摘要
针对云中软件即服务(Software as a Service,SaaS)多租户共享存储模式下恶意服务提供商伪造、删除或篡改租户定制存储的数据副本数据问题,结合多租户数据共享存储特点以及租户间隐私与隔离需求,提出了面向租户的多副本完整性保护机制(Tenant-oriented duplication integrity checking scheme,TDIC).TDIC通过对租户副本元组进行周期性随机抽样的方式,来降低验证对象的生成代价.为适应租户数据的动态更新,建立面向租户多副本辅助验证结构(Tenant duplication authentication structure,TDAS),TDAS可以将每个数据节点上不同租户的副本验证信息隔离,保证租户副本验证过程的隔离性.结合租户元组的同态标签与TDAS,TDIC可以在不泄露租户数据内容的前提下,委托可信第三方对租户副本进行抽样检查.分析表明,如果租户逻辑视图中包含一万个数据元组时,在元组破坏率为1%的情况下发现数据被破坏的随机抽样数目最大约为元组总数的5%,相对全部验证的方法有效降低了系统资源消耗.
Software as a Service(SaaS)is one important software delivery model in cloud computing and provides the elastic extension,relatively inexpensive storage and computing resources for tenants.However,un-trustworthy service providers may malicious tamper,forge or delete tenant data without tenants' authorization.The purpose of this work is to provide a multi-tenant data duplication integrity protection scheme for SaaS multi-tenant shared storage.First,we present a sample based tenant integrity protection mechanisms tenant-oriented duplication integrity chec-king scheme(TDIC).Different to the traditional approaches,in TDIC,the sampled element is the tenants' physical data tuples in universal table rather than the intersected data blocks of existing methods.Through periodically random sampling,TDIC reduces the complexity of service provider side verification object construction and eliminates the resource waste.Second,in order to set up tuples sample challenge-response model,we construct a new multi-tenants duplication authentication structure(TDAS).TDAS can ensure the isolation requirement of tenants by setting up separated duplication authentication tree for each tenant.And TDAS accommodates the tenant data dynamic update operation with duplication authentication tree adjustment.Third,we set up homomorphism label for each tuples of tenant duplication.With the help of homomorphism label and TDAS,TDIC achieves the third party verification to relieve the verification burden on tenant's client side.Finally,the analysis shows that if the tenant logical view has10000 data tuples and the damage rate is about 1%,the random sampling data number is about 5% of the total number of tuples.
出处
《南京大学学报(自然科学版)》
CAS
CSCD
北大核心
2016年第2期324-334,共11页
Journal of Nanjing University(Natural Science)
基金
国家自然青年科学基金(61303085
61303007)
山东省自然科学基金(ZR2013FQ014)
山东省科技发展计划(2014GGX101047)
山东省优秀中青年科学家科研奖励基金(BS2013DX044)
山东省软件工程重点实验室开放课题(2013SE02)
山东省高等学校科技计划(J15LN24)