informed by the Common Vulnerability Scoring System (CVSS).
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
