Publication Type

Journal Article

Version

acceptedVersion

Publication Date

7-2019

Abstract

As computing services are increasingly cloud-based, corporations are investing in cloud-based security measures. The Security-as-a-Service (SECaaS) paradigm allows customers to outsource security to the cloud, through the payment of a subscription fee. However, no security system is bulletproof, and even one successful attack can result in the loss of data and revenue worth millions of dollars. To guard against this eventuality, customers may also purchase cyber insurance to receive recompense in the case of loss. To achieve cost effectiveness, it is necessary to balance provisioning of security and insurance, even when future costs and risks are uncertain. To this end, we introduce a stochastic optimization model to optimally provision security and insurance services in the cloud. Since the model we design is a mixed integer problem, we also introduce a partial Lagrange multiplier algorithm that takes advantage of the total unimodularity property to find the solution in polynomial time. We also apply sensitivity analysis to find the exact tolerance of decision variables to parameter changes. We show the effectiveness of these techniques using numerical results based on real attack data to demonstrate a realistic testing environment, and find that security and insurance are interdependent.

Keywords

Cloud computing, cyber insurance, security as a service, partial Lagrange multiplier method, sensitivity analysis

Discipline

Databases and Information Systems | Information Security | OS and Networks

Research Areas

Data Science and Engineering

Publication

IEEE Transactions on Dependable and Secure Computing

Volume

16

Issue

4

First Page

565

Last Page

579

ISSN

1545-5971

Identifier

10.1109/TDSC.2017.2703626

Publisher

Institute of Electrical and Electronics Engineers

Copyright Owner and License

Authors

Additional URL

https://doi.org/10.1109/TDSC.2017.2703626

Download

Share

COinS