The Research And Realization Of Dynamic Data Security Mechanism Based On DIFC Model

The industrial application of cloud computing speed up the pace of global Internet. While in this process, the security concern of cloud computing has always been a bottleneck restricting the development of its own. The core of cloud computing security is cloud computing data security. The research of cloud data security focuses on the study of static data security, while researches on the dynamic data security during the period of cloud service provide are still not much in the domestic. As the increasing of cloud applications,the higher liquidity and sharing of cloud data tell us a message that it is important and meaningful to study dynamic data protection in the cloud environment. This paper focuses on the protection of dynamic data in cloud computing and corresponding solutions, and raises the resolution. This paper devises the cloud dynamic data protection model based on DIFC and makes detailed security analysis and implementation validation for the model.The specific contents as follows:Firstly, this paper makes analysis for current security concerns of cloud computing and corresponding resolutions The core of cloud computing security is cloud data security.Based on the analysis, the two outstanding problems that users lose control of their private data directly in renting service mode of cloud environment and that the needs for data protection between tenants in single instance multi-tenant patterns are the focus of this paper.Secondly, this paper raises the cloud dynamic data protection model based on DIFC, and finds that decentralized information flow control(DIFC) model can be applied to the protection of cloud dynamic data with its fine-grained data tracking advantage. Especially,the capability that DIFC model allows owners to design security policies for their data can be used to resolve the problem that users do not trust the security of cloud products when they order the cloud services. On this basis, this paper devises the cloud dynamic data protection model based on DIFC. The model makes security policies for data by sticking labels to data. The model can solve the uncontrolled problem of data which are stored in cloud platform and the problem of data leaking between tenants who share one cloud resources by distinguishing user data with different labels. The analysis show that the model designed by this paper can satisfy the requirements to data privacy and integrity.After that, this paper designs a scheme about Saa S cloud dynamic data protection based on DIFC model. This scheme takes a phone packet statistics Saa S application as an example,protecting user private data by adding DIFC label checking model to monitor the behavior of program that manipulate user data. The scheme can also prevent data leaking between tenants who share the same cloud resources.Finally, this paper programs a simple multithreading application to valid the cloud dynamic data protection model provided by this paper. The results of validation show that the model can prevent data from being leaked between tenants sharing the same instance and being leaked out by cloud programs.