Game Theoretical Framework for Cooperation in Autonomous Wireless Networks
Research Article A Game-Theoretical Approach to Multimedia...
10
Research Article A Game-Theoretical Approach to Multimedia Social Networks Security Enqiang Liu, 1 Zengliang Liu, 1 Fei Shao, 2 and Zhiyong Zhang 3 1 University of Science and Technology Beijing, Beijing 100083, China 2 Xidian University, Xi’an 710126, China 3 Information Engineering College, Henan University of Science and Technology, Luoyang 471023, China Correspondence should be addressed to Enqiang Liu; [email protected] Received 27 February 2014; Accepted 19 March 2014; Published 13 April 2014 Academic Editors: N. Barsoum, V. N. Dieu, P. Vasant, and G.-W. Weber Copyright © 2014 Enqiang Liu et al. is is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. e contents access and sharing in multimedia social networks (MSNs) mainly rely on access control models and mechanisms. Simple adoptions of security policies in the traditional access control model cannot effectively establish a trust relationship among parties. is paper proposed a novel two-party trust architecture (TPTA) to apply in a generic MSN scenario. According to the architecture, security policies are adopted through game-theoretic analyses and decisions. Based on formalized utilities of security policies and security rules, the choice of security policies in content access is described as a game between the content provider and the content requester. By the game method for the combination of security policies utility and its influences on each party’s benefits, the Nash equilibrium is achieved, that is, an optimal and stable combination of security policies, to establish and enhance trust among stakeholders. 1. Introduction Multimedia social networks (MSNs) are currently in the wave of popularity. It allows users to share music, pictures, home movies, blogs, and other digital contents with friends, family, colleagues, and students quickly and easily. In the past few years, MSNs, such as MySpace, Facebook, LinkedIn, Flickr, and YouTube, have become the most convenient online shar- ing method in sharing of images, videos, audios, and other multimedia contents. Although MSNs make communication between people easier and faster and enhance information dissemination among people, there are also security issues, such as privacy disclosure and copyright disputes. is has, undoubtedly, brought serious harm to the dissemination and development of the Internet information. In response to these security issues, the access control mechanism provides a method that allows selective media contents sharing in MSNs. e access control mechanism determines which users can access what resources and how to use these resources and allows users to selectively share their digital contents. Using access control mechanism on digital rights management, content providers can choose to accept or reject access requests aſter verifying the access conditions of the digital contents [1, 2]. In the existing MSNs, the access control includes two main types: the relationship-based access control and the trust-based access control. (1) Relationship-Based Access Control. Gates [3] described a new, relationship-based access control security paradigm to meet the needs of Web 2.0. Hart et al. [4] proposed a content- and relationship-based access control system using rela- tionship information in web based social network (WBSN) to represent the authorized agent, which satisfied the key requirements for protecting WBSN resources. However, the system did not achieve the enhanced privacy needs in access control, considered only the direct relationship, and did not take consideration of the node trust in access authorization. In terms of privacy concerns, it focused on privacy protection and data mining techniques and allowed social network analysis for potential sensitive information that had no public disclosure possibility. Park et al. [5] proposed a user- behavior-centric access control framework and identified four core control behaviors: attributes, policies, relationships, Hindawi Publishing Corporation e Scientific World Journal Volume 2014, Article ID 791690, 9 pages http://dx.doi.org/10.1155/2014/791690
Transcript of Research Article A Game-Theoretical Approach to Multimedia...
Research ArticleA Game-Theoretical Approach to Multimedia SocialNetworks Security
Enqiang Liu1 Zengliang Liu1 Fei Shao2 and Zhiyong Zhang3
1 University of Science and Technology Beijing Beijing 100083 China2 Xidian University Xirsquoan 710126 China3 Information Engineering College Henan University of Science and Technology Luoyang 471023 China
Correspondence should be addressed to Enqiang Liu chinyung126com
Received 27 February 2014 Accepted 19 March 2014 Published 13 April 2014
Academic Editors N Barsoum V N Dieu P Vasant and G-W Weber
Copyright copy 2014 Enqiang Liu et al This is an open access article distributed under the Creative Commons Attribution Licensewhich permits unrestricted use distribution and reproduction in any medium provided the original work is properly cited
The contents access and sharing in multimedia social networks (MSNs) mainly rely on access control models and mechanismsSimple adoptions of security policies in the traditional access control model cannot effectively establish a trust relationship amongparties This paper proposed a novel two-party trust architecture (TPTA) to apply in a generic MSN scenario According to thearchitecture security policies are adopted through game-theoretic analyses and decisions Based on formalized utilities of securitypolicies and security rules the choice of security policies in content access is described as a game between the content providerand the content requester By the game method for the combination of security policies utility and its influences on each partyrsquosbenefits the Nash equilibrium is achieved that is an optimal and stable combination of security policies to establish and enhancetrust among stakeholders
1 Introduction
Multimedia social networks (MSNs) are currently in the waveof popularity It allows users to share music pictures homemovies blogs and other digital contents with friends familycolleagues and students quickly and easily In the past fewyears MSNs such as MySpace Facebook LinkedIn Flickrand YouTube have become the most convenient online shar-ing method in sharing of images videos audios and othermultimedia contents Although MSNs make communicationbetween people easier and faster and enhance informationdissemination among people there are also security issuessuch as privacy disclosure and copyright disputes This hasundoubtedly brought serious harm to the dissemination anddevelopment of the Internet information In response to thesesecurity issues the access control mechanism provides amethod that allows selectivemedia contents sharing inMSNsThe access control mechanism determines which users canaccess what resources and how to use these resources andallows users to selectively share their digital contents Usingaccess control mechanism on digital rights managementcontent providers can choose to accept or reject access
requests after verifying the access conditions of the digitalcontents [1 2]
In the existing MSNs the access control includes twomain types the relationship-based access control and thetrust-based access control
(1) Relationship-Based Access Control Gates [3] described anew relationship-based access control security paradigm tomeet the needs ofWeb 20 Hart et al [4] proposed a content-and relationship-based access control system using rela-tionship information in web based social network (WBSN)to represent the authorized agent which satisfied the keyrequirements for protecting WBSN resources However thesystem did not achieve the enhanced privacy needs in accesscontrol considered only the direct relationship and did nottake consideration of the node trust in access authorizationIn terms of privacy concerns it focused on privacy protectionand data mining techniques and allowed social networkanalysis for potential sensitive information that had nopublic disclosure possibility Park et al [5] proposed a user-behavior-centric access control framework and identifiedfour core control behaviors attributes policies relationships
Hindawi Publishing Corporatione Scientific World JournalVolume 2014 Article ID 791690 9 pageshttpdxdoiorg1011552014791690
2 The Scientific World Journal
and sessionsThe proposed online social network (OSN) hadthe following characteristics First in personalized policiesthe OSN users had their own security and privacy policiesand attributes Second the proposedOSN separated the usersfrom resource policies Third the proposed OSN supportedaccess control that was independent of the user relationshipand sessions that represented actions It also took intoaccount the enhanced control which is not referred to in theexisting OSN services Many of the latest literatures on theOSN access control cannot distinguish between sessions andusers
(2) Trust-Based Access Control Ali et al [6] applied a multi-level security approach inwhich trust was the only parameterthat was used to determine the security levels of the users andresourcesMore precisely each user was assigned a reputationvalueThe reputation valuewas a userrsquos average trust level thatwas specified by other users However Ali and his colleaguesonly considered direct trust relationship without taking intoaccount the indirect trust relationship Kruk et al [7] thenproposed a distributed authentication management systembased on the second round ldquofriendrdquo relationship to bringout the management of access rights and trust authorizationWang and Sun [8] proposed a trust-related managementframework that included access control policies and a privacyprotection mechanism This mechanism administers theaccess policies on the data that contain the provable infor-mation enhances the support to the highly complex privacyrelated policies and takes consideration of the purpose andobligations Under this mechanism the agent can performaccess rights on the objects based on relationships trustspurposes and obligations This mechanism also introducedstrategic operations and the concept of policy conflicts andproposed a purpose related access control policy frameworkSachan et al [1] pointed out that the traditional access controlcannot meet the fine-grained access control requirementsand the large number of users To solve this problemthey proposed an efficient bit-vector transform based accesscontrol mechanism suitable for MSNs They converted thecontent related certificate into an efficient architecture andthen verified the security storage and execution efficiencyof the proposed mechanism rough simulations Villegas [2]proposed a personal data access control (PDAC) schemePDAC computes a ldquotrusted distancerdquo measure between usersthat is composed of the hop distance on the social networkand an affine distance derived from experiential data Zhangand Wang [9] proposed a trust model for social networksBased on deep analysis of the characteristics of social net-works they developed a computational model for calculatingtrust in social networks Carminati et al [10] proposed arule-based access control model and used certificate chainas a parameter for calculating trust so as to realize effectivecontrol of content access in social networks
These studies focused mainly on relationship and trust-based user access control and realized the controllable safetransmission of digital content in the MSNs However inthe relationship-based user access control only the directrelationship is considered while the indirect relationshipbetween users the type of relationship and closeness of
the relationships are not considered In the study of trust-based access control there was no unified understanding ofthe trust threshold The setting of the trust threshold candirectly affect the security of digital content and controllabledissemination
In order to solve these issues in social network accesscontrol and to prevent excessive denial to normal access oraccess to much malicious contents the approach of adoptingsecurity policies through game-theoretic analyses is pro-posed Tian and Lin [11] proposed a trust prediction-basedgame control mechanism for trustworthy networks Thismechanism could not only predict behavior trust level withsingle trust attribute but also could predict trust level with themultiple trust attributes so as to help participants to achievethe maximization of utility Wen et al [12] proposed game-theoretic model for information dissemination in social net-works This model reflected the influence of human behavioron information dissemination and conceptualized partici-pantsrsquo utility function based on different partiesrsquo interests Anempirical study indicated that information dissemination canbe divided into several stages and the dissemination speed islimited by the characteristics of each person in the networkZhang et al [13] proposed game-based social network accesscontrol For the ldquononfriendrdquo type of access users on thebasis of defining user trust and its calculation methodthis study conducted game-theoretic analyses by integratingthe payoff matrix of both the content provider and thecontent requester calculated the hybrid Nash equilibriumprovided decision-making criteria for access control andfinally analyzed the utility of the access control methodwith examples None of these three models consider thepersonalization problem of the content providersrsquo securitypolicy and only conceptualize it as accepting or denyingaccess In addition in the participantsrsquo utility function noneof the models consider the inherent cost such as the costof implementing security policies for the content providersand the cost of malicious access for the access requestersZhang et al [14 15] for a general digital rights management(DRM) value chain system proposed a layered analysisof multiparty trust architecture by using game-theoreticanalyses of adoption of security policies Based on formalizedutilities of security policies and services the adoption ofsecurity policies with external relativity is described as a gamebetween the content provider the digital servicesprovidersand the content requester Based on the utility of the securitypolicies and their influence on each partyrsquos benefits the Nashequilibrium value was achieved which is an optimal andstable combination of security policies thus establishing andstrengthening multiparty trust In order to effectively selectand deploy security policies in content sharing scenariosZhang et al [16] introduced the game theory to analyze theinfluence of security policies that use trusted-computing-enhanced security policy stakeholders At last Zhang et alconducted game-theoretic analyses and swarm simulationThe results indicated that the obtained digital content andsecurity cost had direct impact on the content providerrsquoschoice of security policies In addition different basic-sharingmodels including local intermediate and extensive sharingmodels will further affect the choice of the content providers
The Scientific World Journal 3
The mixed-sharing model was much more similar to the realcontent sharing situations Due to limited power sharing andhigher security cost the dynamic security policy is better thanthe fully enhanced security policies but with the reduction ofmore power and enhanced security cost the latter strategywould be the best and the most stable Nash equilibrium[17 18]
As noted above there are a lot of studies about access con-trol issues in MSNs however a successful access of multime-dia digital content (MMDC) should have the following threefactors security trust and benefits So far because of the lackof access control inMSNs theMMDC access is only based onsecurity policies and the related mechanismsTherefore howto make a rational use of security policies to maximize thebenefits of the participants is worth considering This paperproposes a game-based security policies adoption approachfor MSNs This system is benefits-centric that enables theparticipants to find an optimal and stable security policy inMSNs
2 Formalized Game of Security Policies
21 Two-Party Trust Architecture Recently game theory iswidely applied in economics biology evolution and infor-mation technology especially for the decision-making oninformation security polices when multiple stakeholdershave their own benefits and strategies moving The MSNscenario has such characteristics as needed by game theory
A general MSN is composed of different stakeholderssuch as P (content providers) and R (content requester)Based on the basic analysis of the trust relationship two-partytrust architecture (TPTA) is the trust architecture between 119875
and 119877 This system includes a set of security rules namelythe basic security rules and the optional security rules Thespecific security policies can be achieved by using thesesecurity rules As shown in Figure 1 participants are rationalagent (RA) who can rationally select and deploy a securitypolicy based on the game theory
22 Basic Components
Definition 1 (party) A symbol weierp denotes personal playerparticipating in content provider and content access thesetwo roles are interchangeable in MSNs The weierp can takedifferent roles in MMDC sharing the content providerscan assume the role of the content requester while thecontent requester can also take the content provider roleTheformalized weierp participant is as follows
weierp = 120572 | stakeholder accessing to contents
MMSN VauleChainMPTA = 119875 119877MMDC (1)
Definition 2 (security rules) In response to the participantsrsquosecurity requirements one security rule corresponds toone user attribute constraint which ensures the security ofMMDC A symbol SRlowast denotes basic security rules theother SR denotes optional security rules Notation of 119891 119908119906 denotes an effective factor from factor set 119865 influencing
benefit ofweierp the weight value of factor and a positivenegativeutility respectively Here the normalized weight is based onthe weight of all of the factors of SR
security rule = SRlowast1 SRlowast2 SRlowast
119894 SR1 SR2 SR
119895
119865 (sr119904) = 119891sr 1 119891sr 2 119891sr 119897 (1 le 119904 le 119897)
120583 (sr119904) =
119897
sum
119894=1
119906119894(
119908119894
sumℎ
119896=1119908119896
)
(2)
Property 1 (external relativity of optional security rules) Iftwo or multiple optional security rules are from differentparties choose to adopt simultaneously or adopt only oneof them according to the needs of participants The externalrelativity of these rules is described as follows in which C(weierp)denotes the base set of weierp
(1) If 119875 has some strict requirements for MMDC access(R must meet all the security rules before accessingthe MMDC)
Relative Components = sr1 sr2 sr
119901
forall119894 119895 (1 le 119894 119895 le 119901 2 le 119901 le C (weierp)) exist119904
119905 (119904 119905 isin 119875 119877) (sr119894isin SR119904 sr119895isin SR119905 119894 = 119895 997888rarr 119904 = 119905)
(3)
(2) If 119875 has relaxed requirements for MMDC access (Ronly needs to meet any one of the security rules toaccess MMDC)
Relative Components = sr1 sr2 sr
119901
forall119894 119895 (1 le 119894 119895 le 119901 2 le 119901 le C (weierp)) exist119904
119905 (119904 119905 isin 119875 119877) (sr119894isin SR119904or sr119895isin SR119905)
(4)
Definition 3 (security rules) Sp includes the 119875 and 119877rsquos spdenoted respectively as spP and spR spP is considered as aset of security rules and services spR includes normal accessand malicious access
sp119875= srlowast1 srlowast
119894 sr1 sr2 sr
119904 (0 le 119904 le 119895)
SP119875119894= sp1119894 sp2119894 spC(SP119894)
119894 (C (SP
119894) = 2119895
119894 isin 119875 119877)
sp119877= normalmalicious
(5)
Definition 4 (utility of sp) Utility119880119875of spP is a sumof utilities
of all rules or services involved in spP utility 119880119877of spR is a
sum of utilities of all rules or services involved in spR
119880 (sp119875) =
119894
sum
119901=0
120583 (srlowast119901) +
119895
sum
119901=0
120583 (sr119901) +
119896
sum
119901=0
120583 (MMDC)
119880 (sp119877) =
119894
sum
119901=0
120583 (sr119877) +
119895
sum
119901=0
120583 (MMDC)
(6)
4 The Scientific World Journal
Contents provider Contents requesterParticipants of
multimedia social networks
Fundamental requirements of
security
Contents protections and privacy protection Privacy protection
Security rules
Abstractive rational agent Rational Rational
Multiparty trust relationship Benefits-centric two-player noncooperative game on security policies
Game control on security policies
Security policies set of Security policies set of R
Security policies set
Game control on security policies
BSC OSC BSC
P
agentP agentR
Figure 1 Two-party trust architecture in multimedia social networks
23 Formalized Game of Security Policies
Definition 5 (rational agent) A symbol RA denotes a rationalactor aiming at a maximization of benefit and makes adecision on adopting a certain security policy In TPTA thereare two RAs with respect to two parties namely RAP andRAR
Definition 6 (payoff of RA) In TPTA a payoffRAdenotes theacquired benefits from security policies set It is the carry forRAadoption of security policies Benefits include two aspectsRA or changes of RA
Definition 7 (two-party game) Two-party game119866 of securitypolices denotes a process of making decision on effective andrational adoption of security policies that have effect on ben-efit of the opposing parties To achieve utility maximizationand balance the game is depicted by a set of three tuples as⟨weierp sp payoff⟩ SP represents the security policies set
119866 = ⟨RA119894 SP119894Payoff (RA
119894RAminus119894)⟩ | 119894 = 119875 119877 (7)
Definition 8 (Nash equilibrium under policies combination)For any RA when adopting a security policy splowastacquiresgreater benefit than the benefit acquired by choosing anyother sp the combination of each RArsquos splowast is considered asa balance of payoffs by adopting relatively dominant securitypolicies
Payoff (RAsplowast119894
RAsplowastminus119894
) ge Payoff (RAsp119895119894RAsplowastminus119894
)
119895 isin SP119894 119895 =lowast
119894 isin 119875 119877 (minus119894 isin 119875 119877 minus119894 = 119894)
(8)
where (splowast119875 splowast119877) is a relatively dominant pure policies com-
bination
24 Game of Security Policies in Two Scenarios
Theorem9 (two parties both change game in content access)Content access is a general scenario in MSNs In this scenariothe adoption of security policies is considered to be a particulargame process in which both 119875 and 119877 change simultaneously
Proof In TPTA according to RAP and RAR in Definition 5denote their security policies combinations as SPP and SPRrespectively Game was further formalized as 119866acquisition =
⟨RA119894 SP119894Payoff(RA
119894RAminus119894)⟩ in which 119894 = 119875 119877 For
MMDCaccess P needs to set up security rules forRrsquosMMDCaccess that is choosing a particular sp from SP Undernormal circumstances the process of content access hastiming characteristics after RAR requests MMDC access toRAP RAR should meet the access control policies Howeverwhen each RA adopts and initializes SP they do not knowother RArsquos changes of sps In addition during the contenttransaction the setting of the MMDC security polices inMSNs cannot be changed Therefore the change process ofRA in security policies is a simultaneous change of the gamerather than a continuous change of the game
Theorem 10 The trust values of the content providersrsquo benefitsand those of the content requestersrsquo benefits are proportional
Proof Based on the utilities of the content provider and thecontent requester in Definition 4 the trust values of contentrequesters 119877
119894and 119877
119895are i j assuming that i lt j Because the
larger the trust value the larger the i j values therefore thetrust value of 119894 is larger than that of 119895The larger the user trustvalue the larger the 120583(MMDC) value the greater the utilityand therefore the larger the 119875 and 119877 benefits
Deduction 1 (repeated game in content access scenario) Whenseveral content access sessions are carried out the partic-ipants in MSNs will choose to reactivate a game in order
The Scientific World Journal 5
to select a security policy The new game can be seen as arepetitive game which is based on the process and results ofthe previous game and get a new equilibrium
Proof In a given scenario as the access to content increasesthe adoption of security policies will change accordinglyWhen RAP and RAR select security policies again a repeatedgame will happen combined with sessions of the previousgame and transaction to obtain a new security policiescombination which is called a new Nash equilibrium
3 Game-Theoretic Analysis of TypicalSecurity Strategy
In an access control model of multimedia social networkwhich has universal significance each party has a securitystrategy set and practical choice set representing movingin content access Some typical 119875 and 119877 security strategiesare listed in Section 21 The following two sections cite thesecurity benefits of all security rules effective strategy com-binations and participant benefits respectively A strategyselection example is finally analyzed
31 Typical Security Strategy In this study some typicalsecurity strategies are presented A real access control formultimedia social network may include but is not limited tothese strategies In Definition 2 in Section 21 some securityrules that can meet the security demand of any party arementioned first and then security strategy set can be easilyderived
The security rules of two participants include relationshiptype (RelT) depth (Dep) compactness (C) and trust (T)
Similarly since the SR set of 119875 can be denoted as119866lowast
Deplowast 119862lowast 119879lowast the security strategy set is general secu-rity strategy enhanced security strategy The enhancedsecurity strategy is 119896
1119866lowast
+ 1198962Deplowast + 119896
3119862lowast
+ 1198964119879lowast where
119896119894(119894 = 1 2 3 4) isin 0 1 sum4
119894=1119896119894
= 0 denoted by sp119901
For the access into MMDC there are two types of Rnormal access (NA) and malicious access (MA) Thereforethe security strategy set is MAlowastNAlowast
By the typical security strategies and related SR analysisabove the utility impact factor weight and the utility of SRwill be introduced in this section As SRlowast cannot change theutility of sp only the utility of SR is considered here
32 Effective Strategy Combination and Its Utility Since thereare two security strategies for each party there are 4 possiblestrategy combinations in the game Figure 2 describes thesecurity strategy combinations of participants where sp
119894(119894 isin
SP SP) denotes the strategy mentioned in the subgraphThe benefits of content provider and content requester are
defined as followsThe symbol 119880Benifit NA
119875denotes the fact that when the
content provider implements the general safety strategy andthe content requester adopts the normal access the contentprovider may obtain normal average benefit such as the riseof the number of friends increase of attention degree andacquisition of the information of content requester
P
R
sp1
Psp2
P
sp2
Rsp1
R
Figure 2 Security strategy combinations
The symbol 119880Damage MASuccess119875
gt 0 denotes the possibleaverage amount of loss after the content provider implementsgeneral safety strategy and content requester adopts themalicious access such as the multimedia digital contentof the content provider being forwarded casually Anothermaliciousness includes impersonating user identity using thecontent providerrsquos information
The symbol 119880Damage NA119875
gt 0 denotes the possible averageamount of loss of content provider when the content providerimplements the enforced security strategy and the contentrequester accesses normally such as declining normal useraccessing so that the social network resource is not fully usedand the loss of no cooperation caused by distrust between thetwo parties
The symbol 119880Cost119875
gt 0 denotes the cost of deployingsecurity strategy for content provider such as the increaseof time expenditure Consider 119880Cost
119875= 1198620(1198961119866lowast
+ 1198962Deplowast +
1198963119862lowast
+ 1198964119879lowast
)The symbol 119880
Benifit NA119877
denotes the average benefitobtained by the content requester when the content requesteraccesses normally and content provider implements theenforced security strategy such as rise of the number offriends increase of attention degree and promotion of digitalcontent
The symbol 119880Benifit MASuccess119877
denotes the excess benefitobtained by content requester when the content requesteradopts malicious behaviors and content provider implementsgeneral security strategy such as distributing the multimediadigital content casually and disclosing private informationwithout permission
The symbol 119880Cost119877
gt 0 denotes the cost of attacking thesecurity strategy platform by the content requester
The symbol 119880Punish119877
gt 0 denotes the punishment thatmay be given to the content requester adopting maliciousbehaviors such as decreasing the trustworthiness of contentrequester suspending the access right to social network forthe content requester or suing the content requester where119880
Benifit MASuccess119877
gt 119880Cost119875
First we analyze the gain and loss of the benefits of
both content provider and requester If the content requesteraccesses normally and the content provider implements theenforced security strategy then the content requester andprovider will both benefit and their benefits are denoted as119880
Benifit NA119875
and119880Benifit NA119877
respectively If the content requester
6 The Scientific World Journal
accessesmaliciously and the content provider implements thegeneral security strategy then the loss of content provideris 119880Benifit NA119877
while the benefit of content requester containsan excess benefit 119880
Cost119875
obtained by malicious access inaddition to the normal average benefit 119880Benifit NA
119877 However
the content requester may be subjected to a punishment119880
Cost119875
if adopting malicious access If the content providerimplements the enforced security strategy then there will beneither benefit nor loss but only the cost of implementingthe enforced security strategy 119880
Cost119875
Based on Definition 4and Figure 2 the payoffmatrix of participants undermultiplecombinations is as follows
119860 = [
[
119880Benifit NA119875
sdot 120572119894minus1
1minus119880
Damage MASuccess119875
sdot 120572119894minus1
2
minus119880Damage NA119875
sdot 120572119894minus1
3minus 119880
Cost119875
120572119894minus1
4minus119880
Cost119875
120572119894minus1
4
]
]
119861 = [
[
119880Benifit NA119877
sdot 120572119894minus1
5+ 119880
Benifit MASuccess119877
sdot 120572119894minus1
6minus 119880
Punish119877
sdot 120572119894minus1
7minus 119880
Punish119877
sdot 120572119894minus1
8minus119880
Punish119877
sdot 120572119894minus1
7minus 119880
Cost119877
120572119894minus1
8
119880Benifit NA119877
sdot 120572119894minus1
50
]
]
(9)
where 120572119894(119894 = 1 2 8) gt 1 is the parameter factor
mainly used to adjust the ratio of user benefit to punishmentThe setting of this value is based on requirements of thedecision makers The benefit matrices A and B denote thatthe userrsquos benefit or loss is closely related to hisher attributesand is proportional to the trustworthiness The reason whythe content requester chooses malicious access is that itis believed that the benefit obtained by malicious accessis larger than that by normal access that is the user isrational However the content provider in social networksincreases his or her attention degree and maximizes the
benefit bymakingmore friends whichmeans that the contentprovider is also rational Supposing that the probability ofcontent provider implementing the general security strategyis 119909 then the probability of implementing enforced securitystrategy is 1 minus 119909 and the mixed strategy for the contentprovider is 119875 = (119909 1 minus 119909) Similarly supposing that themalicious access probability of content requester is119910 then theprobability of normal access is 1 minus 119910 and the mixed strategyof content requester is 119877 = (119910 1 minus 119910) Based on Definition 4and Figure 1 the benefit obtained by the participants undermultiple combinations is as follows
119864SR = Payoff119877sdot 119861 sdot Payoff119879
119875= (119910 1 minus 119910)
sdot [
[
119880Benifit NA119877
sdot 120572119894minus1
5+ 119880
Benifit MASuccess119877
sdot 120572119894minus1
6minus 119880
Punish119877
sdot 120572119894minus1
7minus 119880
Punish119877
sdot 120572119894minus1
8minus119880
Punish119877
sdot 120572119894minus1
7minus 119880
Cost119877
120572119894minus1
8
119880Benifit NA119877
sdot 120572119894minus1
5
0
]
]
sdot (119909
1 minus 119909)
= 119909 sdot 119910 sdot 119880Benifit MASuccess119877
sdot 120572119894minus1
6+ 119909 sdot 119880
Benifit NA119877
sdot 120572119894minus1
5minus 119910 sdot (119880
Punish119877
sdot 120572119894minus1
7+ 119880
Cost119877
120572119894minus1
8)
(10)
By taking the partial derivative of the above equation withrespect to 119910 the condition for the content provider gettingthe optimal strategy is
120597119864119877
120597119910= 119909 sdot 119880
Benifit MASuccess119877
sdot 120572119894minus1
6
minus (119880Punish119877
sdot 120572119894minus1
7+ 119880
Cost119877
120572119894minus1
8) = 0
(11)
Hence there is
119909lowast
=119880
Punish119877
sdot 120572119894minus1
7+ 119880
Cost119877
120572119894minus1
8
119880Benifit MASuccess119877
sdot 120572119894minus1
6
(12)
that is to say 119875lowast = (119909lowast
1 minus 119909lowast
) is the optimal strategy for thecontent provider
It can be seen from the result of observation and analysisthat the accepting probability of content provider is only
related to the benefit and payment of the user By increas-ing the punishment for malicious access from the contentrequester increasing the cost of attacking security strategy byrequester and decreasing the benefit obtained by successfulmalicious accesses from the content requester the probabilityof content provider adopting the general security strategycan be improved and the normal operation of the socialnetwork can be promotedWhen the content provider adoptsgeneral security strategy in the probability of 119909 gt 119909
lowastthe content requester can obtain benefit by normal accessotherwise the optimal strategy for the content requester isto adopt the normal access strategy The strategy can only beused to determine at what probability the content providershould accept the access and to select the parameters fordecision makers in a macroscopic way It still depends on theattributes of the content requester and relevant history whenit comes to a specific access A rational content requester
The Scientific World Journal 7
seeks a method to maximize hisher own payment to playthe game Therefore the one that can meet the demand andenable both parties to keep a stable state is the mixed strategyNash equilibrium which is the lowest condition acceptablefor the content provider The benefit function of the contentprovider is expressed as
119864119875= Payoff
119875sdot 119860 sdot Payoff119879
119877= (119909 1 minus 119909)
sdot [
[
119880Benifit NA119875
sdot 120572119894minus1
1minus119880
Damage MASuccess119875
sdot 120572119894minus1
2
minus119880Damage NA119875
sdot 120572119894minus1
3minus 119880
Cost119875
120572119894minus1
4minus119880
Cost119875
120572119894minus1
4
]
]
sdot (119910
1 minus 119910)
= 119909 sdot 119910 (119880Benifit NA119875
sdot 120572119894minus1
1+ 119880
Damage MASuccess119875
sdot 120572119894minus1
2
+ 119880Damage NA119875
sdot 120572119894minus1
3)
minus 119909 (119880Damage MASuccess119875
sdot 120572119894minus1
2minus 119880
Cost119875
120572119894minus1
4)
minus 119910119880Damage NA119875
sdot 120572119894minus1
3minus 119880
Cost119875
120572119894minus1
4
(13)
By taking the partial derivative of the above equation withrespect to 119909 the condition for the content requester gettingthe optimal strategy is
120597119864119875
120597119909= 119910 (119880
Benifit NA119875
sdot 120572119894minus1
1+ 119880
Damage MASuccess119875
sdot 120572119894minus1
2
+119880Damage NA119875
sdot 120572119894minus1
3)
minus (119880Damage MASuccess119875
sdot 120572119894minus1
2minus 119880
Cost119875
120572119894minus1
4) = 0
(14)
Hence
119910lowast
= (119880Damage MASuccess119875
sdot 120572119894minus1
2minus 119880
Cost119875
120572119894minus1
4)
times (119880Benifit NA119875
sdot 120572119894minus1
1+ 119880
Damage MASuccess119875
sdot 120572119894minus1
2
+119880Damage NA119875
sdot 120572119894minus1
3)minus1
(15)
where119877lowast = (119910lowast
1minus119910lowast
) is the optimal strategy for the contentrequester
It can be seen from the observation result that the mixedstrategy Nash equilibrium for content requester gives anuncertain game-theoretic result to the user Illegal user is notable to get the payoff matrix and decision probability andtherefore is unable to judge how the content provider willprocess the request These users can obtain the payoff matrixand decision probability by illegalmeans but how the contentprovider will make decision is not certain
33 Dynamic Strategy Control Based on Mixed Strategy NashEquilibrium In the above section the mixed strategy Nashequilibrium for the content provider and requester is calcu-lated and the issue of user controlling strategy probability ispresented However it is not certain what the decision will be
Table 1 Parameters settings of the example on Scene 1
Parameters119880
Benifit NA119875
119880Damage NA119875
119880Damage MASuccess119875
119880Cost119875
1 100 100 600 702 150 150 800 100
each time Besides it is necessary to decide by combiningwiththe strategy selected by the content requester This is due tothe fact that the attributes and decision probabilities of differ-ent content requesters are different and the game controllingstrategy depends on the game-theoretic analysis of the twoparties instead of the strategy inference of one party Hencethe content provider needs to adjust the strategies accordingto the decision probability of himselfherself and that of thecontent requester and the requirement of hisher decisionprobability
119875lowast
= (119909lowast
1minus119909lowast
)119877lowast = (119910lowast
1minus119910lowast
) while the requirementby the content provider on the strategy probability of thecontent requester is 119877
0= (1199100 1 minus 119910
0)
(1) The strategy requirement by the content provider isstrict that is 119910
0ge 119910lowast P adopts enforced security
strategy to increase 119909lowast(2) The strategy requirement by the content provider is
strict that is 1199100lt 119910lowast P does not need to increase 119909lowast
and the general security strategy can be adopted
4 Use Cases Analyses
41 Background In multimedia social network the contentprovider distributes the multimedia digital content andcontent requester can ask to access the multimedia digitalcontent When all attributes of the content requester satisfythe requirement of the access control model of multimediasocial network platform the requester can access the digitalcontent However after some content providers access thedigital content they casually distribute themultimedia digitalcontent and disclose the private information without permis-sion to seek illegal benefits In order to prevent suchmaliciousaccess behaviour the multimedia social network platformwill adopt certain punishment methods such as decliningusers to access digital contents However mistakenly refusingnormal users to access multimedia digital content is notbeneficial to the promotion of digital content and drawingattention while no access control will not achieve the pur-pose of preventing malicious access which will damage theinterests of the content provider By using the proposedmixedstrategy the content provider can avoidmalicious access fromthe users and accept normal access
42 Use Cases Game Decision on Security Policies Theparameter factors of game-theoretic analysis 120572
119894(119894 =
1 2 8) are 1 11 1 11 12 11 12 and 11 respectivelyThe assumed values of other parameters are shown as thesecond to eighth columns inTables 1 and 2 By substituting theabove parameters into (6) and (3) the probability of contentrequester adopting malicious access 119910lowast and that of content
8 The Scientific World Journal
Table 2 Parameters settings of the example on Scene 2
Parameters119880
Benifit N119860119877
119880Benifit MASuccess119877
119880Cost119877
119880Punish119877
1 100 500 50 3002 180 700 50 350
provider adopting the general security strategy 119909lowast can becalculated The 119910lowast and 119909
lowast can be calculated according to thedata in the example The content provider can make decisionbased on the dynamic strategy control rule of mixed strategyNash equilibrium Formultimedia social network applicationplatform two typical scenes are set up
Scene 1 The level of the relationship between contentrequester and content provider is 1 set to be 1 119862
0is set to
be 1 119896119894as 1 depth as 1 closeness as 68 and trustworthiness as
1
Scene 2 The level of the relationship between contentrequester and content provider is 1 119862
0is set to be 1 119896
119894as 1
depth as 1 closeness as 98 and trustworthiness as 1Based on the above mentioned scenes and use cases
the value requirement of 119877 from 119875 is given as (066 034)According to the value of each parameter in Table 1 itcan be calculated that P (general security strategy enforcedsecurity strategy) of Scene 1 = (075 025) R (maliciousaccess normal access) = (068 032) At this time P needsto adopt the enforced security strategy In Scene 2 P (generalsecurity strategy enforced security strategy) = (068 032) R(malicious access normal access) = (065 032) At this timeP only needs to adopt the general security strategy
The benefit and punishment obtained by the contentrequester increase with the increase of trustworthiness andcloseness and decrease with the deepening of the relation-ship With the increase of trustworthiness and closeness ofcontent provider and the decrease of relationship depth theprobability of content requester adopting malicious accessis decreasing while the probability of content provideradopting the general security strategy is increasing This isin accordance with the actual practice on the social networkThe content provider can implement the access control basedon the mixed strategy Nash equilibrium between the twoparties to further adjust the probability of adopting thecorresponding strategy However the content requester doesnot know which strategy the content provider will adoptand the cost of adopting malicious access and the receivedpunishment is far greater than the benefit obtained fromsuccessful malicious access Hence the provider requesterwill not adopt the malicious access strategy easily
43 Discussions The decision-making model and methodfor adopting of security policies are firmly based on thegame theory and its applications on information securityso it is complete and robust Besides it has also flexibilitydue to an ability to represent the game on multiparticipantand multisecurity policies not only two parties and twostrategies The proposed approach to decision has significant
advantages including effectiveness onMSNs security policiescombination realization and deployment convenience on theleast overhead of security management and benefits andproductivity for contents providers owing to wider contentsaccess and sharing in MSNs
5 Conclusions
This paper proposed a game-based analysis on security poli-cies to obtain an optimal combination of security policies forcontent access in MSNs thus achieving utility maximizationbetween users For this reason this study created the TPTAbetween the content provider and the content requester Andthenwe proposed a typical game-theoretic control of securitystrategy obtained themixed strategy Nash equilibrium basedon security attribute of the user and analyzed a practicalexample In this study the strategy selection under the exist-ing access control mechanism of social network is addressedA game-theoretic analysis method is provided for the selec-tion of security strategy by the content provider and for theprotection of multimedia digital content In the future theresearch challenge will focus on an in-depth consideration toeffectively and rationally deploy security policies by theMSNsgame-theoretic analysis of security strategy under contentsharing conditions so as to improve the security credibilityand flexibility of the real MSNs applications and services Ingeneral the novel game-theoretical model for MSNs is alsosuitable for the same scenarios and services where multiplestakeholders have their own benefits and strategies choicesincluding general social media network and applications
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This work was sponsored by the National Natural Sci-ence Foundation of China Grant no 61370220 Plan ForScientific Innovation Talent of Henan Province Grant no134100510006 Key Program for Basic Research of the Edu-cation Department of Henan Province Grant nos 13A520240and 14A520048 and the Joint-Research Project titled ldquoKeytechnologies research on a novel network security defensesystemrdquo Grant no 61440144 The authors also thank QingliChen for her works on related experiments and analyses
References
[1] A Sachan S Emmanuel and M Kankanhalli ldquoAn efficientaccess control method for multimedia social networksrdquo inProceedings of the 2nd ACM SIGMMWorkshop on Social Media(WSM rsquo10) pp 33ndash38 Firenze Italy October 2010
[2] W Villegas A trust-based access control scheme for socialnetworks [MS thesis] School of Computer Science McGillUniversity Montreal Canada 2008
[3] B Carminati ldquoAccess control and privacy in web-based socialnetworksrdquo International Journal of Web Information Systemsvol 4 no 4 pp 395ndash415 2008
The Scientific World Journal 9
[4] M Hart R Johnson and A Stent ldquoMore content-less controlaccess control in the web 20rdquo in Proceedings of theWorkshop onWeb 20 Security and Privacy at the IEEE Symposium on Securityand Privacy pp 1ndash3 Oakland Calif USA May 2007
[5] J Park R Sandhu and Y Cheng ldquoA user-activity-centricframework for access control in online social networksrdquo IEEEInternet Computing vol 15 no 5 pp 62ndash65 2011
[6] B AliWVillegas andMMaheswaran ldquoA trust based approachfor protecting user data in social networksrdquo in Proceedings ofthe Conference of the Center for Advanced Studies on Collab-orative Research (CASCON rsquo07) pp 288ndash293 Richmond HillMontreal Canada October 2007
[7] S R Kruk S Grzonkowski A Gzella et al ldquoD-FOAF dis-tributed identity management with access rights delegationrdquoin The Semantic Web vol 4185 of Lecture Notes in ComputerScience pp 140ndash154 2006
[8] H Wang and L Sun ldquoTrust-involved access control in col-laborative open social networksrdquo in Proceedings of the 4thInternational Conference on Network and System Security (NSSrsquo10) pp 239ndash246 Melbourne Australia September 2010
[9] Z Y Zhang and K L Wang ldquoA trust model for multimediasocial networksrdquo Social Networks Analysis and Mining vol 3no 4 pp 969ndash979 2012
[10] B Carminati E Ferrari and A Perego ldquoRule-based accesscontrol for social networksrdquo in Proceedings of the Move toMeaningful Internet Systems 2006 OTM 2006 Workshops pp1734ndash1744 Montpellier France 2006
[11] L-Q Tian and C Lin ldquoA kind of game-theoretic controlmechanism of user behavior trust based on prediction intrustworthy networkrdquoChinese Journal of Computers vol 30 no11 pp 1930ndash1938 2007
[12] Q Wen Y Z Wang and J Y Yu ldquoA game theoretical model ofinformation dissemination in social networkrdquo in Proceedings ofInternational Conference on Complex Systems Agadir MoroccoNovember 2012
[13] S B Zhang W D Cai and Y J Li ldquoA game-theory basedaccess control method suitable for social networkrdquo Journal ofNorthwestern Polytechnical University vol 29 no 4 pp 652ndash657 2011
[14] Z Zhang Q Pei J Ma and L Yang ldquoEstablishing multi-partytrust architecture for drm by using game-theoretic analysis ofsecurity policiesrdquo Chinese Journal of Electronics vol 18 no 3pp 519ndash524 2009
[15] Z Zhang Q Pei J Ma L Yang and K Fan ldquoCooperativeand non-cooperative game-theoretic analyses of adoptions ofsecurity policies for DRMrdquo in Proceedings of the 6th IEEEConsumer Communications and Networking Conference (CCNCrsquo09) pp 1ndash5 Las Vegas Nev USA January 2009
[16] Z Zhang Q Pei J Ma and L Yang ldquoGame-theoretic analysesand simulations of adoptions of security policies for DRMin contents sharing scenariordquo Intelligent Automation amp SoftComputing vol 17 no 2 pp 191ndash203 2011
[17] Z Zhang S Lian Q Pei and J Pu ldquoFuzzy risk assessments onsecurity policies for digital rightsmanagementrdquoNeural NetworkWorld vol 20 no 3 pp 265ndash284 2010
[18] Z Y Zhang Risk Assessment and Management AcademyPublish 2012
Submit your manuscripts athttpwwwhindawicom
Computer Games Technology
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Distributed Sensor Networks
International Journal of
Advances in
FuzzySystems
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014
International Journal of
ReconfigurableComputing
Hindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Applied Computational Intelligence and Soft Computing
thinspAdvancesthinspinthinsp
Artificial Intelligence
HindawithinspPublishingthinspCorporationhttpwwwhindawicom Volumethinsp2014
Advances inSoftware EngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Journal of
Computer Networks and Communications
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation
httpwwwhindawicom Volume 2014
Advances in
Multimedia
International Journal of
Biomedical Imaging
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
ArtificialNeural Systems
Advances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Computational Intelligence and Neuroscience
Industrial EngineeringJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Human-ComputerInteraction
Advances in
Computer EngineeringAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
2 The Scientific World Journal
and sessionsThe proposed online social network (OSN) hadthe following characteristics First in personalized policiesthe OSN users had their own security and privacy policiesand attributes Second the proposedOSN separated the usersfrom resource policies Third the proposed OSN supportedaccess control that was independent of the user relationshipand sessions that represented actions It also took intoaccount the enhanced control which is not referred to in theexisting OSN services Many of the latest literatures on theOSN access control cannot distinguish between sessions andusers
(2) Trust-Based Access Control Ali et al [6] applied a multi-level security approach inwhich trust was the only parameterthat was used to determine the security levels of the users andresourcesMore precisely each user was assigned a reputationvalueThe reputation valuewas a userrsquos average trust level thatwas specified by other users However Ali and his colleaguesonly considered direct trust relationship without taking intoaccount the indirect trust relationship Kruk et al [7] thenproposed a distributed authentication management systembased on the second round ldquofriendrdquo relationship to bringout the management of access rights and trust authorizationWang and Sun [8] proposed a trust-related managementframework that included access control policies and a privacyprotection mechanism This mechanism administers theaccess policies on the data that contain the provable infor-mation enhances the support to the highly complex privacyrelated policies and takes consideration of the purpose andobligations Under this mechanism the agent can performaccess rights on the objects based on relationships trustspurposes and obligations This mechanism also introducedstrategic operations and the concept of policy conflicts andproposed a purpose related access control policy frameworkSachan et al [1] pointed out that the traditional access controlcannot meet the fine-grained access control requirementsand the large number of users To solve this problemthey proposed an efficient bit-vector transform based accesscontrol mechanism suitable for MSNs They converted thecontent related certificate into an efficient architecture andthen verified the security storage and execution efficiencyof the proposed mechanism rough simulations Villegas [2]proposed a personal data access control (PDAC) schemePDAC computes a ldquotrusted distancerdquo measure between usersthat is composed of the hop distance on the social networkand an affine distance derived from experiential data Zhangand Wang [9] proposed a trust model for social networksBased on deep analysis of the characteristics of social net-works they developed a computational model for calculatingtrust in social networks Carminati et al [10] proposed arule-based access control model and used certificate chainas a parameter for calculating trust so as to realize effectivecontrol of content access in social networks
These studies focused mainly on relationship and trust-based user access control and realized the controllable safetransmission of digital content in the MSNs However inthe relationship-based user access control only the directrelationship is considered while the indirect relationshipbetween users the type of relationship and closeness of
the relationships are not considered In the study of trust-based access control there was no unified understanding ofthe trust threshold The setting of the trust threshold candirectly affect the security of digital content and controllabledissemination
In order to solve these issues in social network accesscontrol and to prevent excessive denial to normal access oraccess to much malicious contents the approach of adoptingsecurity policies through game-theoretic analyses is pro-posed Tian and Lin [11] proposed a trust prediction-basedgame control mechanism for trustworthy networks Thismechanism could not only predict behavior trust level withsingle trust attribute but also could predict trust level with themultiple trust attributes so as to help participants to achievethe maximization of utility Wen et al [12] proposed game-theoretic model for information dissemination in social net-works This model reflected the influence of human behavioron information dissemination and conceptualized partici-pantsrsquo utility function based on different partiesrsquo interests Anempirical study indicated that information dissemination canbe divided into several stages and the dissemination speed islimited by the characteristics of each person in the networkZhang et al [13] proposed game-based social network accesscontrol For the ldquononfriendrdquo type of access users on thebasis of defining user trust and its calculation methodthis study conducted game-theoretic analyses by integratingthe payoff matrix of both the content provider and thecontent requester calculated the hybrid Nash equilibriumprovided decision-making criteria for access control andfinally analyzed the utility of the access control methodwith examples None of these three models consider thepersonalization problem of the content providersrsquo securitypolicy and only conceptualize it as accepting or denyingaccess In addition in the participantsrsquo utility function noneof the models consider the inherent cost such as the costof implementing security policies for the content providersand the cost of malicious access for the access requestersZhang et al [14 15] for a general digital rights management(DRM) value chain system proposed a layered analysisof multiparty trust architecture by using game-theoreticanalyses of adoption of security policies Based on formalizedutilities of security policies and services the adoption ofsecurity policies with external relativity is described as a gamebetween the content provider the digital servicesprovidersand the content requester Based on the utility of the securitypolicies and their influence on each partyrsquos benefits the Nashequilibrium value was achieved which is an optimal andstable combination of security policies thus establishing andstrengthening multiparty trust In order to effectively selectand deploy security policies in content sharing scenariosZhang et al [16] introduced the game theory to analyze theinfluence of security policies that use trusted-computing-enhanced security policy stakeholders At last Zhang et alconducted game-theoretic analyses and swarm simulationThe results indicated that the obtained digital content andsecurity cost had direct impact on the content providerrsquoschoice of security policies In addition different basic-sharingmodels including local intermediate and extensive sharingmodels will further affect the choice of the content providers
The Scientific World Journal 3
The mixed-sharing model was much more similar to the realcontent sharing situations Due to limited power sharing andhigher security cost the dynamic security policy is better thanthe fully enhanced security policies but with the reduction ofmore power and enhanced security cost the latter strategywould be the best and the most stable Nash equilibrium[17 18]
As noted above there are a lot of studies about access con-trol issues in MSNs however a successful access of multime-dia digital content (MMDC) should have the following threefactors security trust and benefits So far because of the lackof access control inMSNs theMMDC access is only based onsecurity policies and the related mechanismsTherefore howto make a rational use of security policies to maximize thebenefits of the participants is worth considering This paperproposes a game-based security policies adoption approachfor MSNs This system is benefits-centric that enables theparticipants to find an optimal and stable security policy inMSNs
2 Formalized Game of Security Policies
21 Two-Party Trust Architecture Recently game theory iswidely applied in economics biology evolution and infor-mation technology especially for the decision-making oninformation security polices when multiple stakeholdershave their own benefits and strategies moving The MSNscenario has such characteristics as needed by game theory
A general MSN is composed of different stakeholderssuch as P (content providers) and R (content requester)Based on the basic analysis of the trust relationship two-partytrust architecture (TPTA) is the trust architecture between 119875
and 119877 This system includes a set of security rules namelythe basic security rules and the optional security rules Thespecific security policies can be achieved by using thesesecurity rules As shown in Figure 1 participants are rationalagent (RA) who can rationally select and deploy a securitypolicy based on the game theory
22 Basic Components
Definition 1 (party) A symbol weierp denotes personal playerparticipating in content provider and content access thesetwo roles are interchangeable in MSNs The weierp can takedifferent roles in MMDC sharing the content providerscan assume the role of the content requester while thecontent requester can also take the content provider roleTheformalized weierp participant is as follows
weierp = 120572 | stakeholder accessing to contents
MMSN VauleChainMPTA = 119875 119877MMDC (1)
Definition 2 (security rules) In response to the participantsrsquosecurity requirements one security rule corresponds toone user attribute constraint which ensures the security ofMMDC A symbol SRlowast denotes basic security rules theother SR denotes optional security rules Notation of 119891 119908119906 denotes an effective factor from factor set 119865 influencing
benefit ofweierp the weight value of factor and a positivenegativeutility respectively Here the normalized weight is based onthe weight of all of the factors of SR
security rule = SRlowast1 SRlowast2 SRlowast
119894 SR1 SR2 SR
119895
119865 (sr119904) = 119891sr 1 119891sr 2 119891sr 119897 (1 le 119904 le 119897)
120583 (sr119904) =
119897
sum
119894=1
119906119894(
119908119894
sumℎ
119896=1119908119896
)
(2)
Property 1 (external relativity of optional security rules) Iftwo or multiple optional security rules are from differentparties choose to adopt simultaneously or adopt only oneof them according to the needs of participants The externalrelativity of these rules is described as follows in which C(weierp)denotes the base set of weierp
(1) If 119875 has some strict requirements for MMDC access(R must meet all the security rules before accessingthe MMDC)
Relative Components = sr1 sr2 sr
119901
forall119894 119895 (1 le 119894 119895 le 119901 2 le 119901 le C (weierp)) exist119904
119905 (119904 119905 isin 119875 119877) (sr119894isin SR119904 sr119895isin SR119905 119894 = 119895 997888rarr 119904 = 119905)
(3)
(2) If 119875 has relaxed requirements for MMDC access (Ronly needs to meet any one of the security rules toaccess MMDC)
Relative Components = sr1 sr2 sr
119901
forall119894 119895 (1 le 119894 119895 le 119901 2 le 119901 le C (weierp)) exist119904
119905 (119904 119905 isin 119875 119877) (sr119894isin SR119904or sr119895isin SR119905)
(4)
Definition 3 (security rules) Sp includes the 119875 and 119877rsquos spdenoted respectively as spP and spR spP is considered as aset of security rules and services spR includes normal accessand malicious access
sp119875= srlowast1 srlowast
119894 sr1 sr2 sr
119904 (0 le 119904 le 119895)
SP119875119894= sp1119894 sp2119894 spC(SP119894)
119894 (C (SP
119894) = 2119895
119894 isin 119875 119877)
sp119877= normalmalicious
(5)
Definition 4 (utility of sp) Utility119880119875of spP is a sumof utilities
of all rules or services involved in spP utility 119880119877of spR is a
sum of utilities of all rules or services involved in spR
119880 (sp119875) =
119894
sum
119901=0
120583 (srlowast119901) +
119895
sum
119901=0
120583 (sr119901) +
119896
sum
119901=0
120583 (MMDC)
119880 (sp119877) =
119894
sum
119901=0
120583 (sr119877) +
119895
sum
119901=0
120583 (MMDC)
(6)
4 The Scientific World Journal
Contents provider Contents requesterParticipants of
multimedia social networks
Fundamental requirements of
security
Contents protections and privacy protection Privacy protection
Security rules
Abstractive rational agent Rational Rational
Multiparty trust relationship Benefits-centric two-player noncooperative game on security policies
Game control on security policies
Security policies set of Security policies set of R
Security policies set
Game control on security policies
BSC OSC BSC
P
agentP agentR
Figure 1 Two-party trust architecture in multimedia social networks
23 Formalized Game of Security Policies
Definition 5 (rational agent) A symbol RA denotes a rationalactor aiming at a maximization of benefit and makes adecision on adopting a certain security policy In TPTA thereare two RAs with respect to two parties namely RAP andRAR
Definition 6 (payoff of RA) In TPTA a payoffRAdenotes theacquired benefits from security policies set It is the carry forRAadoption of security policies Benefits include two aspectsRA or changes of RA
Definition 7 (two-party game) Two-party game119866 of securitypolices denotes a process of making decision on effective andrational adoption of security policies that have effect on ben-efit of the opposing parties To achieve utility maximizationand balance the game is depicted by a set of three tuples as⟨weierp sp payoff⟩ SP represents the security policies set
119866 = ⟨RA119894 SP119894Payoff (RA
119894RAminus119894)⟩ | 119894 = 119875 119877 (7)
Definition 8 (Nash equilibrium under policies combination)For any RA when adopting a security policy splowastacquiresgreater benefit than the benefit acquired by choosing anyother sp the combination of each RArsquos splowast is considered asa balance of payoffs by adopting relatively dominant securitypolicies
Payoff (RAsplowast119894
RAsplowastminus119894
) ge Payoff (RAsp119895119894RAsplowastminus119894
)
119895 isin SP119894 119895 =lowast
119894 isin 119875 119877 (minus119894 isin 119875 119877 minus119894 = 119894)
(8)
where (splowast119875 splowast119877) is a relatively dominant pure policies com-
bination
24 Game of Security Policies in Two Scenarios
Theorem9 (two parties both change game in content access)Content access is a general scenario in MSNs In this scenariothe adoption of security policies is considered to be a particulargame process in which both 119875 and 119877 change simultaneously
Proof In TPTA according to RAP and RAR in Definition 5denote their security policies combinations as SPP and SPRrespectively Game was further formalized as 119866acquisition =
⟨RA119894 SP119894Payoff(RA
119894RAminus119894)⟩ in which 119894 = 119875 119877 For
MMDCaccess P needs to set up security rules forRrsquosMMDCaccess that is choosing a particular sp from SP Undernormal circumstances the process of content access hastiming characteristics after RAR requests MMDC access toRAP RAR should meet the access control policies Howeverwhen each RA adopts and initializes SP they do not knowother RArsquos changes of sps In addition during the contenttransaction the setting of the MMDC security polices inMSNs cannot be changed Therefore the change process ofRA in security policies is a simultaneous change of the gamerather than a continuous change of the game
Theorem 10 The trust values of the content providersrsquo benefitsand those of the content requestersrsquo benefits are proportional
Proof Based on the utilities of the content provider and thecontent requester in Definition 4 the trust values of contentrequesters 119877
119894and 119877
119895are i j assuming that i lt j Because the
larger the trust value the larger the i j values therefore thetrust value of 119894 is larger than that of 119895The larger the user trustvalue the larger the 120583(MMDC) value the greater the utilityand therefore the larger the 119875 and 119877 benefits
Deduction 1 (repeated game in content access scenario) Whenseveral content access sessions are carried out the partic-ipants in MSNs will choose to reactivate a game in order
The Scientific World Journal 5
to select a security policy The new game can be seen as arepetitive game which is based on the process and results ofthe previous game and get a new equilibrium
Proof In a given scenario as the access to content increasesthe adoption of security policies will change accordinglyWhen RAP and RAR select security policies again a repeatedgame will happen combined with sessions of the previousgame and transaction to obtain a new security policiescombination which is called a new Nash equilibrium
3 Game-Theoretic Analysis of TypicalSecurity Strategy
In an access control model of multimedia social networkwhich has universal significance each party has a securitystrategy set and practical choice set representing movingin content access Some typical 119875 and 119877 security strategiesare listed in Section 21 The following two sections cite thesecurity benefits of all security rules effective strategy com-binations and participant benefits respectively A strategyselection example is finally analyzed
31 Typical Security Strategy In this study some typicalsecurity strategies are presented A real access control formultimedia social network may include but is not limited tothese strategies In Definition 2 in Section 21 some securityrules that can meet the security demand of any party arementioned first and then security strategy set can be easilyderived
The security rules of two participants include relationshiptype (RelT) depth (Dep) compactness (C) and trust (T)
Similarly since the SR set of 119875 can be denoted as119866lowast
Deplowast 119862lowast 119879lowast the security strategy set is general secu-rity strategy enhanced security strategy The enhancedsecurity strategy is 119896
1119866lowast
+ 1198962Deplowast + 119896
3119862lowast
+ 1198964119879lowast where
119896119894(119894 = 1 2 3 4) isin 0 1 sum4
119894=1119896119894
= 0 denoted by sp119901
For the access into MMDC there are two types of Rnormal access (NA) and malicious access (MA) Thereforethe security strategy set is MAlowastNAlowast
By the typical security strategies and related SR analysisabove the utility impact factor weight and the utility of SRwill be introduced in this section As SRlowast cannot change theutility of sp only the utility of SR is considered here
32 Effective Strategy Combination and Its Utility Since thereare two security strategies for each party there are 4 possiblestrategy combinations in the game Figure 2 describes thesecurity strategy combinations of participants where sp
119894(119894 isin
SP SP) denotes the strategy mentioned in the subgraphThe benefits of content provider and content requester are
defined as followsThe symbol 119880Benifit NA
119875denotes the fact that when the
content provider implements the general safety strategy andthe content requester adopts the normal access the contentprovider may obtain normal average benefit such as the riseof the number of friends increase of attention degree andacquisition of the information of content requester
P
R
sp1
Psp2
P
sp2
Rsp1
R
Figure 2 Security strategy combinations
The symbol 119880Damage MASuccess119875
gt 0 denotes the possibleaverage amount of loss after the content provider implementsgeneral safety strategy and content requester adopts themalicious access such as the multimedia digital contentof the content provider being forwarded casually Anothermaliciousness includes impersonating user identity using thecontent providerrsquos information
The symbol 119880Damage NA119875
gt 0 denotes the possible averageamount of loss of content provider when the content providerimplements the enforced security strategy and the contentrequester accesses normally such as declining normal useraccessing so that the social network resource is not fully usedand the loss of no cooperation caused by distrust between thetwo parties
The symbol 119880Cost119875
gt 0 denotes the cost of deployingsecurity strategy for content provider such as the increaseof time expenditure Consider 119880Cost
119875= 1198620(1198961119866lowast
+ 1198962Deplowast +
1198963119862lowast
+ 1198964119879lowast
)The symbol 119880
Benifit NA119877
denotes the average benefitobtained by the content requester when the content requesteraccesses normally and content provider implements theenforced security strategy such as rise of the number offriends increase of attention degree and promotion of digitalcontent
The symbol 119880Benifit MASuccess119877
denotes the excess benefitobtained by content requester when the content requesteradopts malicious behaviors and content provider implementsgeneral security strategy such as distributing the multimediadigital content casually and disclosing private informationwithout permission
The symbol 119880Cost119877
gt 0 denotes the cost of attacking thesecurity strategy platform by the content requester
The symbol 119880Punish119877
gt 0 denotes the punishment thatmay be given to the content requester adopting maliciousbehaviors such as decreasing the trustworthiness of contentrequester suspending the access right to social network forthe content requester or suing the content requester where119880
Benifit MASuccess119877
gt 119880Cost119875
First we analyze the gain and loss of the benefits of
both content provider and requester If the content requesteraccesses normally and the content provider implements theenforced security strategy then the content requester andprovider will both benefit and their benefits are denoted as119880
Benifit NA119875
and119880Benifit NA119877
respectively If the content requester
6 The Scientific World Journal
accessesmaliciously and the content provider implements thegeneral security strategy then the loss of content provideris 119880Benifit NA119877
while the benefit of content requester containsan excess benefit 119880
Cost119875
obtained by malicious access inaddition to the normal average benefit 119880Benifit NA
119877 However
the content requester may be subjected to a punishment119880
Cost119875
if adopting malicious access If the content providerimplements the enforced security strategy then there will beneither benefit nor loss but only the cost of implementingthe enforced security strategy 119880
Cost119875
Based on Definition 4and Figure 2 the payoffmatrix of participants undermultiplecombinations is as follows
119860 = [
[
119880Benifit NA119875
sdot 120572119894minus1
1minus119880
Damage MASuccess119875
sdot 120572119894minus1
2
minus119880Damage NA119875
sdot 120572119894minus1
3minus 119880
Cost119875
120572119894minus1
4minus119880
Cost119875
120572119894minus1
4
]
]
119861 = [
[
119880Benifit NA119877
sdot 120572119894minus1
5+ 119880
Benifit MASuccess119877
sdot 120572119894minus1
6minus 119880
Punish119877
sdot 120572119894minus1
7minus 119880
Punish119877
sdot 120572119894minus1
8minus119880
Punish119877
sdot 120572119894minus1
7minus 119880
Cost119877
120572119894minus1
8
119880Benifit NA119877
sdot 120572119894minus1
50
]
]
(9)
where 120572119894(119894 = 1 2 8) gt 1 is the parameter factor
mainly used to adjust the ratio of user benefit to punishmentThe setting of this value is based on requirements of thedecision makers The benefit matrices A and B denote thatthe userrsquos benefit or loss is closely related to hisher attributesand is proportional to the trustworthiness The reason whythe content requester chooses malicious access is that itis believed that the benefit obtained by malicious accessis larger than that by normal access that is the user isrational However the content provider in social networksincreases his or her attention degree and maximizes the
benefit bymakingmore friends whichmeans that the contentprovider is also rational Supposing that the probability ofcontent provider implementing the general security strategyis 119909 then the probability of implementing enforced securitystrategy is 1 minus 119909 and the mixed strategy for the contentprovider is 119875 = (119909 1 minus 119909) Similarly supposing that themalicious access probability of content requester is119910 then theprobability of normal access is 1 minus 119910 and the mixed strategyof content requester is 119877 = (119910 1 minus 119910) Based on Definition 4and Figure 1 the benefit obtained by the participants undermultiple combinations is as follows
119864SR = Payoff119877sdot 119861 sdot Payoff119879
119875= (119910 1 minus 119910)
sdot [
[
119880Benifit NA119877
sdot 120572119894minus1
5+ 119880
Benifit MASuccess119877
sdot 120572119894minus1
6minus 119880
Punish119877
sdot 120572119894minus1
7minus 119880
Punish119877
sdot 120572119894minus1
8minus119880
Punish119877
sdot 120572119894minus1
7minus 119880
Cost119877
120572119894minus1
8
119880Benifit NA119877
sdot 120572119894minus1
5
0
]
]
sdot (119909
1 minus 119909)
= 119909 sdot 119910 sdot 119880Benifit MASuccess119877
sdot 120572119894minus1
6+ 119909 sdot 119880
Benifit NA119877
sdot 120572119894minus1
5minus 119910 sdot (119880
Punish119877
sdot 120572119894minus1
7+ 119880
Cost119877
120572119894minus1
8)
(10)
By taking the partial derivative of the above equation withrespect to 119910 the condition for the content provider gettingthe optimal strategy is
120597119864119877
120597119910= 119909 sdot 119880
Benifit MASuccess119877
sdot 120572119894minus1
6
minus (119880Punish119877
sdot 120572119894minus1
7+ 119880
Cost119877
120572119894minus1
8) = 0
(11)
Hence there is
119909lowast
=119880
Punish119877
sdot 120572119894minus1
7+ 119880
Cost119877
120572119894minus1
8
119880Benifit MASuccess119877
sdot 120572119894minus1
6
(12)
that is to say 119875lowast = (119909lowast
1 minus 119909lowast
) is the optimal strategy for thecontent provider
It can be seen from the result of observation and analysisthat the accepting probability of content provider is only
related to the benefit and payment of the user By increas-ing the punishment for malicious access from the contentrequester increasing the cost of attacking security strategy byrequester and decreasing the benefit obtained by successfulmalicious accesses from the content requester the probabilityof content provider adopting the general security strategycan be improved and the normal operation of the socialnetwork can be promotedWhen the content provider adoptsgeneral security strategy in the probability of 119909 gt 119909
lowastthe content requester can obtain benefit by normal accessotherwise the optimal strategy for the content requester isto adopt the normal access strategy The strategy can only beused to determine at what probability the content providershould accept the access and to select the parameters fordecision makers in a macroscopic way It still depends on theattributes of the content requester and relevant history whenit comes to a specific access A rational content requester
The Scientific World Journal 7
seeks a method to maximize hisher own payment to playthe game Therefore the one that can meet the demand andenable both parties to keep a stable state is the mixed strategyNash equilibrium which is the lowest condition acceptablefor the content provider The benefit function of the contentprovider is expressed as
119864119875= Payoff
119875sdot 119860 sdot Payoff119879
119877= (119909 1 minus 119909)
sdot [
[
119880Benifit NA119875
sdot 120572119894minus1
1minus119880
Damage MASuccess119875
sdot 120572119894minus1
2
minus119880Damage NA119875
sdot 120572119894minus1
3minus 119880
Cost119875
120572119894minus1
4minus119880
Cost119875
120572119894minus1
4
]
]
sdot (119910
1 minus 119910)
= 119909 sdot 119910 (119880Benifit NA119875
sdot 120572119894minus1
1+ 119880
Damage MASuccess119875
sdot 120572119894minus1
2
+ 119880Damage NA119875
sdot 120572119894minus1
3)
minus 119909 (119880Damage MASuccess119875
sdot 120572119894minus1
2minus 119880
Cost119875
120572119894minus1
4)
minus 119910119880Damage NA119875
sdot 120572119894minus1
3minus 119880
Cost119875
120572119894minus1
4
(13)
By taking the partial derivative of the above equation withrespect to 119909 the condition for the content requester gettingthe optimal strategy is
120597119864119875
120597119909= 119910 (119880
Benifit NA119875
sdot 120572119894minus1
1+ 119880
Damage MASuccess119875
sdot 120572119894minus1
2
+119880Damage NA119875
sdot 120572119894minus1
3)
minus (119880Damage MASuccess119875
sdot 120572119894minus1
2minus 119880
Cost119875
120572119894minus1
4) = 0
(14)
Hence
119910lowast
= (119880Damage MASuccess119875
sdot 120572119894minus1
2minus 119880
Cost119875
120572119894minus1
4)
times (119880Benifit NA119875
sdot 120572119894minus1
1+ 119880
Damage MASuccess119875
sdot 120572119894minus1
2
+119880Damage NA119875
sdot 120572119894minus1
3)minus1
(15)
where119877lowast = (119910lowast
1minus119910lowast
) is the optimal strategy for the contentrequester
It can be seen from the observation result that the mixedstrategy Nash equilibrium for content requester gives anuncertain game-theoretic result to the user Illegal user is notable to get the payoff matrix and decision probability andtherefore is unable to judge how the content provider willprocess the request These users can obtain the payoff matrixand decision probability by illegalmeans but how the contentprovider will make decision is not certain
33 Dynamic Strategy Control Based on Mixed Strategy NashEquilibrium In the above section the mixed strategy Nashequilibrium for the content provider and requester is calcu-lated and the issue of user controlling strategy probability ispresented However it is not certain what the decision will be
Table 1 Parameters settings of the example on Scene 1
Parameters119880
Benifit NA119875
119880Damage NA119875
119880Damage MASuccess119875
119880Cost119875
1 100 100 600 702 150 150 800 100
each time Besides it is necessary to decide by combiningwiththe strategy selected by the content requester This is due tothe fact that the attributes and decision probabilities of differ-ent content requesters are different and the game controllingstrategy depends on the game-theoretic analysis of the twoparties instead of the strategy inference of one party Hencethe content provider needs to adjust the strategies accordingto the decision probability of himselfherself and that of thecontent requester and the requirement of hisher decisionprobability
119875lowast
= (119909lowast
1minus119909lowast
)119877lowast = (119910lowast
1minus119910lowast
) while the requirementby the content provider on the strategy probability of thecontent requester is 119877
0= (1199100 1 minus 119910
0)
(1) The strategy requirement by the content provider isstrict that is 119910
0ge 119910lowast P adopts enforced security
strategy to increase 119909lowast(2) The strategy requirement by the content provider is
strict that is 1199100lt 119910lowast P does not need to increase 119909lowast
and the general security strategy can be adopted
4 Use Cases Analyses
41 Background In multimedia social network the contentprovider distributes the multimedia digital content andcontent requester can ask to access the multimedia digitalcontent When all attributes of the content requester satisfythe requirement of the access control model of multimediasocial network platform the requester can access the digitalcontent However after some content providers access thedigital content they casually distribute themultimedia digitalcontent and disclose the private information without permis-sion to seek illegal benefits In order to prevent suchmaliciousaccess behaviour the multimedia social network platformwill adopt certain punishment methods such as decliningusers to access digital contents However mistakenly refusingnormal users to access multimedia digital content is notbeneficial to the promotion of digital content and drawingattention while no access control will not achieve the pur-pose of preventing malicious access which will damage theinterests of the content provider By using the proposedmixedstrategy the content provider can avoidmalicious access fromthe users and accept normal access
42 Use Cases Game Decision on Security Policies Theparameter factors of game-theoretic analysis 120572
119894(119894 =
1 2 8) are 1 11 1 11 12 11 12 and 11 respectivelyThe assumed values of other parameters are shown as thesecond to eighth columns inTables 1 and 2 By substituting theabove parameters into (6) and (3) the probability of contentrequester adopting malicious access 119910lowast and that of content
8 The Scientific World Journal
Table 2 Parameters settings of the example on Scene 2
Parameters119880
Benifit N119860119877
119880Benifit MASuccess119877
119880Cost119877
119880Punish119877
1 100 500 50 3002 180 700 50 350
provider adopting the general security strategy 119909lowast can becalculated The 119910lowast and 119909
lowast can be calculated according to thedata in the example The content provider can make decisionbased on the dynamic strategy control rule of mixed strategyNash equilibrium Formultimedia social network applicationplatform two typical scenes are set up
Scene 1 The level of the relationship between contentrequester and content provider is 1 set to be 1 119862
0is set to
be 1 119896119894as 1 depth as 1 closeness as 68 and trustworthiness as
1
Scene 2 The level of the relationship between contentrequester and content provider is 1 119862
0is set to be 1 119896
119894as 1
depth as 1 closeness as 98 and trustworthiness as 1Based on the above mentioned scenes and use cases
the value requirement of 119877 from 119875 is given as (066 034)According to the value of each parameter in Table 1 itcan be calculated that P (general security strategy enforcedsecurity strategy) of Scene 1 = (075 025) R (maliciousaccess normal access) = (068 032) At this time P needsto adopt the enforced security strategy In Scene 2 P (generalsecurity strategy enforced security strategy) = (068 032) R(malicious access normal access) = (065 032) At this timeP only needs to adopt the general security strategy
The benefit and punishment obtained by the contentrequester increase with the increase of trustworthiness andcloseness and decrease with the deepening of the relation-ship With the increase of trustworthiness and closeness ofcontent provider and the decrease of relationship depth theprobability of content requester adopting malicious accessis decreasing while the probability of content provideradopting the general security strategy is increasing This isin accordance with the actual practice on the social networkThe content provider can implement the access control basedon the mixed strategy Nash equilibrium between the twoparties to further adjust the probability of adopting thecorresponding strategy However the content requester doesnot know which strategy the content provider will adoptand the cost of adopting malicious access and the receivedpunishment is far greater than the benefit obtained fromsuccessful malicious access Hence the provider requesterwill not adopt the malicious access strategy easily
43 Discussions The decision-making model and methodfor adopting of security policies are firmly based on thegame theory and its applications on information securityso it is complete and robust Besides it has also flexibilitydue to an ability to represent the game on multiparticipantand multisecurity policies not only two parties and twostrategies The proposed approach to decision has significant
advantages including effectiveness onMSNs security policiescombination realization and deployment convenience on theleast overhead of security management and benefits andproductivity for contents providers owing to wider contentsaccess and sharing in MSNs
5 Conclusions
This paper proposed a game-based analysis on security poli-cies to obtain an optimal combination of security policies forcontent access in MSNs thus achieving utility maximizationbetween users For this reason this study created the TPTAbetween the content provider and the content requester Andthenwe proposed a typical game-theoretic control of securitystrategy obtained themixed strategy Nash equilibrium basedon security attribute of the user and analyzed a practicalexample In this study the strategy selection under the exist-ing access control mechanism of social network is addressedA game-theoretic analysis method is provided for the selec-tion of security strategy by the content provider and for theprotection of multimedia digital content In the future theresearch challenge will focus on an in-depth consideration toeffectively and rationally deploy security policies by theMSNsgame-theoretic analysis of security strategy under contentsharing conditions so as to improve the security credibilityand flexibility of the real MSNs applications and services Ingeneral the novel game-theoretical model for MSNs is alsosuitable for the same scenarios and services where multiplestakeholders have their own benefits and strategies choicesincluding general social media network and applications
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This work was sponsored by the National Natural Sci-ence Foundation of China Grant no 61370220 Plan ForScientific Innovation Talent of Henan Province Grant no134100510006 Key Program for Basic Research of the Edu-cation Department of Henan Province Grant nos 13A520240and 14A520048 and the Joint-Research Project titled ldquoKeytechnologies research on a novel network security defensesystemrdquo Grant no 61440144 The authors also thank QingliChen for her works on related experiments and analyses
References
[1] A Sachan S Emmanuel and M Kankanhalli ldquoAn efficientaccess control method for multimedia social networksrdquo inProceedings of the 2nd ACM SIGMMWorkshop on Social Media(WSM rsquo10) pp 33ndash38 Firenze Italy October 2010
[2] W Villegas A trust-based access control scheme for socialnetworks [MS thesis] School of Computer Science McGillUniversity Montreal Canada 2008
[3] B Carminati ldquoAccess control and privacy in web-based socialnetworksrdquo International Journal of Web Information Systemsvol 4 no 4 pp 395ndash415 2008
The Scientific World Journal 9
[4] M Hart R Johnson and A Stent ldquoMore content-less controlaccess control in the web 20rdquo in Proceedings of theWorkshop onWeb 20 Security and Privacy at the IEEE Symposium on Securityand Privacy pp 1ndash3 Oakland Calif USA May 2007
[5] J Park R Sandhu and Y Cheng ldquoA user-activity-centricframework for access control in online social networksrdquo IEEEInternet Computing vol 15 no 5 pp 62ndash65 2011
[6] B AliWVillegas andMMaheswaran ldquoA trust based approachfor protecting user data in social networksrdquo in Proceedings ofthe Conference of the Center for Advanced Studies on Collab-orative Research (CASCON rsquo07) pp 288ndash293 Richmond HillMontreal Canada October 2007
[7] S R Kruk S Grzonkowski A Gzella et al ldquoD-FOAF dis-tributed identity management with access rights delegationrdquoin The Semantic Web vol 4185 of Lecture Notes in ComputerScience pp 140ndash154 2006
[8] H Wang and L Sun ldquoTrust-involved access control in col-laborative open social networksrdquo in Proceedings of the 4thInternational Conference on Network and System Security (NSSrsquo10) pp 239ndash246 Melbourne Australia September 2010
[9] Z Y Zhang and K L Wang ldquoA trust model for multimediasocial networksrdquo Social Networks Analysis and Mining vol 3no 4 pp 969ndash979 2012
[10] B Carminati E Ferrari and A Perego ldquoRule-based accesscontrol for social networksrdquo in Proceedings of the Move toMeaningful Internet Systems 2006 OTM 2006 Workshops pp1734ndash1744 Montpellier France 2006
[11] L-Q Tian and C Lin ldquoA kind of game-theoretic controlmechanism of user behavior trust based on prediction intrustworthy networkrdquoChinese Journal of Computers vol 30 no11 pp 1930ndash1938 2007
[12] Q Wen Y Z Wang and J Y Yu ldquoA game theoretical model ofinformation dissemination in social networkrdquo in Proceedings ofInternational Conference on Complex Systems Agadir MoroccoNovember 2012
[13] S B Zhang W D Cai and Y J Li ldquoA game-theory basedaccess control method suitable for social networkrdquo Journal ofNorthwestern Polytechnical University vol 29 no 4 pp 652ndash657 2011
[14] Z Zhang Q Pei J Ma and L Yang ldquoEstablishing multi-partytrust architecture for drm by using game-theoretic analysis ofsecurity policiesrdquo Chinese Journal of Electronics vol 18 no 3pp 519ndash524 2009
[15] Z Zhang Q Pei J Ma L Yang and K Fan ldquoCooperativeand non-cooperative game-theoretic analyses of adoptions ofsecurity policies for DRMrdquo in Proceedings of the 6th IEEEConsumer Communications and Networking Conference (CCNCrsquo09) pp 1ndash5 Las Vegas Nev USA January 2009
[16] Z Zhang Q Pei J Ma and L Yang ldquoGame-theoretic analysesand simulations of adoptions of security policies for DRMin contents sharing scenariordquo Intelligent Automation amp SoftComputing vol 17 no 2 pp 191ndash203 2011
[17] Z Zhang S Lian Q Pei and J Pu ldquoFuzzy risk assessments onsecurity policies for digital rightsmanagementrdquoNeural NetworkWorld vol 20 no 3 pp 265ndash284 2010
[18] Z Y Zhang Risk Assessment and Management AcademyPublish 2012
Submit your manuscripts athttpwwwhindawicom
Computer Games Technology
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Distributed Sensor Networks
International Journal of
Advances in
FuzzySystems
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014
International Journal of
ReconfigurableComputing
Hindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Applied Computational Intelligence and Soft Computing
thinspAdvancesthinspinthinsp
Artificial Intelligence
HindawithinspPublishingthinspCorporationhttpwwwhindawicom Volumethinsp2014
Advances inSoftware EngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Journal of
Computer Networks and Communications
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation
httpwwwhindawicom Volume 2014
Advances in
Multimedia
International Journal of
Biomedical Imaging
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
ArtificialNeural Systems
Advances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Computational Intelligence and Neuroscience
Industrial EngineeringJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Human-ComputerInteraction
Advances in
Computer EngineeringAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World Journal 3
The mixed-sharing model was much more similar to the realcontent sharing situations Due to limited power sharing andhigher security cost the dynamic security policy is better thanthe fully enhanced security policies but with the reduction ofmore power and enhanced security cost the latter strategywould be the best and the most stable Nash equilibrium[17 18]
As noted above there are a lot of studies about access con-trol issues in MSNs however a successful access of multime-dia digital content (MMDC) should have the following threefactors security trust and benefits So far because of the lackof access control inMSNs theMMDC access is only based onsecurity policies and the related mechanismsTherefore howto make a rational use of security policies to maximize thebenefits of the participants is worth considering This paperproposes a game-based security policies adoption approachfor MSNs This system is benefits-centric that enables theparticipants to find an optimal and stable security policy inMSNs
2 Formalized Game of Security Policies
21 Two-Party Trust Architecture Recently game theory iswidely applied in economics biology evolution and infor-mation technology especially for the decision-making oninformation security polices when multiple stakeholdershave their own benefits and strategies moving The MSNscenario has such characteristics as needed by game theory
A general MSN is composed of different stakeholderssuch as P (content providers) and R (content requester)Based on the basic analysis of the trust relationship two-partytrust architecture (TPTA) is the trust architecture between 119875
and 119877 This system includes a set of security rules namelythe basic security rules and the optional security rules Thespecific security policies can be achieved by using thesesecurity rules As shown in Figure 1 participants are rationalagent (RA) who can rationally select and deploy a securitypolicy based on the game theory
22 Basic Components
Definition 1 (party) A symbol weierp denotes personal playerparticipating in content provider and content access thesetwo roles are interchangeable in MSNs The weierp can takedifferent roles in MMDC sharing the content providerscan assume the role of the content requester while thecontent requester can also take the content provider roleTheformalized weierp participant is as follows
weierp = 120572 | stakeholder accessing to contents
MMSN VauleChainMPTA = 119875 119877MMDC (1)
Definition 2 (security rules) In response to the participantsrsquosecurity requirements one security rule corresponds toone user attribute constraint which ensures the security ofMMDC A symbol SRlowast denotes basic security rules theother SR denotes optional security rules Notation of 119891 119908119906 denotes an effective factor from factor set 119865 influencing
benefit ofweierp the weight value of factor and a positivenegativeutility respectively Here the normalized weight is based onthe weight of all of the factors of SR
security rule = SRlowast1 SRlowast2 SRlowast
119894 SR1 SR2 SR
119895
119865 (sr119904) = 119891sr 1 119891sr 2 119891sr 119897 (1 le 119904 le 119897)
120583 (sr119904) =
119897
sum
119894=1
119906119894(
119908119894
sumℎ
119896=1119908119896
)
(2)
Property 1 (external relativity of optional security rules) Iftwo or multiple optional security rules are from differentparties choose to adopt simultaneously or adopt only oneof them according to the needs of participants The externalrelativity of these rules is described as follows in which C(weierp)denotes the base set of weierp
(1) If 119875 has some strict requirements for MMDC access(R must meet all the security rules before accessingthe MMDC)
Relative Components = sr1 sr2 sr
119901
forall119894 119895 (1 le 119894 119895 le 119901 2 le 119901 le C (weierp)) exist119904
119905 (119904 119905 isin 119875 119877) (sr119894isin SR119904 sr119895isin SR119905 119894 = 119895 997888rarr 119904 = 119905)
(3)
(2) If 119875 has relaxed requirements for MMDC access (Ronly needs to meet any one of the security rules toaccess MMDC)
Relative Components = sr1 sr2 sr
119901
forall119894 119895 (1 le 119894 119895 le 119901 2 le 119901 le C (weierp)) exist119904
119905 (119904 119905 isin 119875 119877) (sr119894isin SR119904or sr119895isin SR119905)
(4)
Definition 3 (security rules) Sp includes the 119875 and 119877rsquos spdenoted respectively as spP and spR spP is considered as aset of security rules and services spR includes normal accessand malicious access
sp119875= srlowast1 srlowast
119894 sr1 sr2 sr
119904 (0 le 119904 le 119895)
SP119875119894= sp1119894 sp2119894 spC(SP119894)
119894 (C (SP
119894) = 2119895
119894 isin 119875 119877)
sp119877= normalmalicious
(5)
Definition 4 (utility of sp) Utility119880119875of spP is a sumof utilities
of all rules or services involved in spP utility 119880119877of spR is a
sum of utilities of all rules or services involved in spR
119880 (sp119875) =
119894
sum
119901=0
120583 (srlowast119901) +
119895
sum
119901=0
120583 (sr119901) +
119896
sum
119901=0
120583 (MMDC)
119880 (sp119877) =
119894
sum
119901=0
120583 (sr119877) +
119895
sum
119901=0
120583 (MMDC)
(6)
4 The Scientific World Journal
Contents provider Contents requesterParticipants of
multimedia social networks
Fundamental requirements of
security
Contents protections and privacy protection Privacy protection
Security rules
Abstractive rational agent Rational Rational
Multiparty trust relationship Benefits-centric two-player noncooperative game on security policies
Game control on security policies
Security policies set of Security policies set of R
Security policies set
Game control on security policies
BSC OSC BSC
P
agentP agentR
Figure 1 Two-party trust architecture in multimedia social networks
23 Formalized Game of Security Policies
Definition 5 (rational agent) A symbol RA denotes a rationalactor aiming at a maximization of benefit and makes adecision on adopting a certain security policy In TPTA thereare two RAs with respect to two parties namely RAP andRAR
Definition 6 (payoff of RA) In TPTA a payoffRAdenotes theacquired benefits from security policies set It is the carry forRAadoption of security policies Benefits include two aspectsRA or changes of RA
Definition 7 (two-party game) Two-party game119866 of securitypolices denotes a process of making decision on effective andrational adoption of security policies that have effect on ben-efit of the opposing parties To achieve utility maximizationand balance the game is depicted by a set of three tuples as⟨weierp sp payoff⟩ SP represents the security policies set
119866 = ⟨RA119894 SP119894Payoff (RA
119894RAminus119894)⟩ | 119894 = 119875 119877 (7)
Definition 8 (Nash equilibrium under policies combination)For any RA when adopting a security policy splowastacquiresgreater benefit than the benefit acquired by choosing anyother sp the combination of each RArsquos splowast is considered asa balance of payoffs by adopting relatively dominant securitypolicies
Payoff (RAsplowast119894
RAsplowastminus119894
) ge Payoff (RAsp119895119894RAsplowastminus119894
)
119895 isin SP119894 119895 =lowast
119894 isin 119875 119877 (minus119894 isin 119875 119877 minus119894 = 119894)
(8)
where (splowast119875 splowast119877) is a relatively dominant pure policies com-
bination
24 Game of Security Policies in Two Scenarios
Theorem9 (two parties both change game in content access)Content access is a general scenario in MSNs In this scenariothe adoption of security policies is considered to be a particulargame process in which both 119875 and 119877 change simultaneously
Proof In TPTA according to RAP and RAR in Definition 5denote their security policies combinations as SPP and SPRrespectively Game was further formalized as 119866acquisition =
⟨RA119894 SP119894Payoff(RA
119894RAminus119894)⟩ in which 119894 = 119875 119877 For
MMDCaccess P needs to set up security rules forRrsquosMMDCaccess that is choosing a particular sp from SP Undernormal circumstances the process of content access hastiming characteristics after RAR requests MMDC access toRAP RAR should meet the access control policies Howeverwhen each RA adopts and initializes SP they do not knowother RArsquos changes of sps In addition during the contenttransaction the setting of the MMDC security polices inMSNs cannot be changed Therefore the change process ofRA in security policies is a simultaneous change of the gamerather than a continuous change of the game
Theorem 10 The trust values of the content providersrsquo benefitsand those of the content requestersrsquo benefits are proportional
Proof Based on the utilities of the content provider and thecontent requester in Definition 4 the trust values of contentrequesters 119877
119894and 119877
119895are i j assuming that i lt j Because the
larger the trust value the larger the i j values therefore thetrust value of 119894 is larger than that of 119895The larger the user trustvalue the larger the 120583(MMDC) value the greater the utilityand therefore the larger the 119875 and 119877 benefits
Deduction 1 (repeated game in content access scenario) Whenseveral content access sessions are carried out the partic-ipants in MSNs will choose to reactivate a game in order
The Scientific World Journal 5
to select a security policy The new game can be seen as arepetitive game which is based on the process and results ofthe previous game and get a new equilibrium
Proof In a given scenario as the access to content increasesthe adoption of security policies will change accordinglyWhen RAP and RAR select security policies again a repeatedgame will happen combined with sessions of the previousgame and transaction to obtain a new security policiescombination which is called a new Nash equilibrium
3 Game-Theoretic Analysis of TypicalSecurity Strategy
In an access control model of multimedia social networkwhich has universal significance each party has a securitystrategy set and practical choice set representing movingin content access Some typical 119875 and 119877 security strategiesare listed in Section 21 The following two sections cite thesecurity benefits of all security rules effective strategy com-binations and participant benefits respectively A strategyselection example is finally analyzed
31 Typical Security Strategy In this study some typicalsecurity strategies are presented A real access control formultimedia social network may include but is not limited tothese strategies In Definition 2 in Section 21 some securityrules that can meet the security demand of any party arementioned first and then security strategy set can be easilyderived
The security rules of two participants include relationshiptype (RelT) depth (Dep) compactness (C) and trust (T)
Similarly since the SR set of 119875 can be denoted as119866lowast
Deplowast 119862lowast 119879lowast the security strategy set is general secu-rity strategy enhanced security strategy The enhancedsecurity strategy is 119896
1119866lowast
+ 1198962Deplowast + 119896
3119862lowast
+ 1198964119879lowast where
119896119894(119894 = 1 2 3 4) isin 0 1 sum4
119894=1119896119894
= 0 denoted by sp119901
For the access into MMDC there are two types of Rnormal access (NA) and malicious access (MA) Thereforethe security strategy set is MAlowastNAlowast
By the typical security strategies and related SR analysisabove the utility impact factor weight and the utility of SRwill be introduced in this section As SRlowast cannot change theutility of sp only the utility of SR is considered here
32 Effective Strategy Combination and Its Utility Since thereare two security strategies for each party there are 4 possiblestrategy combinations in the game Figure 2 describes thesecurity strategy combinations of participants where sp
119894(119894 isin
SP SP) denotes the strategy mentioned in the subgraphThe benefits of content provider and content requester are
defined as followsThe symbol 119880Benifit NA
119875denotes the fact that when the
content provider implements the general safety strategy andthe content requester adopts the normal access the contentprovider may obtain normal average benefit such as the riseof the number of friends increase of attention degree andacquisition of the information of content requester
P
R
sp1
Psp2
P
sp2
Rsp1
R
Figure 2 Security strategy combinations
The symbol 119880Damage MASuccess119875
gt 0 denotes the possibleaverage amount of loss after the content provider implementsgeneral safety strategy and content requester adopts themalicious access such as the multimedia digital contentof the content provider being forwarded casually Anothermaliciousness includes impersonating user identity using thecontent providerrsquos information
The symbol 119880Damage NA119875
gt 0 denotes the possible averageamount of loss of content provider when the content providerimplements the enforced security strategy and the contentrequester accesses normally such as declining normal useraccessing so that the social network resource is not fully usedand the loss of no cooperation caused by distrust between thetwo parties
The symbol 119880Cost119875
gt 0 denotes the cost of deployingsecurity strategy for content provider such as the increaseof time expenditure Consider 119880Cost
119875= 1198620(1198961119866lowast
+ 1198962Deplowast +
1198963119862lowast
+ 1198964119879lowast
)The symbol 119880
Benifit NA119877
denotes the average benefitobtained by the content requester when the content requesteraccesses normally and content provider implements theenforced security strategy such as rise of the number offriends increase of attention degree and promotion of digitalcontent
The symbol 119880Benifit MASuccess119877
denotes the excess benefitobtained by content requester when the content requesteradopts malicious behaviors and content provider implementsgeneral security strategy such as distributing the multimediadigital content casually and disclosing private informationwithout permission
The symbol 119880Cost119877
gt 0 denotes the cost of attacking thesecurity strategy platform by the content requester
The symbol 119880Punish119877
gt 0 denotes the punishment thatmay be given to the content requester adopting maliciousbehaviors such as decreasing the trustworthiness of contentrequester suspending the access right to social network forthe content requester or suing the content requester where119880
Benifit MASuccess119877
gt 119880Cost119875
First we analyze the gain and loss of the benefits of
both content provider and requester If the content requesteraccesses normally and the content provider implements theenforced security strategy then the content requester andprovider will both benefit and their benefits are denoted as119880
Benifit NA119875
and119880Benifit NA119877
respectively If the content requester
6 The Scientific World Journal
accessesmaliciously and the content provider implements thegeneral security strategy then the loss of content provideris 119880Benifit NA119877
while the benefit of content requester containsan excess benefit 119880
Cost119875
obtained by malicious access inaddition to the normal average benefit 119880Benifit NA
119877 However
the content requester may be subjected to a punishment119880
Cost119875
if adopting malicious access If the content providerimplements the enforced security strategy then there will beneither benefit nor loss but only the cost of implementingthe enforced security strategy 119880
Cost119875
Based on Definition 4and Figure 2 the payoffmatrix of participants undermultiplecombinations is as follows
119860 = [
[
119880Benifit NA119875
sdot 120572119894minus1
1minus119880
Damage MASuccess119875
sdot 120572119894minus1
2
minus119880Damage NA119875
sdot 120572119894minus1
3minus 119880
Cost119875
120572119894minus1
4minus119880
Cost119875
120572119894minus1
4
]
]
119861 = [
[
119880Benifit NA119877
sdot 120572119894minus1
5+ 119880
Benifit MASuccess119877
sdot 120572119894minus1
6minus 119880
Punish119877
sdot 120572119894minus1
7minus 119880
Punish119877
sdot 120572119894minus1
8minus119880
Punish119877
sdot 120572119894minus1
7minus 119880
Cost119877
120572119894minus1
8
119880Benifit NA119877
sdot 120572119894minus1
50
]
]
(9)
where 120572119894(119894 = 1 2 8) gt 1 is the parameter factor
mainly used to adjust the ratio of user benefit to punishmentThe setting of this value is based on requirements of thedecision makers The benefit matrices A and B denote thatthe userrsquos benefit or loss is closely related to hisher attributesand is proportional to the trustworthiness The reason whythe content requester chooses malicious access is that itis believed that the benefit obtained by malicious accessis larger than that by normal access that is the user isrational However the content provider in social networksincreases his or her attention degree and maximizes the
benefit bymakingmore friends whichmeans that the contentprovider is also rational Supposing that the probability ofcontent provider implementing the general security strategyis 119909 then the probability of implementing enforced securitystrategy is 1 minus 119909 and the mixed strategy for the contentprovider is 119875 = (119909 1 minus 119909) Similarly supposing that themalicious access probability of content requester is119910 then theprobability of normal access is 1 minus 119910 and the mixed strategyof content requester is 119877 = (119910 1 minus 119910) Based on Definition 4and Figure 1 the benefit obtained by the participants undermultiple combinations is as follows
119864SR = Payoff119877sdot 119861 sdot Payoff119879
119875= (119910 1 minus 119910)
sdot [
[
119880Benifit NA119877
sdot 120572119894minus1
5+ 119880
Benifit MASuccess119877
sdot 120572119894minus1
6minus 119880
Punish119877
sdot 120572119894minus1
7minus 119880
Punish119877
sdot 120572119894minus1
8minus119880
Punish119877
sdot 120572119894minus1
7minus 119880
Cost119877
120572119894minus1
8
119880Benifit NA119877
sdot 120572119894minus1
5
0
]
]
sdot (119909
1 minus 119909)
= 119909 sdot 119910 sdot 119880Benifit MASuccess119877
sdot 120572119894minus1
6+ 119909 sdot 119880
Benifit NA119877
sdot 120572119894minus1
5minus 119910 sdot (119880
Punish119877
sdot 120572119894minus1
7+ 119880
Cost119877
120572119894minus1
8)
(10)
By taking the partial derivative of the above equation withrespect to 119910 the condition for the content provider gettingthe optimal strategy is
120597119864119877
120597119910= 119909 sdot 119880
Benifit MASuccess119877
sdot 120572119894minus1
6
minus (119880Punish119877
sdot 120572119894minus1
7+ 119880
Cost119877
120572119894minus1
8) = 0
(11)
Hence there is
119909lowast
=119880
Punish119877
sdot 120572119894minus1
7+ 119880
Cost119877
120572119894minus1
8
119880Benifit MASuccess119877
sdot 120572119894minus1
6
(12)
that is to say 119875lowast = (119909lowast
1 minus 119909lowast
) is the optimal strategy for thecontent provider
It can be seen from the result of observation and analysisthat the accepting probability of content provider is only
related to the benefit and payment of the user By increas-ing the punishment for malicious access from the contentrequester increasing the cost of attacking security strategy byrequester and decreasing the benefit obtained by successfulmalicious accesses from the content requester the probabilityof content provider adopting the general security strategycan be improved and the normal operation of the socialnetwork can be promotedWhen the content provider adoptsgeneral security strategy in the probability of 119909 gt 119909
lowastthe content requester can obtain benefit by normal accessotherwise the optimal strategy for the content requester isto adopt the normal access strategy The strategy can only beused to determine at what probability the content providershould accept the access and to select the parameters fordecision makers in a macroscopic way It still depends on theattributes of the content requester and relevant history whenit comes to a specific access A rational content requester
The Scientific World Journal 7
seeks a method to maximize hisher own payment to playthe game Therefore the one that can meet the demand andenable both parties to keep a stable state is the mixed strategyNash equilibrium which is the lowest condition acceptablefor the content provider The benefit function of the contentprovider is expressed as
119864119875= Payoff
119875sdot 119860 sdot Payoff119879
119877= (119909 1 minus 119909)
sdot [
[
119880Benifit NA119875
sdot 120572119894minus1
1minus119880
Damage MASuccess119875
sdot 120572119894minus1
2
minus119880Damage NA119875
sdot 120572119894minus1
3minus 119880
Cost119875
120572119894minus1
4minus119880
Cost119875
120572119894minus1
4
]
]
sdot (119910
1 minus 119910)
= 119909 sdot 119910 (119880Benifit NA119875
sdot 120572119894minus1
1+ 119880
Damage MASuccess119875
sdot 120572119894minus1
2
+ 119880Damage NA119875
sdot 120572119894minus1
3)
minus 119909 (119880Damage MASuccess119875
sdot 120572119894minus1
2minus 119880
Cost119875
120572119894minus1
4)
minus 119910119880Damage NA119875
sdot 120572119894minus1
3minus 119880
Cost119875
120572119894minus1
4
(13)
By taking the partial derivative of the above equation withrespect to 119909 the condition for the content requester gettingthe optimal strategy is
120597119864119875
120597119909= 119910 (119880
Benifit NA119875
sdot 120572119894minus1
1+ 119880
Damage MASuccess119875
sdot 120572119894minus1
2
+119880Damage NA119875
sdot 120572119894minus1
3)
minus (119880Damage MASuccess119875
sdot 120572119894minus1
2minus 119880
Cost119875
120572119894minus1
4) = 0
(14)
Hence
119910lowast
= (119880Damage MASuccess119875
sdot 120572119894minus1
2minus 119880
Cost119875
120572119894minus1
4)
times (119880Benifit NA119875
sdot 120572119894minus1
1+ 119880
Damage MASuccess119875
sdot 120572119894minus1
2
+119880Damage NA119875
sdot 120572119894minus1
3)minus1
(15)
where119877lowast = (119910lowast
1minus119910lowast
) is the optimal strategy for the contentrequester
It can be seen from the observation result that the mixedstrategy Nash equilibrium for content requester gives anuncertain game-theoretic result to the user Illegal user is notable to get the payoff matrix and decision probability andtherefore is unable to judge how the content provider willprocess the request These users can obtain the payoff matrixand decision probability by illegalmeans but how the contentprovider will make decision is not certain
33 Dynamic Strategy Control Based on Mixed Strategy NashEquilibrium In the above section the mixed strategy Nashequilibrium for the content provider and requester is calcu-lated and the issue of user controlling strategy probability ispresented However it is not certain what the decision will be
Table 1 Parameters settings of the example on Scene 1
Parameters119880
Benifit NA119875
119880Damage NA119875
119880Damage MASuccess119875
119880Cost119875
1 100 100 600 702 150 150 800 100
each time Besides it is necessary to decide by combiningwiththe strategy selected by the content requester This is due tothe fact that the attributes and decision probabilities of differ-ent content requesters are different and the game controllingstrategy depends on the game-theoretic analysis of the twoparties instead of the strategy inference of one party Hencethe content provider needs to adjust the strategies accordingto the decision probability of himselfherself and that of thecontent requester and the requirement of hisher decisionprobability
119875lowast
= (119909lowast
1minus119909lowast
)119877lowast = (119910lowast
1minus119910lowast
) while the requirementby the content provider on the strategy probability of thecontent requester is 119877
0= (1199100 1 minus 119910
0)
(1) The strategy requirement by the content provider isstrict that is 119910
0ge 119910lowast P adopts enforced security
strategy to increase 119909lowast(2) The strategy requirement by the content provider is
strict that is 1199100lt 119910lowast P does not need to increase 119909lowast
and the general security strategy can be adopted
4 Use Cases Analyses
41 Background In multimedia social network the contentprovider distributes the multimedia digital content andcontent requester can ask to access the multimedia digitalcontent When all attributes of the content requester satisfythe requirement of the access control model of multimediasocial network platform the requester can access the digitalcontent However after some content providers access thedigital content they casually distribute themultimedia digitalcontent and disclose the private information without permis-sion to seek illegal benefits In order to prevent suchmaliciousaccess behaviour the multimedia social network platformwill adopt certain punishment methods such as decliningusers to access digital contents However mistakenly refusingnormal users to access multimedia digital content is notbeneficial to the promotion of digital content and drawingattention while no access control will not achieve the pur-pose of preventing malicious access which will damage theinterests of the content provider By using the proposedmixedstrategy the content provider can avoidmalicious access fromthe users and accept normal access
42 Use Cases Game Decision on Security Policies Theparameter factors of game-theoretic analysis 120572
119894(119894 =
1 2 8) are 1 11 1 11 12 11 12 and 11 respectivelyThe assumed values of other parameters are shown as thesecond to eighth columns inTables 1 and 2 By substituting theabove parameters into (6) and (3) the probability of contentrequester adopting malicious access 119910lowast and that of content
8 The Scientific World Journal
Table 2 Parameters settings of the example on Scene 2
Parameters119880
Benifit N119860119877
119880Benifit MASuccess119877
119880Cost119877
119880Punish119877
1 100 500 50 3002 180 700 50 350
provider adopting the general security strategy 119909lowast can becalculated The 119910lowast and 119909
lowast can be calculated according to thedata in the example The content provider can make decisionbased on the dynamic strategy control rule of mixed strategyNash equilibrium Formultimedia social network applicationplatform two typical scenes are set up
Scene 1 The level of the relationship between contentrequester and content provider is 1 set to be 1 119862
0is set to
be 1 119896119894as 1 depth as 1 closeness as 68 and trustworthiness as
1
Scene 2 The level of the relationship between contentrequester and content provider is 1 119862
0is set to be 1 119896
119894as 1
depth as 1 closeness as 98 and trustworthiness as 1Based on the above mentioned scenes and use cases
the value requirement of 119877 from 119875 is given as (066 034)According to the value of each parameter in Table 1 itcan be calculated that P (general security strategy enforcedsecurity strategy) of Scene 1 = (075 025) R (maliciousaccess normal access) = (068 032) At this time P needsto adopt the enforced security strategy In Scene 2 P (generalsecurity strategy enforced security strategy) = (068 032) R(malicious access normal access) = (065 032) At this timeP only needs to adopt the general security strategy
The benefit and punishment obtained by the contentrequester increase with the increase of trustworthiness andcloseness and decrease with the deepening of the relation-ship With the increase of trustworthiness and closeness ofcontent provider and the decrease of relationship depth theprobability of content requester adopting malicious accessis decreasing while the probability of content provideradopting the general security strategy is increasing This isin accordance with the actual practice on the social networkThe content provider can implement the access control basedon the mixed strategy Nash equilibrium between the twoparties to further adjust the probability of adopting thecorresponding strategy However the content requester doesnot know which strategy the content provider will adoptand the cost of adopting malicious access and the receivedpunishment is far greater than the benefit obtained fromsuccessful malicious access Hence the provider requesterwill not adopt the malicious access strategy easily
43 Discussions The decision-making model and methodfor adopting of security policies are firmly based on thegame theory and its applications on information securityso it is complete and robust Besides it has also flexibilitydue to an ability to represent the game on multiparticipantand multisecurity policies not only two parties and twostrategies The proposed approach to decision has significant
advantages including effectiveness onMSNs security policiescombination realization and deployment convenience on theleast overhead of security management and benefits andproductivity for contents providers owing to wider contentsaccess and sharing in MSNs
5 Conclusions
This paper proposed a game-based analysis on security poli-cies to obtain an optimal combination of security policies forcontent access in MSNs thus achieving utility maximizationbetween users For this reason this study created the TPTAbetween the content provider and the content requester Andthenwe proposed a typical game-theoretic control of securitystrategy obtained themixed strategy Nash equilibrium basedon security attribute of the user and analyzed a practicalexample In this study the strategy selection under the exist-ing access control mechanism of social network is addressedA game-theoretic analysis method is provided for the selec-tion of security strategy by the content provider and for theprotection of multimedia digital content In the future theresearch challenge will focus on an in-depth consideration toeffectively and rationally deploy security policies by theMSNsgame-theoretic analysis of security strategy under contentsharing conditions so as to improve the security credibilityand flexibility of the real MSNs applications and services Ingeneral the novel game-theoretical model for MSNs is alsosuitable for the same scenarios and services where multiplestakeholders have their own benefits and strategies choicesincluding general social media network and applications
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This work was sponsored by the National Natural Sci-ence Foundation of China Grant no 61370220 Plan ForScientific Innovation Talent of Henan Province Grant no134100510006 Key Program for Basic Research of the Edu-cation Department of Henan Province Grant nos 13A520240and 14A520048 and the Joint-Research Project titled ldquoKeytechnologies research on a novel network security defensesystemrdquo Grant no 61440144 The authors also thank QingliChen for her works on related experiments and analyses
References
[1] A Sachan S Emmanuel and M Kankanhalli ldquoAn efficientaccess control method for multimedia social networksrdquo inProceedings of the 2nd ACM SIGMMWorkshop on Social Media(WSM rsquo10) pp 33ndash38 Firenze Italy October 2010
[2] W Villegas A trust-based access control scheme for socialnetworks [MS thesis] School of Computer Science McGillUniversity Montreal Canada 2008
[3] B Carminati ldquoAccess control and privacy in web-based socialnetworksrdquo International Journal of Web Information Systemsvol 4 no 4 pp 395ndash415 2008
The Scientific World Journal 9
[4] M Hart R Johnson and A Stent ldquoMore content-less controlaccess control in the web 20rdquo in Proceedings of theWorkshop onWeb 20 Security and Privacy at the IEEE Symposium on Securityand Privacy pp 1ndash3 Oakland Calif USA May 2007
[5] J Park R Sandhu and Y Cheng ldquoA user-activity-centricframework for access control in online social networksrdquo IEEEInternet Computing vol 15 no 5 pp 62ndash65 2011
[6] B AliWVillegas andMMaheswaran ldquoA trust based approachfor protecting user data in social networksrdquo in Proceedings ofthe Conference of the Center for Advanced Studies on Collab-orative Research (CASCON rsquo07) pp 288ndash293 Richmond HillMontreal Canada October 2007
[7] S R Kruk S Grzonkowski A Gzella et al ldquoD-FOAF dis-tributed identity management with access rights delegationrdquoin The Semantic Web vol 4185 of Lecture Notes in ComputerScience pp 140ndash154 2006
[8] H Wang and L Sun ldquoTrust-involved access control in col-laborative open social networksrdquo in Proceedings of the 4thInternational Conference on Network and System Security (NSSrsquo10) pp 239ndash246 Melbourne Australia September 2010
[9] Z Y Zhang and K L Wang ldquoA trust model for multimediasocial networksrdquo Social Networks Analysis and Mining vol 3no 4 pp 969ndash979 2012
[10] B Carminati E Ferrari and A Perego ldquoRule-based accesscontrol for social networksrdquo in Proceedings of the Move toMeaningful Internet Systems 2006 OTM 2006 Workshops pp1734ndash1744 Montpellier France 2006
[11] L-Q Tian and C Lin ldquoA kind of game-theoretic controlmechanism of user behavior trust based on prediction intrustworthy networkrdquoChinese Journal of Computers vol 30 no11 pp 1930ndash1938 2007
[12] Q Wen Y Z Wang and J Y Yu ldquoA game theoretical model ofinformation dissemination in social networkrdquo in Proceedings ofInternational Conference on Complex Systems Agadir MoroccoNovember 2012
[13] S B Zhang W D Cai and Y J Li ldquoA game-theory basedaccess control method suitable for social networkrdquo Journal ofNorthwestern Polytechnical University vol 29 no 4 pp 652ndash657 2011
[14] Z Zhang Q Pei J Ma and L Yang ldquoEstablishing multi-partytrust architecture for drm by using game-theoretic analysis ofsecurity policiesrdquo Chinese Journal of Electronics vol 18 no 3pp 519ndash524 2009
[15] Z Zhang Q Pei J Ma L Yang and K Fan ldquoCooperativeand non-cooperative game-theoretic analyses of adoptions ofsecurity policies for DRMrdquo in Proceedings of the 6th IEEEConsumer Communications and Networking Conference (CCNCrsquo09) pp 1ndash5 Las Vegas Nev USA January 2009
[16] Z Zhang Q Pei J Ma and L Yang ldquoGame-theoretic analysesand simulations of adoptions of security policies for DRMin contents sharing scenariordquo Intelligent Automation amp SoftComputing vol 17 no 2 pp 191ndash203 2011
[17] Z Zhang S Lian Q Pei and J Pu ldquoFuzzy risk assessments onsecurity policies for digital rightsmanagementrdquoNeural NetworkWorld vol 20 no 3 pp 265ndash284 2010
[18] Z Y Zhang Risk Assessment and Management AcademyPublish 2012
Submit your manuscripts athttpwwwhindawicom
Computer Games Technology
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Distributed Sensor Networks
International Journal of
Advances in
FuzzySystems
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014
International Journal of
ReconfigurableComputing
Hindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Applied Computational Intelligence and Soft Computing
thinspAdvancesthinspinthinsp
Artificial Intelligence
HindawithinspPublishingthinspCorporationhttpwwwhindawicom Volumethinsp2014
Advances inSoftware EngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Journal of
Computer Networks and Communications
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation
httpwwwhindawicom Volume 2014
Advances in
Multimedia
International Journal of
Biomedical Imaging
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
ArtificialNeural Systems
Advances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Computational Intelligence and Neuroscience
Industrial EngineeringJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Human-ComputerInteraction
Advances in
Computer EngineeringAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
4 The Scientific World Journal
Contents provider Contents requesterParticipants of
multimedia social networks
Fundamental requirements of
security
Contents protections and privacy protection Privacy protection
Security rules
Abstractive rational agent Rational Rational
Multiparty trust relationship Benefits-centric two-player noncooperative game on security policies
Game control on security policies
Security policies set of Security policies set of R
Security policies set
Game control on security policies
BSC OSC BSC
P
agentP agentR
Figure 1 Two-party trust architecture in multimedia social networks
23 Formalized Game of Security Policies
Definition 5 (rational agent) A symbol RA denotes a rationalactor aiming at a maximization of benefit and makes adecision on adopting a certain security policy In TPTA thereare two RAs with respect to two parties namely RAP andRAR
Definition 6 (payoff of RA) In TPTA a payoffRAdenotes theacquired benefits from security policies set It is the carry forRAadoption of security policies Benefits include two aspectsRA or changes of RA
Definition 7 (two-party game) Two-party game119866 of securitypolices denotes a process of making decision on effective andrational adoption of security policies that have effect on ben-efit of the opposing parties To achieve utility maximizationand balance the game is depicted by a set of three tuples as⟨weierp sp payoff⟩ SP represents the security policies set
119866 = ⟨RA119894 SP119894Payoff (RA
119894RAminus119894)⟩ | 119894 = 119875 119877 (7)
Definition 8 (Nash equilibrium under policies combination)For any RA when adopting a security policy splowastacquiresgreater benefit than the benefit acquired by choosing anyother sp the combination of each RArsquos splowast is considered asa balance of payoffs by adopting relatively dominant securitypolicies
Payoff (RAsplowast119894
RAsplowastminus119894
) ge Payoff (RAsp119895119894RAsplowastminus119894
)
119895 isin SP119894 119895 =lowast
119894 isin 119875 119877 (minus119894 isin 119875 119877 minus119894 = 119894)
(8)
where (splowast119875 splowast119877) is a relatively dominant pure policies com-
bination
24 Game of Security Policies in Two Scenarios
Theorem9 (two parties both change game in content access)Content access is a general scenario in MSNs In this scenariothe adoption of security policies is considered to be a particulargame process in which both 119875 and 119877 change simultaneously
Proof In TPTA according to RAP and RAR in Definition 5denote their security policies combinations as SPP and SPRrespectively Game was further formalized as 119866acquisition =
⟨RA119894 SP119894Payoff(RA
119894RAminus119894)⟩ in which 119894 = 119875 119877 For
MMDCaccess P needs to set up security rules forRrsquosMMDCaccess that is choosing a particular sp from SP Undernormal circumstances the process of content access hastiming characteristics after RAR requests MMDC access toRAP RAR should meet the access control policies Howeverwhen each RA adopts and initializes SP they do not knowother RArsquos changes of sps In addition during the contenttransaction the setting of the MMDC security polices inMSNs cannot be changed Therefore the change process ofRA in security policies is a simultaneous change of the gamerather than a continuous change of the game
Theorem 10 The trust values of the content providersrsquo benefitsand those of the content requestersrsquo benefits are proportional
Proof Based on the utilities of the content provider and thecontent requester in Definition 4 the trust values of contentrequesters 119877
119894and 119877
119895are i j assuming that i lt j Because the
larger the trust value the larger the i j values therefore thetrust value of 119894 is larger than that of 119895The larger the user trustvalue the larger the 120583(MMDC) value the greater the utilityand therefore the larger the 119875 and 119877 benefits
Deduction 1 (repeated game in content access scenario) Whenseveral content access sessions are carried out the partic-ipants in MSNs will choose to reactivate a game in order
The Scientific World Journal 5
to select a security policy The new game can be seen as arepetitive game which is based on the process and results ofthe previous game and get a new equilibrium
Proof In a given scenario as the access to content increasesthe adoption of security policies will change accordinglyWhen RAP and RAR select security policies again a repeatedgame will happen combined with sessions of the previousgame and transaction to obtain a new security policiescombination which is called a new Nash equilibrium
3 Game-Theoretic Analysis of TypicalSecurity Strategy
In an access control model of multimedia social networkwhich has universal significance each party has a securitystrategy set and practical choice set representing movingin content access Some typical 119875 and 119877 security strategiesare listed in Section 21 The following two sections cite thesecurity benefits of all security rules effective strategy com-binations and participant benefits respectively A strategyselection example is finally analyzed
31 Typical Security Strategy In this study some typicalsecurity strategies are presented A real access control formultimedia social network may include but is not limited tothese strategies In Definition 2 in Section 21 some securityrules that can meet the security demand of any party arementioned first and then security strategy set can be easilyderived
The security rules of two participants include relationshiptype (RelT) depth (Dep) compactness (C) and trust (T)
Similarly since the SR set of 119875 can be denoted as119866lowast
Deplowast 119862lowast 119879lowast the security strategy set is general secu-rity strategy enhanced security strategy The enhancedsecurity strategy is 119896
1119866lowast
+ 1198962Deplowast + 119896
3119862lowast
+ 1198964119879lowast where
119896119894(119894 = 1 2 3 4) isin 0 1 sum4
119894=1119896119894
= 0 denoted by sp119901
For the access into MMDC there are two types of Rnormal access (NA) and malicious access (MA) Thereforethe security strategy set is MAlowastNAlowast
By the typical security strategies and related SR analysisabove the utility impact factor weight and the utility of SRwill be introduced in this section As SRlowast cannot change theutility of sp only the utility of SR is considered here
32 Effective Strategy Combination and Its Utility Since thereare two security strategies for each party there are 4 possiblestrategy combinations in the game Figure 2 describes thesecurity strategy combinations of participants where sp
119894(119894 isin
SP SP) denotes the strategy mentioned in the subgraphThe benefits of content provider and content requester are
defined as followsThe symbol 119880Benifit NA
119875denotes the fact that when the
content provider implements the general safety strategy andthe content requester adopts the normal access the contentprovider may obtain normal average benefit such as the riseof the number of friends increase of attention degree andacquisition of the information of content requester
P
R
sp1
Psp2
P
sp2
Rsp1
R
Figure 2 Security strategy combinations
The symbol 119880Damage MASuccess119875
gt 0 denotes the possibleaverage amount of loss after the content provider implementsgeneral safety strategy and content requester adopts themalicious access such as the multimedia digital contentof the content provider being forwarded casually Anothermaliciousness includes impersonating user identity using thecontent providerrsquos information
The symbol 119880Damage NA119875
gt 0 denotes the possible averageamount of loss of content provider when the content providerimplements the enforced security strategy and the contentrequester accesses normally such as declining normal useraccessing so that the social network resource is not fully usedand the loss of no cooperation caused by distrust between thetwo parties
The symbol 119880Cost119875
gt 0 denotes the cost of deployingsecurity strategy for content provider such as the increaseof time expenditure Consider 119880Cost
119875= 1198620(1198961119866lowast
+ 1198962Deplowast +
1198963119862lowast
+ 1198964119879lowast
)The symbol 119880
Benifit NA119877
denotes the average benefitobtained by the content requester when the content requesteraccesses normally and content provider implements theenforced security strategy such as rise of the number offriends increase of attention degree and promotion of digitalcontent
The symbol 119880Benifit MASuccess119877
denotes the excess benefitobtained by content requester when the content requesteradopts malicious behaviors and content provider implementsgeneral security strategy such as distributing the multimediadigital content casually and disclosing private informationwithout permission
The symbol 119880Cost119877
gt 0 denotes the cost of attacking thesecurity strategy platform by the content requester
The symbol 119880Punish119877
gt 0 denotes the punishment thatmay be given to the content requester adopting maliciousbehaviors such as decreasing the trustworthiness of contentrequester suspending the access right to social network forthe content requester or suing the content requester where119880
Benifit MASuccess119877
gt 119880Cost119875
First we analyze the gain and loss of the benefits of
both content provider and requester If the content requesteraccesses normally and the content provider implements theenforced security strategy then the content requester andprovider will both benefit and their benefits are denoted as119880
Benifit NA119875
and119880Benifit NA119877
respectively If the content requester
6 The Scientific World Journal
accessesmaliciously and the content provider implements thegeneral security strategy then the loss of content provideris 119880Benifit NA119877
while the benefit of content requester containsan excess benefit 119880
Cost119875
obtained by malicious access inaddition to the normal average benefit 119880Benifit NA
119877 However
the content requester may be subjected to a punishment119880
Cost119875
if adopting malicious access If the content providerimplements the enforced security strategy then there will beneither benefit nor loss but only the cost of implementingthe enforced security strategy 119880
Cost119875
Based on Definition 4and Figure 2 the payoffmatrix of participants undermultiplecombinations is as follows
119860 = [
[
119880Benifit NA119875
sdot 120572119894minus1
1minus119880
Damage MASuccess119875
sdot 120572119894minus1
2
minus119880Damage NA119875
sdot 120572119894minus1
3minus 119880
Cost119875
120572119894minus1
4minus119880
Cost119875
120572119894minus1
4
]
]
119861 = [
[
119880Benifit NA119877
sdot 120572119894minus1
5+ 119880
Benifit MASuccess119877
sdot 120572119894minus1
6minus 119880
Punish119877
sdot 120572119894minus1
7minus 119880
Punish119877
sdot 120572119894minus1
8minus119880
Punish119877
sdot 120572119894minus1
7minus 119880
Cost119877
120572119894minus1
8
119880Benifit NA119877
sdot 120572119894minus1
50
]
]
(9)
where 120572119894(119894 = 1 2 8) gt 1 is the parameter factor
mainly used to adjust the ratio of user benefit to punishmentThe setting of this value is based on requirements of thedecision makers The benefit matrices A and B denote thatthe userrsquos benefit or loss is closely related to hisher attributesand is proportional to the trustworthiness The reason whythe content requester chooses malicious access is that itis believed that the benefit obtained by malicious accessis larger than that by normal access that is the user isrational However the content provider in social networksincreases his or her attention degree and maximizes the
benefit bymakingmore friends whichmeans that the contentprovider is also rational Supposing that the probability ofcontent provider implementing the general security strategyis 119909 then the probability of implementing enforced securitystrategy is 1 minus 119909 and the mixed strategy for the contentprovider is 119875 = (119909 1 minus 119909) Similarly supposing that themalicious access probability of content requester is119910 then theprobability of normal access is 1 minus 119910 and the mixed strategyof content requester is 119877 = (119910 1 minus 119910) Based on Definition 4and Figure 1 the benefit obtained by the participants undermultiple combinations is as follows
119864SR = Payoff119877sdot 119861 sdot Payoff119879
119875= (119910 1 minus 119910)
sdot [
[
119880Benifit NA119877
sdot 120572119894minus1
5+ 119880
Benifit MASuccess119877
sdot 120572119894minus1
6minus 119880
Punish119877
sdot 120572119894minus1
7minus 119880
Punish119877
sdot 120572119894minus1
8minus119880
Punish119877
sdot 120572119894minus1
7minus 119880
Cost119877
120572119894minus1
8
119880Benifit NA119877
sdot 120572119894minus1
5
0
]
]
sdot (119909
1 minus 119909)
= 119909 sdot 119910 sdot 119880Benifit MASuccess119877
sdot 120572119894minus1
6+ 119909 sdot 119880
Benifit NA119877
sdot 120572119894minus1
5minus 119910 sdot (119880
Punish119877
sdot 120572119894minus1
7+ 119880
Cost119877
120572119894minus1
8)
(10)
By taking the partial derivative of the above equation withrespect to 119910 the condition for the content provider gettingthe optimal strategy is
120597119864119877
120597119910= 119909 sdot 119880
Benifit MASuccess119877
sdot 120572119894minus1
6
minus (119880Punish119877
sdot 120572119894minus1
7+ 119880
Cost119877
120572119894minus1
8) = 0
(11)
Hence there is
119909lowast
=119880
Punish119877
sdot 120572119894minus1
7+ 119880
Cost119877
120572119894minus1
8
119880Benifit MASuccess119877
sdot 120572119894minus1
6
(12)
that is to say 119875lowast = (119909lowast
1 minus 119909lowast
) is the optimal strategy for thecontent provider
It can be seen from the result of observation and analysisthat the accepting probability of content provider is only
related to the benefit and payment of the user By increas-ing the punishment for malicious access from the contentrequester increasing the cost of attacking security strategy byrequester and decreasing the benefit obtained by successfulmalicious accesses from the content requester the probabilityof content provider adopting the general security strategycan be improved and the normal operation of the socialnetwork can be promotedWhen the content provider adoptsgeneral security strategy in the probability of 119909 gt 119909
lowastthe content requester can obtain benefit by normal accessotherwise the optimal strategy for the content requester isto adopt the normal access strategy The strategy can only beused to determine at what probability the content providershould accept the access and to select the parameters fordecision makers in a macroscopic way It still depends on theattributes of the content requester and relevant history whenit comes to a specific access A rational content requester
The Scientific World Journal 7
seeks a method to maximize hisher own payment to playthe game Therefore the one that can meet the demand andenable both parties to keep a stable state is the mixed strategyNash equilibrium which is the lowest condition acceptablefor the content provider The benefit function of the contentprovider is expressed as
119864119875= Payoff
119875sdot 119860 sdot Payoff119879
119877= (119909 1 minus 119909)
sdot [
[
119880Benifit NA119875
sdot 120572119894minus1
1minus119880
Damage MASuccess119875
sdot 120572119894minus1
2
minus119880Damage NA119875
sdot 120572119894minus1
3minus 119880
Cost119875
120572119894minus1
4minus119880
Cost119875
120572119894minus1
4
]
]
sdot (119910
1 minus 119910)
= 119909 sdot 119910 (119880Benifit NA119875
sdot 120572119894minus1
1+ 119880
Damage MASuccess119875
sdot 120572119894minus1
2
+ 119880Damage NA119875
sdot 120572119894minus1
3)
minus 119909 (119880Damage MASuccess119875
sdot 120572119894minus1
2minus 119880
Cost119875
120572119894minus1
4)
minus 119910119880Damage NA119875
sdot 120572119894minus1
3minus 119880
Cost119875
120572119894minus1
4
(13)
By taking the partial derivative of the above equation withrespect to 119909 the condition for the content requester gettingthe optimal strategy is
120597119864119875
120597119909= 119910 (119880
Benifit NA119875
sdot 120572119894minus1
1+ 119880
Damage MASuccess119875
sdot 120572119894minus1
2
+119880Damage NA119875
sdot 120572119894minus1
3)
minus (119880Damage MASuccess119875
sdot 120572119894minus1
2minus 119880
Cost119875
120572119894minus1
4) = 0
(14)
Hence
119910lowast
= (119880Damage MASuccess119875
sdot 120572119894minus1
2minus 119880
Cost119875
120572119894minus1
4)
times (119880Benifit NA119875
sdot 120572119894minus1
1+ 119880
Damage MASuccess119875
sdot 120572119894minus1
2
+119880Damage NA119875
sdot 120572119894minus1
3)minus1
(15)
where119877lowast = (119910lowast
1minus119910lowast
) is the optimal strategy for the contentrequester
It can be seen from the observation result that the mixedstrategy Nash equilibrium for content requester gives anuncertain game-theoretic result to the user Illegal user is notable to get the payoff matrix and decision probability andtherefore is unable to judge how the content provider willprocess the request These users can obtain the payoff matrixand decision probability by illegalmeans but how the contentprovider will make decision is not certain
33 Dynamic Strategy Control Based on Mixed Strategy NashEquilibrium In the above section the mixed strategy Nashequilibrium for the content provider and requester is calcu-lated and the issue of user controlling strategy probability ispresented However it is not certain what the decision will be
Table 1 Parameters settings of the example on Scene 1
Parameters119880
Benifit NA119875
119880Damage NA119875
119880Damage MASuccess119875
119880Cost119875
1 100 100 600 702 150 150 800 100
each time Besides it is necessary to decide by combiningwiththe strategy selected by the content requester This is due tothe fact that the attributes and decision probabilities of differ-ent content requesters are different and the game controllingstrategy depends on the game-theoretic analysis of the twoparties instead of the strategy inference of one party Hencethe content provider needs to adjust the strategies accordingto the decision probability of himselfherself and that of thecontent requester and the requirement of hisher decisionprobability
119875lowast
= (119909lowast
1minus119909lowast
)119877lowast = (119910lowast
1minus119910lowast
) while the requirementby the content provider on the strategy probability of thecontent requester is 119877
0= (1199100 1 minus 119910
0)
(1) The strategy requirement by the content provider isstrict that is 119910
0ge 119910lowast P adopts enforced security
strategy to increase 119909lowast(2) The strategy requirement by the content provider is
strict that is 1199100lt 119910lowast P does not need to increase 119909lowast
and the general security strategy can be adopted
4 Use Cases Analyses
41 Background In multimedia social network the contentprovider distributes the multimedia digital content andcontent requester can ask to access the multimedia digitalcontent When all attributes of the content requester satisfythe requirement of the access control model of multimediasocial network platform the requester can access the digitalcontent However after some content providers access thedigital content they casually distribute themultimedia digitalcontent and disclose the private information without permis-sion to seek illegal benefits In order to prevent suchmaliciousaccess behaviour the multimedia social network platformwill adopt certain punishment methods such as decliningusers to access digital contents However mistakenly refusingnormal users to access multimedia digital content is notbeneficial to the promotion of digital content and drawingattention while no access control will not achieve the pur-pose of preventing malicious access which will damage theinterests of the content provider By using the proposedmixedstrategy the content provider can avoidmalicious access fromthe users and accept normal access
42 Use Cases Game Decision on Security Policies Theparameter factors of game-theoretic analysis 120572
119894(119894 =
1 2 8) are 1 11 1 11 12 11 12 and 11 respectivelyThe assumed values of other parameters are shown as thesecond to eighth columns inTables 1 and 2 By substituting theabove parameters into (6) and (3) the probability of contentrequester adopting malicious access 119910lowast and that of content
8 The Scientific World Journal
Table 2 Parameters settings of the example on Scene 2
Parameters119880
Benifit N119860119877
119880Benifit MASuccess119877
119880Cost119877
119880Punish119877
1 100 500 50 3002 180 700 50 350
provider adopting the general security strategy 119909lowast can becalculated The 119910lowast and 119909
lowast can be calculated according to thedata in the example The content provider can make decisionbased on the dynamic strategy control rule of mixed strategyNash equilibrium Formultimedia social network applicationplatform two typical scenes are set up
Scene 1 The level of the relationship between contentrequester and content provider is 1 set to be 1 119862
0is set to
be 1 119896119894as 1 depth as 1 closeness as 68 and trustworthiness as
1
Scene 2 The level of the relationship between contentrequester and content provider is 1 119862
0is set to be 1 119896
119894as 1
depth as 1 closeness as 98 and trustworthiness as 1Based on the above mentioned scenes and use cases
the value requirement of 119877 from 119875 is given as (066 034)According to the value of each parameter in Table 1 itcan be calculated that P (general security strategy enforcedsecurity strategy) of Scene 1 = (075 025) R (maliciousaccess normal access) = (068 032) At this time P needsto adopt the enforced security strategy In Scene 2 P (generalsecurity strategy enforced security strategy) = (068 032) R(malicious access normal access) = (065 032) At this timeP only needs to adopt the general security strategy
The benefit and punishment obtained by the contentrequester increase with the increase of trustworthiness andcloseness and decrease with the deepening of the relation-ship With the increase of trustworthiness and closeness ofcontent provider and the decrease of relationship depth theprobability of content requester adopting malicious accessis decreasing while the probability of content provideradopting the general security strategy is increasing This isin accordance with the actual practice on the social networkThe content provider can implement the access control basedon the mixed strategy Nash equilibrium between the twoparties to further adjust the probability of adopting thecorresponding strategy However the content requester doesnot know which strategy the content provider will adoptand the cost of adopting malicious access and the receivedpunishment is far greater than the benefit obtained fromsuccessful malicious access Hence the provider requesterwill not adopt the malicious access strategy easily
43 Discussions The decision-making model and methodfor adopting of security policies are firmly based on thegame theory and its applications on information securityso it is complete and robust Besides it has also flexibilitydue to an ability to represent the game on multiparticipantand multisecurity policies not only two parties and twostrategies The proposed approach to decision has significant
advantages including effectiveness onMSNs security policiescombination realization and deployment convenience on theleast overhead of security management and benefits andproductivity for contents providers owing to wider contentsaccess and sharing in MSNs
5 Conclusions
This paper proposed a game-based analysis on security poli-cies to obtain an optimal combination of security policies forcontent access in MSNs thus achieving utility maximizationbetween users For this reason this study created the TPTAbetween the content provider and the content requester Andthenwe proposed a typical game-theoretic control of securitystrategy obtained themixed strategy Nash equilibrium basedon security attribute of the user and analyzed a practicalexample In this study the strategy selection under the exist-ing access control mechanism of social network is addressedA game-theoretic analysis method is provided for the selec-tion of security strategy by the content provider and for theprotection of multimedia digital content In the future theresearch challenge will focus on an in-depth consideration toeffectively and rationally deploy security policies by theMSNsgame-theoretic analysis of security strategy under contentsharing conditions so as to improve the security credibilityand flexibility of the real MSNs applications and services Ingeneral the novel game-theoretical model for MSNs is alsosuitable for the same scenarios and services where multiplestakeholders have their own benefits and strategies choicesincluding general social media network and applications
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This work was sponsored by the National Natural Sci-ence Foundation of China Grant no 61370220 Plan ForScientific Innovation Talent of Henan Province Grant no134100510006 Key Program for Basic Research of the Edu-cation Department of Henan Province Grant nos 13A520240and 14A520048 and the Joint-Research Project titled ldquoKeytechnologies research on a novel network security defensesystemrdquo Grant no 61440144 The authors also thank QingliChen for her works on related experiments and analyses
References
[1] A Sachan S Emmanuel and M Kankanhalli ldquoAn efficientaccess control method for multimedia social networksrdquo inProceedings of the 2nd ACM SIGMMWorkshop on Social Media(WSM rsquo10) pp 33ndash38 Firenze Italy October 2010
[2] W Villegas A trust-based access control scheme for socialnetworks [MS thesis] School of Computer Science McGillUniversity Montreal Canada 2008
[3] B Carminati ldquoAccess control and privacy in web-based socialnetworksrdquo International Journal of Web Information Systemsvol 4 no 4 pp 395ndash415 2008
The Scientific World Journal 9
[4] M Hart R Johnson and A Stent ldquoMore content-less controlaccess control in the web 20rdquo in Proceedings of theWorkshop onWeb 20 Security and Privacy at the IEEE Symposium on Securityand Privacy pp 1ndash3 Oakland Calif USA May 2007
[5] J Park R Sandhu and Y Cheng ldquoA user-activity-centricframework for access control in online social networksrdquo IEEEInternet Computing vol 15 no 5 pp 62ndash65 2011
[6] B AliWVillegas andMMaheswaran ldquoA trust based approachfor protecting user data in social networksrdquo in Proceedings ofthe Conference of the Center for Advanced Studies on Collab-orative Research (CASCON rsquo07) pp 288ndash293 Richmond HillMontreal Canada October 2007
[7] S R Kruk S Grzonkowski A Gzella et al ldquoD-FOAF dis-tributed identity management with access rights delegationrdquoin The Semantic Web vol 4185 of Lecture Notes in ComputerScience pp 140ndash154 2006
[8] H Wang and L Sun ldquoTrust-involved access control in col-laborative open social networksrdquo in Proceedings of the 4thInternational Conference on Network and System Security (NSSrsquo10) pp 239ndash246 Melbourne Australia September 2010
[9] Z Y Zhang and K L Wang ldquoA trust model for multimediasocial networksrdquo Social Networks Analysis and Mining vol 3no 4 pp 969ndash979 2012
[10] B Carminati E Ferrari and A Perego ldquoRule-based accesscontrol for social networksrdquo in Proceedings of the Move toMeaningful Internet Systems 2006 OTM 2006 Workshops pp1734ndash1744 Montpellier France 2006
[11] L-Q Tian and C Lin ldquoA kind of game-theoretic controlmechanism of user behavior trust based on prediction intrustworthy networkrdquoChinese Journal of Computers vol 30 no11 pp 1930ndash1938 2007
[12] Q Wen Y Z Wang and J Y Yu ldquoA game theoretical model ofinformation dissemination in social networkrdquo in Proceedings ofInternational Conference on Complex Systems Agadir MoroccoNovember 2012
[13] S B Zhang W D Cai and Y J Li ldquoA game-theory basedaccess control method suitable for social networkrdquo Journal ofNorthwestern Polytechnical University vol 29 no 4 pp 652ndash657 2011
[14] Z Zhang Q Pei J Ma and L Yang ldquoEstablishing multi-partytrust architecture for drm by using game-theoretic analysis ofsecurity policiesrdquo Chinese Journal of Electronics vol 18 no 3pp 519ndash524 2009
[15] Z Zhang Q Pei J Ma L Yang and K Fan ldquoCooperativeand non-cooperative game-theoretic analyses of adoptions ofsecurity policies for DRMrdquo in Proceedings of the 6th IEEEConsumer Communications and Networking Conference (CCNCrsquo09) pp 1ndash5 Las Vegas Nev USA January 2009
[16] Z Zhang Q Pei J Ma and L Yang ldquoGame-theoretic analysesand simulations of adoptions of security policies for DRMin contents sharing scenariordquo Intelligent Automation amp SoftComputing vol 17 no 2 pp 191ndash203 2011
[17] Z Zhang S Lian Q Pei and J Pu ldquoFuzzy risk assessments onsecurity policies for digital rightsmanagementrdquoNeural NetworkWorld vol 20 no 3 pp 265ndash284 2010
[18] Z Y Zhang Risk Assessment and Management AcademyPublish 2012
Submit your manuscripts athttpwwwhindawicom
Computer Games Technology
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Distributed Sensor Networks
International Journal of
Advances in
FuzzySystems
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014
International Journal of
ReconfigurableComputing
Hindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Applied Computational Intelligence and Soft Computing
thinspAdvancesthinspinthinsp
Artificial Intelligence
HindawithinspPublishingthinspCorporationhttpwwwhindawicom Volumethinsp2014
Advances inSoftware EngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Journal of
Computer Networks and Communications
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation
httpwwwhindawicom Volume 2014
Advances in
Multimedia
International Journal of
Biomedical Imaging
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
ArtificialNeural Systems
Advances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Computational Intelligence and Neuroscience
Industrial EngineeringJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Human-ComputerInteraction
Advances in
Computer EngineeringAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World Journal 5
to select a security policy The new game can be seen as arepetitive game which is based on the process and results ofthe previous game and get a new equilibrium
Proof In a given scenario as the access to content increasesthe adoption of security policies will change accordinglyWhen RAP and RAR select security policies again a repeatedgame will happen combined with sessions of the previousgame and transaction to obtain a new security policiescombination which is called a new Nash equilibrium
3 Game-Theoretic Analysis of TypicalSecurity Strategy
In an access control model of multimedia social networkwhich has universal significance each party has a securitystrategy set and practical choice set representing movingin content access Some typical 119875 and 119877 security strategiesare listed in Section 21 The following two sections cite thesecurity benefits of all security rules effective strategy com-binations and participant benefits respectively A strategyselection example is finally analyzed
31 Typical Security Strategy In this study some typicalsecurity strategies are presented A real access control formultimedia social network may include but is not limited tothese strategies In Definition 2 in Section 21 some securityrules that can meet the security demand of any party arementioned first and then security strategy set can be easilyderived
The security rules of two participants include relationshiptype (RelT) depth (Dep) compactness (C) and trust (T)
Similarly since the SR set of 119875 can be denoted as119866lowast
Deplowast 119862lowast 119879lowast the security strategy set is general secu-rity strategy enhanced security strategy The enhancedsecurity strategy is 119896
1119866lowast
+ 1198962Deplowast + 119896
3119862lowast
+ 1198964119879lowast where
119896119894(119894 = 1 2 3 4) isin 0 1 sum4
119894=1119896119894
= 0 denoted by sp119901
For the access into MMDC there are two types of Rnormal access (NA) and malicious access (MA) Thereforethe security strategy set is MAlowastNAlowast
By the typical security strategies and related SR analysisabove the utility impact factor weight and the utility of SRwill be introduced in this section As SRlowast cannot change theutility of sp only the utility of SR is considered here
32 Effective Strategy Combination and Its Utility Since thereare two security strategies for each party there are 4 possiblestrategy combinations in the game Figure 2 describes thesecurity strategy combinations of participants where sp
119894(119894 isin
SP SP) denotes the strategy mentioned in the subgraphThe benefits of content provider and content requester are
defined as followsThe symbol 119880Benifit NA
119875denotes the fact that when the
content provider implements the general safety strategy andthe content requester adopts the normal access the contentprovider may obtain normal average benefit such as the riseof the number of friends increase of attention degree andacquisition of the information of content requester
P
R
sp1
Psp2
P
sp2
Rsp1
R
Figure 2 Security strategy combinations
The symbol 119880Damage MASuccess119875
gt 0 denotes the possibleaverage amount of loss after the content provider implementsgeneral safety strategy and content requester adopts themalicious access such as the multimedia digital contentof the content provider being forwarded casually Anothermaliciousness includes impersonating user identity using thecontent providerrsquos information
The symbol 119880Damage NA119875
gt 0 denotes the possible averageamount of loss of content provider when the content providerimplements the enforced security strategy and the contentrequester accesses normally such as declining normal useraccessing so that the social network resource is not fully usedand the loss of no cooperation caused by distrust between thetwo parties
The symbol 119880Cost119875
gt 0 denotes the cost of deployingsecurity strategy for content provider such as the increaseof time expenditure Consider 119880Cost
119875= 1198620(1198961119866lowast
+ 1198962Deplowast +
1198963119862lowast
+ 1198964119879lowast
)The symbol 119880
Benifit NA119877
denotes the average benefitobtained by the content requester when the content requesteraccesses normally and content provider implements theenforced security strategy such as rise of the number offriends increase of attention degree and promotion of digitalcontent
The symbol 119880Benifit MASuccess119877
denotes the excess benefitobtained by content requester when the content requesteradopts malicious behaviors and content provider implementsgeneral security strategy such as distributing the multimediadigital content casually and disclosing private informationwithout permission
The symbol 119880Cost119877
gt 0 denotes the cost of attacking thesecurity strategy platform by the content requester
The symbol 119880Punish119877
gt 0 denotes the punishment thatmay be given to the content requester adopting maliciousbehaviors such as decreasing the trustworthiness of contentrequester suspending the access right to social network forthe content requester or suing the content requester where119880
Benifit MASuccess119877
gt 119880Cost119875
First we analyze the gain and loss of the benefits of
both content provider and requester If the content requesteraccesses normally and the content provider implements theenforced security strategy then the content requester andprovider will both benefit and their benefits are denoted as119880
Benifit NA119875
and119880Benifit NA119877
respectively If the content requester
6 The Scientific World Journal
accessesmaliciously and the content provider implements thegeneral security strategy then the loss of content provideris 119880Benifit NA119877
while the benefit of content requester containsan excess benefit 119880
Cost119875
obtained by malicious access inaddition to the normal average benefit 119880Benifit NA
119877 However
the content requester may be subjected to a punishment119880
Cost119875
if adopting malicious access If the content providerimplements the enforced security strategy then there will beneither benefit nor loss but only the cost of implementingthe enforced security strategy 119880
Cost119875
Based on Definition 4and Figure 2 the payoffmatrix of participants undermultiplecombinations is as follows
119860 = [
[
119880Benifit NA119875
sdot 120572119894minus1
1minus119880
Damage MASuccess119875
sdot 120572119894minus1
2
minus119880Damage NA119875
sdot 120572119894minus1
3minus 119880
Cost119875
120572119894minus1
4minus119880
Cost119875
120572119894minus1
4
]
]
119861 = [
[
119880Benifit NA119877
sdot 120572119894minus1
5+ 119880
Benifit MASuccess119877
sdot 120572119894minus1
6minus 119880
Punish119877
sdot 120572119894minus1
7minus 119880
Punish119877
sdot 120572119894minus1
8minus119880
Punish119877
sdot 120572119894minus1
7minus 119880
Cost119877
120572119894minus1
8
119880Benifit NA119877
sdot 120572119894minus1
50
]
]
(9)
where 120572119894(119894 = 1 2 8) gt 1 is the parameter factor
mainly used to adjust the ratio of user benefit to punishmentThe setting of this value is based on requirements of thedecision makers The benefit matrices A and B denote thatthe userrsquos benefit or loss is closely related to hisher attributesand is proportional to the trustworthiness The reason whythe content requester chooses malicious access is that itis believed that the benefit obtained by malicious accessis larger than that by normal access that is the user isrational However the content provider in social networksincreases his or her attention degree and maximizes the
benefit bymakingmore friends whichmeans that the contentprovider is also rational Supposing that the probability ofcontent provider implementing the general security strategyis 119909 then the probability of implementing enforced securitystrategy is 1 minus 119909 and the mixed strategy for the contentprovider is 119875 = (119909 1 minus 119909) Similarly supposing that themalicious access probability of content requester is119910 then theprobability of normal access is 1 minus 119910 and the mixed strategyof content requester is 119877 = (119910 1 minus 119910) Based on Definition 4and Figure 1 the benefit obtained by the participants undermultiple combinations is as follows
119864SR = Payoff119877sdot 119861 sdot Payoff119879
119875= (119910 1 minus 119910)
sdot [
[
119880Benifit NA119877
sdot 120572119894minus1
5+ 119880
Benifit MASuccess119877
sdot 120572119894minus1
6minus 119880
Punish119877
sdot 120572119894minus1
7minus 119880
Punish119877
sdot 120572119894minus1
8minus119880
Punish119877
sdot 120572119894minus1
7minus 119880
Cost119877
120572119894minus1
8
119880Benifit NA119877
sdot 120572119894minus1
5
0
]
]
sdot (119909
1 minus 119909)
= 119909 sdot 119910 sdot 119880Benifit MASuccess119877
sdot 120572119894minus1
6+ 119909 sdot 119880
Benifit NA119877
sdot 120572119894minus1
5minus 119910 sdot (119880
Punish119877
sdot 120572119894minus1
7+ 119880
Cost119877
120572119894minus1
8)
(10)
By taking the partial derivative of the above equation withrespect to 119910 the condition for the content provider gettingthe optimal strategy is
120597119864119877
120597119910= 119909 sdot 119880
Benifit MASuccess119877
sdot 120572119894minus1
6
minus (119880Punish119877
sdot 120572119894minus1
7+ 119880
Cost119877
120572119894minus1
8) = 0
(11)
Hence there is
119909lowast
=119880
Punish119877
sdot 120572119894minus1
7+ 119880
Cost119877
120572119894minus1
8
119880Benifit MASuccess119877
sdot 120572119894minus1
6
(12)
that is to say 119875lowast = (119909lowast
1 minus 119909lowast
) is the optimal strategy for thecontent provider
It can be seen from the result of observation and analysisthat the accepting probability of content provider is only
related to the benefit and payment of the user By increas-ing the punishment for malicious access from the contentrequester increasing the cost of attacking security strategy byrequester and decreasing the benefit obtained by successfulmalicious accesses from the content requester the probabilityof content provider adopting the general security strategycan be improved and the normal operation of the socialnetwork can be promotedWhen the content provider adoptsgeneral security strategy in the probability of 119909 gt 119909
lowastthe content requester can obtain benefit by normal accessotherwise the optimal strategy for the content requester isto adopt the normal access strategy The strategy can only beused to determine at what probability the content providershould accept the access and to select the parameters fordecision makers in a macroscopic way It still depends on theattributes of the content requester and relevant history whenit comes to a specific access A rational content requester
The Scientific World Journal 7
seeks a method to maximize hisher own payment to playthe game Therefore the one that can meet the demand andenable both parties to keep a stable state is the mixed strategyNash equilibrium which is the lowest condition acceptablefor the content provider The benefit function of the contentprovider is expressed as
119864119875= Payoff
119875sdot 119860 sdot Payoff119879
119877= (119909 1 minus 119909)
sdot [
[
119880Benifit NA119875
sdot 120572119894minus1
1minus119880
Damage MASuccess119875
sdot 120572119894minus1
2
minus119880Damage NA119875
sdot 120572119894minus1
3minus 119880
Cost119875
120572119894minus1
4minus119880
Cost119875
120572119894minus1
4
]
]
sdot (119910
1 minus 119910)
= 119909 sdot 119910 (119880Benifit NA119875
sdot 120572119894minus1
1+ 119880
Damage MASuccess119875
sdot 120572119894minus1
2
+ 119880Damage NA119875
sdot 120572119894minus1
3)
minus 119909 (119880Damage MASuccess119875
sdot 120572119894minus1
2minus 119880
Cost119875
120572119894minus1
4)
minus 119910119880Damage NA119875
sdot 120572119894minus1
3minus 119880
Cost119875
120572119894minus1
4
(13)
By taking the partial derivative of the above equation withrespect to 119909 the condition for the content requester gettingthe optimal strategy is
120597119864119875
120597119909= 119910 (119880
Benifit NA119875
sdot 120572119894minus1
1+ 119880
Damage MASuccess119875
sdot 120572119894minus1
2
+119880Damage NA119875
sdot 120572119894minus1
3)
minus (119880Damage MASuccess119875
sdot 120572119894minus1
2minus 119880
Cost119875
120572119894minus1
4) = 0
(14)
Hence
119910lowast
= (119880Damage MASuccess119875
sdot 120572119894minus1
2minus 119880
Cost119875
120572119894minus1
4)
times (119880Benifit NA119875
sdot 120572119894minus1
1+ 119880
Damage MASuccess119875
sdot 120572119894minus1
2
+119880Damage NA119875
sdot 120572119894minus1
3)minus1
(15)
where119877lowast = (119910lowast
1minus119910lowast
) is the optimal strategy for the contentrequester
It can be seen from the observation result that the mixedstrategy Nash equilibrium for content requester gives anuncertain game-theoretic result to the user Illegal user is notable to get the payoff matrix and decision probability andtherefore is unable to judge how the content provider willprocess the request These users can obtain the payoff matrixand decision probability by illegalmeans but how the contentprovider will make decision is not certain
33 Dynamic Strategy Control Based on Mixed Strategy NashEquilibrium In the above section the mixed strategy Nashequilibrium for the content provider and requester is calcu-lated and the issue of user controlling strategy probability ispresented However it is not certain what the decision will be
Table 1 Parameters settings of the example on Scene 1
Parameters119880
Benifit NA119875
119880Damage NA119875
119880Damage MASuccess119875
119880Cost119875
1 100 100 600 702 150 150 800 100
each time Besides it is necessary to decide by combiningwiththe strategy selected by the content requester This is due tothe fact that the attributes and decision probabilities of differ-ent content requesters are different and the game controllingstrategy depends on the game-theoretic analysis of the twoparties instead of the strategy inference of one party Hencethe content provider needs to adjust the strategies accordingto the decision probability of himselfherself and that of thecontent requester and the requirement of hisher decisionprobability
119875lowast
= (119909lowast
1minus119909lowast
)119877lowast = (119910lowast
1minus119910lowast
) while the requirementby the content provider on the strategy probability of thecontent requester is 119877
0= (1199100 1 minus 119910
0)
(1) The strategy requirement by the content provider isstrict that is 119910
0ge 119910lowast P adopts enforced security
strategy to increase 119909lowast(2) The strategy requirement by the content provider is
strict that is 1199100lt 119910lowast P does not need to increase 119909lowast
and the general security strategy can be adopted
4 Use Cases Analyses
41 Background In multimedia social network the contentprovider distributes the multimedia digital content andcontent requester can ask to access the multimedia digitalcontent When all attributes of the content requester satisfythe requirement of the access control model of multimediasocial network platform the requester can access the digitalcontent However after some content providers access thedigital content they casually distribute themultimedia digitalcontent and disclose the private information without permis-sion to seek illegal benefits In order to prevent suchmaliciousaccess behaviour the multimedia social network platformwill adopt certain punishment methods such as decliningusers to access digital contents However mistakenly refusingnormal users to access multimedia digital content is notbeneficial to the promotion of digital content and drawingattention while no access control will not achieve the pur-pose of preventing malicious access which will damage theinterests of the content provider By using the proposedmixedstrategy the content provider can avoidmalicious access fromthe users and accept normal access
42 Use Cases Game Decision on Security Policies Theparameter factors of game-theoretic analysis 120572
119894(119894 =
1 2 8) are 1 11 1 11 12 11 12 and 11 respectivelyThe assumed values of other parameters are shown as thesecond to eighth columns inTables 1 and 2 By substituting theabove parameters into (6) and (3) the probability of contentrequester adopting malicious access 119910lowast and that of content
8 The Scientific World Journal
Table 2 Parameters settings of the example on Scene 2
Parameters119880
Benifit N119860119877
119880Benifit MASuccess119877
119880Cost119877
119880Punish119877
1 100 500 50 3002 180 700 50 350
provider adopting the general security strategy 119909lowast can becalculated The 119910lowast and 119909
lowast can be calculated according to thedata in the example The content provider can make decisionbased on the dynamic strategy control rule of mixed strategyNash equilibrium Formultimedia social network applicationplatform two typical scenes are set up
Scene 1 The level of the relationship between contentrequester and content provider is 1 set to be 1 119862
0is set to
be 1 119896119894as 1 depth as 1 closeness as 68 and trustworthiness as
1
Scene 2 The level of the relationship between contentrequester and content provider is 1 119862
0is set to be 1 119896
119894as 1
depth as 1 closeness as 98 and trustworthiness as 1Based on the above mentioned scenes and use cases
the value requirement of 119877 from 119875 is given as (066 034)According to the value of each parameter in Table 1 itcan be calculated that P (general security strategy enforcedsecurity strategy) of Scene 1 = (075 025) R (maliciousaccess normal access) = (068 032) At this time P needsto adopt the enforced security strategy In Scene 2 P (generalsecurity strategy enforced security strategy) = (068 032) R(malicious access normal access) = (065 032) At this timeP only needs to adopt the general security strategy
The benefit and punishment obtained by the contentrequester increase with the increase of trustworthiness andcloseness and decrease with the deepening of the relation-ship With the increase of trustworthiness and closeness ofcontent provider and the decrease of relationship depth theprobability of content requester adopting malicious accessis decreasing while the probability of content provideradopting the general security strategy is increasing This isin accordance with the actual practice on the social networkThe content provider can implement the access control basedon the mixed strategy Nash equilibrium between the twoparties to further adjust the probability of adopting thecorresponding strategy However the content requester doesnot know which strategy the content provider will adoptand the cost of adopting malicious access and the receivedpunishment is far greater than the benefit obtained fromsuccessful malicious access Hence the provider requesterwill not adopt the malicious access strategy easily
43 Discussions The decision-making model and methodfor adopting of security policies are firmly based on thegame theory and its applications on information securityso it is complete and robust Besides it has also flexibilitydue to an ability to represent the game on multiparticipantand multisecurity policies not only two parties and twostrategies The proposed approach to decision has significant
advantages including effectiveness onMSNs security policiescombination realization and deployment convenience on theleast overhead of security management and benefits andproductivity for contents providers owing to wider contentsaccess and sharing in MSNs
5 Conclusions
This paper proposed a game-based analysis on security poli-cies to obtain an optimal combination of security policies forcontent access in MSNs thus achieving utility maximizationbetween users For this reason this study created the TPTAbetween the content provider and the content requester Andthenwe proposed a typical game-theoretic control of securitystrategy obtained themixed strategy Nash equilibrium basedon security attribute of the user and analyzed a practicalexample In this study the strategy selection under the exist-ing access control mechanism of social network is addressedA game-theoretic analysis method is provided for the selec-tion of security strategy by the content provider and for theprotection of multimedia digital content In the future theresearch challenge will focus on an in-depth consideration toeffectively and rationally deploy security policies by theMSNsgame-theoretic analysis of security strategy under contentsharing conditions so as to improve the security credibilityand flexibility of the real MSNs applications and services Ingeneral the novel game-theoretical model for MSNs is alsosuitable for the same scenarios and services where multiplestakeholders have their own benefits and strategies choicesincluding general social media network and applications
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This work was sponsored by the National Natural Sci-ence Foundation of China Grant no 61370220 Plan ForScientific Innovation Talent of Henan Province Grant no134100510006 Key Program for Basic Research of the Edu-cation Department of Henan Province Grant nos 13A520240and 14A520048 and the Joint-Research Project titled ldquoKeytechnologies research on a novel network security defensesystemrdquo Grant no 61440144 The authors also thank QingliChen for her works on related experiments and analyses
References
[1] A Sachan S Emmanuel and M Kankanhalli ldquoAn efficientaccess control method for multimedia social networksrdquo inProceedings of the 2nd ACM SIGMMWorkshop on Social Media(WSM rsquo10) pp 33ndash38 Firenze Italy October 2010
[2] W Villegas A trust-based access control scheme for socialnetworks [MS thesis] School of Computer Science McGillUniversity Montreal Canada 2008
[3] B Carminati ldquoAccess control and privacy in web-based socialnetworksrdquo International Journal of Web Information Systemsvol 4 no 4 pp 395ndash415 2008
The Scientific World Journal 9
[4] M Hart R Johnson and A Stent ldquoMore content-less controlaccess control in the web 20rdquo in Proceedings of theWorkshop onWeb 20 Security and Privacy at the IEEE Symposium on Securityand Privacy pp 1ndash3 Oakland Calif USA May 2007
[5] J Park R Sandhu and Y Cheng ldquoA user-activity-centricframework for access control in online social networksrdquo IEEEInternet Computing vol 15 no 5 pp 62ndash65 2011
[6] B AliWVillegas andMMaheswaran ldquoA trust based approachfor protecting user data in social networksrdquo in Proceedings ofthe Conference of the Center for Advanced Studies on Collab-orative Research (CASCON rsquo07) pp 288ndash293 Richmond HillMontreal Canada October 2007
[7] S R Kruk S Grzonkowski A Gzella et al ldquoD-FOAF dis-tributed identity management with access rights delegationrdquoin The Semantic Web vol 4185 of Lecture Notes in ComputerScience pp 140ndash154 2006
[8] H Wang and L Sun ldquoTrust-involved access control in col-laborative open social networksrdquo in Proceedings of the 4thInternational Conference on Network and System Security (NSSrsquo10) pp 239ndash246 Melbourne Australia September 2010
[9] Z Y Zhang and K L Wang ldquoA trust model for multimediasocial networksrdquo Social Networks Analysis and Mining vol 3no 4 pp 969ndash979 2012
[10] B Carminati E Ferrari and A Perego ldquoRule-based accesscontrol for social networksrdquo in Proceedings of the Move toMeaningful Internet Systems 2006 OTM 2006 Workshops pp1734ndash1744 Montpellier France 2006
[11] L-Q Tian and C Lin ldquoA kind of game-theoretic controlmechanism of user behavior trust based on prediction intrustworthy networkrdquoChinese Journal of Computers vol 30 no11 pp 1930ndash1938 2007
[12] Q Wen Y Z Wang and J Y Yu ldquoA game theoretical model ofinformation dissemination in social networkrdquo in Proceedings ofInternational Conference on Complex Systems Agadir MoroccoNovember 2012
[13] S B Zhang W D Cai and Y J Li ldquoA game-theory basedaccess control method suitable for social networkrdquo Journal ofNorthwestern Polytechnical University vol 29 no 4 pp 652ndash657 2011
[14] Z Zhang Q Pei J Ma and L Yang ldquoEstablishing multi-partytrust architecture for drm by using game-theoretic analysis ofsecurity policiesrdquo Chinese Journal of Electronics vol 18 no 3pp 519ndash524 2009
[15] Z Zhang Q Pei J Ma L Yang and K Fan ldquoCooperativeand non-cooperative game-theoretic analyses of adoptions ofsecurity policies for DRMrdquo in Proceedings of the 6th IEEEConsumer Communications and Networking Conference (CCNCrsquo09) pp 1ndash5 Las Vegas Nev USA January 2009
[16] Z Zhang Q Pei J Ma and L Yang ldquoGame-theoretic analysesand simulations of adoptions of security policies for DRMin contents sharing scenariordquo Intelligent Automation amp SoftComputing vol 17 no 2 pp 191ndash203 2011
[17] Z Zhang S Lian Q Pei and J Pu ldquoFuzzy risk assessments onsecurity policies for digital rightsmanagementrdquoNeural NetworkWorld vol 20 no 3 pp 265ndash284 2010
[18] Z Y Zhang Risk Assessment and Management AcademyPublish 2012
Submit your manuscripts athttpwwwhindawicom
Computer Games Technology
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Distributed Sensor Networks
International Journal of
Advances in
FuzzySystems
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014
International Journal of
ReconfigurableComputing
Hindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Applied Computational Intelligence and Soft Computing
thinspAdvancesthinspinthinsp
Artificial Intelligence
HindawithinspPublishingthinspCorporationhttpwwwhindawicom Volumethinsp2014
Advances inSoftware EngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Journal of
Computer Networks and Communications
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation
httpwwwhindawicom Volume 2014
Advances in
Multimedia
International Journal of
Biomedical Imaging
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
ArtificialNeural Systems
Advances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Computational Intelligence and Neuroscience
Industrial EngineeringJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Human-ComputerInteraction
Advances in
Computer EngineeringAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
6 The Scientific World Journal
accessesmaliciously and the content provider implements thegeneral security strategy then the loss of content provideris 119880Benifit NA119877
while the benefit of content requester containsan excess benefit 119880
Cost119875
obtained by malicious access inaddition to the normal average benefit 119880Benifit NA
119877 However
the content requester may be subjected to a punishment119880
Cost119875
if adopting malicious access If the content providerimplements the enforced security strategy then there will beneither benefit nor loss but only the cost of implementingthe enforced security strategy 119880
Cost119875
Based on Definition 4and Figure 2 the payoffmatrix of participants undermultiplecombinations is as follows
119860 = [
[
119880Benifit NA119875
sdot 120572119894minus1
1minus119880
Damage MASuccess119875
sdot 120572119894minus1
2
minus119880Damage NA119875
sdot 120572119894minus1
3minus 119880
Cost119875
120572119894minus1
4minus119880
Cost119875
120572119894minus1
4
]
]
119861 = [
[
119880Benifit NA119877
sdot 120572119894minus1
5+ 119880
Benifit MASuccess119877
sdot 120572119894minus1
6minus 119880
Punish119877
sdot 120572119894minus1
7minus 119880
Punish119877
sdot 120572119894minus1
8minus119880
Punish119877
sdot 120572119894minus1
7minus 119880
Cost119877
120572119894minus1
8
119880Benifit NA119877
sdot 120572119894minus1
50
]
]
(9)
where 120572119894(119894 = 1 2 8) gt 1 is the parameter factor
mainly used to adjust the ratio of user benefit to punishmentThe setting of this value is based on requirements of thedecision makers The benefit matrices A and B denote thatthe userrsquos benefit or loss is closely related to hisher attributesand is proportional to the trustworthiness The reason whythe content requester chooses malicious access is that itis believed that the benefit obtained by malicious accessis larger than that by normal access that is the user isrational However the content provider in social networksincreases his or her attention degree and maximizes the
benefit bymakingmore friends whichmeans that the contentprovider is also rational Supposing that the probability ofcontent provider implementing the general security strategyis 119909 then the probability of implementing enforced securitystrategy is 1 minus 119909 and the mixed strategy for the contentprovider is 119875 = (119909 1 minus 119909) Similarly supposing that themalicious access probability of content requester is119910 then theprobability of normal access is 1 minus 119910 and the mixed strategyof content requester is 119877 = (119910 1 minus 119910) Based on Definition 4and Figure 1 the benefit obtained by the participants undermultiple combinations is as follows
119864SR = Payoff119877sdot 119861 sdot Payoff119879
119875= (119910 1 minus 119910)
sdot [
[
119880Benifit NA119877
sdot 120572119894minus1
5+ 119880
Benifit MASuccess119877
sdot 120572119894minus1
6minus 119880
Punish119877
sdot 120572119894minus1
7minus 119880
Punish119877
sdot 120572119894minus1
8minus119880
Punish119877
sdot 120572119894minus1
7minus 119880
Cost119877
120572119894minus1
8
119880Benifit NA119877
sdot 120572119894minus1
5
0
]
]
sdot (119909
1 minus 119909)
= 119909 sdot 119910 sdot 119880Benifit MASuccess119877
sdot 120572119894minus1
6+ 119909 sdot 119880
Benifit NA119877
sdot 120572119894minus1
5minus 119910 sdot (119880
Punish119877
sdot 120572119894minus1
7+ 119880
Cost119877
120572119894minus1
8)
(10)
By taking the partial derivative of the above equation withrespect to 119910 the condition for the content provider gettingthe optimal strategy is
120597119864119877
120597119910= 119909 sdot 119880
Benifit MASuccess119877
sdot 120572119894minus1
6
minus (119880Punish119877
sdot 120572119894minus1
7+ 119880
Cost119877
120572119894minus1
8) = 0
(11)
Hence there is
119909lowast
=119880
Punish119877
sdot 120572119894minus1
7+ 119880
Cost119877
120572119894minus1
8
119880Benifit MASuccess119877
sdot 120572119894minus1
6
(12)
that is to say 119875lowast = (119909lowast
1 minus 119909lowast
) is the optimal strategy for thecontent provider
It can be seen from the result of observation and analysisthat the accepting probability of content provider is only
related to the benefit and payment of the user By increas-ing the punishment for malicious access from the contentrequester increasing the cost of attacking security strategy byrequester and decreasing the benefit obtained by successfulmalicious accesses from the content requester the probabilityof content provider adopting the general security strategycan be improved and the normal operation of the socialnetwork can be promotedWhen the content provider adoptsgeneral security strategy in the probability of 119909 gt 119909
lowastthe content requester can obtain benefit by normal accessotherwise the optimal strategy for the content requester isto adopt the normal access strategy The strategy can only beused to determine at what probability the content providershould accept the access and to select the parameters fordecision makers in a macroscopic way It still depends on theattributes of the content requester and relevant history whenit comes to a specific access A rational content requester
The Scientific World Journal 7
seeks a method to maximize hisher own payment to playthe game Therefore the one that can meet the demand andenable both parties to keep a stable state is the mixed strategyNash equilibrium which is the lowest condition acceptablefor the content provider The benefit function of the contentprovider is expressed as
119864119875= Payoff
119875sdot 119860 sdot Payoff119879
119877= (119909 1 minus 119909)
sdot [
[
119880Benifit NA119875
sdot 120572119894minus1
1minus119880
Damage MASuccess119875
sdot 120572119894minus1
2
minus119880Damage NA119875
sdot 120572119894minus1
3minus 119880
Cost119875
120572119894minus1
4minus119880
Cost119875
120572119894minus1
4
]
]
sdot (119910
1 minus 119910)
= 119909 sdot 119910 (119880Benifit NA119875
sdot 120572119894minus1
1+ 119880
Damage MASuccess119875
sdot 120572119894minus1
2
+ 119880Damage NA119875
sdot 120572119894minus1
3)
minus 119909 (119880Damage MASuccess119875
sdot 120572119894minus1
2minus 119880
Cost119875
120572119894minus1
4)
minus 119910119880Damage NA119875
sdot 120572119894minus1
3minus 119880
Cost119875
120572119894minus1
4
(13)
By taking the partial derivative of the above equation withrespect to 119909 the condition for the content requester gettingthe optimal strategy is
120597119864119875
120597119909= 119910 (119880
Benifit NA119875
sdot 120572119894minus1
1+ 119880
Damage MASuccess119875
sdot 120572119894minus1
2
+119880Damage NA119875
sdot 120572119894minus1
3)
minus (119880Damage MASuccess119875
sdot 120572119894minus1
2minus 119880
Cost119875
120572119894minus1
4) = 0
(14)
Hence
119910lowast
= (119880Damage MASuccess119875
sdot 120572119894minus1
2minus 119880
Cost119875
120572119894minus1
4)
times (119880Benifit NA119875
sdot 120572119894minus1
1+ 119880
Damage MASuccess119875
sdot 120572119894minus1
2
+119880Damage NA119875
sdot 120572119894minus1
3)minus1
(15)
where119877lowast = (119910lowast
1minus119910lowast
) is the optimal strategy for the contentrequester
It can be seen from the observation result that the mixedstrategy Nash equilibrium for content requester gives anuncertain game-theoretic result to the user Illegal user is notable to get the payoff matrix and decision probability andtherefore is unable to judge how the content provider willprocess the request These users can obtain the payoff matrixand decision probability by illegalmeans but how the contentprovider will make decision is not certain
33 Dynamic Strategy Control Based on Mixed Strategy NashEquilibrium In the above section the mixed strategy Nashequilibrium for the content provider and requester is calcu-lated and the issue of user controlling strategy probability ispresented However it is not certain what the decision will be
Table 1 Parameters settings of the example on Scene 1
Parameters119880
Benifit NA119875
119880Damage NA119875
119880Damage MASuccess119875
119880Cost119875
1 100 100 600 702 150 150 800 100
each time Besides it is necessary to decide by combiningwiththe strategy selected by the content requester This is due tothe fact that the attributes and decision probabilities of differ-ent content requesters are different and the game controllingstrategy depends on the game-theoretic analysis of the twoparties instead of the strategy inference of one party Hencethe content provider needs to adjust the strategies accordingto the decision probability of himselfherself and that of thecontent requester and the requirement of hisher decisionprobability
119875lowast
= (119909lowast
1minus119909lowast
)119877lowast = (119910lowast
1minus119910lowast
) while the requirementby the content provider on the strategy probability of thecontent requester is 119877
0= (1199100 1 minus 119910
0)
(1) The strategy requirement by the content provider isstrict that is 119910
0ge 119910lowast P adopts enforced security
strategy to increase 119909lowast(2) The strategy requirement by the content provider is
strict that is 1199100lt 119910lowast P does not need to increase 119909lowast
and the general security strategy can be adopted
4 Use Cases Analyses
41 Background In multimedia social network the contentprovider distributes the multimedia digital content andcontent requester can ask to access the multimedia digitalcontent When all attributes of the content requester satisfythe requirement of the access control model of multimediasocial network platform the requester can access the digitalcontent However after some content providers access thedigital content they casually distribute themultimedia digitalcontent and disclose the private information without permis-sion to seek illegal benefits In order to prevent suchmaliciousaccess behaviour the multimedia social network platformwill adopt certain punishment methods such as decliningusers to access digital contents However mistakenly refusingnormal users to access multimedia digital content is notbeneficial to the promotion of digital content and drawingattention while no access control will not achieve the pur-pose of preventing malicious access which will damage theinterests of the content provider By using the proposedmixedstrategy the content provider can avoidmalicious access fromthe users and accept normal access
42 Use Cases Game Decision on Security Policies Theparameter factors of game-theoretic analysis 120572
119894(119894 =
1 2 8) are 1 11 1 11 12 11 12 and 11 respectivelyThe assumed values of other parameters are shown as thesecond to eighth columns inTables 1 and 2 By substituting theabove parameters into (6) and (3) the probability of contentrequester adopting malicious access 119910lowast and that of content
8 The Scientific World Journal
Table 2 Parameters settings of the example on Scene 2
Parameters119880
Benifit N119860119877
119880Benifit MASuccess119877
119880Cost119877
119880Punish119877
1 100 500 50 3002 180 700 50 350
provider adopting the general security strategy 119909lowast can becalculated The 119910lowast and 119909
lowast can be calculated according to thedata in the example The content provider can make decisionbased on the dynamic strategy control rule of mixed strategyNash equilibrium Formultimedia social network applicationplatform two typical scenes are set up
Scene 1 The level of the relationship between contentrequester and content provider is 1 set to be 1 119862
0is set to
be 1 119896119894as 1 depth as 1 closeness as 68 and trustworthiness as
1
Scene 2 The level of the relationship between contentrequester and content provider is 1 119862
0is set to be 1 119896
119894as 1
depth as 1 closeness as 98 and trustworthiness as 1Based on the above mentioned scenes and use cases
the value requirement of 119877 from 119875 is given as (066 034)According to the value of each parameter in Table 1 itcan be calculated that P (general security strategy enforcedsecurity strategy) of Scene 1 = (075 025) R (maliciousaccess normal access) = (068 032) At this time P needsto adopt the enforced security strategy In Scene 2 P (generalsecurity strategy enforced security strategy) = (068 032) R(malicious access normal access) = (065 032) At this timeP only needs to adopt the general security strategy
The benefit and punishment obtained by the contentrequester increase with the increase of trustworthiness andcloseness and decrease with the deepening of the relation-ship With the increase of trustworthiness and closeness ofcontent provider and the decrease of relationship depth theprobability of content requester adopting malicious accessis decreasing while the probability of content provideradopting the general security strategy is increasing This isin accordance with the actual practice on the social networkThe content provider can implement the access control basedon the mixed strategy Nash equilibrium between the twoparties to further adjust the probability of adopting thecorresponding strategy However the content requester doesnot know which strategy the content provider will adoptand the cost of adopting malicious access and the receivedpunishment is far greater than the benefit obtained fromsuccessful malicious access Hence the provider requesterwill not adopt the malicious access strategy easily
43 Discussions The decision-making model and methodfor adopting of security policies are firmly based on thegame theory and its applications on information securityso it is complete and robust Besides it has also flexibilitydue to an ability to represent the game on multiparticipantand multisecurity policies not only two parties and twostrategies The proposed approach to decision has significant
advantages including effectiveness onMSNs security policiescombination realization and deployment convenience on theleast overhead of security management and benefits andproductivity for contents providers owing to wider contentsaccess and sharing in MSNs
5 Conclusions
This paper proposed a game-based analysis on security poli-cies to obtain an optimal combination of security policies forcontent access in MSNs thus achieving utility maximizationbetween users For this reason this study created the TPTAbetween the content provider and the content requester Andthenwe proposed a typical game-theoretic control of securitystrategy obtained themixed strategy Nash equilibrium basedon security attribute of the user and analyzed a practicalexample In this study the strategy selection under the exist-ing access control mechanism of social network is addressedA game-theoretic analysis method is provided for the selec-tion of security strategy by the content provider and for theprotection of multimedia digital content In the future theresearch challenge will focus on an in-depth consideration toeffectively and rationally deploy security policies by theMSNsgame-theoretic analysis of security strategy under contentsharing conditions so as to improve the security credibilityand flexibility of the real MSNs applications and services Ingeneral the novel game-theoretical model for MSNs is alsosuitable for the same scenarios and services where multiplestakeholders have their own benefits and strategies choicesincluding general social media network and applications
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This work was sponsored by the National Natural Sci-ence Foundation of China Grant no 61370220 Plan ForScientific Innovation Talent of Henan Province Grant no134100510006 Key Program for Basic Research of the Edu-cation Department of Henan Province Grant nos 13A520240and 14A520048 and the Joint-Research Project titled ldquoKeytechnologies research on a novel network security defensesystemrdquo Grant no 61440144 The authors also thank QingliChen for her works on related experiments and analyses
References
[1] A Sachan S Emmanuel and M Kankanhalli ldquoAn efficientaccess control method for multimedia social networksrdquo inProceedings of the 2nd ACM SIGMMWorkshop on Social Media(WSM rsquo10) pp 33ndash38 Firenze Italy October 2010
[2] W Villegas A trust-based access control scheme for socialnetworks [MS thesis] School of Computer Science McGillUniversity Montreal Canada 2008
[3] B Carminati ldquoAccess control and privacy in web-based socialnetworksrdquo International Journal of Web Information Systemsvol 4 no 4 pp 395ndash415 2008
The Scientific World Journal 9
[4] M Hart R Johnson and A Stent ldquoMore content-less controlaccess control in the web 20rdquo in Proceedings of theWorkshop onWeb 20 Security and Privacy at the IEEE Symposium on Securityand Privacy pp 1ndash3 Oakland Calif USA May 2007
[5] J Park R Sandhu and Y Cheng ldquoA user-activity-centricframework for access control in online social networksrdquo IEEEInternet Computing vol 15 no 5 pp 62ndash65 2011
[6] B AliWVillegas andMMaheswaran ldquoA trust based approachfor protecting user data in social networksrdquo in Proceedings ofthe Conference of the Center for Advanced Studies on Collab-orative Research (CASCON rsquo07) pp 288ndash293 Richmond HillMontreal Canada October 2007
[7] S R Kruk S Grzonkowski A Gzella et al ldquoD-FOAF dis-tributed identity management with access rights delegationrdquoin The Semantic Web vol 4185 of Lecture Notes in ComputerScience pp 140ndash154 2006
[8] H Wang and L Sun ldquoTrust-involved access control in col-laborative open social networksrdquo in Proceedings of the 4thInternational Conference on Network and System Security (NSSrsquo10) pp 239ndash246 Melbourne Australia September 2010
[9] Z Y Zhang and K L Wang ldquoA trust model for multimediasocial networksrdquo Social Networks Analysis and Mining vol 3no 4 pp 969ndash979 2012
[10] B Carminati E Ferrari and A Perego ldquoRule-based accesscontrol for social networksrdquo in Proceedings of the Move toMeaningful Internet Systems 2006 OTM 2006 Workshops pp1734ndash1744 Montpellier France 2006
[11] L-Q Tian and C Lin ldquoA kind of game-theoretic controlmechanism of user behavior trust based on prediction intrustworthy networkrdquoChinese Journal of Computers vol 30 no11 pp 1930ndash1938 2007
[12] Q Wen Y Z Wang and J Y Yu ldquoA game theoretical model ofinformation dissemination in social networkrdquo in Proceedings ofInternational Conference on Complex Systems Agadir MoroccoNovember 2012
[13] S B Zhang W D Cai and Y J Li ldquoA game-theory basedaccess control method suitable for social networkrdquo Journal ofNorthwestern Polytechnical University vol 29 no 4 pp 652ndash657 2011
[14] Z Zhang Q Pei J Ma and L Yang ldquoEstablishing multi-partytrust architecture for drm by using game-theoretic analysis ofsecurity policiesrdquo Chinese Journal of Electronics vol 18 no 3pp 519ndash524 2009
[15] Z Zhang Q Pei J Ma L Yang and K Fan ldquoCooperativeand non-cooperative game-theoretic analyses of adoptions ofsecurity policies for DRMrdquo in Proceedings of the 6th IEEEConsumer Communications and Networking Conference (CCNCrsquo09) pp 1ndash5 Las Vegas Nev USA January 2009
[16] Z Zhang Q Pei J Ma and L Yang ldquoGame-theoretic analysesand simulations of adoptions of security policies for DRMin contents sharing scenariordquo Intelligent Automation amp SoftComputing vol 17 no 2 pp 191ndash203 2011
[17] Z Zhang S Lian Q Pei and J Pu ldquoFuzzy risk assessments onsecurity policies for digital rightsmanagementrdquoNeural NetworkWorld vol 20 no 3 pp 265ndash284 2010
[18] Z Y Zhang Risk Assessment and Management AcademyPublish 2012
Submit your manuscripts athttpwwwhindawicom
Computer Games Technology
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Distributed Sensor Networks
International Journal of
Advances in
FuzzySystems
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014
International Journal of
ReconfigurableComputing
Hindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Applied Computational Intelligence and Soft Computing
thinspAdvancesthinspinthinsp
Artificial Intelligence
HindawithinspPublishingthinspCorporationhttpwwwhindawicom Volumethinsp2014
Advances inSoftware EngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Journal of
Computer Networks and Communications
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation
httpwwwhindawicom Volume 2014
Advances in
Multimedia
International Journal of
Biomedical Imaging
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
ArtificialNeural Systems
Advances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Computational Intelligence and Neuroscience
Industrial EngineeringJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Human-ComputerInteraction
Advances in
Computer EngineeringAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World Journal 7
seeks a method to maximize hisher own payment to playthe game Therefore the one that can meet the demand andenable both parties to keep a stable state is the mixed strategyNash equilibrium which is the lowest condition acceptablefor the content provider The benefit function of the contentprovider is expressed as
119864119875= Payoff
119875sdot 119860 sdot Payoff119879
119877= (119909 1 minus 119909)
sdot [
[
119880Benifit NA119875
sdot 120572119894minus1
1minus119880
Damage MASuccess119875
sdot 120572119894minus1
2
minus119880Damage NA119875
sdot 120572119894minus1
3minus 119880
Cost119875
120572119894minus1
4minus119880
Cost119875
120572119894minus1
4
]
]
sdot (119910
1 minus 119910)
= 119909 sdot 119910 (119880Benifit NA119875
sdot 120572119894minus1
1+ 119880
Damage MASuccess119875
sdot 120572119894minus1
2
+ 119880Damage NA119875
sdot 120572119894minus1
3)
minus 119909 (119880Damage MASuccess119875
sdot 120572119894minus1
2minus 119880
Cost119875
120572119894minus1
4)
minus 119910119880Damage NA119875
sdot 120572119894minus1
3minus 119880
Cost119875
120572119894minus1
4
(13)
By taking the partial derivative of the above equation withrespect to 119909 the condition for the content requester gettingthe optimal strategy is
120597119864119875
120597119909= 119910 (119880
Benifit NA119875
sdot 120572119894minus1
1+ 119880
Damage MASuccess119875
sdot 120572119894minus1
2
+119880Damage NA119875
sdot 120572119894minus1
3)
minus (119880Damage MASuccess119875
sdot 120572119894minus1
2minus 119880
Cost119875
120572119894minus1
4) = 0
(14)
Hence
119910lowast
= (119880Damage MASuccess119875
sdot 120572119894minus1
2minus 119880
Cost119875
120572119894minus1
4)
times (119880Benifit NA119875
sdot 120572119894minus1
1+ 119880
Damage MASuccess119875
sdot 120572119894minus1
2
+119880Damage NA119875
sdot 120572119894minus1
3)minus1
(15)
where119877lowast = (119910lowast
1minus119910lowast
) is the optimal strategy for the contentrequester
It can be seen from the observation result that the mixedstrategy Nash equilibrium for content requester gives anuncertain game-theoretic result to the user Illegal user is notable to get the payoff matrix and decision probability andtherefore is unable to judge how the content provider willprocess the request These users can obtain the payoff matrixand decision probability by illegalmeans but how the contentprovider will make decision is not certain
33 Dynamic Strategy Control Based on Mixed Strategy NashEquilibrium In the above section the mixed strategy Nashequilibrium for the content provider and requester is calcu-lated and the issue of user controlling strategy probability ispresented However it is not certain what the decision will be
Table 1 Parameters settings of the example on Scene 1
Parameters119880
Benifit NA119875
119880Damage NA119875
119880Damage MASuccess119875
119880Cost119875
1 100 100 600 702 150 150 800 100
each time Besides it is necessary to decide by combiningwiththe strategy selected by the content requester This is due tothe fact that the attributes and decision probabilities of differ-ent content requesters are different and the game controllingstrategy depends on the game-theoretic analysis of the twoparties instead of the strategy inference of one party Hencethe content provider needs to adjust the strategies accordingto the decision probability of himselfherself and that of thecontent requester and the requirement of hisher decisionprobability
119875lowast
= (119909lowast
1minus119909lowast
)119877lowast = (119910lowast
1minus119910lowast
) while the requirementby the content provider on the strategy probability of thecontent requester is 119877
0= (1199100 1 minus 119910
0)
(1) The strategy requirement by the content provider isstrict that is 119910
0ge 119910lowast P adopts enforced security
strategy to increase 119909lowast(2) The strategy requirement by the content provider is
strict that is 1199100lt 119910lowast P does not need to increase 119909lowast
and the general security strategy can be adopted
4 Use Cases Analyses
41 Background In multimedia social network the contentprovider distributes the multimedia digital content andcontent requester can ask to access the multimedia digitalcontent When all attributes of the content requester satisfythe requirement of the access control model of multimediasocial network platform the requester can access the digitalcontent However after some content providers access thedigital content they casually distribute themultimedia digitalcontent and disclose the private information without permis-sion to seek illegal benefits In order to prevent suchmaliciousaccess behaviour the multimedia social network platformwill adopt certain punishment methods such as decliningusers to access digital contents However mistakenly refusingnormal users to access multimedia digital content is notbeneficial to the promotion of digital content and drawingattention while no access control will not achieve the pur-pose of preventing malicious access which will damage theinterests of the content provider By using the proposedmixedstrategy the content provider can avoidmalicious access fromthe users and accept normal access
42 Use Cases Game Decision on Security Policies Theparameter factors of game-theoretic analysis 120572
119894(119894 =
1 2 8) are 1 11 1 11 12 11 12 and 11 respectivelyThe assumed values of other parameters are shown as thesecond to eighth columns inTables 1 and 2 By substituting theabove parameters into (6) and (3) the probability of contentrequester adopting malicious access 119910lowast and that of content
8 The Scientific World Journal
Table 2 Parameters settings of the example on Scene 2
Parameters119880
Benifit N119860119877
119880Benifit MASuccess119877
119880Cost119877
119880Punish119877
1 100 500 50 3002 180 700 50 350
provider adopting the general security strategy 119909lowast can becalculated The 119910lowast and 119909
lowast can be calculated according to thedata in the example The content provider can make decisionbased on the dynamic strategy control rule of mixed strategyNash equilibrium Formultimedia social network applicationplatform two typical scenes are set up
Scene 1 The level of the relationship between contentrequester and content provider is 1 set to be 1 119862
0is set to
be 1 119896119894as 1 depth as 1 closeness as 68 and trustworthiness as
1
Scene 2 The level of the relationship between contentrequester and content provider is 1 119862
0is set to be 1 119896
119894as 1
depth as 1 closeness as 98 and trustworthiness as 1Based on the above mentioned scenes and use cases
the value requirement of 119877 from 119875 is given as (066 034)According to the value of each parameter in Table 1 itcan be calculated that P (general security strategy enforcedsecurity strategy) of Scene 1 = (075 025) R (maliciousaccess normal access) = (068 032) At this time P needsto adopt the enforced security strategy In Scene 2 P (generalsecurity strategy enforced security strategy) = (068 032) R(malicious access normal access) = (065 032) At this timeP only needs to adopt the general security strategy
The benefit and punishment obtained by the contentrequester increase with the increase of trustworthiness andcloseness and decrease with the deepening of the relation-ship With the increase of trustworthiness and closeness ofcontent provider and the decrease of relationship depth theprobability of content requester adopting malicious accessis decreasing while the probability of content provideradopting the general security strategy is increasing This isin accordance with the actual practice on the social networkThe content provider can implement the access control basedon the mixed strategy Nash equilibrium between the twoparties to further adjust the probability of adopting thecorresponding strategy However the content requester doesnot know which strategy the content provider will adoptand the cost of adopting malicious access and the receivedpunishment is far greater than the benefit obtained fromsuccessful malicious access Hence the provider requesterwill not adopt the malicious access strategy easily
43 Discussions The decision-making model and methodfor adopting of security policies are firmly based on thegame theory and its applications on information securityso it is complete and robust Besides it has also flexibilitydue to an ability to represent the game on multiparticipantand multisecurity policies not only two parties and twostrategies The proposed approach to decision has significant
advantages including effectiveness onMSNs security policiescombination realization and deployment convenience on theleast overhead of security management and benefits andproductivity for contents providers owing to wider contentsaccess and sharing in MSNs
5 Conclusions
This paper proposed a game-based analysis on security poli-cies to obtain an optimal combination of security policies forcontent access in MSNs thus achieving utility maximizationbetween users For this reason this study created the TPTAbetween the content provider and the content requester Andthenwe proposed a typical game-theoretic control of securitystrategy obtained themixed strategy Nash equilibrium basedon security attribute of the user and analyzed a practicalexample In this study the strategy selection under the exist-ing access control mechanism of social network is addressedA game-theoretic analysis method is provided for the selec-tion of security strategy by the content provider and for theprotection of multimedia digital content In the future theresearch challenge will focus on an in-depth consideration toeffectively and rationally deploy security policies by theMSNsgame-theoretic analysis of security strategy under contentsharing conditions so as to improve the security credibilityand flexibility of the real MSNs applications and services Ingeneral the novel game-theoretical model for MSNs is alsosuitable for the same scenarios and services where multiplestakeholders have their own benefits and strategies choicesincluding general social media network and applications
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This work was sponsored by the National Natural Sci-ence Foundation of China Grant no 61370220 Plan ForScientific Innovation Talent of Henan Province Grant no134100510006 Key Program for Basic Research of the Edu-cation Department of Henan Province Grant nos 13A520240and 14A520048 and the Joint-Research Project titled ldquoKeytechnologies research on a novel network security defensesystemrdquo Grant no 61440144 The authors also thank QingliChen for her works on related experiments and analyses
References
[1] A Sachan S Emmanuel and M Kankanhalli ldquoAn efficientaccess control method for multimedia social networksrdquo inProceedings of the 2nd ACM SIGMMWorkshop on Social Media(WSM rsquo10) pp 33ndash38 Firenze Italy October 2010
[2] W Villegas A trust-based access control scheme for socialnetworks [MS thesis] School of Computer Science McGillUniversity Montreal Canada 2008
[3] B Carminati ldquoAccess control and privacy in web-based socialnetworksrdquo International Journal of Web Information Systemsvol 4 no 4 pp 395ndash415 2008
The Scientific World Journal 9
[4] M Hart R Johnson and A Stent ldquoMore content-less controlaccess control in the web 20rdquo in Proceedings of theWorkshop onWeb 20 Security and Privacy at the IEEE Symposium on Securityand Privacy pp 1ndash3 Oakland Calif USA May 2007
[5] J Park R Sandhu and Y Cheng ldquoA user-activity-centricframework for access control in online social networksrdquo IEEEInternet Computing vol 15 no 5 pp 62ndash65 2011
[6] B AliWVillegas andMMaheswaran ldquoA trust based approachfor protecting user data in social networksrdquo in Proceedings ofthe Conference of the Center for Advanced Studies on Collab-orative Research (CASCON rsquo07) pp 288ndash293 Richmond HillMontreal Canada October 2007
[7] S R Kruk S Grzonkowski A Gzella et al ldquoD-FOAF dis-tributed identity management with access rights delegationrdquoin The Semantic Web vol 4185 of Lecture Notes in ComputerScience pp 140ndash154 2006
[8] H Wang and L Sun ldquoTrust-involved access control in col-laborative open social networksrdquo in Proceedings of the 4thInternational Conference on Network and System Security (NSSrsquo10) pp 239ndash246 Melbourne Australia September 2010
[9] Z Y Zhang and K L Wang ldquoA trust model for multimediasocial networksrdquo Social Networks Analysis and Mining vol 3no 4 pp 969ndash979 2012
[10] B Carminati E Ferrari and A Perego ldquoRule-based accesscontrol for social networksrdquo in Proceedings of the Move toMeaningful Internet Systems 2006 OTM 2006 Workshops pp1734ndash1744 Montpellier France 2006
[11] L-Q Tian and C Lin ldquoA kind of game-theoretic controlmechanism of user behavior trust based on prediction intrustworthy networkrdquoChinese Journal of Computers vol 30 no11 pp 1930ndash1938 2007
[12] Q Wen Y Z Wang and J Y Yu ldquoA game theoretical model ofinformation dissemination in social networkrdquo in Proceedings ofInternational Conference on Complex Systems Agadir MoroccoNovember 2012
[13] S B Zhang W D Cai and Y J Li ldquoA game-theory basedaccess control method suitable for social networkrdquo Journal ofNorthwestern Polytechnical University vol 29 no 4 pp 652ndash657 2011
[14] Z Zhang Q Pei J Ma and L Yang ldquoEstablishing multi-partytrust architecture for drm by using game-theoretic analysis ofsecurity policiesrdquo Chinese Journal of Electronics vol 18 no 3pp 519ndash524 2009
[15] Z Zhang Q Pei J Ma L Yang and K Fan ldquoCooperativeand non-cooperative game-theoretic analyses of adoptions ofsecurity policies for DRMrdquo in Proceedings of the 6th IEEEConsumer Communications and Networking Conference (CCNCrsquo09) pp 1ndash5 Las Vegas Nev USA January 2009
[16] Z Zhang Q Pei J Ma and L Yang ldquoGame-theoretic analysesand simulations of adoptions of security policies for DRMin contents sharing scenariordquo Intelligent Automation amp SoftComputing vol 17 no 2 pp 191ndash203 2011
[17] Z Zhang S Lian Q Pei and J Pu ldquoFuzzy risk assessments onsecurity policies for digital rightsmanagementrdquoNeural NetworkWorld vol 20 no 3 pp 265ndash284 2010
[18] Z Y Zhang Risk Assessment and Management AcademyPublish 2012
Submit your manuscripts athttpwwwhindawicom
Computer Games Technology
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Distributed Sensor Networks
International Journal of
Advances in
FuzzySystems
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014
International Journal of
ReconfigurableComputing
Hindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Applied Computational Intelligence and Soft Computing
thinspAdvancesthinspinthinsp
Artificial Intelligence
HindawithinspPublishingthinspCorporationhttpwwwhindawicom Volumethinsp2014
Advances inSoftware EngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Journal of
Computer Networks and Communications
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation
httpwwwhindawicom Volume 2014
Advances in
Multimedia
International Journal of
Biomedical Imaging
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
ArtificialNeural Systems
Advances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Computational Intelligence and Neuroscience
Industrial EngineeringJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Human-ComputerInteraction
Advances in
Computer EngineeringAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
8 The Scientific World Journal
Table 2 Parameters settings of the example on Scene 2
Parameters119880
Benifit N119860119877
119880Benifit MASuccess119877
119880Cost119877
119880Punish119877
1 100 500 50 3002 180 700 50 350
provider adopting the general security strategy 119909lowast can becalculated The 119910lowast and 119909
lowast can be calculated according to thedata in the example The content provider can make decisionbased on the dynamic strategy control rule of mixed strategyNash equilibrium Formultimedia social network applicationplatform two typical scenes are set up
Scene 1 The level of the relationship between contentrequester and content provider is 1 set to be 1 119862
0is set to
be 1 119896119894as 1 depth as 1 closeness as 68 and trustworthiness as
1
Scene 2 The level of the relationship between contentrequester and content provider is 1 119862
0is set to be 1 119896
119894as 1
depth as 1 closeness as 98 and trustworthiness as 1Based on the above mentioned scenes and use cases
the value requirement of 119877 from 119875 is given as (066 034)According to the value of each parameter in Table 1 itcan be calculated that P (general security strategy enforcedsecurity strategy) of Scene 1 = (075 025) R (maliciousaccess normal access) = (068 032) At this time P needsto adopt the enforced security strategy In Scene 2 P (generalsecurity strategy enforced security strategy) = (068 032) R(malicious access normal access) = (065 032) At this timeP only needs to adopt the general security strategy
The benefit and punishment obtained by the contentrequester increase with the increase of trustworthiness andcloseness and decrease with the deepening of the relation-ship With the increase of trustworthiness and closeness ofcontent provider and the decrease of relationship depth theprobability of content requester adopting malicious accessis decreasing while the probability of content provideradopting the general security strategy is increasing This isin accordance with the actual practice on the social networkThe content provider can implement the access control basedon the mixed strategy Nash equilibrium between the twoparties to further adjust the probability of adopting thecorresponding strategy However the content requester doesnot know which strategy the content provider will adoptand the cost of adopting malicious access and the receivedpunishment is far greater than the benefit obtained fromsuccessful malicious access Hence the provider requesterwill not adopt the malicious access strategy easily
43 Discussions The decision-making model and methodfor adopting of security policies are firmly based on thegame theory and its applications on information securityso it is complete and robust Besides it has also flexibilitydue to an ability to represent the game on multiparticipantand multisecurity policies not only two parties and twostrategies The proposed approach to decision has significant
advantages including effectiveness onMSNs security policiescombination realization and deployment convenience on theleast overhead of security management and benefits andproductivity for contents providers owing to wider contentsaccess and sharing in MSNs
5 Conclusions
This paper proposed a game-based analysis on security poli-cies to obtain an optimal combination of security policies forcontent access in MSNs thus achieving utility maximizationbetween users For this reason this study created the TPTAbetween the content provider and the content requester Andthenwe proposed a typical game-theoretic control of securitystrategy obtained themixed strategy Nash equilibrium basedon security attribute of the user and analyzed a practicalexample In this study the strategy selection under the exist-ing access control mechanism of social network is addressedA game-theoretic analysis method is provided for the selec-tion of security strategy by the content provider and for theprotection of multimedia digital content In the future theresearch challenge will focus on an in-depth consideration toeffectively and rationally deploy security policies by theMSNsgame-theoretic analysis of security strategy under contentsharing conditions so as to improve the security credibilityand flexibility of the real MSNs applications and services Ingeneral the novel game-theoretical model for MSNs is alsosuitable for the same scenarios and services where multiplestakeholders have their own benefits and strategies choicesincluding general social media network and applications
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This work was sponsored by the National Natural Sci-ence Foundation of China Grant no 61370220 Plan ForScientific Innovation Talent of Henan Province Grant no134100510006 Key Program for Basic Research of the Edu-cation Department of Henan Province Grant nos 13A520240and 14A520048 and the Joint-Research Project titled ldquoKeytechnologies research on a novel network security defensesystemrdquo Grant no 61440144 The authors also thank QingliChen for her works on related experiments and analyses
References
[1] A Sachan S Emmanuel and M Kankanhalli ldquoAn efficientaccess control method for multimedia social networksrdquo inProceedings of the 2nd ACM SIGMMWorkshop on Social Media(WSM rsquo10) pp 33ndash38 Firenze Italy October 2010
[2] W Villegas A trust-based access control scheme for socialnetworks [MS thesis] School of Computer Science McGillUniversity Montreal Canada 2008
[3] B Carminati ldquoAccess control and privacy in web-based socialnetworksrdquo International Journal of Web Information Systemsvol 4 no 4 pp 395ndash415 2008
The Scientific World Journal 9
[4] M Hart R Johnson and A Stent ldquoMore content-less controlaccess control in the web 20rdquo in Proceedings of theWorkshop onWeb 20 Security and Privacy at the IEEE Symposium on Securityand Privacy pp 1ndash3 Oakland Calif USA May 2007
[5] J Park R Sandhu and Y Cheng ldquoA user-activity-centricframework for access control in online social networksrdquo IEEEInternet Computing vol 15 no 5 pp 62ndash65 2011
[6] B AliWVillegas andMMaheswaran ldquoA trust based approachfor protecting user data in social networksrdquo in Proceedings ofthe Conference of the Center for Advanced Studies on Collab-orative Research (CASCON rsquo07) pp 288ndash293 Richmond HillMontreal Canada October 2007
[7] S R Kruk S Grzonkowski A Gzella et al ldquoD-FOAF dis-tributed identity management with access rights delegationrdquoin The Semantic Web vol 4185 of Lecture Notes in ComputerScience pp 140ndash154 2006
[8] H Wang and L Sun ldquoTrust-involved access control in col-laborative open social networksrdquo in Proceedings of the 4thInternational Conference on Network and System Security (NSSrsquo10) pp 239ndash246 Melbourne Australia September 2010
[9] Z Y Zhang and K L Wang ldquoA trust model for multimediasocial networksrdquo Social Networks Analysis and Mining vol 3no 4 pp 969ndash979 2012
[10] B Carminati E Ferrari and A Perego ldquoRule-based accesscontrol for social networksrdquo in Proceedings of the Move toMeaningful Internet Systems 2006 OTM 2006 Workshops pp1734ndash1744 Montpellier France 2006
[11] L-Q Tian and C Lin ldquoA kind of game-theoretic controlmechanism of user behavior trust based on prediction intrustworthy networkrdquoChinese Journal of Computers vol 30 no11 pp 1930ndash1938 2007
[12] Q Wen Y Z Wang and J Y Yu ldquoA game theoretical model ofinformation dissemination in social networkrdquo in Proceedings ofInternational Conference on Complex Systems Agadir MoroccoNovember 2012
[13] S B Zhang W D Cai and Y J Li ldquoA game-theory basedaccess control method suitable for social networkrdquo Journal ofNorthwestern Polytechnical University vol 29 no 4 pp 652ndash657 2011
[14] Z Zhang Q Pei J Ma and L Yang ldquoEstablishing multi-partytrust architecture for drm by using game-theoretic analysis ofsecurity policiesrdquo Chinese Journal of Electronics vol 18 no 3pp 519ndash524 2009
[15] Z Zhang Q Pei J Ma L Yang and K Fan ldquoCooperativeand non-cooperative game-theoretic analyses of adoptions ofsecurity policies for DRMrdquo in Proceedings of the 6th IEEEConsumer Communications and Networking Conference (CCNCrsquo09) pp 1ndash5 Las Vegas Nev USA January 2009
[16] Z Zhang Q Pei J Ma and L Yang ldquoGame-theoretic analysesand simulations of adoptions of security policies for DRMin contents sharing scenariordquo Intelligent Automation amp SoftComputing vol 17 no 2 pp 191ndash203 2011
[17] Z Zhang S Lian Q Pei and J Pu ldquoFuzzy risk assessments onsecurity policies for digital rightsmanagementrdquoNeural NetworkWorld vol 20 no 3 pp 265ndash284 2010
[18] Z Y Zhang Risk Assessment and Management AcademyPublish 2012
Submit your manuscripts athttpwwwhindawicom
Computer Games Technology
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Distributed Sensor Networks
International Journal of
Advances in
FuzzySystems
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014
International Journal of
ReconfigurableComputing
Hindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Applied Computational Intelligence and Soft Computing
thinspAdvancesthinspinthinsp
Artificial Intelligence
HindawithinspPublishingthinspCorporationhttpwwwhindawicom Volumethinsp2014
Advances inSoftware EngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Journal of
Computer Networks and Communications
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation
httpwwwhindawicom Volume 2014
Advances in
Multimedia
International Journal of
Biomedical Imaging
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
ArtificialNeural Systems
Advances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Computational Intelligence and Neuroscience
Industrial EngineeringJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Human-ComputerInteraction
Advances in
Computer EngineeringAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World Journal 9
[4] M Hart R Johnson and A Stent ldquoMore content-less controlaccess control in the web 20rdquo in Proceedings of theWorkshop onWeb 20 Security and Privacy at the IEEE Symposium on Securityand Privacy pp 1ndash3 Oakland Calif USA May 2007
[5] J Park R Sandhu and Y Cheng ldquoA user-activity-centricframework for access control in online social networksrdquo IEEEInternet Computing vol 15 no 5 pp 62ndash65 2011
[6] B AliWVillegas andMMaheswaran ldquoA trust based approachfor protecting user data in social networksrdquo in Proceedings ofthe Conference of the Center for Advanced Studies on Collab-orative Research (CASCON rsquo07) pp 288ndash293 Richmond HillMontreal Canada October 2007
[7] S R Kruk S Grzonkowski A Gzella et al ldquoD-FOAF dis-tributed identity management with access rights delegationrdquoin The Semantic Web vol 4185 of Lecture Notes in ComputerScience pp 140ndash154 2006
[8] H Wang and L Sun ldquoTrust-involved access control in col-laborative open social networksrdquo in Proceedings of the 4thInternational Conference on Network and System Security (NSSrsquo10) pp 239ndash246 Melbourne Australia September 2010
[9] Z Y Zhang and K L Wang ldquoA trust model for multimediasocial networksrdquo Social Networks Analysis and Mining vol 3no 4 pp 969ndash979 2012
[10] B Carminati E Ferrari and A Perego ldquoRule-based accesscontrol for social networksrdquo in Proceedings of the Move toMeaningful Internet Systems 2006 OTM 2006 Workshops pp1734ndash1744 Montpellier France 2006
[11] L-Q Tian and C Lin ldquoA kind of game-theoretic controlmechanism of user behavior trust based on prediction intrustworthy networkrdquoChinese Journal of Computers vol 30 no11 pp 1930ndash1938 2007
[12] Q Wen Y Z Wang and J Y Yu ldquoA game theoretical model ofinformation dissemination in social networkrdquo in Proceedings ofInternational Conference on Complex Systems Agadir MoroccoNovember 2012
[13] S B Zhang W D Cai and Y J Li ldquoA game-theory basedaccess control method suitable for social networkrdquo Journal ofNorthwestern Polytechnical University vol 29 no 4 pp 652ndash657 2011
[14] Z Zhang Q Pei J Ma and L Yang ldquoEstablishing multi-partytrust architecture for drm by using game-theoretic analysis ofsecurity policiesrdquo Chinese Journal of Electronics vol 18 no 3pp 519ndash524 2009
[15] Z Zhang Q Pei J Ma L Yang and K Fan ldquoCooperativeand non-cooperative game-theoretic analyses of adoptions ofsecurity policies for DRMrdquo in Proceedings of the 6th IEEEConsumer Communications and Networking Conference (CCNCrsquo09) pp 1ndash5 Las Vegas Nev USA January 2009
[16] Z Zhang Q Pei J Ma and L Yang ldquoGame-theoretic analysesand simulations of adoptions of security policies for DRMin contents sharing scenariordquo Intelligent Automation amp SoftComputing vol 17 no 2 pp 191ndash203 2011
[17] Z Zhang S Lian Q Pei and J Pu ldquoFuzzy risk assessments onsecurity policies for digital rightsmanagementrdquoNeural NetworkWorld vol 20 no 3 pp 265ndash284 2010
[18] Z Y Zhang Risk Assessment and Management AcademyPublish 2012
Submit your manuscripts athttpwwwhindawicom
Computer Games Technology
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Distributed Sensor Networks
International Journal of
Advances in
FuzzySystems
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014
International Journal of
ReconfigurableComputing
Hindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Applied Computational Intelligence and Soft Computing
thinspAdvancesthinspinthinsp
Artificial Intelligence
HindawithinspPublishingthinspCorporationhttpwwwhindawicom Volumethinsp2014
Advances inSoftware EngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Journal of
Computer Networks and Communications
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation
httpwwwhindawicom Volume 2014
Advances in
Multimedia
International Journal of
Biomedical Imaging
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
ArtificialNeural Systems
Advances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Computational Intelligence and Neuroscience
Industrial EngineeringJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Human-ComputerInteraction
Advances in
Computer EngineeringAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Submit your manuscripts athttpwwwhindawicom
Computer Games Technology
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Distributed Sensor Networks
International Journal of
Advances in
FuzzySystems
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014
International Journal of
ReconfigurableComputing
Hindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Applied Computational Intelligence and Soft Computing
thinspAdvancesthinspinthinsp
Artificial Intelligence
HindawithinspPublishingthinspCorporationhttpwwwhindawicom Volumethinsp2014
Advances inSoftware EngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Journal of
Computer Networks and Communications
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation
httpwwwhindawicom Volume 2014
Advances in
Multimedia
International Journal of
Biomedical Imaging
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
ArtificialNeural Systems
Advances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Computational Intelligence and Neuroscience
Industrial EngineeringJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Human-ComputerInteraction
Advances in
Computer EngineeringAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
