一种保护云存储平台上用户数据私密性的方法  被引量：40

作　　者：侯清铧[1,2] 武永卫[1,2] 郑纬民[1,2] 杨广文[1,2] 

机构地区：[1]清华信息科学与技术国家实验室筹北京100084 [2]清华大学计算机科学与技术系北京1000843

出　　处：《计算机研究与发展》2011年第7期1146-1154,共9页Journal of Computer Research and Development

基　　金：国家“九七三”重点基础研究发展计划基金项目(2007CB310900,2011CB302505);国家自然科学基金项目(60803121,60773145,60911130371,90812001,60963005);国家“八六三”高技术研究发展计划基金项目(2009AA01A130,2009AA01A132,2006AA01A101,2006AA10A108,2006AA01A111,2006AA01A117)

摘　　要：近年来,云存储被研究者和IT厂商广泛关注,许多应用程序都用云存储来存储数据.但是用户和厂商都对于云存储的安全性和私密性问题表示忧虑.云存储安全的核心是分布式文件系统的安全性和私密性.基于SSL安全连接和Daoli安全虚拟监控系统可以充分保护分布式文件系统中用户数据的安全性和私密性.安全虚拟监督系统可以阻止传统攻击及来自云管理员的攻击.针对用户的不同需求和数据存储系统的特点,有2种解决方案,分别针对分布式文件系统中用户文件的每一块进行保护,保障用户文件每一块的私密性及对整个用户文件进行保护,保证用户文件整体私密性.对于用户数据的私密性而言,SSL安全连接和虚拟监控系统引入的性能损失是可以被接受的.Nowadays, many researchers and IT companies pay close attention to cloud storage. A lot of applications use cloud storage to store data. But many people and companies worry about the security and privacy problem of cloud storage. Cloud storage platform is prone to compromise or abuse from adversaries including the cloud administrators. The security and privacy problem of cloud storage is the security and privacy problem of distributed file system, which is the core of cloud storage. With SSL secure connection and secure virtual machine monitor （Daoli）, the security and privacy of the user＇s data can be protected in the distributed file system, even facing a total compromise of the distributed file system or the operating system. With secure virtual machine monitor, conventional attacks and attacks from cloud administrators can be prevented. Two schemes for different application scenarios are put forward. In one scheme, every chunk of user＇s file is protected, so the privacy of every chunk is guaranteed. In another method, only the whole file is protected, and the privacy of the whole file is guaranteed not all chunks. The overhead of the addition of SSL secure connection and secure virtual machine monitor are evaluated. In consideration of the privacy of user＇s data, the overhead can be tolerated.

关 键 词：云存储 分布式文件系统 数据私密性 虚拟机 安全虚拟监督系统 

分 类 号：TP302[自动化与计算机技术—计算机系统结构]