As cloud computing thrives, many small organizations are joining a public cloud to take advantage of its multiple benefits. Cloud computing is cost efficient, i.e., cloud user can reduce spending on technology infrastructure and have easy access to their information without up-front or long-term commitment of resources. Moreover, a cloud user can dynamically grow and shrink the resources provisioned to an application on demand. Despite those benefits, cyber security concern is the main reason many large organizations with sensitive information such as the Department of Defense have been reluctant to join a public cloud. This is because different public cloud users share a common platform such as the hypervisor. A common platform intensifies the well-known problem of cyber security interdependency. In fact, an attacker can compromise a virtual machine (VM) to launch an attack on the hypervisor which if compromised can instantly yield the compromising of all the VMs running on top of that hypervisor. Therefore, a user that does not invest in cyber security imposes a negative externality on others. This research uses the mathematical framework of game theory to analyze the cause and effect of interdependency in a public cloud platform. This work shows that there are multiple possible Nash equilibria of the public cloud security game. However, the players use a specific Nash equilibrium profile depending on the probability that the hypervisor is compromised given a successful attack on a user and the total expense required to invest in security. Finally, there is no Nash equilibrium in which all the users in a public cloud will fully invest in security.
[1]
Michael K. Reiter,et al.
HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis
,
2011,
2011 IEEE Symposium on Security and Privacy.
[2]
H. Kunreuther,et al.
You Only Die Once: Managing Discrete Interdependent Risks
,
2003
.
[3]
Hovav Shacham,et al.
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds
,
2009,
CCS.
[4]
Lawrence Carin,et al.
Cybersecurity Strategies: The QuERIES Methodology
,
2008,
Computer.
[5]
Kevin R. B. Butler,et al.
Detecting co-residency with active traffic analysis techniques
,
2012,
CCSW '12.
[6]
Roger B. Myerson,et al.
Game theory - Analysis of Conflict
,
1991
.
[7]
Tansu Alpcan,et al.
Network Security
,
2010
.
[8]
Niki Pissinou,et al.
Game Theoretic Modeling and Evolution of Trust in Autonomous Multi-Hop Networks: Application to Network Security and Privacy
,
2011,
2011 IEEE International Conference on Communications (ICC).
[9]
Dimitrios Zissis,et al.
Addressing cloud computing security issues
,
2012,
Future Gener. Comput. Syst..