{"title":"将资产转移到云端:基于信任的博弈论方法","authors":"Louai A. Maghrabi, E. Pfluegel","doi":"10.1109/CyberSA.2015.7166120","DOIUrl":null,"url":null,"abstract":"Increasingly, organisations and individuals are relying on external parties to store, maintain and protect their critical assets. The use of public clouds is commonly considered advantageous in terms of flexibility, scalability and cost effectiveness. On the other hand, the security aspects are complex and many resulting challenges remain unresolved. In particular, one cannot rule out the existence of internal attacks carried out by a malicious cloud provider. In this paper, we use game theory in order to aid assessing the risk involved in moving critical assets of an IT system to a public cloud. Adopting a user perspective, we model benefits and costs that arise due to attacks on the user's asset, exploiting vulnerabilities on either the user's system or the cloud. A novel aspect of our approach is the use of the trust that the user may have in the cloud provider as an explicit parameter T in the model. For some specific values of T, we show the existence of a pure Nash equilibrium and compute a mixed equilibrium corresponding to an example scenario.","PeriodicalId":432356,"journal":{"name":"2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)","volume":"68 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Moving assets to the cloud: A game theoretic approach based on trust\",\"authors\":\"Louai A. Maghrabi, E. Pfluegel\",\"doi\":\"10.1109/CyberSA.2015.7166120\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Increasingly, organisations and individuals are relying on external parties to store, maintain and protect their critical assets. The use of public clouds is commonly considered advantageous in terms of flexibility, scalability and cost effectiveness. On the other hand, the security aspects are complex and many resulting challenges remain unresolved. In particular, one cannot rule out the existence of internal attacks carried out by a malicious cloud provider. In this paper, we use game theory in order to aid assessing the risk involved in moving critical assets of an IT system to a public cloud. Adopting a user perspective, we model benefits and costs that arise due to attacks on the user's asset, exploiting vulnerabilities on either the user's system or the cloud. A novel aspect of our approach is the use of the trust that the user may have in the cloud provider as an explicit parameter T in the model. For some specific values of T, we show the existence of a pure Nash equilibrium and compute a mixed equilibrium corresponding to an example scenario.\",\"PeriodicalId\":432356,\"journal\":{\"name\":\"2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)\",\"volume\":\"68 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-06-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CyberSA.2015.7166120\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CyberSA.2015.7166120","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Moving assets to the cloud: A game theoretic approach based on trust
Increasingly, organisations and individuals are relying on external parties to store, maintain and protect their critical assets. The use of public clouds is commonly considered advantageous in terms of flexibility, scalability and cost effectiveness. On the other hand, the security aspects are complex and many resulting challenges remain unresolved. In particular, one cannot rule out the existence of internal attacks carried out by a malicious cloud provider. In this paper, we use game theory in order to aid assessing the risk involved in moving critical assets of an IT system to a public cloud. Adopting a user perspective, we model benefits and costs that arise due to attacks on the user's asset, exploiting vulnerabilities on either the user's system or the cloud. A novel aspect of our approach is the use of the trust that the user may have in the cloud provider as an explicit parameter T in the model. For some specific values of T, we show the existence of a pure Nash equilibrium and compute a mixed equilibrium corresponding to an example scenario.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
