Studies On Trusted Secure Data Services Under Cloud Environment

With the acceleration of information technology and the development of communication technology, the explosive growth of information services industry is dramatic over internet. Massively data services are exponentially rising in various application areas. Facing the problems of data increasing, low-cost, high-performance and high-capacity become the key requirements of data services, shifting to cloud services mode is imperative. However, after handing over data services to cloud service provider, services data store in uncontrolled cloud areas, its security has become the primary concern. Thus, researching on the security of data services in cloud is important and significant.By analyzing and summarizing the security situation, this paper, from the perspective of protecting services data under cloud environment, conducts researches from the "Trust" and "Security" for data services in cloud, and gets the following research results.(1) This paper analyzes the security requirements of data services and studies the existed data protection scheme and mechanism. Combining the cloud service characteristics and data services process, a secure solutions for data service in cloud needs to meet the requirements:re-encryption method under trusted cloud service providers. According to this relationship between trust and security, a novel trusted-security framework for Cloud data service is put forward. This framework considers "trust" and "security" as an organic whole, providing a guarantee for data services in cloud.(2) By analyzing the secure influence of re-encryption in cloud data services, studying the existing collusion attack and tampering attack in re-encryption scheme, an applicable to cloud environment data service scheme based on re-encryption is proposed under trust assumption. This scheme studies the re-encryption framework, and designs the security model for re-encryption framework to find the conditions of resisting collusion attack. Putting classical cryptographic algorithm into re-encryption framework, we analyze the constraints for secure re-encryption algorithm, which provides protection for the cloud data. Also, this scheme includes a data services security protocol, which can resist tamper attack. It records the cloud service provider's malicious behavior through data validation process, which can be treated as a feedback of credible evidence for the verification of trust assumption premise.(3) A trust evaluation scheme in cloud environment is proposed to quantify the trust status of cloud service providers, it offers a way to verify trust assumption premise in re-encryption solution. By summarizing the objective evaluation indexes, combining with the evidence from IRCP, a subjective-objective trust evaluation model is proposed, which transforms the trust status of cloud service provider into the comprehensive evaluation of cloud service provider's service facilities performance, service behavior and results. Base on the subjective-objective trust evaluation model, a trust time-effective model is designed by considering time factor. This model reflects the relationship between trust degree and timing, and describes the importance of historical time period and the trust value attenuation trend. It can be used to predict the cloud trust status when no data service interaction for a long time. The trust evaluation scheme not only offers a way to verify the premise of cloud trust assumption, but also provides scheduling optimization when cloud service provider involving unfamiliar service nodes.The trusted-security framework for Cloud data service, data service scheme based on re-encryption and trust evaluation scheme proposed by this paper can meet data service security requirements in cloud computing environment, which provide trust and security for the data service in cloud.