3 research outputs found
On Cyber Risk Management of Blockchain Networks: A Game Theoretic Approach
Open-access blockchains based on proof-of-work protocols have gained
tremendous popularity for their capabilities of providing decentralized
tamper-proof ledgers and platforms for data-driven autonomous organization.
Nevertheless, the proof-of-work based consensus protocols are vulnerable to
cyber-attacks such as double-spending. In this paper, we propose a novel
approach of cyber risk management for blockchain-based service. In particular,
we adopt the cyber-insurance as an economic tool for neutralizing cyber risks
due to attacks in blockchain networks. We consider a blockchain service market,
which is composed of the infrastructure provider, the blockchain provider, the
cyber-insurer, and the users. The blockchain provider purchases from the
infrastructure provider, e.g., a cloud, the computing resources to maintain the
blockchain consensus, and then offers blockchain services to the users. The
blockchain provider strategizes its investment in the infrastructure and the
service price charged to the users, in order to improve the security of the
blockchain and thus optimize its profit. Meanwhile, the blockchain provider
also purchases a cyber-insurance from the cyber-insurer to protect itself from
the potential damage due to the attacks. In return, the cyber-insurer adjusts
the insurance premium according to the perceived risk level of the blockchain
service. Based on the assumption of rationality for the market entities, we
model the interaction among the blockchain provider, the users, and the
cyber-insurer as a two-level Stackelberg game. Namely, the blockchain provider
and the cyber-insurer lead to set their pricing/investment strategies, and then
the users follow to determine their demand of the blockchain service.
Specifically, we consider the scenario of double-spending attacks and provide a
series of analytical results about the Stackelberg equilibrium in the market
game
Joint pricing and security investment for cloud-insurance : a security interdependency perspective
Cyber insurance has been introduced as the mean to transfer cyber risks to an insurance company, namely, insurer. The users are thus covered by the insurance to alleviate the damage from cyber threats. In this paper, we investigate the joint pricing and security investment in a cloud-insurance market. The market is composed of users, cloud providers, and cloud-insurers. The users subscribes to use the cloud service (platform) from the cloud providers. To protect from the damage, the users can buy a cloud-insurance product from the cloud-insurers which will pay a claim to the users if an attack happens to the cloud service. The users are interdependent in which they can take advantage of the positive security effects generated by other users' investments in security. We assume that the cloud provider and cloud-insurer are the business partners. Therefore, the cloud-insurers can invest in the cloud platform to improve the security level, i.e., quality, of the cloud service and hence reduce the probability of paying claim. Our proposed model consists of two stages, i.e., the Stackelberg game. In the first stage, cloud-insurers set the price charging to the users and decide on the investment for improving the cloud security quality. In the second stage, the users decide on the amount of these cloud-insurances to purchase based on the observed prices and qualities. The existence and uniqueness for the equilibrium of the Stackelberg game are proved analytically. The performance evaluation shows some interesting results. For example, when the users have strong interdependency, the price of the cloud-insurance becomes lower. This is from the fact that the users can be influenced more easily by their peers, when one cloud-insurer decreases the price, it can attract more users easily.NRF (Natl Research Foundation, S’pore)MOE (Min. of Education, S’pore)Accepted versio