面向云数据安全的行为日志审计技术研究

发布时间：2018-03-19 00:30

本文选题：云存储　切入点：公开审计　出处：《华侨大学》2017年硕士论文　论文类型：学位论文

【摘要】：云存储技术作为云计算服务中应用最广泛的服务之一,提供了一种面向海量数据存储和管理的有效途径,已然成为未来存储发展的主要趋势。近年来,随着云存储技术的广泛应用,云存储服务在给人们带来诸多便利的同时,也潜在着很多的安全威胁。其中,云服务提供商和用户之间缺少相互信任,一直是阻碍云存储服务进一步发展与普及的重要障碍。作为用于增强云服务提供商和用户之间相互信任与提高云服务质量的一种有效手段,云数据操作行为安全审计成为了云存储研究相关领域的一个研究热点。为此,本文在深入研究传统计算机和网络行为日志审计技术的基础上,结合云数据的使用环境,探索并提出了多种面向云数据安全的行为日志审计方法。本论文的主要贡献如下:(1)研究并提出一种基于云存储环境的第三方操作行为日志公开审计模型。该模型为云环境下用户操作行为日志审计提供了安全的保护机制,解决了云存储环境下行为日志审计过程中面临的隐私泄露问题。(2)提出一种基于Merkle哈希树的操作行为日志审计方法。其基本思想是利用Merkle哈希树作为操作行为日志存储结构,并从Merkle哈希树上生成可公开验证的证明值,以防范攻击者对审计日志的篡改攻击。实验结果表明,该方法能够避免审计过程中的用户隐私泄露问题,同时具有较高的审计效率。(3)提出一种融合错误定位的操作行为日志审计方法。其主要思想是使用短签名对用户的数据操作行为生成标签,并在生成证明过程中引入随机掩码技术,实现取证过程中对日志内容信息的隐私保护。实验结果表明,此方法可以提供无状态的公开审计,可选择性的按需审计,错误定位功能以及较高的审计效率。(4)提出一种面向可共享云数据的无证书操作行为日志审计方法。基本思想是利用基于无证书秘钥的分发机制来解决云服务提供商面临的复杂的证书分发管理问题和用户身份隐私保护的问题,并且结合短签名和随机掩码技术来保护群组用户审计行为日志隐私。
[Abstract]:Cloud storage technology, as one of the most widely used services in cloud computing services, provides an effective way to store and manage mass data, and has become the main trend of storage development in the future. With the wide application of cloud storage technology, cloud storage service not only brings a lot of convenience to people, but also has a lot of potential security threats. Among them, there is a lack of mutual trust between cloud service providers and users. It has been an important obstacle to the further development and popularization of cloud storage services as an effective means to enhance mutual trust and improve the quality of cloud services between cloud service providers and users. Security audit of cloud data operation behavior has become a research hotspot in cloud storage research field. Therefore, based on the research of traditional computer and network behavior log audit technology, this paper combines the use of cloud data environment. The main contributions of this paper are as follows: 1) Research and propose a public audit model of third-party operational behavior log based on cloud storage environment. This model is based on cloud storage environment. It provides a secure protection mechanism for user operation behavior log audit in cloud environment. This paper solves the privacy disclosure problem in the process of behavior log audit in cloud storage environment. It proposes a new audit method of operational behavior log based on Merkle hash tree. Its basic idea is to use Merkle hash tree as the storage structure of operational behavior log. A publicly verifiable proof value is generated from the Merkle hash tree to guard against tampering attacks on audit logs by attackers. The experimental results show that this method can avoid the problem of user privacy disclosure in the audit process. At the same time, it has higher audit efficiency. (3) A new audit method of operation behavior log is proposed, which combines error location. The main idea is to use short signature to generate label for user's data operation behavior. In order to protect the privacy of log content information in the process of obtaining evidence, this method can provide stateless public audit and optional on-demand audit. Error location function and high audit efficiency. 4) A new audit method for shared cloud data is proposed. The basic idea is to use the distribution mechanism based on the certificate secret key to solve the problem of cloud service provider. The complex issue of certificate distribution management and the protection of user identity privacy, Combined with short signature and random mask technology, the privacy of group user audit behavior log is protected.
【学位授予单位】：华侨大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP333;TP309

【参考文献】