Stackelberg games for modeling defense scenarios against cloud security threats

Stackelberg games may reveal to be extremely useful in supporting decisions in attack-defense scenarios. We call such games Security Stackelberg games. They are characterized by two kinds of players: the defender, who defines his strategy in advance, and the attacker, who follows the defender's decisions. Security Stackelberg games may be used to model a typical cloud security scenario, where the provider has to expose its defense strategy and the attackers act by following the provider's actions. In this work we define a model based on Stackelberg games that enables the automatic selection of provider-level security decisions in Cloud Computing environments. Potential Cloud attack scenarios are modeled as nonzero-sum Security Stackelberg games between the attacker and the Cloud provider. This allows the estimation of the strategy that minimizes the reward for the attacker and maximizes the gain of the defender. The model has been experimentally verified to be effective in automatically determining defense strategies from the cloud provider perspective.