软件即服务模式下租户多副本数据存储完整性问题研究

南京大学学报(自然科学版) ›› 2016, Vol. 52 ›› Issue (2): 324–.

软件即服务模式下租户多副本数据存储完整性问题研究

李　琳¹，钱　进²，张永新¹*，丁艳辉³，孔兰菊²

出版日期:2016-03-27 发布日期:2016-03-27
作者简介: 1.山东师范大学数学科学学院，济南，250014；2.山东大学计算机科学与技术学院，济南，205101；3．山东师范大学信息科学与工程学院，济南，250014
基金资助:
基金项目：国家自然青年科学基金 (61303085，61303007)，山东省自然科学基金(ZR2013FQ014)，山东省科技发展计划(2014GGX101047)，山东省优秀中青年科学家科研奖励基金(BS2013DX044)，山东省软件工程重点实验室开放课题(2013SE02)，山东省高等学校科技计划(J15LN24)
收稿日期：2015－10－12
*通讯联系人，Email：waterzyx@hotmail.com

Research on multitenants duplicates storage integrity protection in software as a service

Li Lin¹，Qian Jin²，Zhang Yongxin¹*，Ding Yanhui³，Kong Lanju²

Online:2016-03-27 Published:2016-03-27
About author: 1.School of Mathematical Sciences，Shandong Normal University，Ji’nan，250014，China；2．School of Computer Science and Technology，Shandong University，Ji’nan，205101，China；3．School of Information Science and Engineering，Shandong Normal University，Ji’nan，250014，China

摘要/Abstract

摘要： 针对云中软件即服务(Software as a Service，SaaS)多租户共享存储模式下恶意服务提供商伪造、删除或篡改租户定制存储的数据副本数据问题，结合多租户数据共享存储特点以及租户间隐私与隔离需求，提出了面向租户的多副本完整性保护机制(Tenantoriented duplication integrity checking scheme，TDIC)．TDIC通过对租户副本元组进行周期性随机抽样的方式，来降低验证对象的生成代价．为适应租户数据的动态更新，建立面向租户多副本辅助验证结构(Tenant duplication authentication structure，TDAS)，TDAS可以将每个数据节点上不同租户的副本验证信息隔离，保证租户副本验证过程的隔离性．结合租户元组的同态标签与TDAS，TDIC可以在不泄露租户数据内容的前提下，委托可信第三方对租户副本进行抽样检查．分析表明，如果租户逻辑视图中包含一万个数据元组时，在元组破坏率为1%的情况下发现数据被破坏的随机抽样数目最大约为元组总数的5%，相对全部验证的方法有效降低了系统资源消耗．

Abstract: Software as a Service(SaaS) is one important software delivery model in cloud computing and provides the elastic extension，relatively inexpensive storage and computing resources for tenants.However，untrustworthy service providers may malicious tamper，forge or delete tenant data without tenants’ authorization.The purpose of this work is to provide a multitenant data duplication integrity protection scheme for SaaS multitenant shared storage.First，we present a sample based tenant integrity protection mechanisms tenantoriented duplication integrity checking scheme(TDIC)．Different to the traditional approaches，in TDIC，the sampled element is the tenants’ physical data tuples in universal table rather than the intersected data blocks of existing methods.Through periodically random sampling，TDIC reduces the complexity of service provider side verification object construction and eliminates the resource waste.Second，in order to set up tuples sample challengeresponse model，we construct a new multitenants duplication authentication structure(TDAS)．TDAS can ensure the isolation requirement of tenants by setting up separated duplication authentication tree for each tenant.And TDAS accommodates the tenant data dynamic update operation with duplication authentication tree adjustment.Third，we set up homomorphism label for each tuples of tenant duplication.With the help of homomorphism label and TDAS，TDIC achieves the third party verification to relieve the verification burden on tenant’s client side.Finally，the analysis shows that if the tenant logical view has 10000 data tuples and the damage rate is about 1%，the random sampling data number is about 5% of the total number of tuples.

李　琳¹，钱　进²，张永新¹*，丁艳辉³，孔兰菊². 软件即服务模式下租户多副本数据存储完整性问题研究[J]. 南京大学学报(自然科学版), 2016, 52(2): 324–.

Li Lin¹，Qian Jin²，Zhang Yongxin¹*，Ding Yanhui³，Kong Lanju². Research on multitenants duplicates storage integrity protection in software as a service[J]. Journal of Nanjing University(Natural Sciences), 2016, 52(2): 324–.

参考文献

[1]　Aulbach S，Grust T，Jacobs D，et al.Multitenant databases for Software as a Service：Schemamapping techniques.In：Proceedings of the ACM SIGMOD International Conference on Management of Data.Canada：SIGMOD Conference，2008，1195－1206.
[2] Aulbach S，Jacobs D，Kemper A，et al.A comparison of flexible schemas for software as a service.In：Proceedings of the ACM SIGMOD International Conference on Management of Data.Rhode Island：SIGMOD Conference，2009，881－888.
[3] 孔兰菊，李庆忠，桑成良．面向SaaS应用基于键值对模式的多租户索引研究．计算机学报，2010，12(3)：2239－2247.(Kong L J，Li Q Z，Sang C L．Research on index of multitenant based on keyvalues for SaaS application.Chinese Journal of Computers，2010，12(3)：2239－2247.)
[4] Wang C，Wang Q，Ren K，et al.Ensuring data storage security in cloud computing.In：The 17th International Workshop on Quality of Service.Charleston：IEEE Press，2009，1－9.
[5] 王一蕾，吴英杰，孙　岚．隐私保护关系型数据发布的多维划分动态规划算法．南京大学学报(自然科学)，2013，49(2)：258－267.(Wang Y L，Wu Y J，Sun L．A dynamic programming algorithm based on multidimensional partitioning for privacy preserving relational data publishing.Journal of Nanjing University(Natural Sciences)，2013，49(2)：258－267.)
[6] Liu H，Zhang P，Liu J．Public data integrity verification for secure cloud storage.Journal of Networks，2013，8(2)：373－380.
[7] 卞　磊，刘　超，金茂忠．一种面向审查的过程内数据流异常自动检测方法．南京大学学报(自然科学)，2010，46(1)：71－76.(Bian L，Liu C，Jin M Z．A method for intraprocedural data flow anomaly autodetection facing to inspection.Journal of Nanjing University(Natural Sciences)，2010，46(1)：71－76.)
[8] Li L，Li Q，Kong L，et al.Tenantoriented composite authentication tree for data integrity protection in SaaS.In：The 15th International Conference on WebAge Information Management.Macau：Lecture Notes in Computer Science 8485，2014，402－414.
[9] Zhang L，Li Q，Shi Y，et al.An integrity verification scheme for multiple replicas in clouds.In：The 2012 International Conference on Web Information Systems and Mining.Chengdu：Lecture Notes in Computer Science 7529，Springer，2012，264－274.
[10] 咸鹤群，冯登国．外包数据库中完整性检测方案．计算机研究与发展，2010，47(6)：1107－1115.(Xian H Q，Feng D G．An integrity checking scheme in outsourced database model.Journal of Computer Research & Development，2010，47(6)：1107－1115.)
[11] Wang Q，Wang C，Li J，et al.Enabling public verifiability and data dynamics for storage security in cloud computing.In：The 14th European Symposium on Research in Computer Security.SaintMalo：Lecture Notes in Computer Science 5789，Springer，2009，355－370.
[12] Dan Boneh，Gentry C，Lynn B，et al.A survey of two signature aggregation techniques.Cryptogamie Bryologie，2003，6(2)：1－10.
[13] Barsoum A F，Hasan M A．On verifying dynamic multiple data copies over cloud servers.Cryptology ePrint Archive，Report，2011，447.
[14] Bowers K D，Juels A，Oprea A．HAIL：A highavailability and integrity layer for cloud storage.In：Proceedings of the 2009 ACM Conference on Computer and Communications Security.Chicago：ACM，2009，187－198.
[15] Juels A，Burton S，Kaliski Jr.PORs：Proofs of retrievability for large files.In：Proceedings of the 14th ACM Conference on Computer and communications security.Alexandria：ACM，2007，584－597.
[16] Curtmola R，Khan O，Burns R C，et al.MRPDP：Multiplereplica provable data possession.In：The 28th International Conference on Distributed Computing Systems.，Beijing：IEEE Press，2008，411－420.
[17] Xiao D，Yang Y，Yao W，et al.multiplefile remote data checking for cloud storage.Computers & Security，2012，31(2)：192－205.
[18] Halevi S，Harnik D，Pinkas B，et al.Proofs of ownership in remote storage systems.In：Proceedings of the 18th ACM Conference on Computer and Communications Security.Chicago：ACM，2011，491－500.
[19] Zheng Q，Xu S．Secure and efficient proof of storage with deduplication.In：Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy(CODASPY’12)．New York：ACM，2012，1－12.
[20] Thakur Anandita S，Gupta P K，Gupta P．handling data integrity issue in SaaS cloud.In：Proceedings of the 3rd International Conference on Frontiers of Intelligent Computing：Theory and Applications(FICTA)2014Volume 2.India：Advances in Intelligent Systems and Computing 328，Springer，2015，127－134.

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed