中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 信息安全国家重点实验室  > 学位论文
学科主题: 计算机科学技术基础学科::数据安全与计算机安全
题名:
云存储中的数据完整性验证方法研究
作者: 殷佳欣
答辩日期: 2011-05-25
导师: 徐震
专业: 信息安全
授予单位: 中国科学院研究生院
授予地点: 北京
学位: 硕士
关键词: 云存储 ; 完整性验证 ; 布隆过滤器 ; 多指标决策 ; 均衡决策策略
其他题名:
部门归属: 信息安全实验室
项目归属: 中科院知识创新工程重要方向项目课题——云计算安全支撑系统
产权排名: 1
摘要: 随着对云计算关注度的提高和应用范围越来越广,云存储作为其存储基础也受到越来越广泛的重视。相比传统存储,云存储在有着诸多优点的同时也不可避免的存在机密性、可用性和完整性的问题。在完整性方面,云存储中海量远程数据和存储服务提供商不可信的事实又给传统完整性验证方式带来了新的挑战和问题。Juels and B. Kaliski2007年首次提出云存储的完整性验证的方法和概念,发展至今已经有很多方法在云存储海量数据完整性验证方面做出贡献。一般使用挑战应答的方式验证完整性,这些方法在验证速度、产生的存储冗余、占用网络带宽、是否支持动态数据等方面各有贡献。但是在存储冗余、支持动态数据无限多次挑战方面却少有涉及。本文在总结了完整性验证相关工作的情况下,结合有限域和布隆过滤器提出了一种新的云存储完整性验证方法。该方法在减少存储冗余、支持动态数据的同时支持无限多次挑战方面有着突出贡献,在其他各个方面与其他方法持平,相比其他方案有很大进展。文章同时给出了一种多服务器完整性验证的扩展策略。考虑到现有云存储的集群特性,文章还研究了云存储中多服务器下完整性验证策略。在云存储中,数据分片后备份的存储在多服务器中,在这个前提下,策略使用单服务器情况下完整性验证方法的延伸,在多服务器之间交替进行完整性验证。提出了一种新的均衡策略来保证完整性验证本身高效执行的同时不影响云存储中数据对外提供的优质服务,即基于多指标决策的均衡决策方法。这种均衡验证的策略借鉴了web和集群数据库中的均衡方式,并考虑各个节点的实际负载情况,相比传统均衡方式有更好的效果。多服务器的验证均衡策略在多服务器间统一调度,使用基于有限域和布隆过滤器的完整性验证方法,完成了多服务器情况下的数据完整性验证。在长的时间尺度上,保证所有服务器上的数据完整性都可以进行,而且保证整个云存储服务器集群的高效运转,保证同时作为数据服务提供商的云存储用户的优质服务。云存储具有强劲的发展潜力,但是需要彻底解决掉几个切实的安全问题,数据完整性即是其中之一。本文在研究了相关工作的基础上,提出了新的单服务器和多服务器的海量数据完整性验证方案,并在安全云存储架构下设计出了一种实现方案。切实解决云存储在不可信管理员和海量数据情况下的完整性验证问题。
英文摘要: Cloud computing has gained more and more concern these days and accordingly cloud storage also become more and more important. Compared to traditional storage, cloud storage has quite a lot of advantages but at the same time also inevitably exists security, availability and integrity problems. In integrity, cloud storage faces problems on massive data scale and the untrusted cloud storage administrator which is quite different from traditional storage and brings new challenges. Juels and B. Kaliski proposed the concept of cloud storage integrity verification in 2007. And up till now, there has been many methods dealing with this issue. These methods usually use challenge and response scheme in the verification, and have made progress in issues like the speed of verification, band width occupied, whether support dynamic data or not and so on. But leave the redundancy of storage produced and unlimited challenges as well as dynamic data supportive a space. After referencing on previous methods, we proposed a new method in solving the integrity verification problem in cloud storage based on bloom filter and finite field. This method makes progress in decreasing the storage redundancy produced, unlimited challenges and dynamic data. Besides this single server integrity verification method, we also proposed an extended method for multiple servers.In consideration with the clustered feature of modern cloud storage, we investigated in the integrity verification method in multi-server cloud storage. In cloud storage, data is sliced into pieces and copied to several servers. We extended the method in single server mode. Integrity verification was done among all these servers. However, we did propose a new balance strategy which is called balanced multi-criteria decision making to guarantee that integrity verification itself won’t affect the data service in the cloud storage. This balance strategy referenced the balance strategy in web and clustered database, took the real load state of the node into account. It’s more effective compared to traditional balance strategy. The balanced verification strategy cooperates among all the servers using the integrity verification method of cloud storage based on bloom filter and finite field. Accomplished the goal of integrity verification of multi-server cloud storage. In the long term, the strategy can guarantee that integrity verification can be imposed on each server and at the same time make sure that the cloud is running effectively that the data providing service is maintained in a high level.Cloud storage has a high potential in developing to a further level. But it needs to completely solve several security problems first. In which integrity is among the most importance. On referencing to related works, we proposed a new method in solving the cloud storage massive data integrity verification problem in single server and multi server mode. We proposed architecture to realize the method as well. Such is practically a solution to the integrity verification problem in concern with the untrusted administrator and the massive data.
语种: 英语
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/10824
Appears in Collections:信息安全国家重点实验室_学位论文

Files in This Item:
File Name/ File Size Content Type Version Access License
云存储中的数据完整性验证方法研究-2.pdf(1019KB)----限制开放 联系获取全文

Recommended Citation:
殷佳欣. 云存储中的数据完整性验证方法研究[D]. 北京. 中国科学院研究生院. 2011-05-25.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[殷佳欣]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[殷佳欣]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace