Cloud security game theory scoring from predation models in simulation
Abstract
The economics of cloud computing result from amassing computation resources while being able to distribute workload in space and time. The backbone of this ability is virtualization, which abstracts the host hardware, sharing it through virtual machines. This means of interface is also a primary vehicle and target for attackers. The counter-measures to this threat consider the costs and benefits to the cloud’s essential functions. Where the future development of the cloud is also considered, this competition between attackers and victims can be modeled in extended game theory. Yet, the attacker and victim costs and benefits, expressed as measures of expense and utility, necessary for game-theory methods are elusive. This paper establishes such a game as a predator–prey contest played out on a data-center environment. A set of contestant parameters are applied at the threshold of a viable model to the characteristic boundaries. Measurement of system health is extracted in relief with individual cost and benefit then contrasted to risk. An examination of metrics capable of validating extended interaction is found to demonstrate variation on three orders of magnitude.
References
[1]
Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., Zaharia, M.: Above the clouds: a berkeley view of cloud computing. http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.html (2009)
[2]
Linthicum DS Software-defined networks meet cloud computing IEEE Cloud Comput. 2016 3 1-3
[3]
Kim KH, Beloglazov A, and Buyya R Power-aware provisioning of virtual machines for real-time cloud services Concurr. Comput. Pract. Exp. 2010 23 1–7 1-19
[4]
Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds, pp. 199–212. ACM (2009)
[5]
Cherkasova, L., Gupta, D., Amin, V.: When Virtual is Harder Than Real: Resource Allocation Challenges in Virtual Machine Based It Environments. https://www.researchgate.net/publication/228958969 (2007)
[6]
Sen J Security and Privacy Issues in Cloud Computing 2013 Pennsylvania IGI Global 1-42
[7]
Domnitser L, Jaleel A, Loew J, Abu-Ghazaleh N, and Ponomarev D Non-monopolizable caches: low-complexity mitigation of cache side channel attacks ACM Trans. Architec. Code Optim. 2012 8 4 21
[8]
Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-tenant side-channel attacks in paas clouds. In: Computer and Communication Security, pp. 990–1003. ACM. (2014)
[9]
Cui, S., Homsi, S.: Deep Reinforcement Learning for Co-resident Attack Mitigation in the Cloud, (Artificial Intelligence Annual Volume 2022).
[10]
Zhou F, Goel M, Desnoyers P, and Sundaram R Scheduler vulnerabilities and coordinated attacks in cloud computing J. Comput. Secur. 2013 21 533-559
[11]
Xu, Z., Wang, H., Xu, Z., Wang, X.: Power attack: an increasing threat to data centers. In: NDSS (2014)
[12]
Irazoqui, G.: Cross-core microarchitectural side channel attacks and countermeasures. PhD thesis, Worcester Polytechnic Institute (2017)
[13]
Vanathi R and Chokkalingam S Side channel attacks in iaas and its defense mechanisms Int. J. Eng. Adv. Technol. 2019 8 559-564
[14]
Han Y, Chan J, Alpcan T, and Leckie C Using virtual machine allocation policies to defend against co-resident attacks in cloud computing IEEE Trans. Depend. Secure Comput. 2015 14 1 95-108
[15]
Miao, F., Wang, L., Wu, Z.: A Virtual Machine Placement Based Approach to Proactively Mitigate Co-resident Attacks in Cloud, pp. 285–291. (2018)
[16]
Bates A, Mood B, Pletcher J, Pruse H, Valafar M, and Butler K On detecting co-resident cloud instances using network flow watermarking techniques Int. J. Inf. Secur. 2014 13 2 171-189
[17]
Homsi, S.: Cloud workload allocation approaches for quality of service guarantee and cybersecurity risk management. PhD thesis, Florida International University (2019)
[18]
Han, Y.: Defending against co-resident attacks in cloud computing. PhD thesis, University of Melbourne (2015)
[19]
Gawali MB and Shinde SK Task scheduling and resource allocation in cloud computing using a heuristic approach J. Cloud Comput. Adv. Syst. Appl. 2018 7 4 16
[20]
Attaouiy, W., Sabir, E.: Multi-criteria virtual machine placement in cloud computing environments: a literature review (2018)
[21]
Sui X, Liu D, Li L, Wang H, and Yang H Virtual machine scheduling strategy based on machine learning algorithms for load balancing EURASIP J. Wirel. Commun. Netw. 2019 9 160
[22]
Homsi S, Liu S, Chaparro-Baquero GA, Bai O, Ren S, and Quan G Workload consolidation for cloud data centers with guaranteed quality of service using request reneging IEEE Trans. Parallel Distrib. Syst. 2017 28 2103-2116
[23]
Wang, X., Wang, L., Miao, F., Yang, J.: Svmdf: a secure virtual machine deployment framework to mitigate co-resident threat in cloud. In: 2019 IEEE Symposium on Computers and Communications (ISCC), pp. 1–7. (2019)
[24]
Zhang, Y., Li, M., Bai, K., Yu, M., Zang, W.: Incentive Compatible Moving Target Defense Against VM-Colocation Attacks in Clouds, pp. 388–399 (2017)
[25]
Han Y, Alpcan T, Chan J, Leckie C, and Rubinstein BI A game theoretical approach to defend against co-resident attacks in cloud computing: preventing co-residence using semi-supervised learning IEEE Trans. Inf. Forensics Secur. 2015 11 3 556-570
[26]
Xu, Z., Wang, H., Wu, Z.: A measurement study on co-residence threat inside the cloud. In: Proceedings of the 24th USENIX Security Symposium, pp. 929–944 (2015)
[27]
Luca RD and Raiffa H Games and Decisions, Introduction and Critical Survey 1957 Hoboken Wiley
[28]
Zhu, Q., Rass, S.: Game theory meets network security: a tutorial at acm ccs, pp. 2165–2163. ACM. (2018)
[29]
Spaniel, W.: Game Theory 101, The Complete Textbook (2013)
[30]
Von Neumann J and Morgenstern AO Theory of Games and Economic Behavior 1953 Princeton Princeton University Press
[31]
Watson J Strategy: An Introduction to Game Theory 2013 New York W. W. Norton and Company
[32]
Trudeau RJ Introduction to Graph Theory 1993 Garden City Dover
[33]
Kwiat, L., Kamhoua, C., Kwiat, K., Tang, J., Martin, A.: Security-aware virtual machine allocation in the cloud: a game theoretic approach, pp. 556–563. (2015)
[34]
Hugie, D.M.: Applications of evolutionary game theory to the study of predator–prey interactions. PhD thesis, Simon Fraser University (1999)
[35]
Stillwell M, Schanzenbach D, Vivien F, and Casanova H Resource allocation algorithms for virtualized service hosting platforms J. Parallel Distrib. Comput. 2010 70 9 962-974
[36]
Wang, S., Zhou, X., Shang, M., Shi, X.: Coordinated Power and Performance-Efficient Virtual Machines Scheduling in the Cloud, pp. 489–494 (2018)
[37]
Hasan, M.M., Rahman, M.A.: Protection by detection: a signaling game approach to mitigate co-resident attacks in cloud. In: 2017 IEEE 10th International Conference on Cloud Computing (CLOUD), pp. 552–559. (2017)
[38]
Patel, K.D., Bhalodia, T.M.: An efficient dynamic load balancing algorithm for virtual machine in cloud computing. In: Proceedings of the International Conference on Intelligent Computing and Control Systems, pp. 145–146. IEEE, Piscataway (2019)
[39]
Serra N Utility functions and Lotka–Volterra model: a possible connection in predator–prey game J. Game Theory 2014 3 31-34
[40]
Asher D.E., Zaroukian E., Barton S.L.: Adapting the predator–prey game theoretic environment to army tactical edge scenarios with computational multiagent systems (2018)
[41]
Chen, S., Bao, S.: A game theory based predation behavior model (2009)
[42]
Goswami B, Sarkar J, Saha S, Kar S, and Sarkar P Alvec: auto-scaling by Lotka Volterra elastic cloud: a qos aware non linear dynamical allocation model Simul. Model. Pract. Theory 2019 93 262-292
[43]
Erdős P and Taylor SJ Some intersection properties of random walk paths Acta Math. Acad. Sci. Hungar. 1960 11 3 231-248
[44]
Cooper C, Frieze A, and Radzik T Multiple random walks in random regular graphs SIAM J. Discrete Math. 2009 23 1738-1761
[45]
Dvoretzky, A., Erdös, P.: Some Problems on Random Walk in Space (1951)
[46]
Hespanha, J., Prandini, M., Sastry, S.: Probabilistic pursuit-evasion games: a one-step nash approach (2000)
[47]
Begon M, Townsend CR, and Harper JL Ecology: From Individuals to Ecosystems 2005 4 Hoboken Blackwell
[48]
Healy K, Ezard TH, Jones OR, Salguero-Gomez R, and Buckley YM Animal life history is shaped by the pace of life and the distribution of age-specific mortality and reproduction Nat. Ecol. Evol. 2019 3 8 1217-1224
[49]
Wellington, J.: Lectures of Ecology, Biology, p. 4468. https://uh.edu/~biolcz/class/eco4468/lect13.htm
[50]
Krebs JC Ecology: The Experimental Analysis of Distribution and Abundance 2014 London Person
[51]
Espinoza M, Heupel MR, Tobin AJ, and Simpfendorfer CA Evidence of partial migration in a large coastal predator: opportunistic foraging and reproduction as key drivers? PLoS ONE 2016 11 2 e0147608
[52]
Näsén, L.: Synchronizing migration with birth: an exploration of migratory tactics in female moose. PhD thesis, Swedish University of Agricultural Sciences (2015)
[53]
Ayres RU On the life cycle metaphor: where ecology and economics diverge Ecol. Econ. 2004 48 4 425-438
[54]
Cantner U, Cunningham JA, Lehmann EE, and Menter M Entrepreneurial ecosystems: a dynamic lifecycle model Small Bus. Econ. 2021 57 1 407-423
[55]
Armbrust M, Fox A, Griffith R, Joseph AD, Katz R, Konwinski A, Lee G, Patterson D, Rabkin A, Stoica I, et al. A view of cloud computing Commun. ACM 2010 53 4 50-58
[56]
Kahn R A simulative study on the performance of load balancing techniques over varying cloud infrastructure using cloudsim Am. J. Comput. Sci. Eng. Surv. 2020 8 3 11
[57]
Ettikyala K and Devi YR A study on cloud simulation tools Int. J. Comput. Appl. 2015 115 14 18-21
[58]
Maarouf, A., Marzouk, A., Haqiq, A.: Comparative study of simulators for cloud computing. In: 2015 International Conference on Cloud Technologies and Applications (CloudTech), p. 8. IEEE, Piscataway (2015)
[59]
Hazra A, Adhikari M, Amgoth T, and Srirama SN Fog computing for energy-efficient data offloading of iot applications in industrial sensor networks IEEE Sens. J. 2022 22 9 8663-8671
[60]
Yu L, Chen L, Cai Z, Shen H, Liang Y, and Pan Y Stochastic load balancing for virtual resource management in datacenters IEEE Trans. Cloud Comput. 2020 8 2 459-472
[61]
Calheiros RN, Ranjan R, Beloglazov A, De Rose CAF, and Buyya R Cloudsim: a toolkit for modeling and simulation of cloud computing environments and evaluation of resource provisioning algorithms Softw. Pract. Exp. 2011 41 23-50
[62]
Son J, Dastjerdi AV, Calheiros RN, Ji X, Yoon Y, and Buyya R CloudSimSDN: Modeling and Simulation of Software-Defined Cloud Data Centers 2015 Piscataway IEEE 475-484
[63]
Jeon H, Cho C, Shin S, and Yoon S A Cloudsim Extension for Simulating Distributed Functions-as-a-Service 2019 Piscataway IEEE 386-391
[64]
Humane, P., Varshapriya, J.N.: Simulation of Cloud Infrastructure Using CloudSim Simulator: A Practical Approach for Researchers, pp. 207–211 (2015)
[65]
Barnes DJ and Kölling M Objects First with Java, A Practical Introduction Using BlueJ 2011 5 New York Pearson
[66]
Beloglazov A and Buyya R Optimal Online Deterministic Algorithms and Adaptive Heuristics for Energy and Performance Efficient Dynamic Consolidation of Virtual Machines in Cloud Data Centers 2012 New York Wiley
[67]
Zhang, Y., Li, M., Bai, K., Yu, M., Zang, W.: Incentive compatible moving target defense against vm-colocation attacks in clouds. In: IFIP International Information Security Conference, pp. 388–399. Springer (2012)
[68]
Din Q Dynamics of a discrete Lotka–Volterra model Adv. Differ. Equ. 2013 2013 95
Recommendations
A Game Theoretic Approach for Virtual Machine Allocation Security in Cloud Computing
NISS '19: Proceedings of the 2nd International Conference on Networking, Information Systems & SecurityThe Virtualization technologies make cloud computing desirable but they also introduce serious security risks like co-resident attack and interdependence between users on the same hypervisor. The previous works on the subject of virtualization security ...
TVGuarder: A Trace-Enable Virtualization Protection Framework against Insider Threats for IaaS Environments
Cloud computing has a most vulnerable security concerns as virtualization. This paper presents a Trace-enable Virtualization protection framework named TVGuarder, which protects IaaS user's important data from being illegally accessed or maliciously ...
A signaling game approach to mitigate co-resident attacks in an IaaS cloud environment
AbstractCloud service providers (CSPs) offer a variety of services that are opening the door to the infinite possibilities of cloud computing. Despite numerous benefits offered by the CSPs, there are, however, some security issues that may ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
© The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2023. Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
Publisher
Kluwer Academic Publishers
United States
Publication History
Published: 06 July 2023
Accepted: 29 May 2023
Revision received: 26 May 2023
Received: 06 October 2022
Author Tags
Qualifiers
- Research-article
Funding Sources
- This work was supported in part by the U.S. Department of Education
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 02 Oct 2024
Other Metrics
Citations
View Options
View options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in