Army researcher minimizes the impact of cyber-attacks in cloud computing

October 18, 2018

ADELPHI, Md. -- Through a collaborative research effort, an Army researcher has made a novel contribution to cloud security and the management of cyberspace risks.

According to U.S. Army Research Laboratory electronics engineer Dr. Charles Kamhoua, technology has been the cause of many changes. Among the changes made are to our language.

"No longer does the word "cloud" merely stand for a type of atmospheric phenomena," Kamhoua said. "Today, the word "cloud" denotes the computational cloud as well."

Like the atmospheric clouds, noted Kamhoua, computational clouds are found to be abundant and ubiquitous, and this has allowed them to change people's view of computing.

"It has made computing a utility much like water and power," Kamhoua said.

The National Institute of Standards and Technology defines cloud computing as "a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction."

According to the researchers, among the multiple benefits that have emerged from a computational cloud meeting these NIST-defined properties are: lower costs, a pay-as-you-go structure, quick deployment, ease of access, dynamic scalability of resources on demand, low overhead and no long-term commitments.

"These benefits are consistent with people's expectation of a general utility benefits derived from a community's sharing of resources in a well-governed manner," Kamhoua said. "However, there are significant risks associated with using the computational cloud."

Kamhoua said one of the biggest cyber security concerns is the inherent and unknown danger arising from a shared platform, namely the hypervisor.

According to Kamhoua, one can think of the hypervisor as the infrastructure that is the basis for the cloud's utility it is a shared resource where all users interface and connect.

Users of the cloud have virtual machines, a simulation of a physical computer, to carry out their computations, and each VM runs on a central shared resource the hypervisor.

"Herein lies the unseen danger: an attacker can target an unsecured VM, and once that VM is compromised, the attack can move on to compromise the hypervisor," Kamhoua said. "At that point, the utility of a shared resource of the hypervisor has tipped toward the attacker because once the hypervisor is compromised, all other virtual machines on that hypervisor are easy prey for the attacker."

A shared platform emphasizes a problem referred to as negative externalities.

"In this case, the negative externality manifests as the (in)security of one virtual machine affecting the security of all other co-located virtual machines," Kamhoua said.

This security challenge attracted a research team including Kamhoua and researchers from the University of Florida, Haloed Sun TEK of the CAESAR Group and Syracuse University.

"Due to the unique structuring of the competing interests in the cloud, our research team evaluated the problem in question using game theory, which, according to Myerson, in his landmark book "Game Theory: Analysis of Conflict," is the study of mathematical models of conflict and cooperation between intelligent rational decision-makers," Kamhoua said.

Their research arrived at a non-intuitive conclusion that improves upon current cloud security approaches.

They created an algorithm that, by assigning VMs to hypervisors according to game-theoretically-derived guidelines, makes the attacker indifferent as to which hypervisor to attack.

"The importance of attaining this outcome is this: in cybersecurity, attacker indifference makes a big difference," Kamhoua said. "By compelling the attacker to be inattentive to any single target, the research team made a novel contribution to cloud security."

According to Kamhoua, this research reinforces the widely-held understanding that risk in cyberspace can never be eliminated, so it must therefore be rigorously managed. It is advantageous for VMs having the same level of security and risk to be clustered together on the same hypervisor.

Their result's underpinnings in game theory lend credence to the notion that effective information assurance requires mathematics and not merely software tools.

"This research reveals a novel virtual machine allocation scheme that can provide the necessary incentive for a large organization with sensitive information such as the Department of Defense to join the cloud," Kamhoua said. "A quantitative approach to cloud computing security using game theory captures the strategic view of attackers and gains a precise characterization of the cyber threats facing the cloud".

"This research arms cloud service providers that contract with the DOD with a proven mathematical framework to minimize the impact of cyberattacks in the cloud," Kamhoua said. "This allow Soldiers with lightweight mobile devices on tactical networks to securely perform fast computation leveraging the cloud."
Details of this research are presented in the book chapter "Risk and Benefit: Game-Theoretical Analysis and Algorithm for Virtual Machine Security Management in the Cloud" by Luke Kwiat, Charles A. Kamhoua, Kevin A. Kwiat, Jian Tang, in the book "Assured Cloud Computing," Edited by Roy H. Campbell, Charles A. Kamhoua, and Kevin A. Kwiat, Published by Wiley-IEEE press, October 2018.

The results of the research were also put on the path towards technology transfer to the commercial sector by being submitted to the U.S. Patent and Trademark Office, where US Patent number 9832220 was awarded to Luke Kwiat, Charles Kamhoua and Kevin Kwiat, for the invention "Security method for allocation of virtual machines in a cloud computing network".

U.S. Army Research Laboratory

Related Game Theory Articles from Brightsurf:

Head in the game
Researchers at the University of Tsukuba find that blind soccer players rotate their heads downward when trapping an incoming pass.

Secrets behind "Game of Thrones" unveiled by data science and network theory
What are the secrets behind one of the most successful fantasy series of all time?

A memory game could help us understand brain injury
A Boston University team created a memory game for mice in order to examine the function of two different brain areas that process information about the sensation of touch and the memory of previous events.

Is video game addiction real?
A recent six-year study, the longest study ever done on video game addiction, found that about 90% of gamers do not play in a way that is harmful or causes negative long-term consequences.

Game theory suggests more efficient cancer therapy
Cornell mathematicians are using game theory to model how this competition could be leveraged, so cancer treatment -- which also takes a toll on the patient's body -- might be administered more sparingly, with maximized effect.

Kids eat more calories in post-game snacks than they burn during the game
A new study led by Brigham Young University public health researchers finds the number of calories kids consume from post-game snacks far exceeds the number of calories they actually burn playing in the game.

Can exercise improve video game performance?
Time spent playing video games is often seen as time stolen from physical activities.

APS tip sheet: Dark matter's galactic emissions and game theory of vaccination
The APS Tip Sheet highlights noteworthy research recently published in the Physical Review Journals.

Get your game face on: Study finds it may help
Could putting on a serious face in preparation for competition actually impact performance?

Researchers use game theory to successfully identify bacterial antibiotic resistance
Washington State University researchers have developed a novel way to identify previously unrecognized antibiotic-resistance genes in bacteria.

Read More: Game Theory News and Game Theory Current Events is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to