Data Security Management Strategy In The Cloud

According to the definition of U.S. National Institute of Standards and Technology (NIST), the typical characteristics of cloud computing are on-demand services, flexible scalability, ubiquitous network access, virtual resource pool, measurable services. These characteristics express that the user can seamlessly and transparently access to network. Cloud computing based on its many advantages, is becoming one of the major technology trends of the future IT industry, but everything has two sides, cloud computing gives users the convenience along with the safety issues.In the public cloud computing environment, data security issues mainly focus on the following two aspects:(1) Under the cloud computing architecture, user data transparently story in the cloud, with the cloud service providers to ensure the security of user data by encrypting.(2) As a new non-invasive method of attack, side-channel attacks become a major threat to the cloud computing system.In this paper, security issues focus on cloud computing, especially for the two aspects of security issues, to carry out the defense to cloud non-authorized users, and disguised as normal using cloud services users who really are side-channel attackers.The research work is mainly focused on two aspects that distinguish non-authorized users and authorized users in the cloud, which will resist the potential attackers out of the door. Then through the rational design of effective attack defense strategy, making side-channel attackers who making use of normal means to use cloud services not to successfully achieve the purpose of stealing user data. This research work has focused on the following two aspects:(1) Proposing cloud security architecture based on GAP:To solve the data security issues from a public cloud environment, this paper proposes a new GAP based cloud security system, the system divide cloud computing center data into two categories, namely confidential data and publicly available data. They are stored in the different data center. The cloud fast computing center and cloud security computing center are connected by the security isolation gateway. The gatekeeper’s non-network protocol data ferry functions ensure the purity of cloud security computing center and the security of the data.(2) Proposing time-driven dual Cache updated security policy:To solve the problem of side-channel attack of shared cache in the cloud, this paper proposes the dual Cache configuration and updates strategy and Time-driven cache update strategy joint design. Double cache configuration and updates strategy is that each physical machine in the system is equipped with two sets of identical shared cache, each user reselect the working Cache according to their randomly selected function for each time period T. Time-driven cache update strategy is that the system randomly update the cache n times for each user within the time period T. Disrupt the information of Cache "hit" and "miss" from normal users to make side-channel information invalid and protect data in the cloud computing environment, so that users no longer have to worry about storage in the cloud data.