Font Size: a A A

Research On Dynamic Privacy Protection Mechanism For SaaS

Posted on:2017-03-09Degree:MasterType:Thesis
Country:ChinaCandidate:H L ZhangFull Text:PDF
GTID:2308330488453140Subject:Computer Science and Technology
Abstract/Summary:PDF Full Text Request
With the rapid development of cloud computing, SaaS with multi-tenant model has been adopted by more and more enterprises and service providers because of its low cost, scale benefit business model and single-instance, on-demand software delivery characteristics. In SaaS application, as long as tenants like, all the private data that can be stored on the local machine also can be stored in the cloud, such as health records, financial information, etc. However, because tenants’data is stored in the cloud, tenants will lose the control of their data privacy. Moreover, tenants’privacy information in the cloud faces a great risk of being leaked by service providers.To solve the problem of privacy leakage in SaaS application, we have proposed a privacy protection method which is based on vertical segmentation of data in our previous research work. According to tenants’different privacy constraints, we partition the attributes which will not violate the privacy constraints and have a higher degree of association into the same chunk and then confuse the relationship between the chunks. This method greatly improves the operating efficiency of the private data while ensuring the privacy of tenants. In addition, it also can reconstruct the original logical structure of privacy data based on the relationship between different chunks, avoiding the data distortion caused by privacy preserving.However, in the mentioned research above, we have not considered the problem of privacy data placement and the privacy leakage problem caused by business operations of tenants.Privacy data placement exists the following issues:(1) Diverse tenant partition strategies cause that different tenants use different data schemas to store their privacy data of the same logical relationship. With the increasing of the number of tenants, the number of database tables will gradually expand, which seriously affect the database performance; (2) The placement strategy of data chunks has an important impact on the level of privacy protection and application performance, the more dispersed the chunks are placed, the higher the degree of privacy protection will be, on the other hand, it will also reduce application performance, and vice versa. Hence, how to place the chunks of high relation degree into the same node becomes the critical to private data placement problem.Business operations of privacy data exists the following issues:(1)As the SaaS applications continue to run, the insertion, deletion, modification and other business operations of the tenant data can affect the distribution of the underlying data storage, making the relationships between the chunks in a significant risk of leakage due to the uneven data distribution;(2)The attacker can still analyze a part of private information by the operation log of every chunk and the status of the corresponding data in the local time.Therefore, to solve the above-mentioned problems of privacy protection in SaaS applications, this thesis discuss the following two aspects:1. For the issues of privacy data placement, this thesis proposes a two-stage data placement strategy. In the first stage, we detect existed tenants’data placement strategies and match the new tenant to suitable data schema to improve the degree of data schema sharing and reduce the number of private database tables. In the second stage, we consider the relation degree of chunks, node load, SLA of tenants and other factors to place the tenants failed to match in the first stage by using the greedy algorithm. As a result, the chunks with higher relation degree are placed in the same node and the balance between data nodes are also been guaranteed.2. For the issues of privacy leakage in dynamic environment, this thesis proposes a dynamic data privacy mechanism based on vertical segmentation of data. For insertion and modification operations, we propose column attribute extension mechanism and use column attribute extended tables to store the newly generated private data. The column attribute extended tables achieve the effective protection of the data.by adding interfering attributes. For deletion operations, we put forward the concept of key chunks and prevent the attacker stealing information through deletion trace by retaining key chunks. For the problem of fake data, horizontal groups merge mechanism is put forward to reduce the cost of computing and storing.Through the above research, this thesis implements a reasonable place for privacy data and the protection of tenants’privacy information in business operations. The relevant experiments verify the feasibility and effectiveness of the algorithm.
Keywords/Search Tags:SaaS application, privacy protection, data partition, data placement, dynamic adjustment
PDF Full Text Request
Related items