Scalable risk assessment method for cloud computing using game theory (CCRAM)

Cloud computing is one of the most popular information processing concepts of today's IT world. The security of the cloud computing is complicated because each service model uses different infrastructure elements. Current security risk assessment models generally cannot be applied to cloud computing systems that change their states very rapidly. In this work, a scalable security risk assessment model has been proposed for cloud computing as a solution of this problem using game theory. Using this method, we can evaluate whether the risk in the system should be fixed by cloud provider or tenant of the system. Cloud computing model and systems has ben used extensively in recent years.Security risks have become important topic for cloud systems.We have proposed a game theory model to assess security risks on cloud systems.Model has been evaluated using sample players named as attacker and defender.Proposed model is a novel approach in this field.

[1]  Jordi Guitart,et al.  Business-driven management of infrastructure-level risks in Cloud providers , 2014, Future Gener. Comput. Syst..

[2]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[3]  Milind Tambe,et al.  Security and Game Theory - Algorithms, Deployed Systems, Lessons Learned , 2011 .

[4]  David K. Y. Yau,et al.  A game theoretic study of attack and defense in cyber-physical systems , 2011, 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[5]  Quanyan Zhu,et al.  Game theory meets network security and privacy , 2013, CSUR.

[6]  Dimitrios Zissis,et al.  Addressing cloud computing security issues , 2012, Future Gener. Comput. Syst..

[7]  Tim Roughgarden,et al.  Algorithmic Game Theory , 2007 .

[8]  Dipankar Dasgupta,et al.  Game theory for cyber security , 2010, CSIIRW '10.

[9]  Theodore Tryfonas,et al.  A game theoretic defence framework against DoS/DDoS cyber attacks , 2013, Comput. Secur..

[10]  Guisheng Fan,et al.  A Game Theoretic Method to Model and Evaluate Attack-Defense Strategy in Cloud Computing , 2013, 2013 IEEE International Conference on Services Computing.

[11]  Barton P. Miller,et al.  First principles vulnerability assessment , 2010, CCSW '10.

[12]  Jun Li,et al.  A network security assessment model based on attack-defense game theory , 2010, 2010 International Conference on Computer Application and System Modeling (ICCASM 2010).

[13]  Karim Djemame,et al.  Towards a Service Lifecycle Based Methodology for Risk Assessment in Cloud Computing , 2011, 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing.

[14]  Liu Dong,et al.  The New Risk Assessment Model for Information System in Cloud Computing Environment , 2011 .

[15]  Tansu Alpcan,et al.  Network Security , 2010 .

[16]  Bruce Bueno de Mesquita,et al.  An Introduction to Game Theory , 2014 .

[17]  Sarit Kraus,et al.  Deployed ARMOR protection: the application of a game theoretic model for security at the Los Angeles International Airport , 2008, AAMAS.