Scalable risk assessment method for cloud computing using game theory (CCRAM)

Furuncu, Evrim; Soğukpınar, İbrahim

doi:10.1016/j.csi.2014.08.007

Cited by 42 publications

(21 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our model is different to that published in [16] where the goal is to help the cloud provider with the risk assessment. In our model, we focus on the user's perspective and help him to decide whether or not adopt the cloud.…”

Section: A Research Contributionmentioning

confidence: 97%

“…The paper [20] applies game theory to information security management. To our knowledge, the first game theoretic model for cloud risk assessment has been presented in [16]. We refer to the survey papers [21], [22] for a wider background on applications of game theory to computer and network security.…”

Section: Related Workmentioning

confidence: 99%

“…outcome of the expected attacks) or to instruct him how to defend attacks in an optimal way. The authors in [16] design CCRAM, a novel game theoretic risk assessment method for the major cloud service deployment models. Their framework helps to assess risks more accurately for SaaS (Software-as-a-Service), PaaS (Platformas-a-Service) and IaaS (Infrastructure-as-a-Service).…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Moving assets to the cloud: A game theoretic approach based on trust

Maghrabi

Pfluegel

2015

2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)

View full text Add to dashboard Cite

Increasingly, organisations and individuals are relying on external parties to store, maintain and protect their critical assets. The use of public clouds is commonly considered advantageous in terms of flexibility, scalability and cost effectiveness. On the other hand, the security aspects are complex and many resulting challenges remain unresolved. In particular, one cannot rule out the existence of internal attacks carried out by a malicious cloud provider. In this paper, we use game theory in order to aid assessing the risk involved in moving critical assets of an IT system to a public cloud. Adopting a user perspective, we model benefits and costs that arise due to attacks on the user's asset, exploiting vulnerabilities on either the user's system or the cloud. A novel aspect of our approach is the use of the trust that the user may have in the cloud provider as an explicit parameter T in the model. For some specific values of T , we show the existence of a pure Nash equilibrium and compute a mixed equilibrium corresponding to an example scenario.

show abstract

Section: A Research Contributionmentioning

confidence: 97%

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Moving assets to the cloud: A game theoretic approach based on trust

Maghrabi

Pfluegel

2015

2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)

View full text Add to dashboard Cite

show abstract

“…Beyond the functional aspects, nonfunctional properties such as cost and reliability are of utmost importance for analyzing the attack-defense process in cloud application. Such as cloud computing, 9 Cyber-Physical Systems. 7 Existing security solutions cannot effectively capture the interactions between the attacker in cloud computing.…”

Section: Introductionmentioning

confidence: 99%

A game theoretic method to model and analyze attack‐defense strategy of resource service in cloud application

Fan

Chen

2017

Concurrency and Computation

View full text Add to dashboard Cite

Cloud computing has attracted much attention recently in both industry field and academic research area. More and more Internet applications are moving to the cloud environment. However, it is difficult to construct perfectly secure mechanisms facing up with complex and various attacks in cloud computing, the efficient attack-defense strategy is highly demanded. In this paper, a stochastic game model is proposed based on combining stochastic Petri nets with game theory, which is used to describe the attack-defense behaviors in cloud computing. The physical machine, attack-defense behavior, and their attributes are also modeled by stochastic game model thus forming the attack-defense game model of cloud computing. On this basis, the Nash equilibrium of attack-defense process in physical machine is computed to get the optimal defense strategy. The related theories of Petri nets and the reachable states of attack-defense game model are used to formally verify the correctness and effectiveness of the proposed method. The enforcement algorithm is proposed to make cloud computing dynamically evaluate and select the defense strategy to against attack behavior as quickly as possible. Both case study and simulation results show that the proposed method can adapt quickly to the changes in cloud application thus improving the security of cloud computing.

show abstract

“…Risk assessment in the CC domain is an issue dealt intensively in literature [40] [41]. Researchers state that security risks are among the biggest obstacles to adoption cloud services [9].…”

Section: Risk Optimizationmentioning

confidence: 99%