Accession Number:

ADA626463

Title:

Security and Interdependency in a Public Cloud: A Game Theoretic Approach

Descriptive Note:

Manuscript

Corporate Author:

FLORIDA INTERNATIONAL UNIV MIAMI

Report Date:

2014-08-29

Pagination or Media Count:

17.0

Abstract:

As cloud computing thrives, many organizations both large and small are joining a public cloud to take advantage of its multiple benefits. Especially public cloud based computing, is cost efficient, i.e., a cloud user can reduce spending on technology infrastructure and have easy access to their information without up-front or long-term commitment of resources. Despite those benefits, concern over cyber security is the main reason many large organizations with sensitive information such as the Department of Defense have been reluctant to join a public cloud. This is because different public cloud users share a common platform such as the hypervisor. An attacker can compromise a virtual machine VM to launch an attack on the hypervisor which, if compromised, can instantly yield the compromising of all the VMs running on top of that hypervisor. This work shows that there are multiple Nash equilibria of the public cloud security game. However, the players use a Nash equilibrium profile depending on the probability that the hypervisor is compromised given a successful attack on a user and the total expense required to invest in security. Finally, there is no Nash equilibrium in which all the users in a public cloud fully invest in security.

Subject Categories:

  • Computer Programming and Software
  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE