TY - GEN
T1 - A cost-effective security management for clouds
T2 - 15th IFIP/IEEE International Symposium on Integrated Network and Service Management, IM 2017
AU - Adili, Mohammad Taghi
AU - Mohammadi, Amin
AU - Manshaei, Mohammad Hossein
AU - Rahman, Mohammad Ashiqur
N1 - Publisher Copyright:
© 2017 IFIP.
PY - 2017/7/20
Y1 - 2017/7/20
N2 - The Information Technology (IT) is observing a rising shift toward cloud computing due to its attractive on-demand storage and computing capabilities that allow moving the computing and storage load from the owner's side to the service provider's place and enjoying the data or computed results efficiently anywhere anytime. This growing use of clouds also introduces significant security concerns, as sensitive data and critical applications are increasingly being moved to clouds. Recent work also reveals different security threats, e.g., side-channel attacks, against cloud services. In this work, we address the need of improved solutions for the security management of cloud computing. We propose a moving target-based deceptive defense mechanism where the moving target idea is centered on frequent migrations of the virtual machines (VMs). We make the moves cost-efficient by modeling the problem as a signaling game between the adversary and the VMs and introducing deceptions. We solve the game and obtain two Nash equilibria. These results illustrate the best possible moves by the adversary and the corresponding strategy for the VMs that should reduce the adversary's chance of being successful at most.
AB - The Information Technology (IT) is observing a rising shift toward cloud computing due to its attractive on-demand storage and computing capabilities that allow moving the computing and storage load from the owner's side to the service provider's place and enjoying the data or computed results efficiently anywhere anytime. This growing use of clouds also introduces significant security concerns, as sensitive data and critical applications are increasingly being moved to clouds. Recent work also reveals different security threats, e.g., side-channel attacks, against cloud services. In this work, we address the need of improved solutions for the security management of cloud computing. We propose a moving target-based deceptive defense mechanism where the moving target idea is centered on frequent migrations of the virtual machines (VMs). We make the moves cost-efficient by modeling the problem as a signaling game between the adversary and the VMs and introducing deceptions. We solve the game and obtain two Nash equilibria. These results illustrate the best possible moves by the adversary and the corresponding strategy for the VMs that should reduce the adversary's chance of being successful at most.
KW - Cloud computing
KW - VM migration
KW - deceptive strategies
KW - game-theoretic analysis
KW - moving target defense
UR - http://www.scopus.com/inward/record.url?scp=85029443596&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85029443596&partnerID=8YFLogxK
U2 - 10.23919/INM.2017.7987269
DO - 10.23919/INM.2017.7987269
M3 - Conference contribution
AN - SCOPUS:85029443596
T3 - Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management
SP - 98
EP - 106
BT - Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management
A2 - Chemouil, Prosper
A2 - Simoes, Paulo
A2 - Madeira, Edmundo
A2 - Secci, Stefano
A2 - Monteiro, Edmundo
A2 - Gaspary, Luciano Paschoal
A2 - dos Santos, Carlos Raniery P.
A2 - Charalambides, Marinos
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 8 May 2017 through 12 May 2017
ER -