面向云计算的数据安全保护关键技术研究
|
摘要
云计算将硬件、软件等大量IT资源以服务的形式通过网络提供给用户。在云计算服务模式下,用户将数据和应用托管至云端,云服务的透明性使用户失去对数据的控制,由于云服务商可信性不易评估,因此,数据安全问题成为云计算环境下用户的首要担忧。
由于云计算是根据用户的服务请求对数据进行相关操作,因此,用户和云之间的身份认证是保证数据不被非法用户冒名访问的前提。但是,由于云用户数量庞大,如何进行安全和高效的认证是用户和服务商均关注的问题。用户通过身份认证后,可以使用云提供的数据存储和计算服务。用户将大量数据存储到云端并委托云服务商对数据进行计算,本地并不存储数据的副本,虽然云服务商具有强大的技术实力和维护水平,仍无法完全避免数据发生损坏。对于静态存储的数据而言,由于数据量大,传统的将数据下载到本地进行完整性验证不再适用。当用户发现数据完整性被破坏时,只能寄希望于云服务商的灾备机制。对于在计算服务中的动态数据,由于云计算具有多租户的特点,用户通过服务进程对数据访问和计算,共享访问的进程载体成为权限的集中点,共享漏洞威胁需采取针对用户维度的权限隔离机制。如果真的发生了数据安全事件,用户如何对云服务商追究责任是一个关键问题,目前问责机制需要云服务的细节,涉及云服务商的商业秘密,较难实现。另外,由于缺乏可信保障机制,安全机制可能被攻击、篡改或旁路,无法发挥作用。
云计算中数据安全问题的本质是数据所有方和服务方之间的信任管理,用户和云服务提供者之间需形成一定的数据使用约束,通过双方的信誉和技术约束手段,共同促成数据的合法使用而不被滥用和破坏。就用户来说,可以选择信赖的服务方,约定一种双方都满意的安全机制,以达到最大化的保障,就服务方而言,一旦失去诚信,将无立足之地。在这样的前提下,云服务商愿意配合用户采取一些数据安全保护技术,不会故意破坏用户的数据,但会对出现的一些数据安全事故进行隐瞒。从这一角度出发,本文对认证、静态存储数据保护和动态计算数据保护、可信云计算等关键技术进行了研究,为云用户提供全面的数据安全保护。
本文的主要工作和研究成果如下:
1.基于三方口令认证密钥交换(3PAKE)协议提出一种跨云认证方案,并设计了一种可证明安全的3PAKE协议。将用户、用户所属私有云和公有云分别对应3PAKE中的三方实现了跨云认证,基于所设计协议实现的方案比其它跨云认证方案有更高的计算效率。针对传统口令认证方案中存在口令安全性低、易受猜测攻击、认证后不能安全生成会话密钥等问题,基于椭圆曲线提出一种3PAKE协议,证明了协议在随机预言模型下具有会话密钥的前向安全性,能抗离线口令猜测攻击。与基于证书的PKI、基于身份的密码IBC等认证方案相比,本方案既利用了口令认证方案简单易行的优点,又通过密码学方法对口令进行了有效保护,实现了用户和云之间安全、高效的双向认证。
2.提出一种用户可验证的静态数据存储方案,使用户能够实现云端数据完整性验证、数据修复以及数据泄露问责。为使用户在发现数据完整性被破坏后能够恢复数据,提出基于秘密共享的多副本存储预处理方法,并提出一种用户身份信息与可用数据分离存储方法,防止外部攻击者获得数据的属主信息后收集同一用户的数据分块重构原始文件。为了及时验证数据的完整性,提出一种支持上述多副本机制的完整性验证方法,该方法与现有完整性验证方法相比,能够确定出错的数据分块,并支持面向第三方的公开验证和数据动态更新。多副本完整性验证无法保证数据不被云服务商泄露,为解决数据泄露问责问题,基于云模型和混沌序列的良好特性,提出一种利用数据库水印实现泄露问责的方法,使用户能够追究云服务商的失职。
3.基于分散信息流模型DIFC构建了动态数据安全保护系统CA_DataGuarder,提供多租户之间细粒度的数据隔离和控制。为消除DIFC的模糊性和不完整性,基于命题逻辑为标记体系和信息流规则进行形式化建模并证明了DIFC模型的安全性。基于DIFC模型的规则和特权约束条件设计分布式文件系统的保护机制、CA_DataGuarder中敏感数据对象标记和追踪控制的实现机制。在编程语言级,提出一种最小特权封装(LPE)机制,保证安全策略的执行点容易定位和监控;在操作系统层,基于统一的DIFC安全策略模型提供对上层应用的支撑,将用户信息作为应用上下文语义传递至操作系统层,实现了细粒度的数据控制和保护。与现有的基于访问控制或分散信息流控制的其他系统相比,CA_DataGuarder能提供用户维度的数据隔离,并保证安全机制不易被旁路。
4.基于虚拟化架构构建了一种可信云计算平台,为上述几种数据安全保护机制的正确执行提供了可信执行环境。首先,从进程行为的角度对平台信任链传递进行形式化建模和安全证明,给出理论上的支撑。在模型基础上设计了信任链传递机制,在虚拟机监控器VMM层进行了可信增强,提出一种无序的运行时信任链传递机制,对上层用户虚拟机上的可执行程序进行完整性度量和隔离保护,防止恶意代码篡改可执行程序,破坏数据安全机制。为降低云服务商的安全开销,假设云基础设施中只有部分主机进行了可信增强,提出一种将用户虚拟机镜像与云计算环境可信性绑定的方案。
Cloud computing provides a large number of IT resources such as hardware and software as aservice to users through the network. In cloud computing service model, users host data andapplication to the cloud, due to the cloud service transparency, they lose control of the data. Becauseit is difficult to assess cloud provider’s credibility for users, data security has become the primaryconcern in cloud computing.
Since cloud computing does related operations based on user's service request,authentication between users and cloud providers can avoid illegal access from assumed identity.Whereas, due to the large number of users, how to realize safe and efficient authentication is themain concern for users and service providers. Having been authenticated, users can use thedata storage and computing services. Users upload large amounts of data to the cloud andcommission cloud service providers to calculate without the local copy stored. Although thecloud service provider is with strong technical strength and maintenance, it is not possible tocompletely prevent data damage or leakage occurs. For static storage of data, due to the mass ofdata, it is no longer applicable to verify integrity after downloading data to local in traditional way. Ifusers find data integrity is compromised, they can only pray the cloud service provider's disasterrecovery mechanism works. Because of the characteristics of multi-tenant in the cloud, users accessdata and compute through the service process for dynamic data in computing service, the processcarrier of shared access become focal point of authority. But it is difficult to achieve effectiveisolation and control of different users’ data by shared permissions on OS level, data isolationmechanism of application solely is easily bypassed, so data confidentiality and integrity inmulti-tenant environment remain to be resolved. If the data disclosure really happens, it is a keyissue to charge service providers’ responsibility. Current accountability mechanisms need detailsof cloud services, which are related to cloud service providers’ trade secrets, consequently it isdifficult to achieve. In addition, due to the lack of trusted protection mechanism, securitymechanism may be attacked, tampered or bypassed, accordingly it fails.
The essence of the cloud data security problem is the trust management between data ownerand service provider, certain data constraints should be formed between them. They achieve certain data useagreement through reputation and technical means of restraint, contribute to the legitimate use of data andprevent from destroying. Users can choose to rely on service provider side by reaching a mutually satisfactorysecurity mechanism to maximize safety and security, service providers will not have a place to live in once helost credibility. In this context, cloud service providers are willing to cooperate with users to take data securityprotection technology, and never do intentional destruction of user data, but they may hide data safetyaccident. From this point of view, the thesis studies on the authentication, static memory data protection, dynamic calculation data protection and trusted cloud computing, etc. are studied, toprovide comprehensive data security protection for cloud users.
The main research work are as follows:
1. A cross-cloud authentication scheme based on3PAKE (three-party passwordauthenticated key exchange) protocol is proposed and a provably secure authentication protocolis designed for the scheme. Users, the private cloud to which the users belong and the publiccloud correspond to the three parties of the3PAKE protocol which realizes cross-cloudauthentication. The authentication scheme based on our protocol is more computation efficientthan other cross-cloud authentication schemes. Traditional password authentication is vulnerableto password-guessing attacks and cannot generate a session key securely. To solve the problemsof password authentication, a protocol based on elliptic curve cryptosystem is put forward. Theprotocol is proved to be forward secure for session keys and defeat off-line password guessingattack in the random oracle model. Compared with the PKI or IBC authentication scheme, thisscheme is simple and of high security which realizes the efficiency, safety and fairnessbidirectional authentication process with public cloud.
2. A static data storage scheme users can verify is put forward, which enables users torealize cloud data integrity verification, bug reparation and data leakage accountability. In orderto enable users to recover after finding data breaches, we present a multi-copy storagepreprocessing method on secret sharing and a storage method separating user identityinformation from available data, to prevent external attackers to collect the same user’s datablock to reconstruct the original file after obtaining owner’s information of data. Integrityverification methods supporting above multi-copy mechanism is proposed to verify the dataintegrity in time, compared with existing integrity verification method, it can determine the errordata block and support publicly verifiable from third-party and data dynamical update.Multi-copy integrity verification cannot guarantee data not leaked by cloud service provider, tosolve this problem, a data leaked accountability method using database watermark is presented,which is based on the good characteristics of the cloud model and chaotic sequence, and help theuser to investigate service provider’s dereliction of duty..
3. Dynamic Data security protection system CA_DataGuarder is built based on thedispersion information flow model the CA_DIFC, which provides fine-grained data isolation andcontrol between multi tenants. In order to eliminate the ambiguity and integrity of the DIFC, wecomplete formal modeling for mark system and information flow rules based on propositionallogic, and prove CA_DIFC’s safety. Then we design a distributed file system protectionmechanisms, sensitive data object marking and tracking control implementation mechanism inCA_DataGuarder based on the rules and privileges constraints. On the programming language level, we propose a LPE(least privilege encapsulation) mechanism to guarantee that theimplementation of security strategy is easy to locate and monitor. On operating system layer, itsupports upper cloud application based on a unified DIFC security policy model, transfers userinformation as the application context semantic to OS layer, which realizes fine-grained datacontrol and protection.
4. A trusted cloud computing platform is constructed based on virtualization-basedarchitecture, which provides a trusted execution environment to execute above data securityprotection mechanisms. First of all, we realize formal modeling and safety proving for thetransfer of platform trust chain and afford theoretical support. Given the openness of OS, in ordernot to increase the user's security overhead, we enhance credibility in VMM (a virtual machinemonitor) layer, and propose a unordered trust chain transfer mode, which provides integritymeasurement and isolation protection for executable program for the upper VMs againstmalicious code tampering and destroy data security mechanism destroying. To reduce thesecurity overhead of cloud service providers, it is assumed that only part of the host cloudinfrastructure is enhanced, then we propose a credibility binding plan of virtual machine imagesand cloud computing environment.
由于云计算是根据用户的服务请求对数据进行相关操作,因此,用户和云之间的身份认证是保证数据不被非法用户冒名访问的前提。但是,由于云用户数量庞大,如何进行安全和高效的认证是用户和服务商均关注的问题。用户通过身份认证后,可以使用云提供的数据存储和计算服务。用户将大量数据存储到云端并委托云服务商对数据进行计算,本地并不存储数据的副本,虽然云服务商具有强大的技术实力和维护水平,仍无法完全避免数据发生损坏。对于静态存储的数据而言,由于数据量大,传统的将数据下载到本地进行完整性验证不再适用。当用户发现数据完整性被破坏时,只能寄希望于云服务商的灾备机制。对于在计算服务中的动态数据,由于云计算具有多租户的特点,用户通过服务进程对数据访问和计算,共享访问的进程载体成为权限的集中点,共享漏洞威胁需采取针对用户维度的权限隔离机制。如果真的发生了数据安全事件,用户如何对云服务商追究责任是一个关键问题,目前问责机制需要云服务的细节,涉及云服务商的商业秘密,较难实现。另外,由于缺乏可信保障机制,安全机制可能被攻击、篡改或旁路,无法发挥作用。
云计算中数据安全问题的本质是数据所有方和服务方之间的信任管理,用户和云服务提供者之间需形成一定的数据使用约束,通过双方的信誉和技术约束手段,共同促成数据的合法使用而不被滥用和破坏。就用户来说,可以选择信赖的服务方,约定一种双方都满意的安全机制,以达到最大化的保障,就服务方而言,一旦失去诚信,将无立足之地。在这样的前提下,云服务商愿意配合用户采取一些数据安全保护技术,不会故意破坏用户的数据,但会对出现的一些数据安全事故进行隐瞒。从这一角度出发,本文对认证、静态存储数据保护和动态计算数据保护、可信云计算等关键技术进行了研究,为云用户提供全面的数据安全保护。
本文的主要工作和研究成果如下:
1.基于三方口令认证密钥交换(3PAKE)协议提出一种跨云认证方案,并设计了一种可证明安全的3PAKE协议。将用户、用户所属私有云和公有云分别对应3PAKE中的三方实现了跨云认证,基于所设计协议实现的方案比其它跨云认证方案有更高的计算效率。针对传统口令认证方案中存在口令安全性低、易受猜测攻击、认证后不能安全生成会话密钥等问题,基于椭圆曲线提出一种3PAKE协议,证明了协议在随机预言模型下具有会话密钥的前向安全性,能抗离线口令猜测攻击。与基于证书的PKI、基于身份的密码IBC等认证方案相比,本方案既利用了口令认证方案简单易行的优点,又通过密码学方法对口令进行了有效保护,实现了用户和云之间安全、高效的双向认证。
2.提出一种用户可验证的静态数据存储方案,使用户能够实现云端数据完整性验证、数据修复以及数据泄露问责。为使用户在发现数据完整性被破坏后能够恢复数据,提出基于秘密共享的多副本存储预处理方法,并提出一种用户身份信息与可用数据分离存储方法,防止外部攻击者获得数据的属主信息后收集同一用户的数据分块重构原始文件。为了及时验证数据的完整性,提出一种支持上述多副本机制的完整性验证方法,该方法与现有完整性验证方法相比,能够确定出错的数据分块,并支持面向第三方的公开验证和数据动态更新。多副本完整性验证无法保证数据不被云服务商泄露,为解决数据泄露问责问题,基于云模型和混沌序列的良好特性,提出一种利用数据库水印实现泄露问责的方法,使用户能够追究云服务商的失职。
3.基于分散信息流模型DIFC构建了动态数据安全保护系统CA_DataGuarder,提供多租户之间细粒度的数据隔离和控制。为消除DIFC的模糊性和不完整性,基于命题逻辑为标记体系和信息流规则进行形式化建模并证明了DIFC模型的安全性。基于DIFC模型的规则和特权约束条件设计分布式文件系统的保护机制、CA_DataGuarder中敏感数据对象标记和追踪控制的实现机制。在编程语言级,提出一种最小特权封装(LPE)机制,保证安全策略的执行点容易定位和监控;在操作系统层,基于统一的DIFC安全策略模型提供对上层应用的支撑,将用户信息作为应用上下文语义传递至操作系统层,实现了细粒度的数据控制和保护。与现有的基于访问控制或分散信息流控制的其他系统相比,CA_DataGuarder能提供用户维度的数据隔离,并保证安全机制不易被旁路。
4.基于虚拟化架构构建了一种可信云计算平台,为上述几种数据安全保护机制的正确执行提供了可信执行环境。首先,从进程行为的角度对平台信任链传递进行形式化建模和安全证明,给出理论上的支撑。在模型基础上设计了信任链传递机制,在虚拟机监控器VMM层进行了可信增强,提出一种无序的运行时信任链传递机制,对上层用户虚拟机上的可执行程序进行完整性度量和隔离保护,防止恶意代码篡改可执行程序,破坏数据安全机制。为降低云服务商的安全开销,假设云基础设施中只有部分主机进行了可信增强,提出一种将用户虚拟机镜像与云计算环境可信性绑定的方案。
Cloud computing provides a large number of IT resources such as hardware and software as aservice to users through the network. In cloud computing service model, users host data andapplication to the cloud, due to the cloud service transparency, they lose control of the data. Becauseit is difficult to assess cloud provider’s credibility for users, data security has become the primaryconcern in cloud computing.
Since cloud computing does related operations based on user's service request,authentication between users and cloud providers can avoid illegal access from assumed identity.Whereas, due to the large number of users, how to realize safe and efficient authentication is themain concern for users and service providers. Having been authenticated, users can use thedata storage and computing services. Users upload large amounts of data to the cloud andcommission cloud service providers to calculate without the local copy stored. Although thecloud service provider is with strong technical strength and maintenance, it is not possible tocompletely prevent data damage or leakage occurs. For static storage of data, due to the mass ofdata, it is no longer applicable to verify integrity after downloading data to local in traditional way. Ifusers find data integrity is compromised, they can only pray the cloud service provider's disasterrecovery mechanism works. Because of the characteristics of multi-tenant in the cloud, users accessdata and compute through the service process for dynamic data in computing service, the processcarrier of shared access become focal point of authority. But it is difficult to achieve effectiveisolation and control of different users’ data by shared permissions on OS level, data isolationmechanism of application solely is easily bypassed, so data confidentiality and integrity inmulti-tenant environment remain to be resolved. If the data disclosure really happens, it is a keyissue to charge service providers’ responsibility. Current accountability mechanisms need detailsof cloud services, which are related to cloud service providers’ trade secrets, consequently it isdifficult to achieve. In addition, due to the lack of trusted protection mechanism, securitymechanism may be attacked, tampered or bypassed, accordingly it fails.
The essence of the cloud data security problem is the trust management between data ownerand service provider, certain data constraints should be formed between them. They achieve certain data useagreement through reputation and technical means of restraint, contribute to the legitimate use of data andprevent from destroying. Users can choose to rely on service provider side by reaching a mutually satisfactorysecurity mechanism to maximize safety and security, service providers will not have a place to live in once helost credibility. In this context, cloud service providers are willing to cooperate with users to take data securityprotection technology, and never do intentional destruction of user data, but they may hide data safetyaccident. From this point of view, the thesis studies on the authentication, static memory data protection, dynamic calculation data protection and trusted cloud computing, etc. are studied, toprovide comprehensive data security protection for cloud users.
The main research work are as follows:
1. A cross-cloud authentication scheme based on3PAKE (three-party passwordauthenticated key exchange) protocol is proposed and a provably secure authentication protocolis designed for the scheme. Users, the private cloud to which the users belong and the publiccloud correspond to the three parties of the3PAKE protocol which realizes cross-cloudauthentication. The authentication scheme based on our protocol is more computation efficientthan other cross-cloud authentication schemes. Traditional password authentication is vulnerableto password-guessing attacks and cannot generate a session key securely. To solve the problemsof password authentication, a protocol based on elliptic curve cryptosystem is put forward. Theprotocol is proved to be forward secure for session keys and defeat off-line password guessingattack in the random oracle model. Compared with the PKI or IBC authentication scheme, thisscheme is simple and of high security which realizes the efficiency, safety and fairnessbidirectional authentication process with public cloud.
2. A static data storage scheme users can verify is put forward, which enables users torealize cloud data integrity verification, bug reparation and data leakage accountability. In orderto enable users to recover after finding data breaches, we present a multi-copy storagepreprocessing method on secret sharing and a storage method separating user identityinformation from available data, to prevent external attackers to collect the same user’s datablock to reconstruct the original file after obtaining owner’s information of data. Integrityverification methods supporting above multi-copy mechanism is proposed to verify the dataintegrity in time, compared with existing integrity verification method, it can determine the errordata block and support publicly verifiable from third-party and data dynamical update.Multi-copy integrity verification cannot guarantee data not leaked by cloud service provider, tosolve this problem, a data leaked accountability method using database watermark is presented,which is based on the good characteristics of the cloud model and chaotic sequence, and help theuser to investigate service provider’s dereliction of duty..
3. Dynamic Data security protection system CA_DataGuarder is built based on thedispersion information flow model the CA_DIFC, which provides fine-grained data isolation andcontrol between multi tenants. In order to eliminate the ambiguity and integrity of the DIFC, wecomplete formal modeling for mark system and information flow rules based on propositionallogic, and prove CA_DIFC’s safety. Then we design a distributed file system protectionmechanisms, sensitive data object marking and tracking control implementation mechanism inCA_DataGuarder based on the rules and privileges constraints. On the programming language level, we propose a LPE(least privilege encapsulation) mechanism to guarantee that theimplementation of security strategy is easy to locate and monitor. On operating system layer, itsupports upper cloud application based on a unified DIFC security policy model, transfers userinformation as the application context semantic to OS layer, which realizes fine-grained datacontrol and protection.
4. A trusted cloud computing platform is constructed based on virtualization-basedarchitecture, which provides a trusted execution environment to execute above data securityprotection mechanisms. First of all, we realize formal modeling and safety proving for thetransfer of platform trust chain and afford theoretical support. Given the openness of OS, in ordernot to increase the user's security overhead, we enhance credibility in VMM (a virtual machinemonitor) layer, and propose a unordered trust chain transfer mode, which provides integritymeasurement and isolation protection for executable program for the upper VMs againstmalicious code tampering and destroy data security mechanism destroying. To reduce thesecurity overhead of cloud service providers, it is assumed that only part of the host cloudinfrastructure is enhanced, then we propose a credibility binding plan of virtual machine imagesand cloud computing environment.
引文
[1]Armbrust M, Fox A, Griffith R, et al. Above the clouds: A berkeley view of cloud computing. TechnicalReport No.UCB/EECS-2009-28[J]. Berkeley, USA: University of California at Berkeley,2009.
[2]Stefan Ried. Sizing the Cloud[EB/OL]. http://blogs.forrester.com/stefanried/11-04-21-sizing the cloud.2011-4-21.
[3]Dean J, Ghemawat S. MapReduce: a flexible data processing tool[J]. Commun ACM,2010,53(1):72-77.
[4]Decandia G, Hastorun D, Jampani M, et al. Dynamo: amazon's highly available key-value store[A].SOSP'07[C]. Stevenson, Washington, USA: ACM,2007.205-220.
[5]IBM Blue Cloud project [EB/OL]. http://www-03.ibm.com/press/us/en/pressrelease/22613.wss/accesson June2008.
[6]2012中国云安全调查报告[EB/OL]. http://www.searchcloudcomputing.com.cn/showcontent_64418.h-tm,2012.
[7]云计算-维基百科[EB/OL]. http://zh.wikipedia.org/wiki/,2013.
[8]Mell P and Grance T. The NIST Definition of Cloud Computing[R/OL]. http://c src. ni st. gov/groups/SNS/cloud-computing/cloud-def-v15.doc,2010-02-11.
[9]Windows Azure[EB/OL], http://www.windowsazure.com/en-us/,2013.
[10]Security Guidance For Critical Areas of Focus in Cloud Computing[R/OL]. http://www.c-loudsecurityalliance.org/guidance/csaguide.v3.0.pdf,2011.
[11]张逢喆.公共云计算环境下用户数据的隐私性与安全性保护.上海:复旦大学,博士学位论文,2010.
[12]Top Threats to Cloud Computing V1.0[EB/OL]. http://wenku.baidu.com/view/db3506ea81c758f5f61f-67e5.html.
[13]Vmware Security Advisory[EB/OL]. http://www.vmware.com/security/advisories/-VMSA-2012-0011.-html,2012.
[14]冯登国,张敏,张妍等.云计算安全研究[J].软件学报,2011,22(1):71-83.
[15]沈昌祥,解析“云计算”的安全问题[J],中国高新区,2011.12:20-21
[16]OpenID Authentication2.0specification[EB/OL], Http://openid.net/specs/openid-authentication-2.0-.html
[17]John Hughes. Profiles for the OASIS Security Assertion Markup Language(SAML),V2.0[EB/OL].OASIS.2005.
[18]李健,张笈,PKI在云计算中的应用研究[J],信息网络安全,2011.
[19]朱智强,混合云服务安全若干理论与关键技术研究[D],武汉:武汉大学,博士学位论文,2011.
[20]Shamir A. Identity-based cryptosystems and signature schemes[A]. In Blakley G.R., Chaum D. eds.Advances in Cryptology-CRYPTO'84, Lecture Notes in Computer Science196[C].Berlin:Springer-Verlag,1984:47-53
[21]Chow R, Golle P, Jakobsson M, Shi E, Staddon J, Masuoka R, Molina J. Controlling data in the cloud:Outsourcing computation without outsourcing control[C]. In: Sion R, ed. Proc. of the2009ACMWorkshop on Cloud Computing Security, CCSW2009, CCS2009:8590.
[22]Song D, Wagner D, Perrig A. Practical techniques for searches on encrypted data[C]. In: Titsworth FM,ed. Proc. of the IEEE Computer Society Symp. on Research in Security and Privacy. Piscataway: IEEE,2000:4455.
[23]Malek B, Miri A. Combining attribute-based and access systems[C]. In: Muzio JC, Brent RP, eds. Proc.IEEE CSE2009,12th IEEE Int’l Conf. on Computational Science and Engineering. IEEE ComputerSociety,2009:305312.
[24]J. K. Resch,J. S. Plank. AONT-RS: blending security and performance in dispersed storage systems[C].In9th USENIX FAST,2011.
[25]M.Storer, K. Greenan, E. Miller, et al. POTSHARDS-a secure, recoverable, long-term archival storagesystem[J]. ACM Transactions on Storage,2009,5(2):1-35.
[26]Qian Wang, Kui Ren, Wenjing Lou, Yanchao Zhang. Dependable and Secure Sensor Data Storage withDynamic Integrity Assurance[C]. In: IEEE INFOCOM2009proceedings,2009,954-962.
[27]Cong Wang, Qian Wang, Kui Ren, Ning Cao, Wenjing Lou. Towards Secure and Dependable StorageServices in Cloud Computing[J]. IEEE TRANSACTIONS ON SERVICE COMPUTING,2011,20:1-14.
[28]Juels A, Kaliski B. Pors: Proofs of retrievability for large files[C]. Proc. of the2007ACM Conf. onComputer and Communications Security, CCS2007,2007:584597.
[29]Zeng K. Publicly verifiable remote data integrity[J]. In: Chen LQ, Ryan MD, Wang GL, eds. LNCS5308,2008:419434.
[30]Muntés-Mulero V, Nin J. Privacy and anonymization for very large datasets[C]. Proc of the ACM18thInt’l Conf. on Information and Knowledge Management. New York: Association for ComputingMachinery,2009:21172118.
[31]Rankova M, Vo B, Bellovin SM, Malkin T. Secure anonymous database search[C]. In: Proc. of the2009ACM Workshop on Cloud Computing Security, New York: Association for Computing Machinery,2009:115126.
[32]Mowbray M, Pears on S. A client-based privacy manager for cloud computing [C]. Proceedings of the4th International ICST Conference on Communication System Software and Middleware, New York,USA: Association for Computing Machinery,2009.
[33]A. Haeberlen. A case for the accountable cloud[C]. ACM SIGOPS Operating Systems Review,2010,44(2):52-57.
[34]J.H. Yao, S.P. Chen, C. Wang et al. Accountability as a Service for the Cloud[C]. In Proceedings ofIEEE International Conference on Services Computing,2010:81-88.
[35]Chen Wang, Ying Zhou. A Collaborative Monitoring Mechanism for Malting a Multitenant PlatformAccountable [C]. USENIX HotCloud2010. USENIX,2010.
[36]A. R. Yumerefendi, J. S. Chase. Strong accountability for network storage[J]. ACM Transactions onStorage,2007,3(3): Article11.
[37]Gentry C. Fully homomorphic encryption using ideal lattices[C]. Proc. of the2009ACM Int’lSymposium on Theory of Computing,2009.
[38]Sadeghi AR, Schneider T, Winandy M. Token-Based cloud computing: Secure outsourcing of data andarbitrary computations with lower latency [C]. Proc. of the3rd Int’l Conference on Trust and TrustworthyComputing,2010:417429.
[39]Jianxin Li, Bo Li, Tianyu Wo, Chunming Hu,etc. CyberGuarder: A Virtualization Security AssuranceArchitecture for Green Cloud Computing[J]. In: Future Generation Computer Systems,2012,28:379-390.
[40]Chaoliang Zhong, Jun Zhang, Yingju Xia. Construction of a Trusted SaaS Platform[C]. In: IEEEInternational Symposium on Service Oriented System Engineering,2010:244-251.
[41]Phillips C E, Ting T C, Demurjian S A. Information Sharing and Security in Dynamic Coalitions[C].Processings of7th ACM Symposium on Access Control Models and Technologies.Monterey,2002:87-96.
[42]Zhu Tianyi, etc.. An efficient Role Based Access Control System for Cloud Computing[C].11th IEEEInternational Conference on Computer and Information Technology,2011.
[43]Li Dancheng,RBAC-based Access Control for SaaS Systems[C].2nd International Conference onInformation Engineering and Computer Scientce,2010.
[44]Myers A C, Liskov B. Protecting Privacy Using the Decentralized Label Model[J]. ACM Transactionson Computer Systems,2000,9(4):410-442.
[45]Jed Liu, Michael D. George, K. Vikram, Xin Qi, Lucas Waye and Andrew C. Myers. Fabric: A platformfor secure distributed computation and storage[C].22nd ACM Symposium on Operating SystemsPrinciples (SOSP'09),2009:321–334.
[46]Petros Efstathopoulos, Maxwell Krohn, Steve VanDeBogart,ect.. Labels and Event Processes in theAsbestos Operating System[C]. In:SOSP’05, Brighton, United Kingdom,2005.
[47]N. B. Zeldovich, S. Boyd-Wickizer, E. Kohler, D. Mazi`eres. Making information flow explicit inHiStar[C]. In:7th USENIX Symposium on Operating Systems Design and Implementation. San Jose:USENIX Association,2006:263-278.
[48]Nickolai Zeldovich, Silas Boyd-Wickizer, David Mazieres. Securing Distributed Systems withInformation Flow Control[C].5thUSENIX Symposium on Networked Systems Design andImplementation,2008.
[49]M. Krohn, A. Yip, M. Brodsky, N. Clier, M. F. Kaashoek, E. Kohler, R. Morris. Information flowcontrol for standard OS abstractions[C]. In SOSP, USA: Association for Computing Machinery,2007.
[50]叶建伟.云计算系统中作业安全技术研究[D].哈尔滨:哈尔滨工业大学,博士学位论文,2011.
[51]Qing Zhang John McCullough Justin Ma, etc.. Neon: System Support for Derived DataManagement[C]. In: Proc. of the6th ACM SIGPLAN/SIGOPS international conference on Virtualexecution environment,2010.
[52]Andrey Ermolinskiy. Design and Implementation of a Hypervisor-Based Platform for DynamicInformation Flow Tracking in a Distributed Environment[D]. A dissertation of Ph.D of the UNIVERSITYOF CALIFORNIA, BERKELEY,2011.
[53]沈昌祥.云计算安全[J].信息安全与通信保密,2010:15-16.
[54]赵波,严飞,张立强,王鹃等.可信云计算环境的构建[J].2012,7(8):28-34.
[55]Berger S, Caceres R, Goldman K, et al. vTPM: Virtualizing the Trusted Platform Module[C]. In:Proceedings of the15th Conference on USENIX Security Symposium,2006,15:21-21.
[56]T.Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, D. Boneh. Terra:A virtual machine-based platform fortrusted computing[C]. Proc. SOSP’03,2003.
[57]Intel Corp. Trusted Execution Technology[EB/OL]. http://www.intel.com/technology/security/.
[58][1] Microsoft Corp. Next Generation Secure Computing Base[EB/OL]. http://www.microsoft.com/resources/ngscb/default.mspx.
[59]A.M. Azab, P. Ning, E. C. Sezer, X. Zhang.“HIMA: A hypervisor based integrity measurementagent”[C]. Proceedings of the25th Annual Computer Security Applications Conference,2009:193-206
[60]程戈.基于虚拟机架构的可信计算环境构建机制研究[D].武汉:华中科技大学,博士学位论文,2010.
[61]Apache Hadoop[EB/OL]. http://hadoop.apache.org/.
[62]MongoDB Home[EB/OL]. http://www.mongodb.org/.
[63]Juang W S, Chiu J Y, Chang H Y. A secure and efficient delegation-based authentication scheme inpublic clouds[C]. In:The1st Cross-Straits Conference On Information Security, Hangzhou,2011:96-102.
[64]谢琪,吴吉义,王贵林,等.云计算中基于可转换代理签密的可证安全的认证协议[J].中国科学:信息科学,2012,42:303-313.
[65]Abdalla, M., Fouque, P.-A., and Pointcheval, D. Password-based authenticated key exchange in thethree-party setting[J]. In: Proc. of PKC’2005, pp.65-84, LNCS3386, Springer-Verlag. Full versionappeared in IEE Information Security,2006,153(1):27-39.
[66]Abdalla, M. Pointcheval, D. Interactive Diffie-Hellman Assumptions with Applications toPassword-based Authentication[C]. In: Proc. of FC’2005, pp.341-356, LNCS3570, Springer-Verlag,2005.
[67]Lu, R.X., Cao, Z.F. Simple three-party key exchange protocol, Computers and Security[J],2007,26:94-97
[68]Huang, H.-F. A simple three-party password-based key exchange protocol[J]. Int. J. Commun. Syst.,2009,22(7):857-862.
[69]Wang W., Hu, L. Efficient and Provably Secure Generic Construction of Three-Party Password-BasedAuthenticated Key Exchange Protocols[J]. In: Proc. of INDOCRYPT2006, LNCS4329, Springer-Verlag,2006:118-132.
[70]K.-K. R. Choo, C. Boyd, Y. Hitchcock. Examining Indistinguishability-Based Proof Models for KeyEstablishment Protocols[J]. in Proc. of ASIACRYPT’2005, LNCS3788, Springer-Verlag,2005:585-604.
[71]Chung, H.-R., Ku, W.-C. Three weaknesses in a simple three-party key exchange protocol[J].Information Science,2008,178:220-229.
[72]Yoon, E.J., Yoo, K.Y. Cryptanalysis of a simple three-party password-based key exchange protocol[J].International Journal of Communication Systems,2011,24(4):532-542.
[73]Lo, J.-W., Lee, J.-Z., Hwang, M.-S., Chu, Y.-P. An Advanced Password Authenticated Key ExchangeProtocol for Imbalanced Wireless Networks[J]. Journal of Internet Technology,2010,11(7):997-1004.
[74]Abdalla, M., Fouque, P.-A., Pointcheval, D. Password-based authenticated key exchange in thethree-party setting[J]. In: Proc. of PKC’2005, pp.65-84, LNCS3386, Springer-Verlag(2005). Full versionappeared in IEE Information Security,2006,153(1):27-39.
[75]Abdalla, M., and Pointcheval, D.: Interactive Diffie-Hellman Assumptions with Applications toPassword-based Authentication[J]. In: Proc. of FC’2005, LNCS3570, Springer-Verlag2005:341-356,.
[76]Lu, R.X., Cao, Z.F.: Simple three-party key exchange protocol, Computers and Security[J], Vol.26,2007:94-97.
[77]Chien, H. Y., Wu, T. C. Provably secure password-based three-party key exchange with optimalmessage steps[J]. Computer Journal,2009,52(6):646-655.
[78]Huang, H.-F. A simple three-party password-based key exchange protocol[J]. Int. J. Commun. Syst.,2009,7(22):857-862.
[79]Lo, J.-W., Lee, J.-Z., Hwang, M.-S., Chu, Y.-P. An Advanced Password Authenticated Key ExchangeProtocol for Imbalanced Wireless Networks[J]. Journal of Internet Technology,2010,11(7):997-1004.
[80]Lee, T-F., Hwang, T. Simple Password-Based Three-Party Authenticated Key Exchange without ServerPublic Keys[J]. Information Sciences,2010,9(180):1702-1714.
[81]Chang, T.-Y., Hwang, M.-S., Yang, W.-P. A Communication-Efficient Three-Party PasswordAuthenticated Key Exchange Protocol[J]. Information Sciences,2011,181:217-226.
[82]H.-Y. Chien. Secure Verifier-Based Three-Party Key Exchange in the Random Oracle Model[J].Journal of Information Science And Engineering,2011,27(4):1487-1501.
[83]Zeng, Y., Ma, J., Moon, S. An Improvement on a Three-party Password-based Key Exchange ProtocolUsing Weil Pairing[J]. International Journal of Network Security,2010,11(1):17-22.
[84]Lou, D.-C., Huang, H.-F. Efficient three-party password-based key exchange scheme[J]. Int. J.Commun. Syst.,2011,24(4):504-512.
[85]Hankerson, D., Menezes, A., Vanstone, S. Guide to elliptic curve cryptography[EB/OL].Springer-Verlag,2004.
[86]Koblitz, N. Elliptic curve cryptosystem. Mathematics of Computation[J].1987,48:203-209.
[87]Boyd, C., Montague, P., Nguyen, K. Elliptic Curve Based Password Authenticated Key ExchangeProtocols[J]. In: Proc. of28th Australasian Conference on Information Security and Privacy-ACISP2001, LNCS2119, Springer,2001:487-501.
[88]Abdalla, M. Pointcheval, D. Simple Password-Based Encrypted Key Exchange Protocols[J]. InProceedings of Topics in Cryptology-CT-RSA2005, LNCS3376, Springer-Verlag,2005:191-208.
[89]Bellare, M., Pointcheval, D., Rogaway, P. Authenticated key exchange secure against dictionaryattacks[J]. In: Proceedings of Advances in Cryptology-EUROCRYPT2000, LNCS1807, Springer-Verlag,2000:139-155.
[90]Bresson, E., Chevassut, O., and Pointcheval, D. New security results on encrypted key exchange[J]. In:Proceedings of PKC2004:7th International Workshop on Theory and Practice in Public KeyCryptography, LNCS2947, Springer-Verlag,2004:145-158.
[91]Abdalla, M., Bellare, M., Rogaway, P. The oracle Diffie-Hellman assumptions and an analysis ofDHIES[J]. In: Proceedings of CT-RSA’2001, Springer-Verlag,2001:143-158.
[92]Pointcheval D. Provable Security for Public Key Schemes[J]. Contemporary Cryptology(AdvancedCourses in Mathematics-CRM Barcelona),2005:133-189.
[93]Y.Deswarte, J.-J. Quisquater.Remote Integrity Checking[C]. Sixth Working Conference on Integrityand Internal Control in Information Systems.Kluwer Academic Publishers,2004:1–11.
[94]D.L.G.Filho, P.S.L.M.Barreto. Demonstrating data possession and uncheatable data transfer[R/OL].Cryptology ePrint Archive,Report2006/150,2006.
[95]G.Ateniese, R.Burns,R.Curtmola, J.Herring, L.Kissner, Z.Peterson, D. Song.Provable data possessionat untrusted stores[C]. Proceedings of the14th ACM conference on Computer and communicationssecurity.ACM,2007:598–609.
[96]Baoyu An, Dong Li, Da Xiao et al. Accountability for Data Integrity in Cloud Storage Service[J].International Journal of Advancements in Computing Technology,2012,4(7):360-370.
[97]Ghemawat S, Gobioff H, Leung S. The Google file system[C]. SOSP'03. Bolton Landing, NY, USA:ACM,2003:29-43.
[98]郝卓.远程数据完整性和认证技术研究[D].合肥:中国科学技术大学,博士学位论文,2011.
[99]Parakh A, Kak S. Space efficient secret sharing for implicit data security[J]. Information Science s,2011,181(2):335-341.
[100]唐春明,Gao Shu-hong.防泄露的秘密共享方案及其在群身份认证协议中的应用[J].中国科学:信息科学,2012,42:634-647.
[101]Baoyu An, Liang Zhou, Zhe Gong et al. Light-weight Proofs of Retrievability in Cloud ArchiveStorage with Replications[J]. International Journal of Digital Content Technology and itsApplications.2012.
[102]F.Sebe,J.Domingo-Ferrer,A.Martinez-Balleste,etc.Efficient remote data possession checking in criticalinformation infrastructures[J].IEEE Trans.on Knowledge and Data Engineering,2008,20(8):1034–1038.
[103]Agrawal R, Kiernan J. Watermarking relational databases[C]. In: Proceeding of the28th VLDBconference. Hong Kong: University of Science&Technology,2002:155-166.
[104]朱勤,于守健,乐嘉锦,骆轶姝.外包数据库系统安全机制研究[J].计算机科学,2007,2(34):152-156.
[105]Kohda 'Tsuneda A.Statistics of chaotic binary sequences[J]. IEEE Transaction on Information Theory,1997,43(1):105-112.
[106]Forest CoverType数据集[EB/OL], http://kdd.ics.uci.edu/databaseds/covertype/covertype.data.html.
[107]Deyi Li, Yi Du. Artificial Intelligence with Uncertainty. CRC Press, Taylor and Francis Group, NewYork,2007.
[108]王伟,高能,江丽娜.云计算安全需求分析研究[J].信息网络安全,2012.
[109]Michael Huth,Mark Ryan著,何伟,樊磊译.面向计算机科学的逻辑系统建模与推理[M].机械工业出版社,2007.
[110]A. G. Hamilton. Logic for Mathematicians[M](影印版).清华大学出版社,2003.
[111]A.Sabelfeld, D. Sands, Dimensions and Principles of Declassification[C]. In Proc. IEEE ComputerSecurity Foundations Workshop,2005:255-269.
[112]Denning D E. A Lattice Model of Secure Information Flow[J]. Communications of the ACM,1976,19(5):236-243.
[113]C. Wright, C. Cowan, S. Smalley, J.Morris, G. K. Hartman. Linux security modules: General securitysupport for the Linux kernel[C]. In USENIX Security Symposium,2002.
[114]R. Sailer, X. Zhang, T. Jaeger, etc.. Design and Implementation of a TCG-based Integritymeasurement Architecture[C]. Proceedings of the13thUSENIX Security Symposium, Berkeley, CA, USA,2004:223-238.
[115]J. N. Petroni, T. Fraser, J. Molina, etc.. Copilot-A Corprocessor-Based Kernel Runtime IntegirtyMonitor[C]. Porceedings of the13thUSENIX Security Symposium,2004:179-194
[116]C. Wei, S. Song, W. Hua, etc.. Operating Systems Support for Process Dynamic IntegrityMeasurement[C]. Proceedings of the IEEE Youth Conference on Information, Computing andTelecommunication,2009:339-342.
[117]Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, etc.. Xen and the art of virtualization[C]. InProceedings of the nineteenth ACM symposium on Operating systems principles (SOSP '03). ACM, NewYork, NY, USA,2003:164-177.
[118]张兴,沈昌祥.一种新的可信平台控制模块设计方案[J].武汉大学学报信息科学版,2008,33(10):1011-1014.
[119]Daniel Nurmi, Rich Wolski, Chris Grzegorczyk. The Eucalyptus Open-source Cloud-computingSystem[C].9thIEEE/ACM Symposium on Cluster and the Grid,2009:124-131.
[120]N. Santos, K. P. Gummadi, R. Rodrigues. Towards trusted cloud computing[C]. Proc. HotCloud’09,San Diego, CA, USA,2009.
[121]Cassandra.Apache.org. Cassandra documentation from DataStax[EB/OL]. http://wiki.apache.org/cas-sandra/GettingStartedo.
[2]Stefan Ried. Sizing the Cloud[EB/OL]. http://blogs.forrester.com/stefanried/11-04-21-sizing the cloud.2011-4-21.
[3]Dean J, Ghemawat S. MapReduce: a flexible data processing tool[J]. Commun ACM,2010,53(1):72-77.
[4]Decandia G, Hastorun D, Jampani M, et al. Dynamo: amazon's highly available key-value store[A].SOSP'07[C]. Stevenson, Washington, USA: ACM,2007.205-220.
[5]IBM Blue Cloud project [EB/OL]. http://www-03.ibm.com/press/us/en/pressrelease/22613.wss/accesson June2008.
[6]2012中国云安全调查报告[EB/OL]. http://www.searchcloudcomputing.com.cn/showcontent_64418.h-tm,2012.
[7]云计算-维基百科[EB/OL]. http://zh.wikipedia.org/wiki/,2013.
[8]Mell P and Grance T. The NIST Definition of Cloud Computing[R/OL]. http://c src. ni st. gov/groups/SNS/cloud-computing/cloud-def-v15.doc,2010-02-11.
[9]Windows Azure[EB/OL], http://www.windowsazure.com/en-us/,2013.
[10]Security Guidance For Critical Areas of Focus in Cloud Computing[R/OL]. http://www.c-loudsecurityalliance.org/guidance/csaguide.v3.0.pdf,2011.
[11]张逢喆.公共云计算环境下用户数据的隐私性与安全性保护.上海:复旦大学,博士学位论文,2010.
[12]Top Threats to Cloud Computing V1.0[EB/OL]. http://wenku.baidu.com/view/db3506ea81c758f5f61f-67e5.html.
[13]Vmware Security Advisory[EB/OL]. http://www.vmware.com/security/advisories/-VMSA-2012-0011.-html,2012.
[14]冯登国,张敏,张妍等.云计算安全研究[J].软件学报,2011,22(1):71-83.
[15]沈昌祥,解析“云计算”的安全问题[J],中国高新区,2011.12:20-21
[16]OpenID Authentication2.0specification[EB/OL], Http://openid.net/specs/openid-authentication-2.0-.html
[17]John Hughes. Profiles for the OASIS Security Assertion Markup Language(SAML),V2.0[EB/OL].OASIS.2005.
[18]李健,张笈,PKI在云计算中的应用研究[J],信息网络安全,2011.
[19]朱智强,混合云服务安全若干理论与关键技术研究[D],武汉:武汉大学,博士学位论文,2011.
[20]Shamir A. Identity-based cryptosystems and signature schemes[A]. In Blakley G.R., Chaum D. eds.Advances in Cryptology-CRYPTO'84, Lecture Notes in Computer Science196[C].Berlin:Springer-Verlag,1984:47-53
[21]Chow R, Golle P, Jakobsson M, Shi E, Staddon J, Masuoka R, Molina J. Controlling data in the cloud:Outsourcing computation without outsourcing control[C]. In: Sion R, ed. Proc. of the2009ACMWorkshop on Cloud Computing Security, CCSW2009, CCS2009:8590.
[22]Song D, Wagner D, Perrig A. Practical techniques for searches on encrypted data[C]. In: Titsworth FM,ed. Proc. of the IEEE Computer Society Symp. on Research in Security and Privacy. Piscataway: IEEE,2000:4455.
[23]Malek B, Miri A. Combining attribute-based and access systems[C]. In: Muzio JC, Brent RP, eds. Proc.IEEE CSE2009,12th IEEE Int’l Conf. on Computational Science and Engineering. IEEE ComputerSociety,2009:305312.
[24]J. K. Resch,J. S. Plank. AONT-RS: blending security and performance in dispersed storage systems[C].In9th USENIX FAST,2011.
[25]M.Storer, K. Greenan, E. Miller, et al. POTSHARDS-a secure, recoverable, long-term archival storagesystem[J]. ACM Transactions on Storage,2009,5(2):1-35.
[26]Qian Wang, Kui Ren, Wenjing Lou, Yanchao Zhang. Dependable and Secure Sensor Data Storage withDynamic Integrity Assurance[C]. In: IEEE INFOCOM2009proceedings,2009,954-962.
[27]Cong Wang, Qian Wang, Kui Ren, Ning Cao, Wenjing Lou. Towards Secure and Dependable StorageServices in Cloud Computing[J]. IEEE TRANSACTIONS ON SERVICE COMPUTING,2011,20:1-14.
[28]Juels A, Kaliski B. Pors: Proofs of retrievability for large files[C]. Proc. of the2007ACM Conf. onComputer and Communications Security, CCS2007,2007:584597.
[29]Zeng K. Publicly verifiable remote data integrity[J]. In: Chen LQ, Ryan MD, Wang GL, eds. LNCS5308,2008:419434.
[30]Muntés-Mulero V, Nin J. Privacy and anonymization for very large datasets[C]. Proc of the ACM18thInt’l Conf. on Information and Knowledge Management. New York: Association for ComputingMachinery,2009:21172118.
[31]Rankova M, Vo B, Bellovin SM, Malkin T. Secure anonymous database search[C]. In: Proc. of the2009ACM Workshop on Cloud Computing Security, New York: Association for Computing Machinery,2009:115126.
[32]Mowbray M, Pears on S. A client-based privacy manager for cloud computing [C]. Proceedings of the4th International ICST Conference on Communication System Software and Middleware, New York,USA: Association for Computing Machinery,2009.
[33]A. Haeberlen. A case for the accountable cloud[C]. ACM SIGOPS Operating Systems Review,2010,44(2):52-57.
[34]J.H. Yao, S.P. Chen, C. Wang et al. Accountability as a Service for the Cloud[C]. In Proceedings ofIEEE International Conference on Services Computing,2010:81-88.
[35]Chen Wang, Ying Zhou. A Collaborative Monitoring Mechanism for Malting a Multitenant PlatformAccountable [C]. USENIX HotCloud2010. USENIX,2010.
[36]A. R. Yumerefendi, J. S. Chase. Strong accountability for network storage[J]. ACM Transactions onStorage,2007,3(3): Article11.
[37]Gentry C. Fully homomorphic encryption using ideal lattices[C]. Proc. of the2009ACM Int’lSymposium on Theory of Computing,2009.
[38]Sadeghi AR, Schneider T, Winandy M. Token-Based cloud computing: Secure outsourcing of data andarbitrary computations with lower latency [C]. Proc. of the3rd Int’l Conference on Trust and TrustworthyComputing,2010:417429.
[39]Jianxin Li, Bo Li, Tianyu Wo, Chunming Hu,etc. CyberGuarder: A Virtualization Security AssuranceArchitecture for Green Cloud Computing[J]. In: Future Generation Computer Systems,2012,28:379-390.
[40]Chaoliang Zhong, Jun Zhang, Yingju Xia. Construction of a Trusted SaaS Platform[C]. In: IEEEInternational Symposium on Service Oriented System Engineering,2010:244-251.
[41]Phillips C E, Ting T C, Demurjian S A. Information Sharing and Security in Dynamic Coalitions[C].Processings of7th ACM Symposium on Access Control Models and Technologies.Monterey,2002:87-96.
[42]Zhu Tianyi, etc.. An efficient Role Based Access Control System for Cloud Computing[C].11th IEEEInternational Conference on Computer and Information Technology,2011.
[43]Li Dancheng,RBAC-based Access Control for SaaS Systems[C].2nd International Conference onInformation Engineering and Computer Scientce,2010.
[44]Myers A C, Liskov B. Protecting Privacy Using the Decentralized Label Model[J]. ACM Transactionson Computer Systems,2000,9(4):410-442.
[45]Jed Liu, Michael D. George, K. Vikram, Xin Qi, Lucas Waye and Andrew C. Myers. Fabric: A platformfor secure distributed computation and storage[C].22nd ACM Symposium on Operating SystemsPrinciples (SOSP'09),2009:321–334.
[46]Petros Efstathopoulos, Maxwell Krohn, Steve VanDeBogart,ect.. Labels and Event Processes in theAsbestos Operating System[C]. In:SOSP’05, Brighton, United Kingdom,2005.
[47]N. B. Zeldovich, S. Boyd-Wickizer, E. Kohler, D. Mazi`eres. Making information flow explicit inHiStar[C]. In:7th USENIX Symposium on Operating Systems Design and Implementation. San Jose:USENIX Association,2006:263-278.
[48]Nickolai Zeldovich, Silas Boyd-Wickizer, David Mazieres. Securing Distributed Systems withInformation Flow Control[C].5thUSENIX Symposium on Networked Systems Design andImplementation,2008.
[49]M. Krohn, A. Yip, M. Brodsky, N. Clier, M. F. Kaashoek, E. Kohler, R. Morris. Information flowcontrol for standard OS abstractions[C]. In SOSP, USA: Association for Computing Machinery,2007.
[50]叶建伟.云计算系统中作业安全技术研究[D].哈尔滨:哈尔滨工业大学,博士学位论文,2011.
[51]Qing Zhang John McCullough Justin Ma, etc.. Neon: System Support for Derived DataManagement[C]. In: Proc. of the6th ACM SIGPLAN/SIGOPS international conference on Virtualexecution environment,2010.
[52]Andrey Ermolinskiy. Design and Implementation of a Hypervisor-Based Platform for DynamicInformation Flow Tracking in a Distributed Environment[D]. A dissertation of Ph.D of the UNIVERSITYOF CALIFORNIA, BERKELEY,2011.
[53]沈昌祥.云计算安全[J].信息安全与通信保密,2010:15-16.
[54]赵波,严飞,张立强,王鹃等.可信云计算环境的构建[J].2012,7(8):28-34.
[55]Berger S, Caceres R, Goldman K, et al. vTPM: Virtualizing the Trusted Platform Module[C]. In:Proceedings of the15th Conference on USENIX Security Symposium,2006,15:21-21.
[56]T.Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, D. Boneh. Terra:A virtual machine-based platform fortrusted computing[C]. Proc. SOSP’03,2003.
[57]Intel Corp. Trusted Execution Technology[EB/OL]. http://www.intel.com/technology/security/.
[58][1] Microsoft Corp. Next Generation Secure Computing Base[EB/OL]. http://www.microsoft.com/resources/ngscb/default.mspx.
[59]A.M. Azab, P. Ning, E. C. Sezer, X. Zhang.“HIMA: A hypervisor based integrity measurementagent”[C]. Proceedings of the25th Annual Computer Security Applications Conference,2009:193-206
[60]程戈.基于虚拟机架构的可信计算环境构建机制研究[D].武汉:华中科技大学,博士学位论文,2010.
[61]Apache Hadoop[EB/OL]. http://hadoop.apache.org/.
[62]MongoDB Home[EB/OL]. http://www.mongodb.org/.
[63]Juang W S, Chiu J Y, Chang H Y. A secure and efficient delegation-based authentication scheme inpublic clouds[C]. In:The1st Cross-Straits Conference On Information Security, Hangzhou,2011:96-102.
[64]谢琪,吴吉义,王贵林,等.云计算中基于可转换代理签密的可证安全的认证协议[J].中国科学:信息科学,2012,42:303-313.
[65]Abdalla, M., Fouque, P.-A., and Pointcheval, D. Password-based authenticated key exchange in thethree-party setting[J]. In: Proc. of PKC’2005, pp.65-84, LNCS3386, Springer-Verlag. Full versionappeared in IEE Information Security,2006,153(1):27-39.
[66]Abdalla, M. Pointcheval, D. Interactive Diffie-Hellman Assumptions with Applications toPassword-based Authentication[C]. In: Proc. of FC’2005, pp.341-356, LNCS3570, Springer-Verlag,2005.
[67]Lu, R.X., Cao, Z.F. Simple three-party key exchange protocol, Computers and Security[J],2007,26:94-97
[68]Huang, H.-F. A simple three-party password-based key exchange protocol[J]. Int. J. Commun. Syst.,2009,22(7):857-862.
[69]Wang W., Hu, L. Efficient and Provably Secure Generic Construction of Three-Party Password-BasedAuthenticated Key Exchange Protocols[J]. In: Proc. of INDOCRYPT2006, LNCS4329, Springer-Verlag,2006:118-132.
[70]K.-K. R. Choo, C. Boyd, Y. Hitchcock. Examining Indistinguishability-Based Proof Models for KeyEstablishment Protocols[J]. in Proc. of ASIACRYPT’2005, LNCS3788, Springer-Verlag,2005:585-604.
[71]Chung, H.-R., Ku, W.-C. Three weaknesses in a simple three-party key exchange protocol[J].Information Science,2008,178:220-229.
[72]Yoon, E.J., Yoo, K.Y. Cryptanalysis of a simple three-party password-based key exchange protocol[J].International Journal of Communication Systems,2011,24(4):532-542.
[73]Lo, J.-W., Lee, J.-Z., Hwang, M.-S., Chu, Y.-P. An Advanced Password Authenticated Key ExchangeProtocol for Imbalanced Wireless Networks[J]. Journal of Internet Technology,2010,11(7):997-1004.
[74]Abdalla, M., Fouque, P.-A., Pointcheval, D. Password-based authenticated key exchange in thethree-party setting[J]. In: Proc. of PKC’2005, pp.65-84, LNCS3386, Springer-Verlag(2005). Full versionappeared in IEE Information Security,2006,153(1):27-39.
[75]Abdalla, M., and Pointcheval, D.: Interactive Diffie-Hellman Assumptions with Applications toPassword-based Authentication[J]. In: Proc. of FC’2005, LNCS3570, Springer-Verlag2005:341-356,.
[76]Lu, R.X., Cao, Z.F.: Simple three-party key exchange protocol, Computers and Security[J], Vol.26,2007:94-97.
[77]Chien, H. Y., Wu, T. C. Provably secure password-based three-party key exchange with optimalmessage steps[J]. Computer Journal,2009,52(6):646-655.
[78]Huang, H.-F. A simple three-party password-based key exchange protocol[J]. Int. J. Commun. Syst.,2009,7(22):857-862.
[79]Lo, J.-W., Lee, J.-Z., Hwang, M.-S., Chu, Y.-P. An Advanced Password Authenticated Key ExchangeProtocol for Imbalanced Wireless Networks[J]. Journal of Internet Technology,2010,11(7):997-1004.
[80]Lee, T-F., Hwang, T. Simple Password-Based Three-Party Authenticated Key Exchange without ServerPublic Keys[J]. Information Sciences,2010,9(180):1702-1714.
[81]Chang, T.-Y., Hwang, M.-S., Yang, W.-P. A Communication-Efficient Three-Party PasswordAuthenticated Key Exchange Protocol[J]. Information Sciences,2011,181:217-226.
[82]H.-Y. Chien. Secure Verifier-Based Three-Party Key Exchange in the Random Oracle Model[J].Journal of Information Science And Engineering,2011,27(4):1487-1501.
[83]Zeng, Y., Ma, J., Moon, S. An Improvement on a Three-party Password-based Key Exchange ProtocolUsing Weil Pairing[J]. International Journal of Network Security,2010,11(1):17-22.
[84]Lou, D.-C., Huang, H.-F. Efficient three-party password-based key exchange scheme[J]. Int. J.Commun. Syst.,2011,24(4):504-512.
[85]Hankerson, D., Menezes, A., Vanstone, S. Guide to elliptic curve cryptography[EB/OL].Springer-Verlag,2004.
[86]Koblitz, N. Elliptic curve cryptosystem. Mathematics of Computation[J].1987,48:203-209.
[87]Boyd, C., Montague, P., Nguyen, K. Elliptic Curve Based Password Authenticated Key ExchangeProtocols[J]. In: Proc. of28th Australasian Conference on Information Security and Privacy-ACISP2001, LNCS2119, Springer,2001:487-501.
[88]Abdalla, M. Pointcheval, D. Simple Password-Based Encrypted Key Exchange Protocols[J]. InProceedings of Topics in Cryptology-CT-RSA2005, LNCS3376, Springer-Verlag,2005:191-208.
[89]Bellare, M., Pointcheval, D., Rogaway, P. Authenticated key exchange secure against dictionaryattacks[J]. In: Proceedings of Advances in Cryptology-EUROCRYPT2000, LNCS1807, Springer-Verlag,2000:139-155.
[90]Bresson, E., Chevassut, O., and Pointcheval, D. New security results on encrypted key exchange[J]. In:Proceedings of PKC2004:7th International Workshop on Theory and Practice in Public KeyCryptography, LNCS2947, Springer-Verlag,2004:145-158.
[91]Abdalla, M., Bellare, M., Rogaway, P. The oracle Diffie-Hellman assumptions and an analysis ofDHIES[J]. In: Proceedings of CT-RSA’2001, Springer-Verlag,2001:143-158.
[92]Pointcheval D. Provable Security for Public Key Schemes[J]. Contemporary Cryptology(AdvancedCourses in Mathematics-CRM Barcelona),2005:133-189.
[93]Y.Deswarte, J.-J. Quisquater.Remote Integrity Checking[C]. Sixth Working Conference on Integrityand Internal Control in Information Systems.Kluwer Academic Publishers,2004:1–11.
[94]D.L.G.Filho, P.S.L.M.Barreto. Demonstrating data possession and uncheatable data transfer[R/OL].Cryptology ePrint Archive,Report2006/150,2006.
[95]G.Ateniese, R.Burns,R.Curtmola, J.Herring, L.Kissner, Z.Peterson, D. Song.Provable data possessionat untrusted stores[C]. Proceedings of the14th ACM conference on Computer and communicationssecurity.ACM,2007:598–609.
[96]Baoyu An, Dong Li, Da Xiao et al. Accountability for Data Integrity in Cloud Storage Service[J].International Journal of Advancements in Computing Technology,2012,4(7):360-370.
[97]Ghemawat S, Gobioff H, Leung S. The Google file system[C]. SOSP'03. Bolton Landing, NY, USA:ACM,2003:29-43.
[98]郝卓.远程数据完整性和认证技术研究[D].合肥:中国科学技术大学,博士学位论文,2011.
[99]Parakh A, Kak S. Space efficient secret sharing for implicit data security[J]. Information Science s,2011,181(2):335-341.
[100]唐春明,Gao Shu-hong.防泄露的秘密共享方案及其在群身份认证协议中的应用[J].中国科学:信息科学,2012,42:634-647.
[101]Baoyu An, Liang Zhou, Zhe Gong et al. Light-weight Proofs of Retrievability in Cloud ArchiveStorage with Replications[J]. International Journal of Digital Content Technology and itsApplications.2012.
[102]F.Sebe,J.Domingo-Ferrer,A.Martinez-Balleste,etc.Efficient remote data possession checking in criticalinformation infrastructures[J].IEEE Trans.on Knowledge and Data Engineering,2008,20(8):1034–1038.
[103]Agrawal R, Kiernan J. Watermarking relational databases[C]. In: Proceeding of the28th VLDBconference. Hong Kong: University of Science&Technology,2002:155-166.
[104]朱勤,于守健,乐嘉锦,骆轶姝.外包数据库系统安全机制研究[J].计算机科学,2007,2(34):152-156.
[105]Kohda 'Tsuneda A.Statistics of chaotic binary sequences[J]. IEEE Transaction on Information Theory,1997,43(1):105-112.
[106]Forest CoverType数据集[EB/OL], http://kdd.ics.uci.edu/databaseds/covertype/covertype.data.html.
[107]Deyi Li, Yi Du. Artificial Intelligence with Uncertainty. CRC Press, Taylor and Francis Group, NewYork,2007.
[108]王伟,高能,江丽娜.云计算安全需求分析研究[J].信息网络安全,2012.
[109]Michael Huth,Mark Ryan著,何伟,樊磊译.面向计算机科学的逻辑系统建模与推理[M].机械工业出版社,2007.
[110]A. G. Hamilton. Logic for Mathematicians[M](影印版).清华大学出版社,2003.
[111]A.Sabelfeld, D. Sands, Dimensions and Principles of Declassification[C]. In Proc. IEEE ComputerSecurity Foundations Workshop,2005:255-269.
[112]Denning D E. A Lattice Model of Secure Information Flow[J]. Communications of the ACM,1976,19(5):236-243.
[113]C. Wright, C. Cowan, S. Smalley, J.Morris, G. K. Hartman. Linux security modules: General securitysupport for the Linux kernel[C]. In USENIX Security Symposium,2002.
[114]R. Sailer, X. Zhang, T. Jaeger, etc.. Design and Implementation of a TCG-based Integritymeasurement Architecture[C]. Proceedings of the13thUSENIX Security Symposium, Berkeley, CA, USA,2004:223-238.
[115]J. N. Petroni, T. Fraser, J. Molina, etc.. Copilot-A Corprocessor-Based Kernel Runtime IntegirtyMonitor[C]. Porceedings of the13thUSENIX Security Symposium,2004:179-194
[116]C. Wei, S. Song, W. Hua, etc.. Operating Systems Support for Process Dynamic IntegrityMeasurement[C]. Proceedings of the IEEE Youth Conference on Information, Computing andTelecommunication,2009:339-342.
[117]Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, etc.. Xen and the art of virtualization[C]. InProceedings of the nineteenth ACM symposium on Operating systems principles (SOSP '03). ACM, NewYork, NY, USA,2003:164-177.
[118]张兴,沈昌祥.一种新的可信平台控制模块设计方案[J].武汉大学学报信息科学版,2008,33(10):1011-1014.
[119]Daniel Nurmi, Rich Wolski, Chris Grzegorczyk. The Eucalyptus Open-source Cloud-computingSystem[C].9thIEEE/ACM Symposium on Cluster and the Grid,2009:124-131.
[120]N. Santos, K. P. Gummadi, R. Rodrigues. Towards trusted cloud computing[C]. Proc. HotCloud’09,San Diego, CA, USA,2009.
[121]Cassandra.Apache.org. Cassandra documentation from DataStax[EB/OL]. http://wiki.apache.org/cas-sandra/GettingStartedo.