Research On Multi-Tenant Data Integrity Protection Mechanism In Cloud Computing

Software as a Service, i.e. SaaS, is one important service delivery model in cloud computing. In SaaS, service providers take charge of software maintenance, management and upgrade, while tenants subscribe the software service through web and don’t care the implementation detail. Single instance multi-tenancy is the common way adopted by the service providers, by which one instance could serve multiple tenants. For many small and medium enterprises, SaaS is the best way to adopt advanced technologies.In multi-tenancy applications, tenants’ data are stored and processed at the platform of un-trustworthy service providers. The tenant’s ability of controlling their own data has been greatly weakened. An-trustworthy service providers may malicious tampering, forgery or delete tenant data without tenants’ authorization. How to prevent untrusted cloud service provider from violating tenant data integrity is an important issue that needs to be solved in SaaS.For the multi-tenant application characteristics with on-demand customization, shared storage and multiple data node in the cloud, there are a series of new requirements of multi-tenant application oriented data integrity protection.(1)Tenant-oriented data integrity verification structure requirement. In SaaS mode, thousands of tenants share the physical data table. For this case, traditional integrity protection methods such as MHT lack the ability of recognition tenants, it is hard for them to distinguish tenant data in their structures. During the verification phase, they can’t meet the requirements of tenant data isolation.(2) Timely detection of tenant data integrity. As tenants’ data and application are hosted on the remote service provider side and the tenant’s control force of their own data is greatly reduced, tenants are more and more nervous for their data integrity problems. So the tenants need to be able to confirm that not only the data used on-the-fly bualso the low frequency used data is right perfect.(3)Reliable tenant storage needs. In SaaS mode, tenants can customize multiple duplicates and pay for use. So the tenants need to be able to confirm whether service providers reliably store their duplicates. However, plain-text data duplicates is vulnerable to conspired attacks of the service provider malicious employees, in which multiple data nodes share a single copy of tenant data. Conspired attack makes serious damage to tenants’ data and reduces data access efficiency and reliability. Therefore, we need to adopt the confusion strategy to make storage duplicates showing different with each other.This paper aims at tenant data integrity protection in multi-tenant application mode combines with multi-tenant shared storage, multiple data nodesand tenant customization to reaearch the key problems of data integrity protection in multi-tenant application. The main contributions include:(1) Puts forward the Multi-tenant Authentication Structure (MTAS). MTAS provides data integrity assurance for multi-tenant data. By separating indexes with authentication structures, MTAS preserves tenants’isolation and customization characteristics. And we propose a new authentication structure PUA tree (Pivot and Universal table Authentication tree) which composite separate authentication trees built for pivot table and universal table into a single tree based on the characteristic of pivot-universal storage model. So we can get the VO corresponding to queries data in pivot table and universal table in one PUA tree travel. PUA tree saves about30%hash computing at VO verification. Also, PUA tree can handle dynamic structure adjustments for tenant data update operations, such as data insertion, deletion and modification.(2) Presents a sample based tenant integrity protection mechanisms TDIC (Tenant-oriented Duplication Integrity Checking Scheme) for the balance tetween tenant duplicate integrity protection with the system performance. Through periodically random sampling, TDIC reduces the complexity of service provider side verification object construction and eliminate the resource waste. TDIC makes use of homomorphism labels with auxiliary authentication structure to allow trusted third party verification without disclosing tenant data. Analysis and the experimental results show that if the tenant contained in the logical view10000data tuples and the damage rate is1%, the random sampling data number is about5%of the total number of tuples.(3) Promotes the tenant duplicates data obfuscation model (TD2O) based on linear hidden to resist service provider malicious insders’ conspired attack. TD2O makes storage duplicates showing different with each other to ensure tenant duplicates integrity of untrusted service provider deleting the whole copy of tenant data. Based on Monte Carlo random monotone function, promotes an extended TD2O model with query keyword ordering strategy to improve the query efficiency of obfuscation duplicates. Experiment results show that the extended TD2O model has better query performance on the order preserving keyword.