| Cloud computing is a hot topic in recent years, it rise the revolution of the service mode of the IT industry. More and more organizations and individuals are moving their business to the cloud, including their private data and software. While the rapid development of cloud computing, its own security issues have become increasingly prominent, security is an important factor restricting its development. Multi-tenancy and virtualization is the two key technologies of cloud computing, and however, also the main reasons for cloud computing facing many security problems. Facing the new problems which caused by multi-tenant and virtualization, we focus on the basis of existing research work, and carried out the research of data security storage technology in cloud environment, the main contents are as follows:(1) The traditional way to separate different users’ data in storage is putting them in different physical node, but in the cloud computing environment, storage cluster with a large number of users sharing data storage, only by isolating the logic to distinguish the data, once the server is compromised, it will cause very serious privacy leak. In order to maximize the protection of user data privacy without compromising the efficiency of database processing, this paper proposes an active privacy protection of data management mechanism. A active privacy preserving data partitioning method is proposed in this paper: first of all, mining frequent items based on transaction of database, find related attribute set, minimum the subset partition distributed transaction; put forward the concept of attribute information entropy, property of high attribute information entropy were active protection, then division the data in vertical in accordance with the tenants privacy constraints and active protection strategy; finally the divided data stored in columns to the database. Experiments show that the proposed algorithm can partition the attributes more fine-grained, and effectively protect the sensitive information in the data.(2) Traditional access control technologies are used for controlling the request through a static policy rules, however, with the cloud dynamic business environment changes, especially the security and integrity of the main changes in resource access environment, it will secure access control system security risk, the static access control can not properly respond to this threat. To address this problem, we propose a dynamic access control model for the data request, adding risk assessment, from the perspective of an access request from the subject property, resources, property and the environment are given a set of three properties evaluation index, combined with fuzzy set and information entropy to quantify the risk, finally, based on XACML we given an implementation model. We test the validity of the model that it can protect the system and resource effectively.(3) The two algorithm is applied to the cloud storage platform of our laboratory, and system testing shows that the algorithm can achieve the desired effect. |
PDF Full Text Request