Security and interdependency in a public cloud: A game-theoretic approach

Abstract

As cloud computing thrives, many organizations - both large and small - are taking advantage of the multiple benefits of joining a public cloud. Public cloud computing is cost-effective: a cloud user can reduce spending on technology infrastructure and have easy access to their information without an up-front or long-term commitment of resources. Despite such benefits, concern over cyber security deters many large organizations with sensitive information to use a public cloud such as the Department of Defense. This is because different public cloud users share a common platform such as the hypervisor. An attacker can compromise a virtual machine (VM) to launch an attack on the hypervisor which, if compromised, can instantly yield the compromising of all the VMs running on top of that hypervisor. In this paper we evaluate the cloud user-attacker dynamic using game theory, which models competition among rational agents. This work will show that there are multiple Nash equilibria of the public cloud game. The Nash equilibrium profile that results will be shown to depend on several factors, including the probability that the hypervisor is compromised given a successful attack on a user and the total expense required to invest in security.