9,692 research outputs found
Cyber Insurance for Heterogeneous Wireless Networks
Heterogeneous wireless networks (HWNs) composed of densely deployed base
stations of different types with various radio access technologies have become
a prevailing trend to accommodate ever-increasing traffic demand in enormous
volume. Nowadays, users rely heavily on HWNs for ubiquitous network access that
contains valuable and critical information such as financial transactions,
e-health, and public safety. Cyber risks, representing one of the most
significant threats to network security and reliability, are increasing in
severity. To address this problem, this article introduces the concept of cyber
insurance to transfer the cyber risk (i.e., service outage, as a consequence of
cyber risks in HWNs) to a third party insurer. Firstly, a review of the
enabling technologies for HWNs and their vulnerabilities to cyber risks is
presented. Then, the fundamentals of cyber insurance are introduced, and
subsequently, a cyber insurance framework for HWNs is presented. Finally, open
issues are discussed and the challenges are highlighted for integrating cyber
insurance as a service of next generation HWNs.Comment: IEEE Communications Magazine (Heterogeneous Ultra Dense Networks
On Cyber Risk Management of Blockchain Networks: A Game Theoretic Approach
Open-access blockchains based on proof-of-work protocols have gained
tremendous popularity for their capabilities of providing decentralized
tamper-proof ledgers and platforms for data-driven autonomous organization.
Nevertheless, the proof-of-work based consensus protocols are vulnerable to
cyber-attacks such as double-spending. In this paper, we propose a novel
approach of cyber risk management for blockchain-based service. In particular,
we adopt the cyber-insurance as an economic tool for neutralizing cyber risks
due to attacks in blockchain networks. We consider a blockchain service market,
which is composed of the infrastructure provider, the blockchain provider, the
cyber-insurer, and the users. The blockchain provider purchases from the
infrastructure provider, e.g., a cloud, the computing resources to maintain the
blockchain consensus, and then offers blockchain services to the users. The
blockchain provider strategizes its investment in the infrastructure and the
service price charged to the users, in order to improve the security of the
blockchain and thus optimize its profit. Meanwhile, the blockchain provider
also purchases a cyber-insurance from the cyber-insurer to protect itself from
the potential damage due to the attacks. In return, the cyber-insurer adjusts
the insurance premium according to the perceived risk level of the blockchain
service. Based on the assumption of rationality for the market entities, we
model the interaction among the blockchain provider, the users, and the
cyber-insurer as a two-level Stackelberg game. Namely, the blockchain provider
and the cyber-insurer lead to set their pricing/investment strategies, and then
the users follow to determine their demand of the blockchain service.
Specifically, we consider the scenario of double-spending attacks and provide a
series of analytical results about the Stackelberg equilibrium in the market
game
Game Theory Meets Network Security: A Tutorial at ACM CCS
The increasingly pervasive connectivity of today's information systems brings
up new challenges to security. Traditional security has accomplished a long way
toward protecting well-defined goals such as confidentiality, integrity,
availability, and authenticity. However, with the growing sophistication of the
attacks and the complexity of the system, the protection using traditional
methods could be cost-prohibitive. A new perspective and a new theoretical
foundation are needed to understand security from a strategic and
decision-making perspective. Game theory provides a natural framework to
capture the adversarial and defensive interactions between an attacker and a
defender. It provides a quantitative assessment of security, prediction of
security outcomes, and a mechanism design tool that can enable
security-by-design and reverse the attacker's advantage. This tutorial provides
an overview of diverse methodologies from game theory that includes games of
incomplete information, dynamic games, mechanism design theory to offer a
modern theoretic underpinning of a science of cybersecurity. The tutorial will
also discuss open problems and research challenges that the CCS community can
address and contribute with an objective to build a multidisciplinary bridge
between cybersecurity, economics, game and decision theory
The Economic Case for Cyberinsurance
We present three economic arguments for cyberinsurance. First, cyberinsurance results in higher security investment, increasing the level of safety for information technology (IT) infrastructure. Second, cyberinsurance facilitates standards for best practices as cyberinsurers seek benchmark security levels for risk management decision-making. Third, the creation of an IT security insurance market redresses IT security market failure resulting in higher overall societal welfare. We conclude that this is a significant theoretical foundation, in addition to market-based evidence, to support the assertion that cyberinsurance is the preferred market solution to managing IT security risks.
- …