信息网络安全 ›› 2018, Vol. 18 ›› Issue (7): 60-68.doi: 10.3969/j.issn.1671-1122.2018.07.008

• • 上一篇    下一篇

面向云数据库的多租户属性基安全隔离与数据保护方案

董庆贺1,2, 何倩1,2(), 江炳城1,2, 刘鹏1,2   

  1. 1. 桂林电子科技大学广西密码学与信息安全重点实验室,广西桂林 541004
    2. 桂林电子科技大学广西云计算与大数据协同创新中心,广西桂林 541004
  • 收稿日期:2018-04-27 出版日期:2018-07-15 发布日期:2020-05-11
  • 作者简介:

    作者简介:董庆贺(1978—),女,河南,讲师,硕士,主要研究方向为网络智能、数据安全;何倩(1979—),男,湖南,教授,博士,主要研究方向为云服务、分布式计算、信息安全;江炳城(1990—),男,广东,硕士研究生,主要研究方向为云数据库、信息安全;刘鹏(1990—),男,河南,硕士研究生,主要研究方向为信息安全。

  • 基金资助:
    国家自然科学基金[61661015];认知无线电与信息处理教育部重点实验室基金[CRKL160101];广西云计算与大数据协同创新基金[YD16801,C77KYS02SX18];广西密码学与信息安全重点实验室基金[GCIS201701]

Scheme of Cloud Database Oriented Multi-tenant Attribute-based Security Isolation and Data Protection

Qinghe DONG1,2, Qian HE1,2(), Bingcheng JIANG1,2, Peng LIU1,2   

  1. 1. Guangxi Key Laboratory of Cryptography and Information Security, Guilin University of Electronic Technology, Guilin Guangxi 541004, China
    2. Guangxi Collaborative Innovation Center of Cloud Computing and Big Data, Guilin University of Electronic Technology, Guilin Guangxi 541004, China
  • Received:2018-04-27 Online:2018-07-15 Published:2020-05-11

摘要:

云数据库作为一种新兴的云计算应用,得到了广泛关注,而数据安全问题也成为云数据库进一步发展的难点。针对大型数据中心多租户云数据库的数据保护和业务QoS问题,文章提出了一种基于属性加密的多租户云数据库安全隔离和数据保护方案。首先,设计并实现了多租户云数据库管理系统,保证租户间的数据隔离;其次,提出了一个基于属性加密的中间件为租户数据进行加密和细粒度的权限控制,保证数据的安全性;最后,设计并实现了一套基于SDN网络架构的QoS系统,对云数据库服务的业务带宽进行保障。实验结果表明,文章设计的云数据库能够满足多租户的安全要求,当网络出现拥塞时,基于SDN的QoS系统可以保障加密数据库系统的业务带宽,确保租户的服务体验。

关键词: 多租户, 云数据库, 属性基加密, QoS, SDN

Abstract:

As a new cloud computing application, cloud database has been widely concerned, but data security has become the difficulty of further development of cloud database. Targeting the problem of data protection and QoS of muitl-tanant cloud database in large data center, a multi-tenant cloud database security isolation and data protection based on attribute based encryption scheme is proposed. Firstly, the multi-tenant cloud database management system is designed and implemented to guarantee the data isolation between tenants. Secondly, a middleware based on attribute based encryption is proposed to encrypt the tenant data to ensure the security of the data and realize the fine grainen rank control. Finally, a QoS system based on SDN is designed and implemented to ensure the service bandwidth of the cloud database service. The experimental results show that the proposed system can meet the security requirements of multi-tenant. When the network is congested, the QoS system can protect the business bandwidth of the encrypted database system and ensure the service experience of the tenant.

Key words: multi-tenant, cloud database, attribute-based encryption, QoS, SDN

中图分类号: