论文信息 - Joint pricing and security investment for cloud-insurance: A security interdependency perspective

Joint pricing and security investment for cloud-insurance: A security interdependency perspective

Cyber insurance has been introduced as the mean to transfer cyber risks to an insurance company, namely, insurer. The users are thus covered by the insurance to alleviate the damage from cyber threats. In this paper, we investigate the joint pricing and security investment in a cloud-insurance market. The market is composed of users, cloud providers, and cloud-insurers. The users subscribes to use the cloud service (platform) from the cloud providers. To protect from the damage, the users can buy a cloud-insurance product from the cloud-insurers which will pay a claim to the users if an attack happens to the cloud service. The users are interdependent in which they can take advantage of the positive security effects generated by other users' investments in security. We assume that the cloud provider and cloud-insurer are the business partners. Therefore, the cloud-insurers can invest in the cloud platform to improve the security level, i.e., quality, of the cloud service and hence reduce the probability of paying claim. Our proposed model consists of two stages, i.e., the Stackelberg game. In the first stage, cloud-insurers set the price charging to the users and decide on the investment for improving the cloud security quality. In the second stage, the users decide on the amount of these cloud-insurances to purchase based on the observed prices and qualities. The existence and uniqueness for the equilibrium of the Stackelberg game are proved analytically. The performance evaluation shows some interesting results. For example, when the users have strong interdependency, the price of the cloud-insurance becomes lower. This is from the fact that the users can be influenced more easily by their peers, when one cloud-insurer decreases the price, it can attract more users easily.

[1] J. Goodman. Note on Existence and Uniqueness of Equilibrium Points for Concave N-Person Games , 1965 .

[2] Tyler Moore,et al. Information Security Economics - and Beyond , 2007, DEON.

[3] Marc Lelarge,et al. Economic Incentives to Increase Security in the Internet: The Case for Insurance , 2009, IEEE INFOCOM 2009.

[4] Konstantinos Psounis,et al. On a way to improve cyber-insurer profits when a security vendor becomes the cyber-insurer , 2013, 2013 IFIP Networking Conference.

[5] Shaun Shuxun Wang. Cybersecurity Budget Allocation to Address Multiple Areas of Vulnerability and Multiple Segments of Data Assets , 2017 .

[6] Xu Chen,et al. When Social Network Effect Meets Congestion Effect in Wireless Networks: Data Usage Equilibrium and Optimal Pricing , 2017, IEEE Journal on Selected Areas in Communications.

[7] Konstantinos Psounis,et al. Security Pricing as Enabler of Cyber-Insurance A First Look at Differentiated Pricing Markets , 2016, IEEE Transactions on Dependable and Secure Computing.