Remote data auditing becomes critical to ensure the storage reliability in distributed cloud storage.Recently,Le et al proposed an efficient private data auditing scheme NC-Audit designed for regenerating codes,which ...Remote data auditing becomes critical to ensure the storage reliability in distributed cloud storage.Recently,Le et al proposed an efficient private data auditing scheme NC-Audit designed for regenerating codes,which claimed that NC-Audit can effectively realize privacy-preserving data auditing for distributed storage systems.However,our analysis shows that NC-Audit is not secure for that the adversarial cloud can forge some illegal blocks to cheat the auditor successfully with a high probability even without storing the user’s whole data,when the coding field is large enough.展开更多
With the arrival of the era of big data,the audit thinking mode has been promoted to change.Under the influence of big data,audit will become an activity of continuous behavio Through cloud data,the staff can control ...With the arrival of the era of big data,the audit thinking mode has been promoted to change.Under the influence of big data,audit will become an activity of continuous behavio Through cloud data,the staff can control the operation status and risk assessment of the whole enterprise,timely analyze,control and respond to risks,and protect the enterprise to reduce risks.With the advent of the era of big data,audit data analysis is becoming more and more important.At the same time,a large amount of data analysis also brings challenges to auditors.Methods to deal and solve the challenges has become an urgent problem to be solved at present.This paper mainly studies the challenges and countermeasures brought by the changes of audit approaches and methods to audit data analysis under the background of big data,so as to continuously innovate and practice the improvement of audit technology and promote the healthy and rapid development of social economy.展开更多
现有区块链内容监管方案均采用事后治理方式,缺乏事前审计,且存在签名失效和多版本区块验证效率低的问题。针对这些问题,首先,设计了一种可动态调整可追责的数据审计方法,实现了对区块链交易数据的事前审计;其次,设计了一种编辑可控的...现有区块链内容监管方案均采用事后治理方式,缺乏事前审计,且存在签名失效和多版本区块验证效率低的问题。针对这些问题,首先,设计了一种可动态调整可追责的数据审计方法,实现了对区块链交易数据的事前审计;其次,设计了一种编辑可控的数字签名方案RCDSS(redaction-controlled digital signature scheme),解决了因编辑操作造成的签名失效问题;最后,设计了一种区块链数据一致性验证协议,实现了对查询结果的高效验证。安全分析和性能测试结果表明了其安全性和有效性。该方案在实现监管可控的情况下,仍然保持了较高的区块生成和验证效率,为区块链内容监管提供了一种新的解决思路。展开更多
The user control over the life cycle of data is of an extreme importance in clouds in order to determine whether the service provider adheres to the client’s pre-specified needs in the contract between them or n...The user control over the life cycle of data is of an extreme importance in clouds in order to determine whether the service provider adheres to the client’s pre-specified needs in the contract between them or not, significant clients concerns raise on some aspects like social, location and the laws to which the data are subject to. The problem is even magnified more with the lack of transparency by Cloud Service Providers (CSPs). Auditing and compliance enforcement introduce different set of challenges in cloud computing that are not yet resolved. In this paper, a conducted questionnaire showed that the data owners have real concerns about not just the secrecy and integrity of their data in cloud environment, but also for spatial, temporal, and legal issues related to their data especially for sensitive or personal data. The questionnaire results show the importance for the data owners to address mainly three major issues: Their ability to continue the work, the secrecy and integrity of their data, and the spatial, legal, temporal constraints related to their data. Although a good volume of work was dedicated for auditing in the literature, only little work was dedicated to the fulfillment of the contractual obligations of the CSPs. The paper contributes to knowledge by proposing an extension to the auditing models to include the fulfillment of contractual obligations aspects beside the important aspects of secrecy and integrity of client’s data.展开更多
基金Supported by the National Natural Science Foundation of China(61872088)the Science and Technology Plan Project of Xi’an(2020KJWL02,2017CGWL35)the China National Study Abroad Fund。
文摘Remote data auditing becomes critical to ensure the storage reliability in distributed cloud storage.Recently,Le et al proposed an efficient private data auditing scheme NC-Audit designed for regenerating codes,which claimed that NC-Audit can effectively realize privacy-preserving data auditing for distributed storage systems.However,our analysis shows that NC-Audit is not secure for that the adversarial cloud can forge some illegal blocks to cheat the auditor successfully with a high probability even without storing the user’s whole data,when the coding field is large enough.
基金Key Major of Audit Science in quality Engineering Project of Private Universities in 2020(Grant No.:HS2020ZLGC06)Supervisor System Research Project of Huashang College of Guangdong University of Finance and Economics in 2018(Grant No.:2018HSDS03)University Quality Engineering of Huashang College in 2021(Grant No.:HS2021ZLGC19)。
文摘With the arrival of the era of big data,the audit thinking mode has been promoted to change.Under the influence of big data,audit will become an activity of continuous behavio Through cloud data,the staff can control the operation status and risk assessment of the whole enterprise,timely analyze,control and respond to risks,and protect the enterprise to reduce risks.With the advent of the era of big data,audit data analysis is becoming more and more important.At the same time,a large amount of data analysis also brings challenges to auditors.Methods to deal and solve the challenges has become an urgent problem to be solved at present.This paper mainly studies the challenges and countermeasures brought by the changes of audit approaches and methods to audit data analysis under the background of big data,so as to continuously innovate and practice the improvement of audit technology and promote the healthy and rapid development of social economy.
文摘现有区块链内容监管方案均采用事后治理方式,缺乏事前审计,且存在签名失效和多版本区块验证效率低的问题。针对这些问题,首先,设计了一种可动态调整可追责的数据审计方法,实现了对区块链交易数据的事前审计;其次,设计了一种编辑可控的数字签名方案RCDSS(redaction-controlled digital signature scheme),解决了因编辑操作造成的签名失效问题;最后,设计了一种区块链数据一致性验证协议,实现了对查询结果的高效验证。安全分析和性能测试结果表明了其安全性和有效性。该方案在实现监管可控的情况下,仍然保持了较高的区块生成和验证效率,为区块链内容监管提供了一种新的解决思路。
文摘The user control over the life cycle of data is of an extreme importance in clouds in order to determine whether the service provider adheres to the client’s pre-specified needs in the contract between them or not, significant clients concerns raise on some aspects like social, location and the laws to which the data are subject to. The problem is even magnified more with the lack of transparency by Cloud Service Providers (CSPs). Auditing and compliance enforcement introduce different set of challenges in cloud computing that are not yet resolved. In this paper, a conducted questionnaire showed that the data owners have real concerns about not just the secrecy and integrity of their data in cloud environment, but also for spatial, temporal, and legal issues related to their data especially for sensitive or personal data. The questionnaire results show the importance for the data owners to address mainly three major issues: Their ability to continue the work, the secrecy and integrity of their data, and the spatial, legal, temporal constraints related to their data. Although a good volume of work was dedicated for auditing in the literature, only little work was dedicated to the fulfillment of the contractual obligations of the CSPs. The paper contributes to knowledge by proposing an extension to the auditing models to include the fulfillment of contractual obligations aspects beside the important aspects of secrecy and integrity of client’s data.