Research On Key Techniques Of Sensitive Data Security In Open Environment

With the rapid development of information and communication technology, the size andcomplexity of sensitive data that shared, stored and managed in open network is now growingwith the index grade, and the sensitive degree arrives at an unprecedented level. The sensitive datais closely related with national infrastructure services, such as food, water, power supply, financetransaction, transportation, health, emergency, even defense military etc. So interconnection andintercommunication of the open environment set higher requirements for security of sensitive data.Guaranteeing security of sensitive data in open environment is one of fundamental functionsto deliver sensitive data sharing service. This thesis is intended to contribute on this issue, andmainly involves the following hot issues.Research on Security Model for Sensitive DataBased on security characters and safety factors of threatening sensitive data in openenvironment, the threat model for sensitive data is proposed. The security policies to counter the threats are elaborated and the countering model for sensitive data is also given.Research on Heuristic Credential Chains in Role-based Trust ManagementCredential chain search, as a central problem and a key technique in TM and ATN, hasbeen studied extensively in recent years. However, the existing credential chain searchmethods are inadequate because they have high time and space complexity, and often searchmuch more credentials when find(or fail to) a credential chain. In this thesis, we propose anovel heuristic role-based credential chain search method, which use heuristic informationimplied in role-based trust graph to speed chain search. Comparing our heuristic algorithmwith the non-heuristic algorithm, the worst-case time complexity drops from O(N³) to O(N^2*logN), and the worst-case space complexity drops from O(N^*M) to O(M). Deliberategeneration of experimental data and extensive experiments confirm that the heuristiccredential chain search method can much reduce searching space obviously.Research on Role-based Overlay for Fast Trust Delegation in P2P NetworksAlmost all existing algorithms, addressing the credential chain search problem, assume thatall the potentially relevant credentials stored in one place and that they do not consider how togather them. The assumption that all credentials are stored in one place is at odds with thedistribution tenet of trust management. Based on above research on heuristic credential chainsin role-based trust management, we present a novel role-based overlay for fast trust delegationin P2P networks, which has well solved the fast search for role-based credential chains whencredentials distributed in different place. First, the design of Role-Based Credential OverlayNetwork (RBCON) is given. Second, based on famous Chord protocol, the algorithms ofRBCON's generation, RBCON's stabilization, and peers departure are presented. Third,efficient search for credential chains based on RBCON is also introduced. We tested theperformance of RBCON against centralized topology network and decentralized unstructuredtopology network through extensive experiments. The results highlight that the role-basedoverlay has storage balance, less lookup numbers and network load, high availability whensearching credential chains. Research on adaptive data publish solution with personalized privacy protectionPrivacy preservation is a serious concern in publication of personal data. However, theexisting methods lack research on adaptive framework of data publish with privacy and onlyfocus on a universal approach that exerts the same amount of preservation for all persons,without catering for their concrete needs. The consequence is that we may be offeringinsufficient protection to a subset of people, while applying excessive privacy control toanother subset. Motivated by this, we present a new adaptive framework for data publish withpersonalized privacy protection. First, based on the concept of personalized anonymity, aframework of adaptive data publish with personalized privacy protection is presented. Second,the general model for personalized privacy protection is formalized. Based on the study of theway that adversaries infer the sensitive information from published data, the formulas tocalculate the breach probability and information loss are given, on which the algorithm forproducing published data satisfied personalized privacy protection is also introduced. Thesolutions for information state evaluation, grade mapping mechanism, and personalizedprivacy policy management are proposed as well. We test the algorithm for publishing datawith personalized privacy protection against k-anonymity,l-diversity, and multidimensionalk-anonymity. The experiment results show that our method fully prevents privacy intrusioneven in scenarios where the existing approaches fail, and results in our published data thatpermit accurate aggregate analysis.Research on Watermarking Tree-structure Data and Relational DataWith the rapid development of lnternet, the requirement of copyright and integrityprotection over tree-structure data and relational data, such as XML documents and complexhypertext content, is becoming more and more urgent. There is a rich body of literature onwatermarking multimedia data. However, it is more challenging to apply the effectivewatermarking schemes into tree-structured data and relational data. Based on analysis anddiscussion of the characteristics of semi-structure/relational data and the correspondingwatermarking techniques, we propose new watermarks for tree-structure data and relationaldata respectively. First, in this thesis, a novel watermark scheme for tree-structured data basedon the value lying both in the tree structure and in the node content is proposed, which gives acomprehensive protection for both node content and structure of tree. Second, a generalizedand adaptive relational data watermarking framework (GARWM) is formalized and presented,and the properties of relational data in the semantics of watermarking, such as preservation oflogical relationship in usability preserving attack, discrimination in significance of theattributes, and local constraints/global metrics, to strengthen existing methods, is exploited.The algorithms for embedding and detecting watermark on tree-structure/rational data are alsointroduced. We show that our watermarking methods are resilient to many kinds of threats,and experiment results quantitatively demonstrate the robustness of our techniques.