Scheme of Cloud Database Oriented Multi-tenant Attribute-based Security Isolation and Data Protection

doi:10.3969/j.issn.1671-1122.2018.07.008

Abstract

Abstract:

As a new cloud computing application, cloud database has been widely concerned, but data security has become the difficulty of further development of cloud database. Targeting the problem of data protection and QoS of muitl-tanant cloud database in large data center, a multi-tenant cloud database security isolation and data protection based on attribute based encryption scheme is proposed. Firstly, the multi-tenant cloud database management system is designed and implemented to guarantee the data isolation between tenants. Secondly, a middleware based on attribute based encryption is proposed to encrypt the tenant data to ensure the security of the data and realize the fine grainen rank control. Finally, a QoS system based on SDN is designed and implemented to ensure the service bandwidth of the cloud database service. The experimental results show that the proposed system can meet the security requirements of multi-tenant. When the network is congested, the QoS system can protect the business bandwidth of the encrypted database system and ensure the service experience of the tenant.

Key words: multi-tenant, cloud database, attribute-based encryption, QoS, SDN

CLC Number:

TP309

Qinghe DONG, Qian HE, Bingcheng JIANG, Peng LIU. Scheme of Cloud Database Oriented Multi-tenant Attribute-based Security Isolation and Data Protection[J]. Netinfo Security, 2018, 18(7): 60-68.

Figures/Tables 12

References 14

[1]	GUO Jiebin, LI Yunfa, ZHANG Dajun.Research on an Authentication Strategy for Data Security in Cloud Computing[J]. Netinfo Security, 2017, 17(3): 72-77.
	国杰彬,李运发,张大军. 云计算中面向数据安全的身份认证策略研究[J]. 信息网络安全,2017,17(3):72-77.
[2]	TIAN Hongliang, ZHANG Yong, LI Chao, et al.A Survey of Confidentiality Protection for Cloud Databases[J]. Chinese Journal of Computers, 2017, 40(10): 2245-2270.
	田洪亮,张勇,李超,等. 云环境下数据库机密性保护技术研究综述[J]. 计算机学报,2017,40(10):2245-2270.
[3]	TIAN Xiuxia, WANG Xiaoling, GAO Ming, et al.Database as a Service-security and Privacy Preserving[J]. Journal of Software, 2010, 21(5): 991-1006.
	田秀霞,王晓玲,高明,等. 数据库服务——安全与隐私保护[J]. 软件学报,2010,21(5):991-1006.
[4]	WANG Wei, WU Yuxiang, JIN Xin, et al.Data Security Storage Solutions for Public Cloud Platform Based on Trusted Third[J]. Netinfo Security, 2014, 14(2): 68-74.
	王威,吴羽翔,金鑫,等. 基于可信第三方的公有云平台的数据安全存储方案[J]. 信息网络安全,2014,14(2):68-74.
[5]	LIN Ziyu, LAI Yongxuan, LIN Chen, et al.Research on Cloud Databases[J]. Journal of Software, 2012, 34(5): 1148-1166.
	林子雨,赖永炫,林琛,等. 云数据库研究[J]. 软件学报,2012,34(5):1148-1166.
[6]	CHENG Sijia, ZHANG Changhong, PAN Shuaiqing.Design on Data Access Control Scheme for Cloud Storage Based on CP-ABE Algorithm[J]. Netinfo Security, 2016, 16(2): 1-6.
	程思嘉,张昌宏,潘帅卿,等. 基于CP-ABE算法的云存储数据访问控制方案设计[J]. 信息网络安全,2016,16(2):1-6.
[7]	SAHAI A, WATERS B.Fuzzy Identity-based Encryption[C]//Springer. 24th International Conference on Theory and Applications of Cryptographic Techniques, May 22-26, 2005, Aarhus, Denmark. Heidelberg: Springer, 2005: 457-473.
[8]	BETHENCOURT J, SAHAI A, WATERS B.Ciphertext-policy Attribute-based Encryption[C]//IEEE. 2007 IEEE Symposium on Security and Privacy, May 20-23, 2007, Berkeley, CA, USA. New Jersey: IEEE, 2007: 321-334.
[9]	GREEN M, HOHENBERGER S, WATERS B.Outsourcing the Decryption of ABE Ciphertexts[C]//ACM. 20th USENIX Conference on Security, August 8-12, 2011, San Francisco, CA, USA. New York: ACM, 2011: 34.
[10]	CAO Shaohua, ZHANG Xin.Research of Application-towards Bandwidth Guarantee in SDN Network[J]. Computer Engineering and Applications, 2016, 52(22): 127-132.
	曹绍华,张鑫. 面向业务的SDN网络带宽保障研究[J]. 计算机工程与应用,2016,52(22):127-132.
[11]	CAI Mengfei, HE Qian, CHENG Dongsheng, et al.Mobile Cloud Storage-oriented Attribute Based Decryption Service Middleware[J]. Journal of Computer Applications, 2016, 36(7): 1828-1833.
	蔡孟飞,何倩,程东生,等. 面向移动云存储的属性基解密服务中间件[J]. 计算机应用,2016,36(7):1828-1833.
[12]	HE Qian, LIU Peng, WANG Yong.Attribute Based Encryption Method with Revocable Dynamic and Static Attributes for VANETs[J]. Journal of Computer Research and Development, 2017, 54(11): 2456-2466.
	何倩,刘鹏,王勇. 可撤销动静态属性的车联网属性基加密方法[J]. 计算机研究与发展,2017,54(11):2456-2466.
[13]	WU Hui.Research and Implementation of QoS Management System in OpenFlow Network[D]. Wuhan: Wuhan Research Institute of Posts and Telecommunications, 2014.
	吴慧. OpenFlow网络中QoS管理系统的研究与实现[D]. 武汉:武汉邮电科学研究院,2014.
[14]	XIAO Junbi, SUI Mengmeng, LI Fan.Network Bandwidth Guarantee System Based on SDN[J]. Computer Systems & Applications, 2016, 25(6): 48-52.
	肖军弼,隋萌萌,李芃. 基于SDN 的网络带宽保障系统[J]. 计算机系统应用,2016,25(6):48-52.

[1]	Peng LIU, Qian HE, Wangyang LIU, Xu CHENG. CP-ABE Scheme Supporting Attribute Revocation and Outsourcing Decryption [J]. Netinfo Security, 2020, 20(3): 90-97.
[2]	Shengwei XU, Feijie WANG. Attribute-based Encryption Scheme Traced Under Multi-authority [J]. Netinfo Security, 2020, 20(1): 33-39.
[3]	Jinmiao WANG, Guowei WANG, Mei WANG, Ruijin ZHU. Achieving Privacy Preserving and Flexible Access Control in Fog Computing [J]. Netinfo Security, 2019, 19(9): 41-45.
[4]	Shengyu WANG, Jinmiao WANG, Qingfeng DONG, Ruijin ZHU. A Survey of Attribute-based Encryption Technology [J]. Netinfo Security, 2019, 19(9): 76-80.
[5]	Jianhua LIU, Xiaokun ZHENG, Dong ZHENG, Zhangheng AO. Secure Attribute Based Encryption Enabled Cloud Storage System with Ciphertext Search [J]. Netinfo Security, 2019, 19(7): 50-58.
[6]	Zhongyuan QIN, Yin HAN, Qunfang ZHANG, Xuejin ZHU. An Improved Scheme of Multi-PKG Cloud Storage Access Control [J]. Netinfo Security, 2019, 19(6): 11-18.
[7]	Xixi YAN, Qichao ZHANG, Yongli TANG, Qinlong HUANG. Ciphertext Policy Attribute-based Encryption Scheme Supporting Traitor Tracing [J]. Netinfo Security, 2019, 19(5): 47-53.
[8]	Xiangquan SHI, Jing TAO, Baokang ZHAO. A Network Access Control System in Virtualized Environments [J]. Netinfo Security, 2019, 19(10): 1-9.
[9]	Chengzhe LAI, Wenjuan WANG. Secure Mobility Management Framework with Privacy Preservation for Vehicle Platoon [J]. Netinfo Security, 2018, 18(7): 36-46.
[10]	Weijun ZHU, Yongwen FAN, Shaohuan BAN. A Mimic-automaton-based Model for the MSISDN Virtualization and Its Method for Verifying the Security [J]. Netinfo Security, 2018, 18(4): 15-22.
[11]	Zhanzhen WEI, Shourong WANG, Zhaobin LI, Weilong LI. Research on SDN Terminal Access Control Based on OpenFlow [J]. Netinfo Security, 2018, 18(4): 23-31.
[12]	LI Jianfeng, LIU Yuan, ZHANG Hao, WANG Xiaofeng. Research and Implementation of Routing Performance Optimization for IaaS Cloud Platform [J]. 信息网络安全, 2017, 17(9): 10-15.
[13]	YAN Xixi, LIU Yuan, HU Mingxing, HUANG Qinlong. LWE-based Multi-authority Attribute-based Encryption Scheme in Cloud Environment [J]. 信息网络安全, 2017, 17(9): 128-133.
[14]	YAN Xixi, YE Qing, LIU Yu. Attribute-based Encryption Scheme Supporting Privacy Preserving and User Revocation in the Cloud Environment [J]. 信息网络安全, 2017, 17(6): 14-21.
[15]	MEN Hong, YAO Shunli. Research on a Framework Based on Virtual Cloud Network for Monitoring Safe Production [J]. 信息网络安全, 2017, 17(3): 14-20.