云计算安全研究综述
|
摘要
对云计算安全相关问题进行了系统综述,分析了云计算安全问题的来源、云计算安全面临的威胁、与传统信息安全和网络安全的异同点;根据云计算安全的研究现状,归纳总结了一个覆盖所述云计算安全关键技术的云计算安全体系结构,重点分析归纳了云计算安全关键技术的7个领域,包括:访问控制与身份认证、数据加密与隐私保护、密文检索、安全云外包计算、数据完整性与数据删除、虚拟化安全、可信云计算;最后总结探讨了云计算安全未来的发展方向。
A systematical reviewof cloud computing security was presented in this paper. We analyzed the security problems of cloud computing and the related threats. We also compare cloud computing security to traditional information security and network security to showthe similarities and differences. In this paper,according to the current state-of-the-art of cloud computing security,the architecture of cloud computing security covering the security critical technologies is further presented. We focus on analyzing and summarizing seven key aspects of cloud computing security as followings: access control and identity authentication,data encryption and privacy protection,secure cloud computing outsourcing,ciphertext retrieval,data integrity and data deletion,virtualization security,and trusted cloud computing. Finally,the future research of cloud computing security is predicted.
A systematical reviewof cloud computing security was presented in this paper. We analyzed the security problems of cloud computing and the related threats. We also compare cloud computing security to traditional information security and network security to showthe similarities and differences. In this paper,according to the current state-of-the-art of cloud computing security,the architecture of cloud computing security covering the security critical technologies is further presented. We focus on analyzing and summarizing seven key aspects of cloud computing security as followings: access control and identity authentication,data encryption and privacy protection,secure cloud computing outsourcing,ciphertext retrieval,data integrity and data deletion,virtualization security,and trusted cloud computing. Finally,the future research of cloud computing security is predicted.
引文
[1]冯登国,张敏,张妍,等.云计算安全研究[J].软件学报,2011,22(1):71-83.
[2]吴吉义,沈千里,章剑林,等.云计算:从云安全到可信云[J].计算机研究与发展,2011,48(s1):229-233.
[3]林闯,苏文博,孟坤,等.云计算安全:架构、机制与模型评价[J].计算机学报,2013,36(9):1765-1784.
[4]俞能海,郝卓,徐甲甲,等.云安全研究进展综述[J].电子学报,2013,41(2):371-381.
[5]VERMA A,KAUSHAL S.Cloud Computing security issues and challenges:A survey[C]//International Conference on Information and Communication Technology for Competitive Strategies.ACM,2016:1-7.
[6]NADEEM A.Cloud Computing:Security Issues and Challenges[J].Journal of Wireless Communications,2016,1(1):10-15.
[7]AGRAWAL T,SINGH S K.Analysis of security algorithms in cloud computing[C]//International Conference on Computing for Sustainable Global Development.IEEE,2016.
[8]ULLAH K,KHAN M N A.Security and Privacy Issues in Cloud Computing Environment:A Survey Paper[J].International Journal of Grid&Distributed Computing,2016,7(s1-6):238-252.
[9]PATEL A,TAGHAVI M,BAKHTIYARI K.Review:An intrusion detection and prevention system in cloud computing:A systematic review[J].Journal of Network&Computer Applications,2016,36(1):25-41.
[10]金瑜,王凡,赵红武,等.云计算环境下信任机制综述[J].小型微型计算机系统,2016,37(1):1-11.
[11]张玉清,王晓菲,刘雪峰,等.云计算环境安全综述[J].软件学报,2016,27(6):1328-1348.
[12]陈晓峰,马建峰,李晖,等.云计算安全[M].科学出版社,2016.
[13]王国峰,刘川意,潘鹤中,等.云计算模式内部威胁综述[J].计算机学报,2017,40(2):296-316.
[14]RADWAN T,AZER M A,ABDELBAKI N.Cloud computing security:challenges and future trends[J].International Journal of Computer Applications in Technology,2017(2):158.
[15]陈龙,肖敏,罗文俊,等.云计算数据安全[M].科学出版社,2017.
[16]云计算安全联盟(Cloud Security Alliance,CSA).云计算关键领域安全指南v4.0(The Security Guidance for Critical Areas of Focus in Cloud Computing v4).2017.
[17]王于丁,杨家海,徐聪,等.云计算访问控制技术研究综述[J].软件学报,2015,26(5):1129-1150.
[18]KALLAHALLA M,RIEDEL E,SWAMINATHAN R,et al.Plutus:scalable secure file sharing on untrusted storage[C].Fast,2003,3:29-42.
[19]DONG C,RUSSELLO G,DULAY N.Shared and searchable encrypted data for untrusted servers[J].Journal of Computer Security,2011,19(3):367-397.
[20]OSTROVSKY R,SAHAI A,WATERS B.AttributeBased encryption with non-monotonic access structures[C].In:Proc.of the 14th ACM Conf.on Computer and Communications Security.NewYork:ACM Press,2007:195-203.
[21]ATTRAPADUNG N,IMAI H.Conjunctive broadcast and attribute-based encryption[C].In:Shacham H,Waters B,eds.Proc.of the Pairing-Based Cryptography-Pairing 2009.Berlin:Springer-Verlag,2009:248-265.
[22]ZHU Y,MA D,HU CJ,HUANG D.Howto use attribute-based encryption to implement role-based access control in the cloud[C].In:Proc.of the Cloud Computing,2013:33-40.
[23]XIANG H,ZHANG X,YAO D,et al.Towards endto-end secure content storage and delivery with public cloud[C].Proceedings of the Second ACM Conference on Data and Application Security and Privacy.ACM,2012:257-266.
[24]周长春,田晓丽,张宁,等.云计算中身份认证技术研究[J].计算机科学,2016,43(s1):339-341+369.
[25]OASIS Standard.SAML V2.0[EB/OL].(2005).http://docs.oasis-open.org/security/saml/v2.0
[26]江伟玉,高能,刘泽义,等.一种云计算中的多重身份认证与授权方案[J].信息网络安全,2012(8):7-10.
[27]秦晓娜,郝平,何恩.基于Open ID安全认证的Web实时通信系统[J].信息安全与通信保密,2013(4):70-72.
[28]LI H,DAI Y,TIAN L,et al.Identity-based authentication for cloud computing[C]//International Conference on Cloud Computing.Springer-Verlag,2009:157-166.
[29]CHENG,HONGBING,RONG,et al.Identity based encryption and biometric authentication scheme for secure data access in cloud computing[J].Chinese Journal of Electronics,2012,21(2):254-259.
[30]LI X,HE J,ZHANG T.A service-oriented identity authentication privacy protection method in cloud computing[J].International Journal of Grid&Distributed Computing,2013,6(1):77-86.
[31]HE D,KUMAR N,KHAN M K,et al.Efficient privacy-aware authentication scheme for mobile cloud cmputing services[J].IEEE Systems Journal,2017,(99):1-11.
[32]李明.云计算中身份认证和服务访问安全方案研究[D].武汉:华中科技大学,2014.
[33]李欣.云计算跨域身份认证技术研究[D].西安:西安电子科技大学,2015.
[34]巩林明,李顺东,郭奕.同态加密的发展及应用[J].中兴通讯技术,2016,(1):26-29.
[35]ACAR A,AKSU H,ULUAGAC A S,et al.A survey on homomorphic encryption schemes:Theory and implementation[J].ar Xiv:1704.03578v1[cs.CR]12Apr 2017.
[36]V BIKSHAM,D VASUMATHI.Homomorphic encryption techniques for securing data in cloud computing:A survey[J].International Journal of Computer Applications(0975-8887)Volume 160-No.6,February2017.
[37]R RIVEST,L ADLEMAN,M.Dertouzos.On data banks and privacy homomorphisms[J].In Foundations of Secure Computation,1978:169-180.
[38]GENTRY C.Fully homomorphic encryption using ideal lattices[C]//Proc of the 41st Annual ACM Symposium on Theory of Computing.NewYork:ACM Press,2009,9(4):169-178.
[39]VAN DIJK,GENTR Y,HALEV I,et al.Fully homomorphic encryption over the integers[C]//Proc of the 29th Annual International Conference on Theory and Applications of Cryptograhic Techniques.Berlin:Springer-Verlag,2010:24-43.
[40]BRAKERSKI Z,VALIKUNTANATHAN V.Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent M essages[M].Advances in Cryptology-CRYPTO 2011.Germany:Springer Berlin Heidelberg,2011:505-524.
[41]BRAKERSKI Z,GENTRY C,VAIKUNTANATHAN V.(Leveled)Fully homomorphic encryption without bootstrapping[C]//Proceeding of the 3rd Innovations in Theoretical Computer Science Conference.ACM,2012:309-325.
[42]GENTRY C,SAHAI A,WATERS B.Homomorphic Encryption from Learning with Errors:ConceptuallySimpler,Asymptotically-Faster,Attribute-Based.2013,8042:75-92.
[43]BROADBENT A,JEFFERY S.Quantum homomorphic encryption for circuits of lowT-gate complexity[J].Eprint Arxiv,2014(9216):609-629.
[44]YU L,PEREZDELGADO C A,FITZSIMONS J F.Limitations on information theoretically secure quantum homomorphic encryption[J].Physical ReviewA,2014,90(5).
[45]王育齐,佘堃.通用的量子同态加密框架[J].计算机科学与探索,2016,10(11):1571-1576.
[46]HE-LIANG,HUANG,YOU-WEI,et al.Homomorphic encryption experiments on IBM's cloud quantum computing platform[J].物理学前沿(英文版),2017,12(1):120305.
[47]AM WALEED,C LI.User Privacy and Security in Cloud Computing[J].International Journal of Security and its Applications,2016,10(2):341-352.
[48]JOSEPH N M,DANIEL E,VASANTHI N A.Survey on privacy-preserving methods for storage in cloud computing[C]//Foundation of Computer Science(FCS),2013:1-4.Amrita International Conference of Women in Computing(AICWIC’13)Proceedings published by International Journal of Computer Applications?(IJCA).
[49]刘玉葆,黄志兰,傅慰慈,等.基于有损分解的数据隐私保护方法[J].计算机研究与发展,2009,46(7):1217-1225.
[50]杨晓春,王雅哲,王斌,等.数据发布中面向多敏感属性的隐私保护方法[J].计算机学报,2008,31(4):574-587.
[51]CIRIANI V,VIMERCATI S D C D,FORESTI S,et al.Fragmentation and encryption to enforce privacy in data storage[C]//European Conference on Research in Computer Security.Springer-Verlag,2007,13(3):171-186.
[52]KALLAHALLA M,RIEDEL E,SWAMINATHAN R,et al.Plutus:scalable secure file sharing on untrusted storage[C]//Fast.3,2003:29-42.
[53]周胜利,陈光宣,吴礼发.基于信誉的云计算隐私保护研究进展[J].计算机科学,2016,43(b12):142-145.
[54]GHORBEL A,GHORBEL M,JMAIEL M.Privacy in cloud computing environments:a survey and research challenges[J].Journal of Supercomputing,2017,73(6):2763-2800.
[55]DAMIANI E5 d I VIMERCATI S,FORESTI S,et al.Key management for multi-user encrypted databases[C]//Proceedings of the 2005 ACM workshop on Storage security and survivability.ACM,2005:74-83.
[56]ITANI W,KAYSSI A,CHEHAB A.Privacy as a service:Privacy-aware data storage and processing in cloud computing architectures[C]//Dependable,Autonomic and Secure Computing,2009.DASC’09.Eighth IEEE International Conference on.IEEE,2009:711-716.
[57]MOWBRAY M,PEARSON S.A client-based privacy manager for cloud computing[C]//Proceedings of the fourth international ICST conference on communication system software and middleware.ACM,2009:1-8.
[58]蒋瀚,徐秋亮.基于云计算服务的安全多方计算[J].计算机研究与发展,2016,53(10):2152-2162.
[59]李晖,孙文海,李凤华,等.公共云存储服务数据安全及隐私保护技术综述[J].计算机研究与发展,2014,51(7):1397-1409.
[60]朱艳琴,王琴琴,王婷婷,等.基于云计算的可查询加密研究综述[J].南京师大学报(自然科学版),2014,37(1):8-16.
[61]李经纬,贾春福,刘哲理,等.可搜索加密技术研究综述[J].软件学报,2015,26(1):109-128.
[62]徐鹏,金海.可搜索加密的研究进展[J].网络与信息安全学报,2016,2(10):8-16.
[63]CUI S,ASGHAR M R,GALBRAITH S D,et al.Secure and practical searchable encryption:A position paper[C].Australasian Conference on Information Security and Privacy.Springer,Cham,2017:266-281.
[64]WU X,FU Z,SUN X.Text-based searchable encryption in cloud:A survey[J].Journal of Internet Technology,2017,18:207-213.
[65]SONG D,WAGNER D,PERRIG A.Practical Techniques for Searches on Encrypted Data[C].Proceedings of the IEEE Symposium on Security and Privacy(S&P'00).Piscataway,NJ,USA:IEEE,2000:44-55.
[66]BONEH D,CRESCENZO G,OSTROVSKY R,et al.Public Key Encryption with Keyword Search[C].Advances in Cryptology,Proceedings of the 23rd Annual International Conference on the Theory and Applications of Cryptographic Technique8(EUROCRYPT’04).Berlin,Germany:Springer-Verlag,2004:506-522.
[67]DONG J P,KIM K,LEE P J.Public key encryption with conjunctive field keyword search[C].International Conference on Information Security Applications.Springer-Verlag,2004:73-86.
[68]SWAMINATHAN A,MAO Y,SU G M,et al.Confidentiality-preserving rank-ordered search[C].ACM Workshop on Storage Security and Survivability,Storagess 2007,Alexandria,Va,Usa,October.DBLP,2007:7-12.
[69]蔡克,张敏,冯登国.基于单断言的安全的密文区间检索[J].计算机学报,2011,34(11):2093-2103.
[70]程芳权,彭智勇,宋伟,等.云环境下一种隐私保护的高效密文排序查询方法[J].计算机学报,2012,35(11):2215-2227.
[71]宋丹劼.基于同态加密的云存储系统设计与实现[D].北京:北京邮电大学,2013.
[72]魏瑞琪.基于全同态加密算法的密文检索模型的设计与实现[D].西安:西安电子科技大学,2014.
[73]宋伟,彭智勇,王骞,等.Mimir:一种基于密文的全文检索服务系统[J].计算机学报,2014(5):1170-1183.
[74]GAHI Y,GUENNOUN M,ELKHATIB K.A secure database system using homomorphic encryption schemes[J].Computer Science,2015:54-58.
[75]田雪,朱晓杰,申培松,等.基于相似查询树的快速密文检索方法[J].软件学报,2016,27(6):1566-1576.
[76]赵洋,包文意,熊虎,等.云计算里一种陷门无法识别的公钥搜索加密方案[J].信息网络安全,2016(1):1-5.
[77]杨旸,杨书略,柯闽.加密云数据下基于Simhash的模糊排序搜索方案[J].计算机学报,2017,40(2):431-444.
[78]LEI X,LIAO X,HUANG T,et al.Outsourcing large matrix inversion computation to a public cloud[J].IEEE Transactions on Cloud Computer,2013,1(1):78-87.
[79]胡杏,裴定一,唐春明.可验证安全外包矩阵计算及其应用[J].中国科学:信息科学,2013,43(7):842-852.
[80]FU S,YU Y,XU M.A secure algorithm for outsourcing matrix multiplication computation in the cloud[C]//ACM International Workshop on Security in Cloud Computing.ACM,2017:27-33.
[81]刘午阳,廖晓峰.方阵幂安全外包云计算[J].计算机应用,2015,35(2):383-386.
[82]蔡建兴,任艳丽.大型线性方程组求解的可验证外包算法[J].计算机应用研究,2017,34(2):536-538.
[83]张兴兰,刘祥.安全高效的可验证大型线性方程组求解外包计算方案[J].网络与信息安全学报,2017,3(6).
[84]ZHANG J,YANG Y,WANG Z.Outsourcing largescale systems of linear matrix equations in cloud computing[C]//IEEE,International Conference on Parallel and Distributed Systems.IEEE,2017:438-447.
[85]V SUDARSAN RAO,N.Satyanarayana.Secure and practical outsourcing of linear programming in cloud computing:A survey,international journal of computer applications(0975-8887)Volume 159-No.4,February2017.
[86]HOOHENBERGER S,LYSYANSKAYA A.Howto securely outsource cryptographic computations[C]//TCC 2005:Proceedings of the Second Theory of Cryptography Conference,LNCS 3378.Berlin:Springer,2005:264-282.
[87]MA X,LI J,ZHANG F.Efficient and secure batch exponentiations outsourcing in cloud computing[C]//ICINCo S2012:Proceedings of the 2012 4th International Conference on Intelligent Networking and Collaborative Systems.Piscataway:IEEE,2012:600-605.
[88]聂光辉,任艳丽.多个模指数运算的安全外包方案[J].计算机应用研究,2017(6):1790-1793.
[89]孙茂华,宫哲.一种保护隐私集合并集外包计算协议[J].密码学报,2016,3(2):114-125.
[90]刘振华,李宾,白翠翠.可验证的凸二次规划安全外包协议[J].哈尔滨工程大学学报,2016,37(9):1307-1312.
[91]任艳丽,谷大武,蔡建兴,等.隐私保护的可验证多元多项式外包计算方案[J].通信学报,2015,36(8):23-30.
[92]黄汝维,桂小林,陈宁江,等.云计算环境中支持关系运算的加密算法[J].软件学报,2015,26(5):1181-1195.
[93]张维纬,冯桂,刘建毅,等.云计算环境下支持属性撤销的外包解密DRM方案[J].计算机研究与发展,2015,52(12):2659-2668.
[94]任艳丽,蔡建兴,黄春水,等.基于身份加密中可验证的私钥生成外包算法[J].通信学报,2015,36(11):61-66.
[95]陈振华,李顺东,黄琼,等.云外包计算中空间位置关系的保密判定[J].计算机学报,2017,40(2):351-363.
[96]秦志光,吴世坤,熊虎.云存储服务中数据完整性审计方案综述[J].信息网络安全,2014,(7):1-6.
[97]谭霜,贾焰,韩伟红.云存储中的数据完整性证明研究及进展[J].计算机学报,2015,38(1):164-177.
[98]THANGAVEL M,VARALAKSHMI P,SINDHUJA R,et al.A survey on provable data possession in cloud storage[C]//Eighth International Conference on Advanced Computing.IEEE,2017:25-31.
[99]ZAFAR F,KHAN A,MALIK S U R,et al.A survey of cloud computing data integrity schemes[J].Computers&Security,2017,65(C):29-49.
[100]JUELS A,KALISKI JR B S.PORs:Proofs of retrievability for largefiles[C]//Proceedings of the 14th ACM conference on Computer and communications security.ACM,2007:584-597.
[101]ERWAY C,KPA,PAPAMANTHOU C,et al.Dynamic provable datapossession[C]//Proceedings of the 16th ACM conference on Computer and communications security.ACM,2009:213-222.
[102]WANG Q,WANG C,REN K,et al.Enabling public auditability and data dynamics for storage security in cloud computing[J].Parallel and Distributed Systems,IEEE Transactions on,2011,22(5):847-859.
[103]陈驰,于晶.云计算安全体系[M].北京:科学技术出版社,2014:180-182.
[104]PAUL M,SAXENA A.Proof of erasability for ensuring comprehensive data deletion in cloud computing[C]//International Conference on Network Security and Applications.Springer Berlin Heidelberg,2010:340-348.
[105]张逢喆,陈进,陈海波,等.云计算中的数据隐私性保护与自我销毁[J].计算机研究与发展,2011,48(7):1155-1167.
[106]YUE F,WANG G,LIU Q.A secure self-destructing scheme for electronic data[C]//Ieee/ifip,International Conference on Embedded and Ubiquitous Computing.IEEE,2011:651-658.
[107]王丽娜,任正伟,余荣威,等.一种适于云存储的数据确定性删除方法[J].电子学报,2012,40(2):266-272.
[108]冯贵兰,谭良.基于信任值的云存储数据确定性删除方案[J].计算机科学,2014,41(6):108-112.
[109]朱鸿伟.虚拟化安全关键技术研究[D].浙江大学,2008.
[110]余秦勇,童斌,陈林.虚拟化安全综述[J].信息安全与通信保密,2012(11):41-43.
[111]刘宇涛,陈海波.虚拟化安全:机遇,挑战与未来[J].网络与信息安全学报,2016,2(10):17-28.
[112]朱民,涂碧波,孟丹.虚拟化软件栈安全研究[J].计算机学报,2017,40(2):481-504.
[113]KAZIM M,MASOOD R,SHIBLI M A,et al.Security aspects of virtualization in cloud computing[C]//Ifip Tc8 International Conference,Cisim.2017:229-240.
[114]NAGESH O,KUMAR T,VENKATESWARARAO V.A survey on security aspects of server virtualization in cloud computing[J].International Journal of Electrical&Computer Engineering,2017,7(3):1326-1336.
[115]ALOUANE M,BAKKALI H E.Virtualization in cloud computing:existing solutions and newapproach[C]//International Conference on Cloud Computing Technologies and Applications.IEEE,2017:116-123.
[116]郑显义,史岗,孟丹.系统安全隔离技术研究综述[J].计算机学报,2017,40(5):1057-1079.
[117]PAN W,ZHANG Y,YU M,et al.Improving virtualization security by splitting hypervisor into smaller components[J].2017,7371:298-313.
[118]王含章.可信云计算平台模型的研究及其改进[D].合肥:中国科学技术大学,2011.
[119]SANTOS N,GUMMADI K P,RODRIGUES R.Towards trusted cloud computing[C]//Conference on Hot Topics in Cloud Computing.USENIX Association,2009:3.
[120]KRAUTHEIM F J,PHATAK D S,SHERMAN A T.Introducing the trusted virtual environment module:A newmechanism for rooting trust in cloud computing[C].International Conference on Trust and Trustworthy Computing.Springer-Verlag,2010:211-227.
[121]马威,韩臻,成阳.可信云计算中的多级管理机制研究[J].信息网络安全,2015,(7):20-25.
[122]丁滟,王怀民,史佩昌,等.可信云服务[J].计算机学报,2015,38(1):133-149.
[123]王佳慧,刘川意,王国峰,等.基于可验证计算的可信云计算研究[J].计算机学报,2016,39(2):286-304.
[124]石勇.面向云计算的可信虚拟环境关键技术研究[D].北京:北京交通大学,2017.
[125]刘刚,吴保锡,张尧.云环境下可信服务器平台关键技术研究[J].信息安全研究,2017,3(4):323-331.
[126]YU Z,ZHANG W,DAI H.A trusted architecture for virtual machines on cloud servers with trusted platform module and certificate authority[J].Journal of Signal Processing Systems,2017,86(2-3):327-336.
[127]CONTRACTOR D,PATEL D.Accountability in cloud computing by means of chain of trust[J].International Journal of Network Security,2017,19(2):251-259.
[2]吴吉义,沈千里,章剑林,等.云计算:从云安全到可信云[J].计算机研究与发展,2011,48(s1):229-233.
[3]林闯,苏文博,孟坤,等.云计算安全:架构、机制与模型评价[J].计算机学报,2013,36(9):1765-1784.
[4]俞能海,郝卓,徐甲甲,等.云安全研究进展综述[J].电子学报,2013,41(2):371-381.
[5]VERMA A,KAUSHAL S.Cloud Computing security issues and challenges:A survey[C]//International Conference on Information and Communication Technology for Competitive Strategies.ACM,2016:1-7.
[6]NADEEM A.Cloud Computing:Security Issues and Challenges[J].Journal of Wireless Communications,2016,1(1):10-15.
[7]AGRAWAL T,SINGH S K.Analysis of security algorithms in cloud computing[C]//International Conference on Computing for Sustainable Global Development.IEEE,2016.
[8]ULLAH K,KHAN M N A.Security and Privacy Issues in Cloud Computing Environment:A Survey Paper[J].International Journal of Grid&Distributed Computing,2016,7(s1-6):238-252.
[9]PATEL A,TAGHAVI M,BAKHTIYARI K.Review:An intrusion detection and prevention system in cloud computing:A systematic review[J].Journal of Network&Computer Applications,2016,36(1):25-41.
[10]金瑜,王凡,赵红武,等.云计算环境下信任机制综述[J].小型微型计算机系统,2016,37(1):1-11.
[11]张玉清,王晓菲,刘雪峰,等.云计算环境安全综述[J].软件学报,2016,27(6):1328-1348.
[12]陈晓峰,马建峰,李晖,等.云计算安全[M].科学出版社,2016.
[13]王国峰,刘川意,潘鹤中,等.云计算模式内部威胁综述[J].计算机学报,2017,40(2):296-316.
[14]RADWAN T,AZER M A,ABDELBAKI N.Cloud computing security:challenges and future trends[J].International Journal of Computer Applications in Technology,2017(2):158.
[15]陈龙,肖敏,罗文俊,等.云计算数据安全[M].科学出版社,2017.
[16]云计算安全联盟(Cloud Security Alliance,CSA).云计算关键领域安全指南v4.0(The Security Guidance for Critical Areas of Focus in Cloud Computing v4).2017.
[17]王于丁,杨家海,徐聪,等.云计算访问控制技术研究综述[J].软件学报,2015,26(5):1129-1150.
[18]KALLAHALLA M,RIEDEL E,SWAMINATHAN R,et al.Plutus:scalable secure file sharing on untrusted storage[C].Fast,2003,3:29-42.
[19]DONG C,RUSSELLO G,DULAY N.Shared and searchable encrypted data for untrusted servers[J].Journal of Computer Security,2011,19(3):367-397.
[20]OSTROVSKY R,SAHAI A,WATERS B.AttributeBased encryption with non-monotonic access structures[C].In:Proc.of the 14th ACM Conf.on Computer and Communications Security.NewYork:ACM Press,2007:195-203.
[21]ATTRAPADUNG N,IMAI H.Conjunctive broadcast and attribute-based encryption[C].In:Shacham H,Waters B,eds.Proc.of the Pairing-Based Cryptography-Pairing 2009.Berlin:Springer-Verlag,2009:248-265.
[22]ZHU Y,MA D,HU CJ,HUANG D.Howto use attribute-based encryption to implement role-based access control in the cloud[C].In:Proc.of the Cloud Computing,2013:33-40.
[23]XIANG H,ZHANG X,YAO D,et al.Towards endto-end secure content storage and delivery with public cloud[C].Proceedings of the Second ACM Conference on Data and Application Security and Privacy.ACM,2012:257-266.
[24]周长春,田晓丽,张宁,等.云计算中身份认证技术研究[J].计算机科学,2016,43(s1):339-341+369.
[25]OASIS Standard.SAML V2.0[EB/OL].(2005).http://docs.oasis-open.org/security/saml/v2.0
[26]江伟玉,高能,刘泽义,等.一种云计算中的多重身份认证与授权方案[J].信息网络安全,2012(8):7-10.
[27]秦晓娜,郝平,何恩.基于Open ID安全认证的Web实时通信系统[J].信息安全与通信保密,2013(4):70-72.
[28]LI H,DAI Y,TIAN L,et al.Identity-based authentication for cloud computing[C]//International Conference on Cloud Computing.Springer-Verlag,2009:157-166.
[29]CHENG,HONGBING,RONG,et al.Identity based encryption and biometric authentication scheme for secure data access in cloud computing[J].Chinese Journal of Electronics,2012,21(2):254-259.
[30]LI X,HE J,ZHANG T.A service-oriented identity authentication privacy protection method in cloud computing[J].International Journal of Grid&Distributed Computing,2013,6(1):77-86.
[31]HE D,KUMAR N,KHAN M K,et al.Efficient privacy-aware authentication scheme for mobile cloud cmputing services[J].IEEE Systems Journal,2017,(99):1-11.
[32]李明.云计算中身份认证和服务访问安全方案研究[D].武汉:华中科技大学,2014.
[33]李欣.云计算跨域身份认证技术研究[D].西安:西安电子科技大学,2015.
[34]巩林明,李顺东,郭奕.同态加密的发展及应用[J].中兴通讯技术,2016,(1):26-29.
[35]ACAR A,AKSU H,ULUAGAC A S,et al.A survey on homomorphic encryption schemes:Theory and implementation[J].ar Xiv:1704.03578v1[cs.CR]12Apr 2017.
[36]V BIKSHAM,D VASUMATHI.Homomorphic encryption techniques for securing data in cloud computing:A survey[J].International Journal of Computer Applications(0975-8887)Volume 160-No.6,February2017.
[37]R RIVEST,L ADLEMAN,M.Dertouzos.On data banks and privacy homomorphisms[J].In Foundations of Secure Computation,1978:169-180.
[38]GENTRY C.Fully homomorphic encryption using ideal lattices[C]//Proc of the 41st Annual ACM Symposium on Theory of Computing.NewYork:ACM Press,2009,9(4):169-178.
[39]VAN DIJK,GENTR Y,HALEV I,et al.Fully homomorphic encryption over the integers[C]//Proc of the 29th Annual International Conference on Theory and Applications of Cryptograhic Techniques.Berlin:Springer-Verlag,2010:24-43.
[40]BRAKERSKI Z,VALIKUNTANATHAN V.Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent M essages[M].Advances in Cryptology-CRYPTO 2011.Germany:Springer Berlin Heidelberg,2011:505-524.
[41]BRAKERSKI Z,GENTRY C,VAIKUNTANATHAN V.(Leveled)Fully homomorphic encryption without bootstrapping[C]//Proceeding of the 3rd Innovations in Theoretical Computer Science Conference.ACM,2012:309-325.
[42]GENTRY C,SAHAI A,WATERS B.Homomorphic Encryption from Learning with Errors:ConceptuallySimpler,Asymptotically-Faster,Attribute-Based.2013,8042:75-92.
[43]BROADBENT A,JEFFERY S.Quantum homomorphic encryption for circuits of lowT-gate complexity[J].Eprint Arxiv,2014(9216):609-629.
[44]YU L,PEREZDELGADO C A,FITZSIMONS J F.Limitations on information theoretically secure quantum homomorphic encryption[J].Physical ReviewA,2014,90(5).
[45]王育齐,佘堃.通用的量子同态加密框架[J].计算机科学与探索,2016,10(11):1571-1576.
[46]HE-LIANG,HUANG,YOU-WEI,et al.Homomorphic encryption experiments on IBM's cloud quantum computing platform[J].物理学前沿(英文版),2017,12(1):120305.
[47]AM WALEED,C LI.User Privacy and Security in Cloud Computing[J].International Journal of Security and its Applications,2016,10(2):341-352.
[48]JOSEPH N M,DANIEL E,VASANTHI N A.Survey on privacy-preserving methods for storage in cloud computing[C]//Foundation of Computer Science(FCS),2013:1-4.Amrita International Conference of Women in Computing(AICWIC’13)Proceedings published by International Journal of Computer Applications?(IJCA).
[49]刘玉葆,黄志兰,傅慰慈,等.基于有损分解的数据隐私保护方法[J].计算机研究与发展,2009,46(7):1217-1225.
[50]杨晓春,王雅哲,王斌,等.数据发布中面向多敏感属性的隐私保护方法[J].计算机学报,2008,31(4):574-587.
[51]CIRIANI V,VIMERCATI S D C D,FORESTI S,et al.Fragmentation and encryption to enforce privacy in data storage[C]//European Conference on Research in Computer Security.Springer-Verlag,2007,13(3):171-186.
[52]KALLAHALLA M,RIEDEL E,SWAMINATHAN R,et al.Plutus:scalable secure file sharing on untrusted storage[C]//Fast.3,2003:29-42.
[53]周胜利,陈光宣,吴礼发.基于信誉的云计算隐私保护研究进展[J].计算机科学,2016,43(b12):142-145.
[54]GHORBEL A,GHORBEL M,JMAIEL M.Privacy in cloud computing environments:a survey and research challenges[J].Journal of Supercomputing,2017,73(6):2763-2800.
[55]DAMIANI E5 d I VIMERCATI S,FORESTI S,et al.Key management for multi-user encrypted databases[C]//Proceedings of the 2005 ACM workshop on Storage security and survivability.ACM,2005:74-83.
[56]ITANI W,KAYSSI A,CHEHAB A.Privacy as a service:Privacy-aware data storage and processing in cloud computing architectures[C]//Dependable,Autonomic and Secure Computing,2009.DASC’09.Eighth IEEE International Conference on.IEEE,2009:711-716.
[57]MOWBRAY M,PEARSON S.A client-based privacy manager for cloud computing[C]//Proceedings of the fourth international ICST conference on communication system software and middleware.ACM,2009:1-8.
[58]蒋瀚,徐秋亮.基于云计算服务的安全多方计算[J].计算机研究与发展,2016,53(10):2152-2162.
[59]李晖,孙文海,李凤华,等.公共云存储服务数据安全及隐私保护技术综述[J].计算机研究与发展,2014,51(7):1397-1409.
[60]朱艳琴,王琴琴,王婷婷,等.基于云计算的可查询加密研究综述[J].南京师大学报(自然科学版),2014,37(1):8-16.
[61]李经纬,贾春福,刘哲理,等.可搜索加密技术研究综述[J].软件学报,2015,26(1):109-128.
[62]徐鹏,金海.可搜索加密的研究进展[J].网络与信息安全学报,2016,2(10):8-16.
[63]CUI S,ASGHAR M R,GALBRAITH S D,et al.Secure and practical searchable encryption:A position paper[C].Australasian Conference on Information Security and Privacy.Springer,Cham,2017:266-281.
[64]WU X,FU Z,SUN X.Text-based searchable encryption in cloud:A survey[J].Journal of Internet Technology,2017,18:207-213.
[65]SONG D,WAGNER D,PERRIG A.Practical Techniques for Searches on Encrypted Data[C].Proceedings of the IEEE Symposium on Security and Privacy(S&P'00).Piscataway,NJ,USA:IEEE,2000:44-55.
[66]BONEH D,CRESCENZO G,OSTROVSKY R,et al.Public Key Encryption with Keyword Search[C].Advances in Cryptology,Proceedings of the 23rd Annual International Conference on the Theory and Applications of Cryptographic Technique8(EUROCRYPT’04).Berlin,Germany:Springer-Verlag,2004:506-522.
[67]DONG J P,KIM K,LEE P J.Public key encryption with conjunctive field keyword search[C].International Conference on Information Security Applications.Springer-Verlag,2004:73-86.
[68]SWAMINATHAN A,MAO Y,SU G M,et al.Confidentiality-preserving rank-ordered search[C].ACM Workshop on Storage Security and Survivability,Storagess 2007,Alexandria,Va,Usa,October.DBLP,2007:7-12.
[69]蔡克,张敏,冯登国.基于单断言的安全的密文区间检索[J].计算机学报,2011,34(11):2093-2103.
[70]程芳权,彭智勇,宋伟,等.云环境下一种隐私保护的高效密文排序查询方法[J].计算机学报,2012,35(11):2215-2227.
[71]宋丹劼.基于同态加密的云存储系统设计与实现[D].北京:北京邮电大学,2013.
[72]魏瑞琪.基于全同态加密算法的密文检索模型的设计与实现[D].西安:西安电子科技大学,2014.
[73]宋伟,彭智勇,王骞,等.Mimir:一种基于密文的全文检索服务系统[J].计算机学报,2014(5):1170-1183.
[74]GAHI Y,GUENNOUN M,ELKHATIB K.A secure database system using homomorphic encryption schemes[J].Computer Science,2015:54-58.
[75]田雪,朱晓杰,申培松,等.基于相似查询树的快速密文检索方法[J].软件学报,2016,27(6):1566-1576.
[76]赵洋,包文意,熊虎,等.云计算里一种陷门无法识别的公钥搜索加密方案[J].信息网络安全,2016(1):1-5.
[77]杨旸,杨书略,柯闽.加密云数据下基于Simhash的模糊排序搜索方案[J].计算机学报,2017,40(2):431-444.
[78]LEI X,LIAO X,HUANG T,et al.Outsourcing large matrix inversion computation to a public cloud[J].IEEE Transactions on Cloud Computer,2013,1(1):78-87.
[79]胡杏,裴定一,唐春明.可验证安全外包矩阵计算及其应用[J].中国科学:信息科学,2013,43(7):842-852.
[80]FU S,YU Y,XU M.A secure algorithm for outsourcing matrix multiplication computation in the cloud[C]//ACM International Workshop on Security in Cloud Computing.ACM,2017:27-33.
[81]刘午阳,廖晓峰.方阵幂安全外包云计算[J].计算机应用,2015,35(2):383-386.
[82]蔡建兴,任艳丽.大型线性方程组求解的可验证外包算法[J].计算机应用研究,2017,34(2):536-538.
[83]张兴兰,刘祥.安全高效的可验证大型线性方程组求解外包计算方案[J].网络与信息安全学报,2017,3(6).
[84]ZHANG J,YANG Y,WANG Z.Outsourcing largescale systems of linear matrix equations in cloud computing[C]//IEEE,International Conference on Parallel and Distributed Systems.IEEE,2017:438-447.
[85]V SUDARSAN RAO,N.Satyanarayana.Secure and practical outsourcing of linear programming in cloud computing:A survey,international journal of computer applications(0975-8887)Volume 159-No.4,February2017.
[86]HOOHENBERGER S,LYSYANSKAYA A.Howto securely outsource cryptographic computations[C]//TCC 2005:Proceedings of the Second Theory of Cryptography Conference,LNCS 3378.Berlin:Springer,2005:264-282.
[87]MA X,LI J,ZHANG F.Efficient and secure batch exponentiations outsourcing in cloud computing[C]//ICINCo S2012:Proceedings of the 2012 4th International Conference on Intelligent Networking and Collaborative Systems.Piscataway:IEEE,2012:600-605.
[88]聂光辉,任艳丽.多个模指数运算的安全外包方案[J].计算机应用研究,2017(6):1790-1793.
[89]孙茂华,宫哲.一种保护隐私集合并集外包计算协议[J].密码学报,2016,3(2):114-125.
[90]刘振华,李宾,白翠翠.可验证的凸二次规划安全外包协议[J].哈尔滨工程大学学报,2016,37(9):1307-1312.
[91]任艳丽,谷大武,蔡建兴,等.隐私保护的可验证多元多项式外包计算方案[J].通信学报,2015,36(8):23-30.
[92]黄汝维,桂小林,陈宁江,等.云计算环境中支持关系运算的加密算法[J].软件学报,2015,26(5):1181-1195.
[93]张维纬,冯桂,刘建毅,等.云计算环境下支持属性撤销的外包解密DRM方案[J].计算机研究与发展,2015,52(12):2659-2668.
[94]任艳丽,蔡建兴,黄春水,等.基于身份加密中可验证的私钥生成外包算法[J].通信学报,2015,36(11):61-66.
[95]陈振华,李顺东,黄琼,等.云外包计算中空间位置关系的保密判定[J].计算机学报,2017,40(2):351-363.
[96]秦志光,吴世坤,熊虎.云存储服务中数据完整性审计方案综述[J].信息网络安全,2014,(7):1-6.
[97]谭霜,贾焰,韩伟红.云存储中的数据完整性证明研究及进展[J].计算机学报,2015,38(1):164-177.
[98]THANGAVEL M,VARALAKSHMI P,SINDHUJA R,et al.A survey on provable data possession in cloud storage[C]//Eighth International Conference on Advanced Computing.IEEE,2017:25-31.
[99]ZAFAR F,KHAN A,MALIK S U R,et al.A survey of cloud computing data integrity schemes[J].Computers&Security,2017,65(C):29-49.
[100]JUELS A,KALISKI JR B S.PORs:Proofs of retrievability for largefiles[C]//Proceedings of the 14th ACM conference on Computer and communications security.ACM,2007:584-597.
[101]ERWAY C,KPA,PAPAMANTHOU C,et al.Dynamic provable datapossession[C]//Proceedings of the 16th ACM conference on Computer and communications security.ACM,2009:213-222.
[102]WANG Q,WANG C,REN K,et al.Enabling public auditability and data dynamics for storage security in cloud computing[J].Parallel and Distributed Systems,IEEE Transactions on,2011,22(5):847-859.
[103]陈驰,于晶.云计算安全体系[M].北京:科学技术出版社,2014:180-182.
[104]PAUL M,SAXENA A.Proof of erasability for ensuring comprehensive data deletion in cloud computing[C]//International Conference on Network Security and Applications.Springer Berlin Heidelberg,2010:340-348.
[105]张逢喆,陈进,陈海波,等.云计算中的数据隐私性保护与自我销毁[J].计算机研究与发展,2011,48(7):1155-1167.
[106]YUE F,WANG G,LIU Q.A secure self-destructing scheme for electronic data[C]//Ieee/ifip,International Conference on Embedded and Ubiquitous Computing.IEEE,2011:651-658.
[107]王丽娜,任正伟,余荣威,等.一种适于云存储的数据确定性删除方法[J].电子学报,2012,40(2):266-272.
[108]冯贵兰,谭良.基于信任值的云存储数据确定性删除方案[J].计算机科学,2014,41(6):108-112.
[109]朱鸿伟.虚拟化安全关键技术研究[D].浙江大学,2008.
[110]余秦勇,童斌,陈林.虚拟化安全综述[J].信息安全与通信保密,2012(11):41-43.
[111]刘宇涛,陈海波.虚拟化安全:机遇,挑战与未来[J].网络与信息安全学报,2016,2(10):17-28.
[112]朱民,涂碧波,孟丹.虚拟化软件栈安全研究[J].计算机学报,2017,40(2):481-504.
[113]KAZIM M,MASOOD R,SHIBLI M A,et al.Security aspects of virtualization in cloud computing[C]//Ifip Tc8 International Conference,Cisim.2017:229-240.
[114]NAGESH O,KUMAR T,VENKATESWARARAO V.A survey on security aspects of server virtualization in cloud computing[J].International Journal of Electrical&Computer Engineering,2017,7(3):1326-1336.
[115]ALOUANE M,BAKKALI H E.Virtualization in cloud computing:existing solutions and newapproach[C]//International Conference on Cloud Computing Technologies and Applications.IEEE,2017:116-123.
[116]郑显义,史岗,孟丹.系统安全隔离技术研究综述[J].计算机学报,2017,40(5):1057-1079.
[117]PAN W,ZHANG Y,YU M,et al.Improving virtualization security by splitting hypervisor into smaller components[J].2017,7371:298-313.
[118]王含章.可信云计算平台模型的研究及其改进[D].合肥:中国科学技术大学,2011.
[119]SANTOS N,GUMMADI K P,RODRIGUES R.Towards trusted cloud computing[C]//Conference on Hot Topics in Cloud Computing.USENIX Association,2009:3.
[120]KRAUTHEIM F J,PHATAK D S,SHERMAN A T.Introducing the trusted virtual environment module:A newmechanism for rooting trust in cloud computing[C].International Conference on Trust and Trustworthy Computing.Springer-Verlag,2010:211-227.
[121]马威,韩臻,成阳.可信云计算中的多级管理机制研究[J].信息网络安全,2015,(7):20-25.
[122]丁滟,王怀民,史佩昌,等.可信云服务[J].计算机学报,2015,38(1):133-149.
[123]王佳慧,刘川意,王国峰,等.基于可验证计算的可信云计算研究[J].计算机学报,2016,39(2):286-304.
[124]石勇.面向云计算的可信虚拟环境关键技术研究[D].北京:北京交通大学,2017.
[125]刘刚,吴保锡,张尧.云环境下可信服务器平台关键技术研究[J].信息安全研究,2017,3(4):323-331.
[126]YU Z,ZHANG W,DAI H.A trusted architecture for virtual machines on cloud servers with trusted platform module and certificate authority[J].Journal of Signal Processing Systems,2017,86(2-3):327-336.
[127]CONTRACTOR D,PATEL D.Accountability in cloud computing by means of chain of trust[J].International Journal of Network Security,2017,19(2):251-259.