Cloud Data Security Protection System Based On Transparent Encryption And Decryption

With the evolution of computing model, Cloud Computing expands rapidly in various industries because of its support for large-scale data computing, resource pools sharing and management on demand. However, it brings about not only convenience and efficiency problems, but also great challenges in the field of data security and privacy protection. Currently, security has been regarded as one of the greatest problems in the development of Cloud Computing.For the users of public cloud services, the most important issue is whether their private data has been protected effectively. In the Cloud Computing environment, because the owner and manager of the data are separated, users can’t make sure whether their data is protected well or the data is illegally acquired by the Cloud service providers. As cloud service providers have access to data, it is difficult to guarantee the confidentiality and integrity of data. Considering the requirements of real-time and privacy when using cloud data, this thesis uses the transparent data encryption (TDE) methods to protect user data security. For the needs of timeliness and confidentiality, the file filter driver and encryption file system techniques are used to implement the transparent data encryption in Windows and Linux. This thesis also extends Glance, which is the image service, in the cloud management platform OpenStack. The research works of this thesis are as follows:1. The file transparent encryption which is based on file filter driver is analyzed, and the transparent data encryption on Windows which is based on Minifilter file filter driver is proposed. The system supports a variety of individual configuration to meet user demand for the actual work.2. An encryption file system (EFS) based on stackable file system is designed. EFS can automatically encrypts and decrypts files and directories in the system so as to protect cloud data security. The system also supports a variety of encryption algorithms to ensure the security.3. Based on the above research, a common cloud environment using OpenStack is designed. Its image management module is extended, which provides transparent encryption and decryption function for images. Cloud data security protection system is designed and implemented.In conclusion, an integrated solution for cloud data security protection is proposed in this thesis. Transparent data encryption is used to ensure the real-time usage of cloud data. The file filter driver and encryption file system techniques are used to implement transparent data encryption in Windows and Linux. Glance -the image service in OpenStack is extended. Finally, a prototype system is implemented and tested.