Accueil Publications Articles de revues Auditing a Cloud Provider’s Compliance With Data Backup Requirements: A Game Theoretical...

Auditing a Cloud Provider’s Compliance With Data Backup Requirements: A Game Theoretical Analysis

Ziad Ismaïl, Christophe Kiennert, Jean Leneutre, Lin Chen

Transactions on Information Forensics and Security (IEEE). Pages: 1685-1699, Volume: 11, Issue: 8, , Aug. 2016.

Abstract: The new developments in cloud computing have introduced significant security challenges to guarantee the confidentiality, integrity, and availability of outsourced data. A service level agreement (SLA) is usually signed between the cloud provider (CP) and the customer. For redundancy purposes, it is important to verify the CP’s compliance with data backup requirements in the SLA. There exist a number of security mechanisms to check the integrity and availability of outsourced data. This task can be performed by the customer or be delegated to an independent entity that we will refer to as the verifier. However, checking the availability of data introduces extra costs, which can discourage the customer of performing data verification too often. The interaction between the verifier and the CP can be captured using game theory in order to find an optimal data verification strategy. In this paper, we formulate this problem as a two player non-cooperative game. We consider the case in which each type of data is replicated a number of times, which can depend on a set of parameters including, among others, its size and sensitivity. We analyze the strategies of the CP and the verifier at the Nash equilibrium and derive the expected behavior of both the players. Finally, we validate our model numerically on a case study and explain how we evaluate the parameters in the model.