Modeling the security of virtual machines in the cloud using iterative game theory

Document Type : Original Article

Authors

Department of Computer Engineering, Faculty of Electrical and Computer Engineering, University of Kashan, Kashan, Iran.

Abstract

Today, the numerous benefits of cloud computing have led many small and large organizations to use cloud services to reduce their costs. However, there are some barriers to using cloud services, and one of the biggest is security attacks affected by the supervisor. When a direct attack is made on a user on a supervisor, it may indirectly attack other users' virtual machines as well. In this regard, conflicting goals and interests between cloud service users and attackers make it difficult for cloud service providers to invest in security modules for their servers. Therefore, this paper provides an appropriate solution for decision-making about investing in a security module for each player using game theory. Furthermore, using the iterative game model, all Nash equilibria have been extracted and analyzed. The results show that game theory can be well applied to making appropriate decisions and finding right balance for decision-making in the field of security. According to simulation results, it can be said that in iterative games with a probability of repeating the game between 0.2 and 0.8, predetermined investment strategies or non-investment strategies can lead to a suitable Nash equilibrium and maximize the benefits for cloud service users.

Keywords


[1] Kwiat L., Kamhoua C.A., Kwiat K.A., and Tang J., “Risks and Benefits: Game-Theoretical Analysis and Algorithm for Virtual Machine Security Management in the Cloud,” Assur. Cloud Comput., pp. 49–80, 2018, doi: 10.1002/9781119428497.ch3.
[2] Shabeera T.P., Madhu Kumar S.D., Salam S.M., and Murali Krishnan K., “Optimizing VM allocation and data placement for data-intensive applications in cloud using ACO metaheuristic algorithm,” Eng. Sci. Technol. an Int. J., 20(2): 616–628, 2017, doi: 10.1016/j.jestch.2016.11.006.
[3] Tavluoglu C. and Korkmaz A., “Use of Cloud Computing Applications in Reference Services,” Bilgi Dünyasi, 15(2), 2015, doi: 10.15612/bd.2014.420.
[4] Lee C.S., “Multi-objective game-theory models for conflict analysis in reservoir watershed management,” Chemosphere, 87(6): 608–613, 2012, doi: 10.1016/j.chemosphere.2012.01.014.
[5] Kamhoua C.A., Kwiat L., Kwiat K.A., Park J.S., Zhao M., and Rodriguez M., “Game theoretic modeling of security and interdependency in a public cloud,” IEEE Int. Conf. Cloud Comput. CLOUD, pp. 514–521, 2014, doi: 10.1109/CLOUD.2014.75.
[6] Gill K.S., Saxena S., and Sharma A., “GTM-CSec: Game theoretic model for cloud security based on IDS and honeypot,” Comput. Secur., vol. 92, 2020, doi: 10.1016/j.cose.2020.101732.
[7] Nezarat A., “A Game Theoretic Method for VM-To-Hypervisor Attacks Detection in Cloud Environment,” Proc. - 2017 17th IEEE/ACM Int. Symp. Clust. Cloud Grid Comput. CCGRID 2017, pp. 1127–1135, 2017, doi: 10.1109/CCGRID.2017.138.
[8] Moseley M., “The Nation’s Guardians: America’s 21st Century Air Force,” pp. 1–10, 2007, Accessed: Feb. 16, 2021. [Online]. Available: http://www.dtic.mil/dtic/tr/fulltext/u2/a477488.pdf.
[9] Ristenpart T., Tromer E., Shacham H., and Savage S., “Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds,” in Proceedings of the ACM Conference on Computer and Communications Security, 2009, pp. 199–212, doi: 10.1145/1653662.1653687.
[10] Kwiat K., “Can reliability and security be joined reliably and securely?,” Proc. IEEE Symp. Reliab. Distrib. Syst., pp. 72–73, 2001, doi: 10.1109/reldis.2001.969750.
[11] Mosweu T., Luthuli L., and Mosweu O., “Implications of cloud-computing services in records management in Africa: Achilles heels of the digital era?,” SA J. Inf. Manag., 21(1), 2019, doi: 10.4102/sajim.v21i1.1069.
[12] Kamhoua C.A., Kwiat L., Kwiat K.A., Park J.S., Zhao M., and Rodriguez M., “Game theoretic modeling of security and interdependency in a public cloud,” IEEE Int. Conf. Cloud Comput. CLOUD, pp. 514–521, 2014, doi: 10.1109/CLOUD.2014.75.
[13] Shiri H., Park J., and Bennis M., “Communication-Efficient Massive UAV Online Path Control: Federated Learning Meets Mean-Field Game Theory,” 2020. doi: 10.1109/TCOMM.2020.3017281.
[14] Higham R. and Carter E.F., “Railways in Wartime.,” Mil. Aff., 29(4):208, 1965, doi: 10.2307/1984412.
[15] Kim H., Park J., Bennis M., and Kim S.L., “Massive UAV-to-Ground Communication and its Stable Movement Control: A Mean-Field Approach,” 2018. doi: 10.1109/SPAWC.2018.8445906.
[16] Rao N.S.V., Poole S.W., He F., Zhuang J., Ma C.Y.T., and Yau D.K.Y., “Cloud computing infrastructure robustness: A game theory approach,” 2012. doi: 10.1109/ICCNC.2012.6167441.
[17] Jalaparti V., Nguyen G., Gupta I., and Caesar M., “Cloud Resource Allocation Games,” Sort, 2010, Accessed: Sep. 13, 2021. [Online]. Available: http://hdl.handle.net/2142/17427.
[18] Wei G., Vasilakos A.V., Zheng Y., and Xiong N., “A game-theoretic method of fair resource allocation for cloud computing services,” J. Supercomput., 54(2): 252–269, 2010, doi: 10.1007/s11227-009-0318-1.
[19] Han Y., Alpcan T., Chan J., and Leckie C., “Security games for virtual machine allocation in cloud computing,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2013, vol. 8252 LNCS, pp. 99–118, doi: 10.1007/978-3-319-02786-9_7.
[20] Halabi T. and Bellaiche M., “Towards Security-Based Formation of Cloud Federations: A Game Theoretical Approach,” IEEE Trans. Cloud Comput., 8(3): 928–942, 2020, doi: 10.1109/TCC.2018.2820715.
[21] Agarwal A. and Duong T.N.B., “Secure virtual machine placement in cloud data centers,” Futur. Gener. Comput. Syst., 100: 210–222, 2019, doi: 10.1016/j.future.2019.05.005.
[22] Liang X. and Yan Z., “A survey on game theoretical methods in Human–Machine Networks,” Futur. Gener. Comput. Syst., 92:674–693, 2019, doi: 10.1016/j.future.2017.10.051.
[23] Ousmane S.B., Mbacke B.C.S., and Ibrahima N., “A game theoretic approach for virtual machine allocation security in cloud computing,” in ACM International Conference Proceeding Series, 2019, vol. Part F1481, doi: 10.1145/3320326.3320379.
[24] Homsi S., Quan G., Wen W., Chapparo-Baquero G.A., and Njilla L., “Game theoretic-based approaches for cybersecurity-aware virtual machine placement in public cloud clusters,” Proc. - 19th IEEE/ACM Int. Symp. Clust. Cloud Grid Comput. CCGrid 2019, pp. 272–281, 2019, doi: 10.1109/CCGRID.2019.00041.
[25] Prabhakar K., Dutta K., Jain R., Sharma M., and Khatri S.K., “Securing Virtual Machines on Cloud through Game Theory Approach,” Proc. - 2019 Amity Int. Conf. Artif. Intell. AICAI 2019, pp. 859–863, 2019, doi: 10.1109/AICAI.2019.8701229.
[26] Wang Y., Guo Y., Guo Z., Baker T., and Liu W., “CLOSURE: A cloud scientific workflow scheduling algorithm based on attack–defense game model,” Futur. Gener. Comput. Syst., 111:460–474, 2020, doi: 10.1016/j.future.2019.11.003.
[27] Carvalho G.H.S., Woungang I., Anpalagan A., and Traore I., “Security- and Location-Aware Optimal Virtual Machine Management for 5G-Driven MEC Systems,” in Lecture Notes on Data Engineering and Communications Technologies, vol. 51, Springer, 2020, pp. 123–134.
[28] Kandoussi E.M., Hanini M., El Mir I., and Haqiq A., “Toward an integrated dynamic defense system for strategic detecting attacks in cloud networks using stochastic game,” Telecommun. Syst., 73(3): 397–417, Mar. 2020, doi: 10.1007/s11235-019-00616-1.