簡易檢索 / 詳目顯示

研究生: 傅詩凱
Fu, Shih-Kai
論文名稱: 雲端資料庫之行為違反證明技術
Proof of Violation for Trust and Accountability of Cloud Database Systems
指導教授: 黃冠寰
Hwang, Gwan-Hwan
學位類別: 碩士
Master
系所名稱: 資訊工程學系
Department of Computer Science and Information Engineering
論文出版年: 2015
畢業學年度: 103
語文別: 中文
論文頁數: 45
中文關鍵詞: 雲端資料庫雲端安全不可否認性證明違約
英文關鍵詞: Cloud database, cloud security, nonrepudiation, proof of violation
論文種類: 學術論文
相關次數: 點閱:193下載:19
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報
  • 雲端資料庫是一種執行在雲端運算平台上的資料庫,使用者不需要自己維護資料庫,由雲端服務提供者負責安裝、維護資料庫實體。服務提供者可能因為系統當機、錯誤的操作或是遭受嚴重的攻擊而造成我們重要的資料遺失或被更動導致給我們不一致的版本。某些雲端資料庫可以讓使用者透過Web interfacec或是API(Application programming interface)存取資料庫操作的日誌檔,但使用者無法使用日誌檔去證明服務提供者是否有違反Query Integrity與Transaction Serializability,因為這些日誌檔不是經由密碼學加密的證據。
    證明違約(Proof of Violation)協定使得使用者與服務提供者雙方留下一個珍貴的證據,用來證明服務提供者是否有違反他所保障的屬性。首先我們展現舊有的證明違約協定但它無法應用在我們的雲端資料庫系統上,我們提出一個新的證明違約協定雙重鏈結雜湊(Double Hashes)應用在雲端資料庫系統,除此之外舊有的稽核方法也不適用於SQL資料庫,我們設計一個新的稽核方法取代它。服務提供者藉由我們新的證明違約協定保障其服務階層協議內對於資料庫操作的承諾,因為證明違約協定的證據具有服務提供者與使用者雙方的不可否認性。

    A cloud database is a database that typically runs on a cloud computing platform which is not maintained by the user but a service provider. The service provider can leak confidential data, modify the data, or return inconsistent data to users due to bugs, crashes, operator errors, or even malicious security attacks. Some cloud database systems provide Web interface or application programming interface for clients to access logs of database transactions. However, these logs are not cryptography-based proofs. Clients cannot use these logs to prove whether a cloud service provider has violated some required properties such as query integrity and transaction serializability.
    A POV scheme enables a user or a service provider to produce a precise proof of either the occurrence of the violation of properties or the innocence of the service provider. In this thesis, we develop POV and auditing schemes for cloud database systems. We first show that previously developed POV schemes cannot be applied to cloud database systems directly. Then, we propose a new POV scheme called double hashes (DH). In addition, previously proposed auditing schemes also cannot be applied to perform auditing requirements of SQL database according to collected attestations. We design a new auditing scheme for cloud database systems. Service providers can use the proposed schemes to provide a mutual nonrepudiation guarantee for database transactions in their service-level agreements.

    摘 要 i ABSTRACT ii 誌 謝 iii 第一章 緒論 1 第一節 雲端資料庫的安全性研究 1 第二節 論文大綱 3 第二章 證明違約協定 4 第三章 證明違約協定應用於雲端資料庫 12 第一節 系統架構 12 第二節 產生的困難 13 第三節 改良證明違約協定 16 壹、 欄位值皆取雜湊儲存的Merkle Tree 16 貳、 欄位值以明文儲存的Merkle Tree 17 參、 欄位值以明文與雜湊混合的Merkle Tree 17 第四章 改良的證明違約協定應用於雲端資料庫實作 19 第一節 證據的產生 19 第二節 稽核 23 第五章 實驗成果 26 第一節 一般的資料庫 26 第二節 含有圖片或影音的資料庫 32 第三節 模擬存有圖片的醫療系統 36 第六章 相關研究探索 38 第七章 結論 42 參考著作 43

    [1] “Cloud database” http://en.wikipedia.org/wiki/Cloud_database
    [2] “SQL” http://en.wikipedia.org/wiki/SQL
    [3] “NoSQL” http://en.wikipedia.org/wiki/NoSQL
    [4] “Google Cloud SQL” https://cloud.google.com/sql/
    [5] “Amazon RDS for MySQL” http://aws.amazon.com/tw/rds/mysql/
    [6] “Amazon EC2” http://aws.amazon.com/ec2/?nc1=f_ls.
    [7] V. Mateljan, D. Cisic, and D. Ogrizovic, “Cloud database-as-a-service (daas) - roi,” in MIPRO, 2010 Proceedings of the 33rd International Convention, May, pp. 1185–1188.
    [8] “Survey:cloud computing ’no hype’, but fear of security and control slowing adoption.”
    [9] Hacigu ?mu ? ?s, H., Iyer, B., Li, C., Mehrotra, S., “Executing sql over encrypted data in the database-service-provider model,” in Proceedings of the 2002 ACM SIGMOD International Conference on Management of Data, SIGMOD 2002, pp. 216–227. ACM, New York (2002)
    [10] Popa, R.A., Redfield, C.M.S., Zeldovich, N., Balakrishnan, H., “CryptDB: protect- ing confidentiality with encrypted query processing,” in Proceedings of the Twenty- Third ACM Symposium on Operating Systems Principles, SOSP 2011, pp. 85–100. ACM, New York (2011)
    [11] Damiani, E., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P., “Metadata Management in Outsourced Encrypted Databases,” in Jonker, W., Petkovi ?c, M. (eds.) SDM 2005. LNCS, vol. 3674, pp. 16–32. Springer, Heidelberg (2005)
    [12] Luca Ferretti , Fabio Pierazzi, Michele Colajanni, Mirco Marchetti, “Security and Confidentality Solutions for Public Cloud Database Services,” in SECURWARE 2013, The Seventh International Conference on Emerging Security Information, Systems and Technologies, pp. 36–42. Barcelona, Spain(2013)
    [13] R. Ranchal, B. Bhargava, A. Kim, M. Kang, L. B. Othmane, L. Lilien, and M. Linderman, “Protection of Identity Information in Cloud Computing without Trusted Third Party,” Proc. 29th IEEE Intl. Symp. on Reliable Distributed Systems (SRDS 10), pp. 368–372, doi: 10.1109/SRDS.2010.57.
    [14] S. Kamara and K. Lauter, “Cryptographic cloud storage,” Financial Cryptography and Data Security, ser. Lecture Notes in Computer Science. Springer Berlin/Heidelberg, 2010, vol. 6054, pp. 136–149.
    [15] R. A. Popa and J. R. Lorch. “Enabling Security in Cloud Storage SLAs with CloudProof,” USENIX Annual Technical Conference (USENIX), 2011, pp. 31.
    [16] Gwan-Hwan Hwang, Jenn-Zjone Peng, and Wei-Sian Huang, “A Mutual Nonrepudiation Protocol for Cloud Storage with Interchangeable Accesses of a Single Account from Multiple Devices,” The 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-2013), Melbourne, Australia, 16-18 July.
    [17] Grant Shaw, BM, “A clinician's guide to digital X-ray systems” J R Soc Med August 2001 vol. 94 no. 8 391-395.
    [18] Hacigu ?mu ? ?s, H., Iyer, B., Mehrotra, S., “Providing database as a service,” in Proceed- ings of the 18th International Conference on Data Engineering, pp. 29–38 (2002)
    [19] Cattaneo, G., Catuogno, L., Sorbo, A.D., Persiano, P., “The design and imple- mentation of a transparent cryptographic file system for unix,” in Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, pp. 199–212. USENIX Association, Berkeley (2001)
    [20] Oracle corporation: Oracle advanced security (October 2012),
    http://www.oracle.com/technetwork/database/options/advanced-security
    [21] F. Li, M. Hadjieleftheriou, G. Kollios, and L. Reyzin, “Dynamic authenticated index structures for outsourced databases,” in Proceedings of the 2006 ACM SIGMOD international conference on Management of data, ser. SIGMOD ’06. New York, NY, USA: ACM, 2006, pp. 121–132.
    [22] M. Xie, H. Wang, J. Yin, and X. Meng, “Integrity auditing of outsourced data,” in Proceedings of the 33rd international conference on Very large data bases, ser. VLDB ’07. VLDB Endowment, 2007, pp. 782–793.
    [23] M. Xie, H. Wang, J. Yin, and Meng, “Providing freshness guarantees for outsourced databases,” in Proceedings of the 11th international conference on Extending database technology: Advances in database technology, ser. EDBT ’08. New York, NY, USA: ACM, 2008, pp. 323–332.
    [24] P. Ghazizadeh, R. Mukkamala S. Olariu, “Data Integrity Evaluation in Cloud Database-as-a-Service,” in Proceedings of IEEE Ninth World Congress on Services, 2013, pp. 280-285.

    下載圖示
    QR CODE