Thumbnail Image

A scalable approach to joint cyber insurance and security-as-a-service provisioning in cloud computing

As computing services are increasingly cloud-based, corporations are investing in cloud-based security measures. The Security-asa- Service (SECaaS) paradigm allows customers to outsource security to the cloud, through the payment of a subscription fee. However, no security system is bulletproof, and even one successful attack can result in the loss of data and revenue worth millions of dollars. To guard against this eventuality, customers may also purchase cyber insurance to receive recompense in the case of loss. To achieve cost effectiveness, it is necessary to balance provisioning of security and insurance, even when future costs and risks are uncertain. To this end, we introduce a stochastic optimization model to optimally provision security and insurance services in the cloud. Since the model we design is a mixed integer problem, we also introduce a partial Lagrange multiplier algorithm that takes advantage of the total unimodularity property to find the solution in polynomial time. We also apply sensitivity analysis to find the exact tolerance of decision variables to parameter changes. We show the effectiveness of these techniques using numerical results based on real attack data to demonstrate a realistic testing environment, and find that security and insurance are interdependent.
Journal Article
Type of thesis
Chase, J., Niyato, D., Wang, P., Chaisiri, S., & Ko, R. K. L. (2017). A scalable approach to joint cyber insurance and security-as-a-service provisioning in cloud computing. IEEE Transactions on Dependable and Secure Computing, PP(99). https://doi.org/10.1109/TDSC.2017.2703626
IEEE Computer Society
© 2017 IEEE. This is the author's accepted version. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.