A Stochastic Programming Approach for Risk Management in Mobile Cloud Computing
Dinh Thai Hoang, Dusit Niyato, Ping Wang, Shaun Shuxun Wang, Diep Nguyen, Eryk Dutkiewicz
AA Stochastic Programming Approach for RiskManagement in Mobile Cloud Computing
Dinh Thai Hoang , Dusit Niyato , Ping Wang , Shaun Shuxun Wang , Diep Nguyen , and Eryk Dutkiewicz School of Computer Science and Engineering, Nanyang Technological University, Singapore Nanyang Business School, Nanyang Technological University, Singapore School of Computing and Communications, University of Technology, Sydney, Australia
Abstract —The development of mobile cloud computing hasbrought many benefits to mobile users as well as cloud serviceproviders. However, mobile cloud computing is facing somechallenges, especially security-related problems due to the grow-ing number of cyberattacks which can cause serious losses. Inthis paper, we propose a dynamic framework together withadvanced risk management strategies to minimize losses causedby cyberattacks to a cloud service provider. In particular, thisframework allows the cloud service provider to select appropriatesecurity solutions, e.g., security software/hardware implementa-tion and insurance policies, to deal with different types of attacks.Furthermore, the stochastic programming approach is adoptedto minimize the expected total loss for the cloud service providerunder its financial capability and uncertainty of attacks and theirpotential losses. Through numerical evaluation, we show that ourapproach is an effective tool in not only dealing with cyberattacksunder uncertainty, but also minimizing the total loss for the cloudservice provider given its available budget.
Keywords-
Cyber insurance, cybersecurity, cloud services,mobile cloud, stochastic programming.I. I
NTRODUCTION
Mobile cloud computing (MCC) is an emerging platformusing cloud computing to provide applications and services tomobile users through mobile networks. By taking advantagesof cloud computing technology, mobile applications can beperformed more efficiently, thereby generating huge profits formobile users as well as cloud service providers (CSPs) [1].Forbes magazine predicts that worldwide spending on publiccloud services will grow at a 19.4% compound annual growthrate (CAGR) from nearly $70 billion in 2015 to more than$141 billion in 2019. However, the development of MCCsis facing with some security-related challenges due to thegrowing of cyberattacks in the last few years. According toUS government statistics, the number of ransomware attacksincreased 300% from 2015, with over 4,000 attacks detectedper day in 2016 [2]. Hence, countermeasures and risk man-agement solutions for cybercrime are urgently in need.Although there are many security solutions implemented todetect and prevent cyberattacks in MCC such as implementingfirewall and installing antivirus software, achieving completesecurity protection is still nearly impossible [3]. Therefore,cyber insurance has been emerging as an alternative approachto address and manage cyber risks for cloud and computernetworks [4], [5]. Under cyber insurance coverage, when anattack happens to a CSP, the CSP’s losses will be coveredpartially or fully by the cyber insurance provider. In otherwords, cyber risks of the CSP now are “transferred” to theinsurance provider through a cyber insurance contract. Thus, the CSP’s risks can be mitigated significantly. However, cyberinsurance is not always the best solution for the CSP becauseof the variety of attacks, the diversity of premiums and claims,and the CSP’s limited budget. Hence, how to balance betweensecurity and insurance policies given a limited budget andunder uncertainty of cyber threats is an important challenge.In this paper, we propose a dynamic framework which canutilize advantages of both security and insurance polices, andit can be applied widely in cloud environment to deal withcyber risks under uncertainty. This framework consists of twodecision stages. In the first stage, the CSP has to decide howmuch it should invest to buy security packages to preventcyberattacks and how much it should spend to buy insurancepackages to cover losses caused by the attacks. The moremoney the CSP invests into security packages, the higherchance the cyberattacks can be successfully prevented, but theless money the CSP can spend for insurance. Then, in thesecond stage, the CSP observes actual attacks associated withtheir direct losses, and makes a decision to whether implementcountermeasures to mitigate their indirect losses or not. Toaddress the multi-stage optimization problem under uncertaintyof attacks and a limited budget, we adopt the stochasticprogramming method [6] to find optimal budget allocationpolicies for the CSP. Through performance evaluation, wedemonstrate that the proposed approach can use efficiently anavailable budget to minimize the total cost incurred by thecyberattacks under uncertainty. We also show the efficiencyof using cyber insurance in dealing with cyber risks in MCCthrough balancing budget allocation.II. R
ELATED W ORK
The rapid growth of cloud services together with highsecurity demands recently have brought a great opportu-nity for cyber insurance providers. The first commercial cy-ber insurance products were introduced by
Cloudinsurnce
MSPAlliance a r X i v : . [ c s . CR ] D ec orks with the CSP. While Cloudinsurance and MSPAllianceaim to provide insurance policies for CSPs, Cloudsurance
YSTEM M ODEL
The system model is illustrated in Fig. 1. In this model,the CSP provides cloud services/applications to its customers.When the CSP provides services, it can suffer from cyberat-tacks which can cause serious damages. There are K typesof attacks which can occur with different probabilities in thebusiness time. We denote A = { a , . . . , a k , . . . , a K } as theset of attacks which can occur simultaneously at the businesstime with probabilities { p ( a ) , . . . , p ( a k ) , . . . , p ( a K ) } , respec-tively. Therefore, before the service period, the CSP can chooseto buy security packages to prevent cyberattacks which canoccur at the business time.We assume that there are N security service providers (SPs),and each SP provides K security packages to deal with K types of attacks. The security package offered by SP- n toprevent attack a k is denoted by s a k n . Each s a k n costs c a k n , andit can protect the CSP from attack a k with probability p a k n .Given the available budget and information of attacks (e.g.,probabilities of attacks and their potential losses), the CSPcan choose optimal security packages to minimize the potentialloss. However, when attacks happen, the implemented security Cloud service provider . .. a a k a K .. . Cyber attacks
Direct loss g SP SP n SP N ... ... IP IP m IP M ... .. . Security providersInsurance providers IP m a SP n a .. . ... ...... PremiumClaim Security service feeProtection probabilityIP m a k IP m a K SP n a k SP n a K 𝑐 𝑛𝑎 𝑘 𝑝 𝑛𝑎 𝑘 𝑟 𝑚𝑎 𝑘 Customers 𝑞 𝑚𝑎 𝑘 𝑑 𝑔𝑎 𝑘 𝑖 𝑒 (𝑑 𝑔𝑎 𝑘 ) Indirect loss e 𝑝(𝑎 𝑘 ) 𝑝 𝑎 𝑘 𝑑 𝑔 𝑝 𝑒𝑖 (𝑑 𝑔𝑎 𝑘 ) Fig. 1. System model. solutions may not be able to prevent the attacks completely.Thus, the CSP can choose to buy cyber insurance packages tocover its services when cyber risks happen.We assume that there are M cyber insurance providers (IPs),and each IP offers K insurance packages for K types of at-tacks. The insurance package offered by IP- m to cover the losscaused by attack a k is denoted by i a k m . Each i a k m has premium r a k m and covers q a k m % of the loss of attack a k . Here, there aretwo types of losses, i.e., direct loss and indirect loss, with theamounts denoted by d a k g and i e ( d a k g ) U repair packages from which the CSP can choose, and eachrepair package u ∈ U = { , . . . , U } is associated with a repairpackage fee s d g ,a k u and a percentage of damage reduction ifwe implement repair package u . We denote − t d g ,a k u asthe percentage of indirect losses which can be reduced if weimplement repair package u for direct loss d g under attack a k . The repair packages are especially useful in dealing withcyberattacks with high indirect losses. However, due to thelimited budget and the diverse attacks and their losses, theCSP needs to balance expenditure distribution to minimize itstotal cost.V. S TAGES , D
ECISION V ARIABLES , AND U NCERTAINTY
The stochastic programming model under considerationscontains three stages, i.e., preparation, service, and assessmentstages, as illustrated in Fig. 2. At the first stage, the CSPevaluates potential losses of cyberattacks which can happenin the service stage, and makes decisions to buy securityand insurance packages to prevent cyberattacks and mitigatetheir potential losses. Then, in the second stage, the CSPobserves the actual attacks and their direct losses, and selectsappropriate repair packages to prevent potential indirect losses.Finally, at the last stage, the CSP assesses the actual total loss.
CSP purchases security and insurance packages
Preparation
Stage
Service
Stage
AssessmentStage
Attacks occur and CSP purchases repair packages Claim and assess the actual total lossesa k 𝑖 𝑟𝑎 𝑘 a k a k 𝑝 𝑛𝑎 𝑘 Attacks occur Successful attackSuccessful protection 𝑛𝑎 𝑘 Cloud Service Provider (CSP) 𝑠 𝑝𝑎 𝑘 a k 𝑝(𝑎 𝑘 ) Direct loss Indirect loss
ClaimRepair packageSecurity package Insurance package Actual indirect loss
Actual direct loss
Observe direct loss 𝑝 𝑑 𝑔 𝑎 𝑘 𝑑 𝑔𝑎 𝑘 𝑢𝑑 𝑔 ,𝑎 𝑘 𝑖 𝑒 (𝑑 𝑔𝑎 𝑘 ) 𝑖 𝑒 (𝑑 𝑔𝑎 𝑘 ) 𝑝 𝑒𝑖 (𝑑 𝑔𝑎 𝑘 ) 𝑞 𝑚𝑎 𝑘 𝑑 𝑔𝑎 𝑘 − 𝑞 𝑚𝑎 𝑘 𝑑 𝑔𝑎 𝑘 𝑠 𝑢𝑑 𝑔 ,𝑎 𝑘 𝑢𝑑 𝑔 ,𝑎 𝑘 Fig. 2. In each business time period, there are three stages.
A. Decision Variables
The solution of a stochastic optimization formulation isknown as a decision, and is represented by a set of valuesassigned to the decision variables. In the considered systemmodel, there are three decision variables which are made inthe first two stages, i.e., preparation and service stages.
1) Preparation stage:
In the preparation stage, the CSP hasto make two decisions (1) which security packages and (2)which insurance packages should be purchased? If we denote X a k n as the decision variable to buy security package n from SP n to prevent attack a k and Y a k m as the decision variable tobuy insurance package m from IP m to cover attack a k , thenwe have: X a k n ∈ { , } , ∀ a k ∈ A and ∀ n ∈ N = { , . . . , N } ,Y a k m ∈ { , } , ∀ a k ∈ A and ∀ m ∈ M = { , . . . , M } , (1)where is to express that the CSP agrees to buy, and otherwise. Here, variables X a k n and Y a k m must satisfy thefollowing constraints: X a k n ∈ { , } , ∀ a k ∈ A and n ∈ N , and N (cid:88) n =1 X a k n ≤ , ∀ a k ∈ A . (2) Y a k m ∈ { , } , ∀ a k ∈ A and m ∈ M , and M (cid:88) m =1 Y a k m ≤ , ∀ a k ∈ A . (3) K (cid:88) k =1 N (cid:88) n =1 X a k n c a k n + K (cid:88) k =1 M (cid:88) m =1 Y a k m r a k m ≤ B ∗ . (4) The constraints in (2) and (3) are to ensure that each attackis covered by at most one security provider and one insuranceprovider, respectively. The constraint in (4) is to make sure thatthe total expenditure of the CSP does not exceed the availablebudget B ∗ .
2) Service stage:
When an attack a k happens and is suc-cessful, it can cause a direct loss d a k g with probability p d g a k .Here, we denote G as the total number of direct loss cases,then we have: G (cid:88) g =1 p d g a k = 1 , ∀ a k ∈ A . (5)When direct loss d a k g happens, it will associate with indirectloss i e ( d a k g ) with probability p ie ( d a k g ) . We denote E as the totalnumber of indirect loss cases, then we have: E (cid:88) e =1 p ie ( d a k g ) = 1 , ∀ a k ∈ A and g ∈ G = { , . . . , G } . (6)If the direct loss d a k g happens, the CSP can choose a repairpackage to mitigate the indirect losses caused by the direct loss d a k g . We denote Z d g ,a k u as the decision variable to implementrepair package u for direct loss d g under attack a k . Then, wehave the following constraints: Z d g ,a k u ∈ { , } , ∀ a k ∈ A , u ∈ U and g ∈ G , and U (cid:88) u =1 Z d g ,a k u ≤ , ∀ a k ∈ A and ∀ g ∈ G . (7) K (cid:88) k =1 N (cid:88) n =1 X a k n c a k n + K (cid:88) k =1 M (cid:88) m =1 Y a k m r a k m + K (cid:88) k =1 U (cid:88) u =1 G (cid:88) g =1 Z d g ,a k u s d g ,a k u ≤ B ∗ . (8)Here, the constraint in (7) is to ensure that each directloss caused by an attack is covered by at most one repairpackage, and the constraint in (8) is to make sure that thetotal expenditure of the CSP does not exceed the availablebudget B ∗ .
3) Assessment stage:
In the last stage, the CSP evaluatesthe actual indirect losses and makes claims for direct lossescovered by the IPs.
B. Uncertainty of Parameters and Scenarios
The considered system contains a number of uncertainparameters which are unknown in advance. In particular, thenumber of cyberattacks in the second stage, direct lossesassociated with each attack, and indirect losses of each attachgiven an actual direct loss, are unknown at the first stage. Thenumber of attacks and their direct losses are only known in thesecond stage. Similarly, the indirect loss of each attack is onlyknown in the third stage. We denote A and D as the set ofall possible attack scenarios and the set of all possible directloss scenarios associated with an attack, respectively. Let Ω † represent the set of all possible scenarios in the second stage,then Ω † = A × D , where × is the Cartesian product. Similarly,we denote I as the set of all possible indirect loss scenariosin the last stage. Then, the set of all possible scenarios in thelast stage is Ω ‡ = I .. P ROBLEM F ORMULATION
A. Stochastic Optimization Problem
To solve the problem, we adopt the stochastic programmingoptimization technique with multi-stage decisions. The opti-mization problem formulation is given in (9). min X akn ,Y akm ,Z dg,aku K (cid:88) k =1 N (cid:88) n =1 M (cid:88) m =1 G (cid:88) g =1 U (cid:88) u =1 E (cid:88) e =1 (cid:32) C (cid:0) X a k n , Y a k m (cid:1) + E Ω † (cid:20) C (cid:0) X a k n , Y a k m , Z d g ,a k u , ω † (cid:1) + E Ω ‡ (cid:104) C (cid:0) X a k n , Y a k m , Z d g ,a k u , ω † , ω ‡ (cid:1)(cid:105)(cid:21)(cid:33) , (9)s.t. (2), (3), (7), and (8).The objective function in (9) aims to minimize the total costof CSP in all three stages. The expected costs of the second andthird stages are represented by E Ω † [ · ] and E Ω ‡ [ · ] , respectively.Here, ω † ∈ Ω † and ω ‡ ∈ Ω ‡ are scenarios in the second andthird stages, respectively.In (9), C (cid:0) X a k n , Y a k m (cid:1) is an optimization problem to mini-mize the total cost at the preparation stage, and it is definedas follows: C (cid:0) X a k n , Y a k m (cid:1) =min X akn ,Y akm (cid:32) K (cid:88) k =1 N (cid:88) n =1 X a k n c a k n + K (cid:88) k =1 M (cid:88) m =1 Y a k m r a k m (cid:33) . (10)Given fixed values of decision variables X a k n and a scenarioin the second stage ω † , we minimize the total cost in the secondstage by: C (cid:0) X a k n , Y a k m , Z d g ,a k u , ω † (cid:1) = min Z ak,dgu (cid:18) K (cid:88) k =1 G (cid:88) g =1 d a k g ( X a k n , ω † )+ K (cid:88) k =1 U (cid:88) u =1 G (cid:88) g =1 Z d g ,a k u ( X a k n , ω † ) s d g ,a k u (cid:19) . (11)In (11), d a k g ( X a k n , ω † ) is the direct loss and Z d g ,a k u ( X a k n , ω † ) is the decision of the CSP given decisions X a k n ( ∀ n ∈ N and a k ∈ A ) in the first stage and the scenario of attacks associatedwith their direct losses in the second stage.The total cost for the last stage is determined as follows: C (cid:0) X a k n , Y a k m , Z d g ,a k u , ω † , ω ‡ (cid:1) = E (cid:88) e =1 i e ( X a k n , Z d g ,a k u , ω † , ω ‡ ) − K (cid:88) k =1 M (cid:88) m =1 Y a k m ( ω † ) q a k m . (12)In (12), the first and second terms represent the indirectloss and the claim of the CSP. Here, i e ( X a k n , Z d g ,a k u , ω † , ω ‡ ) is the indirect loss given decisions of the CSP made in thefirst and second stages and actual scenarios of the second andthird stages. Y a k m ( ω † ) q a k m is the actual claim of the CSP givenits decision to buy insurance in the first stage and the actualscenario in the second stage. B. Deterministic Equivalent Formulation
The aforementioned stochastic optimization formulationabove can be transformed into a deterministic equivalentoptimization formulation as follows [12]: min X akn ,Y akm ,Z dg,aku (cid:16) C C C (cid:17) , s.t. (2) , (3) , (7) , and (8) , (13)where C K (cid:88) k =1 N (cid:88) n =1 (cid:104) X a k n c a k n (cid:105) + K (cid:88) k =1 M (cid:88) m =1 (cid:104) Y a k m r a k m (cid:105) , (14) C K (cid:88) k =1 (cid:20) p ( a k ) (cid:16) − N (cid:88) n =1 X a k n p a k n (cid:17) G (cid:88) g =1 p d g a k d a k g (cid:21) + K (cid:88) k =1 (cid:20) p ( a k ) (cid:16) − N (cid:88) n =1 X a k n p a k n (cid:17) G (cid:88) g =1 (cid:16) p d g a k U (cid:88) u =1 Z d g ,a k u s d g ,a k u (cid:17)(cid:21) , (15)and C K (cid:88) k =1 (cid:20) p ( a k ) (cid:16) − N (cid:88) n =1 X a k n p a k n (cid:17) G (cid:88) g =1 (cid:104) p d g a k (cid:16) − U (cid:88) u =1 Z d g ,a k u t d g ,a k u (cid:17) E (cid:88) e =1 p ie ( d a k g ) i e ( d a k g ) (cid:105)(cid:21) − K (cid:88) k =1 (cid:20) p ( a k ) (cid:16) − N (cid:88) n =1 X a k n p a k n (cid:17) G (cid:88) g =1 p d g a k d a k g M (cid:88) m =1 Y a k m q a k m (cid:21) . (16)Here, C , C , and C represent the expected costs in thefirst, second, and third stages, respectively. In (16), the firstand second terms represent the indirect loss and the claim ofthe CSP, respectively. If the CSP has purchased an insurancepackage to cover losses caused by attack a k , the CSP can claimthe direct loss caused by this attack, and thus the actual directloss will be reduced by q a k m % . Similarly, if the CSP has boughtthe repair package to mitigate the indirect loss for attack a k ,the actual indirect loss will be reduced by (1 − t gu ( a k ))% .VI. P ERFORMANCE E VALUATION
A. Experiment Setup
We consider two types of cyberattacks, e.g., data breaches and
DoS , that are among the top 5 cyber threats in cloudenvironment [13]. Data breaches are the most frequent attackin cloud computing and the number of data breach incidentsaccounts for around 40% of the overall number of breachesin 2016 [14]. Losses caused by data breaches are diverse andthey depend on many factors such as company size, the numberof exposed records, and types of exposed data [15]. Similarly,losses and probabilities of DoS attacks are diverse and they canbe estimated based on some online support services, e.g., [16].In this paper, we consider a cloud online service provider,e.g., healthcare service provider, that is highly prone to cyberrisk [17] with a medium size. In the simulation, we set theattack probability of data breaches at p ( a ) = 0 . and varythe DoS attack probability to evaluate the performance. Fora medium-size service provider, the losses of DoS and databreaches can be set in the range from $10,000 to $100,000. ABLE IP
ARAMETER S ETTINGS
Attacks a a p ( a k ) 0 . . Direct loss d d d d p d g a k . . . . d a k g . . . . Indirect loss i i i i i i i i p ie ( d a k g ) 0 . . . . . . . . i e ( d a k g ) 8 . . . . . . . . Repair r r r r r r r r t d g ,a k u . . . . . . . . s d g ,a k u . . . . . . . . TABLE IIT HE S ECURITY AND I NSURANCE P ACKAGE P ARAMETERS SP SP IP IP c a k n p a k n c a k n p a k n r a k m q a k m % r a k m q a k m % a . . . . a . . . . Other parameters are provided in Table I. Note that we nor-malize losses and fees in the range from $10,000 to $100,000into to monetary units for presentation.There are two security providers (SPs) and two insuranceproviders (IPs). SP and IP provide basic services, while SP and IP provide advanced services (i.e., higher fees withhigher protection and claims) for the CSP. For example, thecost to implement Raptor Firewall NT v6.5 with virtual privatenetwork and unlimited mobile users is around $18,000 [18],while the implementation cost for the CoSoSys EndpointProtector-4 to prevent data loss starts at $8,250 [19]. Premiumsfor healthcare Software-as-a-Service providers are estimatedaround $10,000 [20]. Similar to Table I, fees in Table II arenormalized in the range of to . Other parameters of theSPs and IPs are given in Table II. The budget for securitypolicies of the CSP is limited at monetary units. B. Numerical Results
We first vary the probability of attack a and evaluate theperformance of the proposed solution. In Table III, we showthe security policy of the CSP to deal with the attacks, andFig. 3 shows the performance of the proposed solution whenthe probability of attack a , i.e., p ( a ) , increases. As shownin Fig. 3(a), when the probability of attack a increases, thepotential loss caused by attack a (including its direct loss andindirect loss) will be increased. Thus, the CSP will invest moremoney to security solutions and insurance policies to mitigatethe potential loss of attack a . However, the expendituredistribution is dissimilar under different p ( a ) . As observedin Table III, if the probability of attack a is lower than . ,the CSP will buy an insurance package together with a repairpackage to deal with attack a . Nevertheless, if the probabilityof attack a is greater than . , the CSP will buy a securitypackage to prevent attack a at the first stage. The reasoncan be explained through Fig. 3(a). When the probability ofattack a is lower than . , its occurrence probability andpotential loss are not high, and thus the CSP can use insurance The probability of attack a T he po t en t i a l l o ss Direct loss d and its indirect losses under attack a Direct loss d and its indirect losses under attack a Direct loss d and its indirect losses under attack a Direct loss d and its indirect losses under attack a The probability of attack a T he e x pe c t ed t o t a l c o s t Optimal SolutionWithout InsuranceWithout SecurityWithout Insurance and Security ( a ) ( b ) Fig. 3. (a) The expected costs of attacks and (b) the total expected cost whenthe probability of attack a is varied. and repair policies to mitigate the potential loss of attack a .However, when the probability of attack a is greater than . , both its occurrence probability and potential loss are veryhigh. Hence, the CSP has to use a security package to preventattack a right at the first stage, thereby reducing both directand indirect losses in the next stages. Note that since the CSPbudget is limited at , the CSP has to balance among security,insurance, and repair policies to minimize the expected totalcost. This is an important issue especially for limited-budgetcompanies in implementing countermeasures for cyberattacks.In Fig. 3(b), we compare the performance of the proposedsolution in terms of the expected total cost with those ofother approaches when the probability of attack a is varied.Specifically, we compare with three other optimization ap-proaches, i.e., optimization approaches without using insurancepolicies, without using security packages, and without usingboth security and insurance policies. As the probability ofattack a increases, the expected total costs of all approachesincrease, and the cost obtained by the proposed solution isalways the lowest one. The results in Fig. 3 demonstratethe importance in balancing between security and insurancepolicies to help the CSP to mitigate cyberattacks.We then set the probability of attack a at . and varythe probability of direct loss d of attack a to evaluate itsimpacts to the security policy of the CSP. In Table IV, whenthe probability of direct loss d under attack a , i.e., p d a , islower than . , the CSP will invest in security and insurancepackages. However, when p d a is greater than . , the CSPonly spends money for repair packages to prevent the potentialindirect loss of direct loss d under attack a . The reason canbe explained through Fig. 4(a). In particular, in Fig. 4(a), as p d a increases, the potential loss of direct loss d together withits indirect loss under attack a will be increased. However,the total potential loss of attack a is slightly reduced becauseunder attack a the direct loss d is lower than direct loss d . Thus, instead of using security and/or insurance packageswhich have higher costs, the CSP will choose only a repairpackage to deal with direct loss d under attack a when p d a is high. In Fig. 4(b), we evaluate the performance of theproposed solution by comparing its expected total cost withthose of other approaches. As p d a increases from . to . ,the expected total cost of the CSP slightly increases. However, ABLE IIIT HE S ECURITY P OLICIES WHEN THE PROBABILITY OF ATTACK a IS VARIED
Probability of attack a a ( a ) Direct loss 1 0 0 Rep1 Rep1 Rep1 0 0 0 0 ( a ) Direct loss 2 Rep1 Rep1 Rep1 Rep1 Rep1 Rep1 0 0 0Security policy of attack a IP1 IP2 SP2 SP2 SP2 SP2 IP1 IP1 SP2 ( a ) Direct loss 1 Rep2 Rep1 0 0 0 0 Rep1 Rep1 0 ( a ) Direct loss 2 Rep1 Rep1 0 0 0 0 Rep1 Rep1 0TABLE IVT HE S ECURITY P OLICIES WHEN THE DIRECT LOSS d OF ATTACK a IS VARIED
Probability of direct loss d under attack a a IP2 IP2 IP2 IP2 IP2 IP2 IP2 IP2 IP2 ( a ) Direct loss 1 Rep1 Rep1 Rep1 Rep1 0 0 Rep1 Rep1 Rep1 ( a ) Direct loss 2 Rep1 Rep1 Rep1 Rep1 Rep1 Rep1 Rep1 Rep1 Rep1Security policy of attack a IP1 SP2 SP2 SP2 IP1 IP1 0 0 0 ( a ) Direct loss 1 0 0 0 0 Rep2 Rep2 Rep2 Rep2 Rep2 ( a ) Direct loss 2 Rep1 0 0 0 0 0 0 0 0
The probability of direct loss d under attack a T he po t en t i a l l o ss Direct loss d and its indirect losses under attack a Direct loss d and its indirect losses under attack a Direct loss d and its indirect losses under attack a Direct loss d and its indirect losses under attack a The probability of direct loss d under attack a T he e x pe c t ed t o t a l c o s t Optimal SolutionWithout InsuranceWithout SecurityWithout Insurance and Security ( a ) ( b ) Fig. 4. The overall network throughput of the secondary system in the RFPB-CRN. when p d a keeps increasing from . to . , the expected totalcost of the CSP slightly decreases. Again, the expected totalcost obtained by the proposed solution is always lower thanthose of other approaches.VII. S UMMARY
In this paper, we have developed a new framework basedon stochastic programming approach for the risk managementproblem in mobile cloud environment. The aim of this frame-work is to find the optimal tradeoff among security policies,insurance policies, and countermeasures under uncertainty ofcyberattacks and their losses such that the expected total costof the cloud service provider is minimized. Through numericalresults, we have shown the effectiveness as well as flexibilityof the proposed solution in dealing with cyberattacks. The find-ings in this paper are especially important not only for cloudservice providers in implementing security policies, but alsofor security and insurance providers in proposing appropriateoffers to attract more customers. For the future work, we willstudy the relation between security and insurance providersthrough bundling strategies and matching theory. Furthermore,the relation between a direct loss and its indirect losses willbe further investigated. R
EFERENCES[1] D. T. Hoang, et al., “A survey of mobile cloud computing: Architecture,applications, and approaches,”
Wireless Communications and MobileComputing , vol. 13, no. 18, pp.1587-1611, Dec. 2013.[2] Ransomware attacks increase 300% in 2016, Business Insights, 2017.[3] R. Pal, et al., “Will cyber-insurance improve network security? A marketanalysis,” in
IEEE INFOCOM , pp. 235-243, Toronto, Canada, May 2014.[4] A. Marotta, et al., “Cyber-insurance survey,”
Computer Science Review ,vol. 24, pp. 35-61, Feb. 2017.[5] D. T. Hoang, et al., “Charging and discharging of plug-in electricvehicles (PEVs) in vehicle-to-grid (V2G) systems: A cyber insurance-based model,”
IEEE Access , vol. 5, pp. 732-754, Jan. 2017.[6] S. W. Wallace and W. T. Ziemba, eds.
Applications of stochastic pro-gramming . Society for Industrial and Applied Mathematics, 2005.[7] Cloud and MSP Insurance. Available online: https://mspalliance.com/membership/cloud-msp-insurance/.[8] S. A. Elnagdy, et al., “Understanding taxonomy of cyber risks forcybersecurity insurance of financial industry in cloud computing,” in
IEEEInternational Conference on Cyber Security and Cloud Computing , pp.295-300, Jun. 2016.[9] K. Gai, et al., “A novel secure big data cyber incident analytics frameworkfor cloud-based cybersecurity insurance,” in
IEEE International Confer-ence on BigDataSecurity/HPSC/IDS , pp. 171-176, Apr. 2016.[10] S. Chaisiri, et al., “A joint optimization approach to security-as-a-serviceallocation and cyber insurance management,” in
IEEE InternationalConference on Trustcom/BigDataSE/ISPA , pp. 426-433, Aug 2015.[11] J. Chase, et al., “A scalable approach to joint cyber insurance andsecurity-as-a-service provisioning in cloud computing,”
IEEE Transac-tions on Dependable and Secure Computing , July 2017.[12] P. Kall, S. W. Wallace, and P. Kall.