基于云灾备的数据安全存储关键技术研究
|
摘要
云计算与云存储技术的出现为用户提供了一种支持按需使用和弹性架构的第三方IT资源及服务,能够有效地解决信息化技术迅猛发展带来的IT资源需求不断扩大的问题。由于这种服务提供的是一种透明的数据运算和存储接入方式,云计算与云存储的安全性和可信性成为用户在选择云服务时最关注的一个问题,同时也导致了这种技术无法被大规模的推广和应用。因此云计算与云存储环境中数据安全存储关键技术的研究不仅可以继续推动云计算与云存储技术的发展,还能够有效地推动我国信息化建设的步伐,具有重要的理论研究意义和实用价值。
本文针对云灾备环境中数据安全存储的机密性、完整性、可用性问题,提出了一种基于数据拆分的数据处理方法及数据安全保护技术,并针对第三方云灾备服务的特点,提出了一种使用该技术进行统一管理的海量云灾备安全存储架构。本文主要进行了下述研究工作:
第一,提出了一种基于三维空间拆分置乱的高效海量云灾备数据机密性保护关键方法ESSA,能够有效的保证灾备数据中的信息不会泄露给攻击者和云系统管理人员。ESSA(?)将灾备数据在三维空间中进行映射、置乱、拆分,利用三维数据结构恢复的复杂度来保证数据的机密性。分析结果表明,ESSA不仅具有高于传统加密方法的密钥空间大小的“恢复空间”,还能够通过不同的置乱规则提供高于门限方案的语义安全特性。与传统数据机密性保护方案不同,ESSA处理过的数据能够支持细粒度的重复数据删除,在一定程度上弥补了传统数据机密性方案对于重复数据删除效率的影响。
第二,提出了一种基于三维空间拆分置乱的数据完整性校验方法和基于这种方法的灾备数据安全存储完整性保护协议,能够有效的保证灾备数据生命周期中各个阶段的数据完整性。本文利用三维空间中数据置乱与拆分得到的每个拆分数据块所附带的坐标属性,提出了种拆分数据完整性校验信息生成方案,不仅能够保证拆分块的完整性,还将坐标属性隐藏在校验信息中,供用户在每次校验时进行确认。在传统的数据完整性校验方法的基础上,本文结合该校验信息的特点构造了三种数据完整性校验协议,分别从灾备数据生命周期中的备份、存储、恢复三个阶段分别保护数据的完整性。使用该方案的云灾备系统不仅能够向用户提供数据完整性以及服务可信性的证明,还能够有效地预防恶意的用户对云灾备服务的讹诈行为。
第三,提出了一种基于三维空间拆分置乱的用户层和云灾备服务层数据可用性保护关键方法ECESSA,能够有效的保障不可靠第三方存储环境中灾备数据的可恢复性。用户层的ECESSA技术在RAID技术研究的基础上,构造了一种三维空间中拆分面行/列奇偶纠删码验证机制,除过一种特殊分布情况以外,其它随机的错误都能够被恢复出来。实验结果显示该方法的容错能力和额外存储空间消耗会随着拆分参数的变化而变化,并通过实验寻找到两者的平衡点作为用户参数选择的参考。云灾备存储服务层的ECESSA技术根据用户层数据恢复的特点设计了一种在不同存储节点间进行数据分散的方法,在提高数据冗余度的情况下能够有效防止恶意的节点泄露用户的数据。
第四,提出了一种基于数据拆分的云灾备服务系统架构,这种架构可以通过云存储系统三层架构中任一层次为用户提供安全的数据灾备服务,保障灾备数据的安全性。与传统的云全模型不同,该模型结合三维空间中数据置乱与拆分方法的特点及其数据安全存储关键技术提供云灾备服务,能够满足第三方海量数据云灾备服务的数据安全存储需求。
Cloud Computing and Cloud Storage provide a kind of new third party IT resource and service model, which can make users able to build elasticity IT system based on their demand. These technologies propose an effective solution for the increase of IT resource demands caused by the rapid development of information technology. Because these tech-nologies provides transparent computing and storage services, security and trust problem becomes the most important issue when users make their choices. And because of these problems, Cloud Computing and Cloud Storage still can not be used for large-scale application promotion. So the storage security research about Cloud Computing and Cloud Sto-rage not only can promot this technology, but also can effectively pro-mote the informatization construction in our country. And this research has important theoretical significance and practical value.
This paper focuses on the key techniques of storage security for cloud disaster recovery, such as data confidentiality, data integrity and data avalibility. This research puts forward a kind of unified massive cloud disaster service managed by safety storage architecture and storage secu-rity techniques based on data splitting. The main contributions of this pa-per are summarized as follows:
Firstly, this paper puts forward ESSA, a highly efficient data scram-bling and split method in three-dimensional space for processing mass backup files, which can keep the privacy of information contained in backup data and prevent being leaked to the attacker and the cloud sys-tem manager. ESSA scrambles data in three-dimensional and uses the complexity of data structure recovery to ensure the confidential of split data. Analysis results show that ESSA not only has large-scale "restore space" which is not less than key space of encrypt scheme,also provides semantic security by the differences of scrambling rules which is better than threshold schemes. Unlike the traditional data confidentiality protec-tion scheme, ESSA supports a fine grit data de-duplication process, which makes up for the data de-duplication efficiency influence of traditional data confidentiality to a certain extent.
Secondly, this paper puts forward a kind of integrity check method based on data split and a series of data integrity verification protocol through the various stages of disaster-backup files'life cycle. This paper uses the coordinate property for each data pieces to propose a generation plan of integrity checking information, which will not only ensure the in-tegrity check of the piece, but also hide coordinate propert in it for user confirmation every time when he visits the data. According to the defini-tion of data integrity checking and the characteristics of integrity check information proposed, three kinds of data integrity verification protocol are designed respectively for the data backup, storage and restore pro-cesss to protect the integrity of cloud disaster recovery service. Cloud disaster recovery system which uses this scheme can provide data integr-ity service and prove its credibility for users. It also can effectively pre-vent malicious users's blackmail behavior.
Thirdly, this paper puts forward ECESSA, a kind of data availability technique in both user level and storage system level for cloud disaster recovery, which can make sure the restorability of disaster-recovery data in third party services. At the user level, ECESSA proposes a parity check code for each column and row of every plane in three-dimensional struc-ture based on the research of RAID, so that random fault can be recov-ered unless a special situation happens. Experimental results show that fault-tolerance rate and extra storage space rate will change as the para-meter changes, and tests out the balance of these rates for users'choice. At the cloud disaster recovery service level, ECESSA proposes a data re-dundance and location scheme for mass storage nodes according to the caracteristic of user level scheme, which can make improvement of data redundancy and prevents leak of the data by malicious redundancy node.
Fourthly, this paper presents a cloud disaster-recovery service system architecture based on the research of data split scheme. Whether using Software as a Service, Platform as a Service or Infrastructure as a Service, the service user can use this architecture to protect the safty of backup files. Unlike the traditional cloud security model, this architecture pro-vides third party disaster recovery service based on data split scheme and the key tecniqu of data secure storage for split data, which can satisfy the data security needs of building mass data disaster-recovery service on third party cloud.
本文针对云灾备环境中数据安全存储的机密性、完整性、可用性问题,提出了一种基于数据拆分的数据处理方法及数据安全保护技术,并针对第三方云灾备服务的特点,提出了一种使用该技术进行统一管理的海量云灾备安全存储架构。本文主要进行了下述研究工作:
第一,提出了一种基于三维空间拆分置乱的高效海量云灾备数据机密性保护关键方法ESSA,能够有效的保证灾备数据中的信息不会泄露给攻击者和云系统管理人员。ESSA(?)将灾备数据在三维空间中进行映射、置乱、拆分,利用三维数据结构恢复的复杂度来保证数据的机密性。分析结果表明,ESSA不仅具有高于传统加密方法的密钥空间大小的“恢复空间”,还能够通过不同的置乱规则提供高于门限方案的语义安全特性。与传统数据机密性保护方案不同,ESSA处理过的数据能够支持细粒度的重复数据删除,在一定程度上弥补了传统数据机密性方案对于重复数据删除效率的影响。
第二,提出了一种基于三维空间拆分置乱的数据完整性校验方法和基于这种方法的灾备数据安全存储完整性保护协议,能够有效的保证灾备数据生命周期中各个阶段的数据完整性。本文利用三维空间中数据置乱与拆分得到的每个拆分数据块所附带的坐标属性,提出了种拆分数据完整性校验信息生成方案,不仅能够保证拆分块的完整性,还将坐标属性隐藏在校验信息中,供用户在每次校验时进行确认。在传统的数据完整性校验方法的基础上,本文结合该校验信息的特点构造了三种数据完整性校验协议,分别从灾备数据生命周期中的备份、存储、恢复三个阶段分别保护数据的完整性。使用该方案的云灾备系统不仅能够向用户提供数据完整性以及服务可信性的证明,还能够有效地预防恶意的用户对云灾备服务的讹诈行为。
第三,提出了一种基于三维空间拆分置乱的用户层和云灾备服务层数据可用性保护关键方法ECESSA,能够有效的保障不可靠第三方存储环境中灾备数据的可恢复性。用户层的ECESSA技术在RAID技术研究的基础上,构造了一种三维空间中拆分面行/列奇偶纠删码验证机制,除过一种特殊分布情况以外,其它随机的错误都能够被恢复出来。实验结果显示该方法的容错能力和额外存储空间消耗会随着拆分参数的变化而变化,并通过实验寻找到两者的平衡点作为用户参数选择的参考。云灾备存储服务层的ECESSA技术根据用户层数据恢复的特点设计了一种在不同存储节点间进行数据分散的方法,在提高数据冗余度的情况下能够有效防止恶意的节点泄露用户的数据。
第四,提出了一种基于数据拆分的云灾备服务系统架构,这种架构可以通过云存储系统三层架构中任一层次为用户提供安全的数据灾备服务,保障灾备数据的安全性。与传统的云全模型不同,该模型结合三维空间中数据置乱与拆分方法的特点及其数据安全存储关键技术提供云灾备服务,能够满足第三方海量数据云灾备服务的数据安全存储需求。
Cloud Computing and Cloud Storage provide a kind of new third party IT resource and service model, which can make users able to build elasticity IT system based on their demand. These technologies propose an effective solution for the increase of IT resource demands caused by the rapid development of information technology. Because these tech-nologies provides transparent computing and storage services, security and trust problem becomes the most important issue when users make their choices. And because of these problems, Cloud Computing and Cloud Storage still can not be used for large-scale application promotion. So the storage security research about Cloud Computing and Cloud Sto-rage not only can promot this technology, but also can effectively pro-mote the informatization construction in our country. And this research has important theoretical significance and practical value.
This paper focuses on the key techniques of storage security for cloud disaster recovery, such as data confidentiality, data integrity and data avalibility. This research puts forward a kind of unified massive cloud disaster service managed by safety storage architecture and storage secu-rity techniques based on data splitting. The main contributions of this pa-per are summarized as follows:
Firstly, this paper puts forward ESSA, a highly efficient data scram-bling and split method in three-dimensional space for processing mass backup files, which can keep the privacy of information contained in backup data and prevent being leaked to the attacker and the cloud sys-tem manager. ESSA scrambles data in three-dimensional and uses the complexity of data structure recovery to ensure the confidential of split data. Analysis results show that ESSA not only has large-scale "restore space" which is not less than key space of encrypt scheme,also provides semantic security by the differences of scrambling rules which is better than threshold schemes. Unlike the traditional data confidentiality protec-tion scheme, ESSA supports a fine grit data de-duplication process, which makes up for the data de-duplication efficiency influence of traditional data confidentiality to a certain extent.
Secondly, this paper puts forward a kind of integrity check method based on data split and a series of data integrity verification protocol through the various stages of disaster-backup files'life cycle. This paper uses the coordinate property for each data pieces to propose a generation plan of integrity checking information, which will not only ensure the in-tegrity check of the piece, but also hide coordinate propert in it for user confirmation every time when he visits the data. According to the defini-tion of data integrity checking and the characteristics of integrity check information proposed, three kinds of data integrity verification protocol are designed respectively for the data backup, storage and restore pro-cesss to protect the integrity of cloud disaster recovery service. Cloud disaster recovery system which uses this scheme can provide data integr-ity service and prove its credibility for users. It also can effectively pre-vent malicious users's blackmail behavior.
Thirdly, this paper puts forward ECESSA, a kind of data availability technique in both user level and storage system level for cloud disaster recovery, which can make sure the restorability of disaster-recovery data in third party services. At the user level, ECESSA proposes a parity check code for each column and row of every plane in three-dimensional struc-ture based on the research of RAID, so that random fault can be recov-ered unless a special situation happens. Experimental results show that fault-tolerance rate and extra storage space rate will change as the para-meter changes, and tests out the balance of these rates for users'choice. At the cloud disaster recovery service level, ECESSA proposes a data re-dundance and location scheme for mass storage nodes according to the caracteristic of user level scheme, which can make improvement of data redundancy and prevents leak of the data by malicious redundancy node.
Fourthly, this paper presents a cloud disaster-recovery service system architecture based on the research of data split scheme. Whether using Software as a Service, Platform as a Service or Infrastructure as a Service, the service user can use this architecture to protect the safty of backup files. Unlike the traditional cloud security model, this architecture pro-vides third party disaster recovery service based on data split scheme and the key tecniqu of data secure storage for split data, which can satisfy the data security needs of building mass data disaster-recovery service on third party cloud.
引文
[1]杨挺.中国数据中心市场2008-2012年预测与分析IDC report.2008.
[2]重要信息系统灾难恢复指南.国务院信息化工作办公室.2005年4月.
[3]信息安全技术——信息系统灾难恢复规范.中国国家标准化管理委员会.GB/T20988——2007.
[4]F. Gens. IDC on 'the Cloud':Get ready for expanded research. Sept.23,2008.
[5]Forrester Research Inc. Enterprise and SMB Hardware Survey, North America and Europe, Forrester Research report, Q3 2007.
[6]Clavister. Security in the cloud, Clavister White Paper,21 October,2009.
[7]Jonathan Edwards. Cloud Computing Steals the Show at Software.2008. Yankee Group Research.2008.
[8]S. Subashini and V. Kavithaa. A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 34(1), January 2011:1-11.
[9]Jay J. Wylie, Garth R. Goodson, Gregory R. Ganger, et.al. A protocol family ap-proach to survivable storage infrastructures. In 2nd Bertinoro Workshop on Fu-ture Directions in Distributed Computing,2004:23-25.
[10]Jay J. Wylie, Michael Bigrigg, John Strunk, et.al. Survivable information storage systems. IEEE Computer.33 (8),2000:61-68.
[11]Blaze Matt. A cryptographic file system for UNIX. In First ACM Conference on Communications and Computing Security, Fairfax, VA,1999:33-43.
[12]Ermelindo Mauriello. Transparent cryptographic file system. Linux Journal,40, 1997:3-es.
[13]Kevin Fu, M. Frans Kaashoek, David Mazieres. Fast and secure distributed read-only file system. In Proceedings of the 4th Symposium on Operating Sys-tems Design and Implementation (OSDI), San Diego, CA,2000:181-196.
[14]Charles Wright, Michael Martino and Erez Zadok. NCryptfs:A secure and con-venient cryptographic file system. In Proceedings of the USENIX Annual Tech-nical Conference. San Antonio,2003:197-210.
[15]Long Qin, Zeng Fengping, Wu Silian, et.al. HermitFS:A secure storage system in the open environment. Wuhan University Journal of Natural Sciences.10(1), 2005:6-30.
[16]David Patterosn, Garth Gibosn and Randy Kazt. A case of redundant array of in-expensive disks (RAID). In the International Conference on Management of Data (SIGMOD).1988:109-116.
[17]Xu Lihao and Bruck Jehoshua. X-Code:MDS array codes with optimal encoding, IEEE Transactions on Information Theory.45(1),1999:272-276.
[18]S. Bayolr, P. Corbett, C.Pakr. Efficient method for providing fault tolerance against double device failures in multiple device systems. U.S.Patent,5,862,158. January 1999.
[19]Zaitsev V., Zinovev A. and Semakov N. V. Minimum-check-density codes for correcting bytes of errors. Information Theory and Coding Theory.19(3), 1983:29-37.
[20]Blaum Mario, Brady Jim, Bruck Jehoshua et.al. EVENODD:An efficient scheme for tolerating double disk failures in raid architectures, IEEE Transactions on Computing.44(2),1995:192-202.
[21]Corbett Peter, English Bob, Goel Atul et.al. Row diagonal parity for double disk failure. In Proceedings of the Third USENIX Conference on File and Storage Technologies. San Francisco, CA 2004:1-14.
[22]Jeff R. Hartline. RSXO:An efficient high distance parity-based code with optimal update comlexity. Researeh Report RJ10322 (A0408-005), IBM Research Divi-sion, August,2004.
[23]Hafner Lee James. Hover erasure codes for disk arrays. Research Report RJ10352 (A0507-013), IBM Research Division. July,2005.
[24]Hafner L. James, WEAVER Codes:Highly fault tolerant erasure codes for sto-rage systems. In 4th Usenix Conference on File and Storage Technologies, De-cember,2005.
[25]王新梅,肖国镇.纠错码—原理与方法.西安电子科技大学出版社.2010:546.
[26]McAulye J. Anthony. Reliable broadband communications using a burst erasure correcting code. InProc. ACM SIGCOMM 90,1990:287-306.
[27]Rabin MO. Efficient dispersal of information for security, load balancing, and fault tolerance. Journal of the ACM.1989,36(2):335-348.
[28]Luigi Rizzo and Lorenzo Vicisano. A reliable multicast data distribution protocol based on software fee techniques. High-Performance Communication Systems. 1997:1-10.
[29]Luigi Rizzo. On the feasibility of software FEC. Internal Report University of Pisa,1997.
[30]Plank James. A tutorial on reed-solomon coding for fault-tolerance in RAID-like systems. Software Pract. Exper.27(9),1997:995-1012.
[31]Robert Gallager. Low-density parity-check codes. MIT Press. Cambridge, MA, 1963.
[32]Byers John, Luby Michael and Mitzenmacher Michael. Accessing multiple mirror sites in parallel:using tornadl codes to speed up downloads. In IEEE INFOCOM, 1999:275-283.
[33]Daniel Spielman. Linear-time encodable and decodable error-correcting codes. IEEE Trans Inf. Theory,42(6),1996:1723-1731.
[34]Lu Feng, Heng Chuan and Cai Jianfei. LT codes decoding:design and analysis. In IEEE International Symposium on Information Theory.2009:2492.
[35]Shokrollahi A. Raptor codes. Technical Report DR2003-06-001. Digital Fountain, 2003
[36]Shamir Adi. How to share a secret. Communications of the ACM,2(11),1979, 612-613.
[37]Blakley G R. Safeguarding cryptographic keys. In Proceedings of National Computer Conference. Montvale, NJ:AFIPS Press,1979:313-317.
[38]Karnin Ehud, Greene Jonathan and Hellman Martin. On Secret Sharing Systems, IEEE Transactions on Information.1(29),1983:35-41.
[39]Kamer Kaya, Ali Aydin Selcuka. Threshold cryptography based on As-muth-Bloom secret sharing. Information Sciences.177(19),2007:4148-4160.
[40]Kamin D. Ehud, Green W. Jonathan and Hellman E. Martin. On sharing secret systems. IEEE Transactions on Information Theory. IEEE Press.29(1), 1983:35-41.
[41]Mitsuru Ito, Akira Saito Nonmember and Takao Nishizeki Member. Secret shar-ing scheme realizing general access structure. In:Proc IEEE Global Telecommu-nications Conf, Globecom 87.1987.99-102.
[42]Benaloh Josh, Leichter Jerry. Generalized secret sharing and monotone functions. Lecture Notes in Computer Science,403. Berlin, New York:Springer-Verlag, 1990.27-35.
[43]庞辽军,李慧贤,王育民.可验证的门限秘密共享方案及其安全性.华南理 工大学学报(自然科学版),35(1),2007:102-105.
[44]Goldreich Oded, Micali Silvio, Wigderson Avi. How to play any menal game. Proceeding of the Nineteenth annual ACM Symp. Theory of Computing, ACM Press.1987:218-229.
[45]Paul Feldman. A practical scheme for non-interactive verifiable secretsharing, in Proceedings of 28 IEEE symposium on Foundations of Computer Science, IEEE Press.1987:427-437.
[46]Torben Pryds Pedersen. Non-interactive information-theoretic verifiable secret sharing. In C RYPTO191.1991:129-139.
[47]Stadler. Public verifiable secret sharing. In Advances in Cryptology EURO-CRYPT'96. Spring-Verlag, Berlin:EUROCRYPT,1996:190-199.
[48]Hertenberg Amir, Jarecki Stanislaw, Krawczyk Hugo. Proactive secret sharing or: How to cope with perpetual leakage. In Proc CRYFID1995. Spring Vedag, 1995:339-352.
[49]许春香,肖国镇.门限多重秘密共享方案.电子学报,32(10),2004:1688-1689.
[50]甘元驹,谢仕义,付东洋等.防欺诈的动态(t,n)门限多秘密共享方案.四川大学学报(工程科学版),38(6),2006:131-134.
[51]黄东平,王华勇,黄连生等.动态门限秘密共享方案.清华大学学报(自然科学版),46(1),2006:102-105.
[52]Ingemarsson I., Simmons G.J. A protocol to set up shared secret schemes without the assistance of a mutually trusted party. In Proceedings of Advances in Cryp-tology, EUROCRYPT90, Springer-Verlag,1991:266-282.
[53]Beutelspacher A. How to say'No'. In Proceedings of Advances in Cryptology, EUROCRYPT'89 Proceedings, Springer-Verlag,1990:491-496.
[54]Naor Moni, Shamir Adi. Visual cryptography, In Proceedings of Advances in Cryptology, EUROCRYPT'94, Springer-Verlag,1995:1-12.
[55]Leslie Lamport, Robert Shostak and Marshall Pease. The byzantine general's problem, ACM Trans. Programming Languages and Systems.4(3), 1982:382-401.
[56]Robert Thomas. A majority consensus approach to concurrency control for mul-tiple copy databases. ACM Trans. Database Syst.4(2),1979:180-209.
[57]David K. Gifford. Weighted voting for replicated data. In Proceedings of the 7th ACM symposium on Operating systems principles, ACM Press 1979:150-162.
[58]Hector Garcia-Molina and Daniel Barbara. How to assign votes in a distributed system. ACM.32(4),1985:841-860.
[59]Dahlia Malkhi and Michael Reiter. Byzantine quorum systems. Distributed Computing,11(4),1998:203-213.
[60]Malkhi Dahlia, Reiter Michael. Secure and scalable replication in Phalanx. In Singhal M, ed. Proc. the 17th IEEE Symp. On Reliable Distributed Systems. IEEE Computer Society,1998:51-60.
[61]荆继武,王晶,林璟锵等.基于门限签名方案的BQS系统的服务器协议.软件学报.21(10),2010:2631-2641.
[62]Martin Jean Philippe, Alvisi Lorenzo and Dahlin Micheal. Small byzantine Quo-rum systems. In Proceedings of the International Conference on Dependable Sys-tems and Networks, New York.2002:374-383.
[63]张薇.信息存储系统可生存性理论与关键技术研究[学位论文],西安电子科技大学,2008.
[64]Frolund Svend, Arif Merchant, Yasushi Saito et.al. A decentralized algorithm for erasure-coded virtual disks. Technical Report HPL-2004-46, HP Labs,2004.
[65]Cooley A. Joseph, Mineweaser L. Jeremy, Servi D. Leslie. Software-based era-sure codes for scalable distributed storage. In Proceedings of 20th IEEE/11th NASA Goddard Conference on Mass Storage Systems and Technologies. IEEE Press.2003:157.
[66]Goodson R. Garth, Wylie J. Jay, Ganger R. Gregory, et.al. Efficient Byzan-tine-tolerant erasure coded storage. In 2004 International Conference on De-pendable Systems and Networks. IEEE Press 2004:135.
[67]Zhang Zeng, Lian Qiao. Reperasure:replication protocol using erasure-code in peer-to-peer storage network. In Proceedings of 21st IEEE Symposium on Relia-ble Distributed Systems.2002:330.
[68]Arun Subbiah and Douglas M. Blough. An approach for fault tolerant and secure data storage in collaborative work environments. In Proceedings of the 2005 ACM workshop on Storage security and survivability Fairfax, VA,2005:84-93.
[69]Lei Kong, Deepak J. Manohar, Arun Subbiah et.al. Agile Store:Experience with quorum-based data replication techniques for adaptive Byzantine fault tolerance. In Proceedings of the International Symposium on Reliable Distributed Systems (SRDS), IEEE Press,2005:143.
[70]Simmonds William, Hawkins Tim. The modelling and analysis of OceanStore elements using the CSP dependability library. In Proceedings of the 05th Interna- tional Symposium on Trustworthy Global Computing,2005:230-247.
[71]John Kubiatowicz, David Bindel, Yan Chen et.al. OceanStore:An extremely wide-area storage system. In Berkeley Technical Report UCB//CSD-00-1102, March 1999.
[72]John Kubiatowicz, David Bindel, Yan Chen, et.al. OceanStore:An architecture for global-scale persistent storage. In Proceedings of the Ninth international Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2000),2000:1-12.
[73]Sean Rhea, Patrick Eaton and Dennis Geels et.al. Pond:the OceanStore prototype. In the Proceedings of the 2nd USENIX Conference on File and Storage Technol-ogies (FAST'03). San Francisco, CA,2003:1-14.
[74]Goodson R. Garth, Wylie J. Jay, Ganger R. Gregory et.al. Byzantine-tolerant Erasure-coded Storage. Carnegie Mellon University Technical Report CMU-CS-03-187,2003.
[75]James Hendricks, Ganger R. Gregory and Michael K. Reiter. Low-overhead By-zantine fault-tolerant storage. In the Proceedings of the Twenty-First ACM Sym-posium on Operating Systems Principles (SOSP 2007), Stevenson, WA, 2007:73-86.
[76]Greenan Kevin, Storer Mark, Miller L. Ethan et.al. POTSHARDS:Storing data for the long-term without encryption. In 2007 USENIX Annual Technical Confe-rence on Proceedings of the USENIX Annual Technical Conference. Santa Clara, USA:USENIX Association,2007:1-14.
[77]Storer Mark, Greenan Kevin, Miller L. Ethan et.al. POTSHARDS:A secure, re-coverable, long-term archival storage system. ACM Transactions on Storage (TOS).5(2),2009:1-35.
[78]Lei Kong, Deepak J. Manohar, Arun Subbiah et.al. Agile Store:Experience with quorum-based data replication techniques for adaptive Byzantine fault tolerance. In Proceedings of the International Symposium on Reliable Distributed Systems (SRDS), IEEE Press,2005:143.
[79]杨磊,黄浩,李仁发等.P2P存储系统拜占庭容错机制研究.计算机应用研究.26(1),2009:4-8,26.
[80]Ranjita Bhagwan Kiran, Kiran Tati, Cheng Yuchung, et.al. Total Recall:System Support for Automated Availability Management. In Proc. of the First ACM/Usenix Symposium on Networked Systems Design and Implementation (NSDI),2004:1-14.
[81]张大为,韩华,代亚非等ESStore:提高网络存储的可靠性机制. Tehcnical Repor (PKU_CS_NET_TR2004002).
[82]Tian Jing, Dai Yafei, and Li Xiaoming, SemanticPeer:An ontology-based P2P lookup service. Lecture Notes in Computer Science,2004:464-467.
[83]Tian, Jing, Yang Zhi, and Dai Yafei, SEC:a practical secure erasure coding scheme for Peer-to-Peer storage system. In the 14th Symposium on Storage Sys-tem and Technology,2006:1-14.
[84]Wang Qiongxiao, Jing Jiwu, and Lin Jingqiang. A secure storage system combin-ing secret sharing schemes and byzantine Quorum mechanisms. In the 10th IEEE International Conference on Computer and Information Technology (CIT 2010). IEEE Press 2010:596-603.
[85]刘钢,周敬利,秦磊华等.纠错码拜占庭容错Quorum中错误检测机制.计算机科学.34(5),2007:75-78.
[86]李斗,殷悦,罗燕等译(美Robert J. McEliece著).信息论与编码理论(第二版).北京:电子工业出版社,2004.
[87]Cloud Security Alliance. https://cloudsecurityalliance.org/csaguide.pdf.
[88]National Institute of Standards and Technology, http://www.nist.gov/itl/cloud/index.cfm.
[89]Jericho Forum, https://collaboration.opengroup.org/jericho/cloud_cube_model_v1.0.pdf.
[90]Cloud Security Alliance. Security Guidance for Critical Areas of Focus in Cloud Computing, Third Edition,2011.
[91]Chen Hongsong, Fu Zhongchuan. Research for Current Cloud Computing and Cloud Security Technology. In 2010 2nd International Conference on Information Science and Engineering (ICISE). China,2010:4642-4645.
[92]Pearson,_http://www.pearsondatasolutions.com/cloud-based-solutions.
[93]Himanshu Raj, Ripal Nathuji, Abhishek Singh, et.al. Resource management for isolation enhanced cloud services. In:Proceedings of the 2009 ACM workshop on cloud computing security, Chicago, Illinois, USA,2009:77-84.
[94]Hayes Brain. Cloud Computing. Commun ACM 2008:9-11.
[95]Gadia Sailesh, CPA, CISA, CIPP. Cloud computing:an auditor's perspective. ISACA Journal,6,2009:1-es.
[96]Wang Cong, Wang Qian, Ren Kui et.al. Ensuring data storage security in cloud computing. In the 17th International Workshop on Quality of Service. Chicago, IL, USA.2009:1-9.
[97]Dimitrios Zissis and Dimitrios Lekkas. Addressing cloud computing security is-sues original research article. Future Generation Computer Systems, In Press, Corrected Proof, Available online.2010:11-15.
[98]Rui Zhang, Ling Liu. Security models and requirements for healthcare applica-tion clouds.2010 IEEE 3rd International Conference on Cloud Computing. GA, USA.2010:268-275.
[99]Nuno Santos, Krishna P. Gummadi and Rodrigo Rodrigues. Towards Trusted Cloud Computing. In Usenix 09 Hot Cloud Workshop, CA, USA.2009:1-5.
[100]Hwang Kai, Li Deyi. Trusted cloud computing with secure resources and data coloring. IEEE Press.14(5),2010:14-23
[101]Li Wenjuan, Ping Lingdi, Pan Xuezeng. Use trust management module to achieve effective security mechanisms in cloud environment. In The 2010 International Conference on Electronics and Information Engineering (ICEIE). Hangzhou, China.2010:1-14.
[102]Shen Zhidong, Tong Qiang. The security of cloud computing system enabled by trusted computing technology. In the 2010 2nd International Conference on Sig-nal Processing Systems (ICSPS). Wuhan, China.2010:2-11.
[103]Jiang Delei, Bai Sen and Dong Wenming. An image encryption algorithm based on knight's tour and slip encryption-filter. In the 2008 International Conference on Computer Science and Software Engineering.2008:251-255.
[104]肖金声.骑士巡游问题的解.中山大学学报(自然科学版),33(3),1994:15-17.
[105]柏森,曹长修,曹龙汉等.基于骑士巡游变换的数字图像细节隐藏技术.中国图像图形学报A辑,6(11),2001:1096-1100.
[106]林雪辉,蔡利栋.基于Hilbert曲线的数字图像置乱方法研究.中国体视学与图像分析,2004,9(4):224-227.
[107]Ding Wei, Yan Weiqi and Qi Dongxu. Digital image scrambling. Progress in Nat-ural Science,11(6),2001:454-460.
[108]Dai Kanfei, Huang Wenyong, Chen Zhenyong et.al. An MPEG-4 motion vector watermarking scheme based on scrambling using game of life. Acta Scientiarum Naturalium Universitatis Sunyatseni,43(s2),2004:192-195.
[109]孔涛,张亶. Arnold反变换的一种新算法.软件学报,15(10),2004:1558-1564.
[110]王冬梅,金一庆.双偶阶幻方变换数字图像的半周期.浙江大学学报(理学 版).32(03),2005:273-276.
[111]柏森,曹长修,柏林.基于仿射变换的数字图象置乱技术.计算机工程与应用,2002,10:74-78.
[112]易开祥,孙鑫,石教英.一种基于混沌序列的图像加密算法.计算机辅助设计与图形学学报,2000,12(9):672-676.
[113]柏森,曹长修.图像置乱程度研究.见全国第三届信息隐藏学术研讨会.2001:75-81.
[114]Martin Lobbing and Ingo Wegener. The number of knight's tours equals 33,439,123,484,249 counting with binary decision diagrams. Electronic Journal of Combinatorics.1996:1-14.
[115]Parberry Ian. An efficient algorithm for the knight's tour problem. Discrete Ap-plied Mathematics,73,1997:251-260.
[116]William Bolosky, Scott Corbin, David Goebel et.al. Single instance storage in windows 2000. In Proceedings of the 4th Usenix Windows System Symposium. Seattle, Washington, USA:USENIX Association. August 2000:13-24.
[117]Deepak Bobbarjung, Suresh Jagannathan, Cezary Dubnicki. Improving duplicate elimination in storage systems. ACM Transactions on Storage,2006,2(4), 424-448.
[118]Calicrates Policroniades, Ian Pratt. Alternatives for detecting redundancy in sto-rage systems data. In Proceedings of the USENIX Annual Technical Conference 2004 on USENIX Annual Technical Conference. Boston, MA:USENIX Associa-tion.2004:73-86.
[119]Andrei Broder. Identifying and filtering near-duplicate documents. In Proceed-ings of the 11th Annual Symposium on Combinatorial Pattern Matching. Mon-treal, Canada:Springer-Verlag New York, Inc.2000:1-10.
[120]Andrew Tridgell. Efficient Algorithms for Sorting and Synchronization [Disserta-tion], the Australian National University.2000.
[121]Douglis Fred, Iyengar Arun. Application-Specific delta encoding via resemblance detection. In Usenix Annual Technical Conference, San Antonio, Texas:USENIX Association.2003:113-126.
[122]Navendu Jain, Mike Dahlin and Renu Tewari. Taper:tiered approach for elimi-nating redundancy in replica synchronization. In Proceedings of the 4th Usenix Conference on File and Storage Technologies (FAST'05). San Francisco, CA: USENIX Association.2005:281-294.
[123]Manber U. Finding similar files in a large file system. In Proceedings of the USENIX Winter 1994 Technical Conference on USENIX Winter 1994 Technical Conference. San Francisco, California:USENIX Association.1994:1-10.
[2]重要信息系统灾难恢复指南.国务院信息化工作办公室.2005年4月.
[3]信息安全技术——信息系统灾难恢复规范.中国国家标准化管理委员会.GB/T20988——2007.
[4]F. Gens. IDC on 'the Cloud':Get ready for expanded research. Sept.23,2008.
[5]Forrester Research Inc. Enterprise and SMB Hardware Survey, North America and Europe, Forrester Research report, Q3 2007.
[6]Clavister. Security in the cloud, Clavister White Paper,21 October,2009.
[7]Jonathan Edwards. Cloud Computing Steals the Show at Software.2008. Yankee Group Research.2008.
[8]S. Subashini and V. Kavithaa. A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 34(1), January 2011:1-11.
[9]Jay J. Wylie, Garth R. Goodson, Gregory R. Ganger, et.al. A protocol family ap-proach to survivable storage infrastructures. In 2nd Bertinoro Workshop on Fu-ture Directions in Distributed Computing,2004:23-25.
[10]Jay J. Wylie, Michael Bigrigg, John Strunk, et.al. Survivable information storage systems. IEEE Computer.33 (8),2000:61-68.
[11]Blaze Matt. A cryptographic file system for UNIX. In First ACM Conference on Communications and Computing Security, Fairfax, VA,1999:33-43.
[12]Ermelindo Mauriello. Transparent cryptographic file system. Linux Journal,40, 1997:3-es.
[13]Kevin Fu, M. Frans Kaashoek, David Mazieres. Fast and secure distributed read-only file system. In Proceedings of the 4th Symposium on Operating Sys-tems Design and Implementation (OSDI), San Diego, CA,2000:181-196.
[14]Charles Wright, Michael Martino and Erez Zadok. NCryptfs:A secure and con-venient cryptographic file system. In Proceedings of the USENIX Annual Tech-nical Conference. San Antonio,2003:197-210.
[15]Long Qin, Zeng Fengping, Wu Silian, et.al. HermitFS:A secure storage system in the open environment. Wuhan University Journal of Natural Sciences.10(1), 2005:6-30.
[16]David Patterosn, Garth Gibosn and Randy Kazt. A case of redundant array of in-expensive disks (RAID). In the International Conference on Management of Data (SIGMOD).1988:109-116.
[17]Xu Lihao and Bruck Jehoshua. X-Code:MDS array codes with optimal encoding, IEEE Transactions on Information Theory.45(1),1999:272-276.
[18]S. Bayolr, P. Corbett, C.Pakr. Efficient method for providing fault tolerance against double device failures in multiple device systems. U.S.Patent,5,862,158. January 1999.
[19]Zaitsev V., Zinovev A. and Semakov N. V. Minimum-check-density codes for correcting bytes of errors. Information Theory and Coding Theory.19(3), 1983:29-37.
[20]Blaum Mario, Brady Jim, Bruck Jehoshua et.al. EVENODD:An efficient scheme for tolerating double disk failures in raid architectures, IEEE Transactions on Computing.44(2),1995:192-202.
[21]Corbett Peter, English Bob, Goel Atul et.al. Row diagonal parity for double disk failure. In Proceedings of the Third USENIX Conference on File and Storage Technologies. San Francisco, CA 2004:1-14.
[22]Jeff R. Hartline. RSXO:An efficient high distance parity-based code with optimal update comlexity. Researeh Report RJ10322 (A0408-005), IBM Research Divi-sion, August,2004.
[23]Hafner Lee James. Hover erasure codes for disk arrays. Research Report RJ10352 (A0507-013), IBM Research Division. July,2005.
[24]Hafner L. James, WEAVER Codes:Highly fault tolerant erasure codes for sto-rage systems. In 4th Usenix Conference on File and Storage Technologies, De-cember,2005.
[25]王新梅,肖国镇.纠错码—原理与方法.西安电子科技大学出版社.2010:546.
[26]McAulye J. Anthony. Reliable broadband communications using a burst erasure correcting code. InProc. ACM SIGCOMM 90,1990:287-306.
[27]Rabin MO. Efficient dispersal of information for security, load balancing, and fault tolerance. Journal of the ACM.1989,36(2):335-348.
[28]Luigi Rizzo and Lorenzo Vicisano. A reliable multicast data distribution protocol based on software fee techniques. High-Performance Communication Systems. 1997:1-10.
[29]Luigi Rizzo. On the feasibility of software FEC. Internal Report University of Pisa,1997.
[30]Plank James. A tutorial on reed-solomon coding for fault-tolerance in RAID-like systems. Software Pract. Exper.27(9),1997:995-1012.
[31]Robert Gallager. Low-density parity-check codes. MIT Press. Cambridge, MA, 1963.
[32]Byers John, Luby Michael and Mitzenmacher Michael. Accessing multiple mirror sites in parallel:using tornadl codes to speed up downloads. In IEEE INFOCOM, 1999:275-283.
[33]Daniel Spielman. Linear-time encodable and decodable error-correcting codes. IEEE Trans Inf. Theory,42(6),1996:1723-1731.
[34]Lu Feng, Heng Chuan and Cai Jianfei. LT codes decoding:design and analysis. In IEEE International Symposium on Information Theory.2009:2492.
[35]Shokrollahi A. Raptor codes. Technical Report DR2003-06-001. Digital Fountain, 2003
[36]Shamir Adi. How to share a secret. Communications of the ACM,2(11),1979, 612-613.
[37]Blakley G R. Safeguarding cryptographic keys. In Proceedings of National Computer Conference. Montvale, NJ:AFIPS Press,1979:313-317.
[38]Karnin Ehud, Greene Jonathan and Hellman Martin. On Secret Sharing Systems, IEEE Transactions on Information.1(29),1983:35-41.
[39]Kamer Kaya, Ali Aydin Selcuka. Threshold cryptography based on As-muth-Bloom secret sharing. Information Sciences.177(19),2007:4148-4160.
[40]Kamin D. Ehud, Green W. Jonathan and Hellman E. Martin. On sharing secret systems. IEEE Transactions on Information Theory. IEEE Press.29(1), 1983:35-41.
[41]Mitsuru Ito, Akira Saito Nonmember and Takao Nishizeki Member. Secret shar-ing scheme realizing general access structure. In:Proc IEEE Global Telecommu-nications Conf, Globecom 87.1987.99-102.
[42]Benaloh Josh, Leichter Jerry. Generalized secret sharing and monotone functions. Lecture Notes in Computer Science,403. Berlin, New York:Springer-Verlag, 1990.27-35.
[43]庞辽军,李慧贤,王育民.可验证的门限秘密共享方案及其安全性.华南理 工大学学报(自然科学版),35(1),2007:102-105.
[44]Goldreich Oded, Micali Silvio, Wigderson Avi. How to play any menal game. Proceeding of the Nineteenth annual ACM Symp. Theory of Computing, ACM Press.1987:218-229.
[45]Paul Feldman. A practical scheme for non-interactive verifiable secretsharing, in Proceedings of 28 IEEE symposium on Foundations of Computer Science, IEEE Press.1987:427-437.
[46]Torben Pryds Pedersen. Non-interactive information-theoretic verifiable secret sharing. In C RYPTO191.1991:129-139.
[47]Stadler. Public verifiable secret sharing. In Advances in Cryptology EURO-CRYPT'96. Spring-Verlag, Berlin:EUROCRYPT,1996:190-199.
[48]Hertenberg Amir, Jarecki Stanislaw, Krawczyk Hugo. Proactive secret sharing or: How to cope with perpetual leakage. In Proc CRYFID1995. Spring Vedag, 1995:339-352.
[49]许春香,肖国镇.门限多重秘密共享方案.电子学报,32(10),2004:1688-1689.
[50]甘元驹,谢仕义,付东洋等.防欺诈的动态(t,n)门限多秘密共享方案.四川大学学报(工程科学版),38(6),2006:131-134.
[51]黄东平,王华勇,黄连生等.动态门限秘密共享方案.清华大学学报(自然科学版),46(1),2006:102-105.
[52]Ingemarsson I., Simmons G.J. A protocol to set up shared secret schemes without the assistance of a mutually trusted party. In Proceedings of Advances in Cryp-tology, EUROCRYPT90, Springer-Verlag,1991:266-282.
[53]Beutelspacher A. How to say'No'. In Proceedings of Advances in Cryptology, EUROCRYPT'89 Proceedings, Springer-Verlag,1990:491-496.
[54]Naor Moni, Shamir Adi. Visual cryptography, In Proceedings of Advances in Cryptology, EUROCRYPT'94, Springer-Verlag,1995:1-12.
[55]Leslie Lamport, Robert Shostak and Marshall Pease. The byzantine general's problem, ACM Trans. Programming Languages and Systems.4(3), 1982:382-401.
[56]Robert Thomas. A majority consensus approach to concurrency control for mul-tiple copy databases. ACM Trans. Database Syst.4(2),1979:180-209.
[57]David K. Gifford. Weighted voting for replicated data. In Proceedings of the 7th ACM symposium on Operating systems principles, ACM Press 1979:150-162.
[58]Hector Garcia-Molina and Daniel Barbara. How to assign votes in a distributed system. ACM.32(4),1985:841-860.
[59]Dahlia Malkhi and Michael Reiter. Byzantine quorum systems. Distributed Computing,11(4),1998:203-213.
[60]Malkhi Dahlia, Reiter Michael. Secure and scalable replication in Phalanx. In Singhal M, ed. Proc. the 17th IEEE Symp. On Reliable Distributed Systems. IEEE Computer Society,1998:51-60.
[61]荆继武,王晶,林璟锵等.基于门限签名方案的BQS系统的服务器协议.软件学报.21(10),2010:2631-2641.
[62]Martin Jean Philippe, Alvisi Lorenzo and Dahlin Micheal. Small byzantine Quo-rum systems. In Proceedings of the International Conference on Dependable Sys-tems and Networks, New York.2002:374-383.
[63]张薇.信息存储系统可生存性理论与关键技术研究[学位论文],西安电子科技大学,2008.
[64]Frolund Svend, Arif Merchant, Yasushi Saito et.al. A decentralized algorithm for erasure-coded virtual disks. Technical Report HPL-2004-46, HP Labs,2004.
[65]Cooley A. Joseph, Mineweaser L. Jeremy, Servi D. Leslie. Software-based era-sure codes for scalable distributed storage. In Proceedings of 20th IEEE/11th NASA Goddard Conference on Mass Storage Systems and Technologies. IEEE Press.2003:157.
[66]Goodson R. Garth, Wylie J. Jay, Ganger R. Gregory, et.al. Efficient Byzan-tine-tolerant erasure coded storage. In 2004 International Conference on De-pendable Systems and Networks. IEEE Press 2004:135.
[67]Zhang Zeng, Lian Qiao. Reperasure:replication protocol using erasure-code in peer-to-peer storage network. In Proceedings of 21st IEEE Symposium on Relia-ble Distributed Systems.2002:330.
[68]Arun Subbiah and Douglas M. Blough. An approach for fault tolerant and secure data storage in collaborative work environments. In Proceedings of the 2005 ACM workshop on Storage security and survivability Fairfax, VA,2005:84-93.
[69]Lei Kong, Deepak J. Manohar, Arun Subbiah et.al. Agile Store:Experience with quorum-based data replication techniques for adaptive Byzantine fault tolerance. In Proceedings of the International Symposium on Reliable Distributed Systems (SRDS), IEEE Press,2005:143.
[70]Simmonds William, Hawkins Tim. The modelling and analysis of OceanStore elements using the CSP dependability library. In Proceedings of the 05th Interna- tional Symposium on Trustworthy Global Computing,2005:230-247.
[71]John Kubiatowicz, David Bindel, Yan Chen et.al. OceanStore:An extremely wide-area storage system. In Berkeley Technical Report UCB//CSD-00-1102, March 1999.
[72]John Kubiatowicz, David Bindel, Yan Chen, et.al. OceanStore:An architecture for global-scale persistent storage. In Proceedings of the Ninth international Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2000),2000:1-12.
[73]Sean Rhea, Patrick Eaton and Dennis Geels et.al. Pond:the OceanStore prototype. In the Proceedings of the 2nd USENIX Conference on File and Storage Technol-ogies (FAST'03). San Francisco, CA,2003:1-14.
[74]Goodson R. Garth, Wylie J. Jay, Ganger R. Gregory et.al. Byzantine-tolerant Erasure-coded Storage. Carnegie Mellon University Technical Report CMU-CS-03-187,2003.
[75]James Hendricks, Ganger R. Gregory and Michael K. Reiter. Low-overhead By-zantine fault-tolerant storage. In the Proceedings of the Twenty-First ACM Sym-posium on Operating Systems Principles (SOSP 2007), Stevenson, WA, 2007:73-86.
[76]Greenan Kevin, Storer Mark, Miller L. Ethan et.al. POTSHARDS:Storing data for the long-term without encryption. In 2007 USENIX Annual Technical Confe-rence on Proceedings of the USENIX Annual Technical Conference. Santa Clara, USA:USENIX Association,2007:1-14.
[77]Storer Mark, Greenan Kevin, Miller L. Ethan et.al. POTSHARDS:A secure, re-coverable, long-term archival storage system. ACM Transactions on Storage (TOS).5(2),2009:1-35.
[78]Lei Kong, Deepak J. Manohar, Arun Subbiah et.al. Agile Store:Experience with quorum-based data replication techniques for adaptive Byzantine fault tolerance. In Proceedings of the International Symposium on Reliable Distributed Systems (SRDS), IEEE Press,2005:143.
[79]杨磊,黄浩,李仁发等.P2P存储系统拜占庭容错机制研究.计算机应用研究.26(1),2009:4-8,26.
[80]Ranjita Bhagwan Kiran, Kiran Tati, Cheng Yuchung, et.al. Total Recall:System Support for Automated Availability Management. In Proc. of the First ACM/Usenix Symposium on Networked Systems Design and Implementation (NSDI),2004:1-14.
[81]张大为,韩华,代亚非等ESStore:提高网络存储的可靠性机制. Tehcnical Repor (PKU_CS_NET_TR2004002).
[82]Tian Jing, Dai Yafei, and Li Xiaoming, SemanticPeer:An ontology-based P2P lookup service. Lecture Notes in Computer Science,2004:464-467.
[83]Tian, Jing, Yang Zhi, and Dai Yafei, SEC:a practical secure erasure coding scheme for Peer-to-Peer storage system. In the 14th Symposium on Storage Sys-tem and Technology,2006:1-14.
[84]Wang Qiongxiao, Jing Jiwu, and Lin Jingqiang. A secure storage system combin-ing secret sharing schemes and byzantine Quorum mechanisms. In the 10th IEEE International Conference on Computer and Information Technology (CIT 2010). IEEE Press 2010:596-603.
[85]刘钢,周敬利,秦磊华等.纠错码拜占庭容错Quorum中错误检测机制.计算机科学.34(5),2007:75-78.
[86]李斗,殷悦,罗燕等译(美Robert J. McEliece著).信息论与编码理论(第二版).北京:电子工业出版社,2004.
[87]Cloud Security Alliance. https://cloudsecurityalliance.org/csaguide.pdf.
[88]National Institute of Standards and Technology, http://www.nist.gov/itl/cloud/index.cfm.
[89]Jericho Forum, https://collaboration.opengroup.org/jericho/cloud_cube_model_v1.0.pdf.
[90]Cloud Security Alliance. Security Guidance for Critical Areas of Focus in Cloud Computing, Third Edition,2011.
[91]Chen Hongsong, Fu Zhongchuan. Research for Current Cloud Computing and Cloud Security Technology. In 2010 2nd International Conference on Information Science and Engineering (ICISE). China,2010:4642-4645.
[92]Pearson,_http://www.pearsondatasolutions.com/cloud-based-solutions.
[93]Himanshu Raj, Ripal Nathuji, Abhishek Singh, et.al. Resource management for isolation enhanced cloud services. In:Proceedings of the 2009 ACM workshop on cloud computing security, Chicago, Illinois, USA,2009:77-84.
[94]Hayes Brain. Cloud Computing. Commun ACM 2008:9-11.
[95]Gadia Sailesh, CPA, CISA, CIPP. Cloud computing:an auditor's perspective. ISACA Journal,6,2009:1-es.
[96]Wang Cong, Wang Qian, Ren Kui et.al. Ensuring data storage security in cloud computing. In the 17th International Workshop on Quality of Service. Chicago, IL, USA.2009:1-9.
[97]Dimitrios Zissis and Dimitrios Lekkas. Addressing cloud computing security is-sues original research article. Future Generation Computer Systems, In Press, Corrected Proof, Available online.2010:11-15.
[98]Rui Zhang, Ling Liu. Security models and requirements for healthcare applica-tion clouds.2010 IEEE 3rd International Conference on Cloud Computing. GA, USA.2010:268-275.
[99]Nuno Santos, Krishna P. Gummadi and Rodrigo Rodrigues. Towards Trusted Cloud Computing. In Usenix 09 Hot Cloud Workshop, CA, USA.2009:1-5.
[100]Hwang Kai, Li Deyi. Trusted cloud computing with secure resources and data coloring. IEEE Press.14(5),2010:14-23
[101]Li Wenjuan, Ping Lingdi, Pan Xuezeng. Use trust management module to achieve effective security mechanisms in cloud environment. In The 2010 International Conference on Electronics and Information Engineering (ICEIE). Hangzhou, China.2010:1-14.
[102]Shen Zhidong, Tong Qiang. The security of cloud computing system enabled by trusted computing technology. In the 2010 2nd International Conference on Sig-nal Processing Systems (ICSPS). Wuhan, China.2010:2-11.
[103]Jiang Delei, Bai Sen and Dong Wenming. An image encryption algorithm based on knight's tour and slip encryption-filter. In the 2008 International Conference on Computer Science and Software Engineering.2008:251-255.
[104]肖金声.骑士巡游问题的解.中山大学学报(自然科学版),33(3),1994:15-17.
[105]柏森,曹长修,曹龙汉等.基于骑士巡游变换的数字图像细节隐藏技术.中国图像图形学报A辑,6(11),2001:1096-1100.
[106]林雪辉,蔡利栋.基于Hilbert曲线的数字图像置乱方法研究.中国体视学与图像分析,2004,9(4):224-227.
[107]Ding Wei, Yan Weiqi and Qi Dongxu. Digital image scrambling. Progress in Nat-ural Science,11(6),2001:454-460.
[108]Dai Kanfei, Huang Wenyong, Chen Zhenyong et.al. An MPEG-4 motion vector watermarking scheme based on scrambling using game of life. Acta Scientiarum Naturalium Universitatis Sunyatseni,43(s2),2004:192-195.
[109]孔涛,张亶. Arnold反变换的一种新算法.软件学报,15(10),2004:1558-1564.
[110]王冬梅,金一庆.双偶阶幻方变换数字图像的半周期.浙江大学学报(理学 版).32(03),2005:273-276.
[111]柏森,曹长修,柏林.基于仿射变换的数字图象置乱技术.计算机工程与应用,2002,10:74-78.
[112]易开祥,孙鑫,石教英.一种基于混沌序列的图像加密算法.计算机辅助设计与图形学学报,2000,12(9):672-676.
[113]柏森,曹长修.图像置乱程度研究.见全国第三届信息隐藏学术研讨会.2001:75-81.
[114]Martin Lobbing and Ingo Wegener. The number of knight's tours equals 33,439,123,484,249 counting with binary decision diagrams. Electronic Journal of Combinatorics.1996:1-14.
[115]Parberry Ian. An efficient algorithm for the knight's tour problem. Discrete Ap-plied Mathematics,73,1997:251-260.
[116]William Bolosky, Scott Corbin, David Goebel et.al. Single instance storage in windows 2000. In Proceedings of the 4th Usenix Windows System Symposium. Seattle, Washington, USA:USENIX Association. August 2000:13-24.
[117]Deepak Bobbarjung, Suresh Jagannathan, Cezary Dubnicki. Improving duplicate elimination in storage systems. ACM Transactions on Storage,2006,2(4), 424-448.
[118]Calicrates Policroniades, Ian Pratt. Alternatives for detecting redundancy in sto-rage systems data. In Proceedings of the USENIX Annual Technical Conference 2004 on USENIX Annual Technical Conference. Boston, MA:USENIX Associa-tion.2004:73-86.
[119]Andrei Broder. Identifying and filtering near-duplicate documents. In Proceed-ings of the 11th Annual Symposium on Combinatorial Pattern Matching. Mon-treal, Canada:Springer-Verlag New York, Inc.2000:1-10.
[120]Andrew Tridgell. Efficient Algorithms for Sorting and Synchronization [Disserta-tion], the Australian National University.2000.
[121]Douglis Fred, Iyengar Arun. Application-Specific delta encoding via resemblance detection. In Usenix Annual Technical Conference, San Antonio, Texas:USENIX Association.2003:113-126.
[122]Navendu Jain, Mike Dahlin and Renu Tewari. Taper:tiered approach for elimi-nating redundancy in replica synchronization. In Proceedings of the 4th Usenix Conference on File and Storage Technologies (FAST'05). San Francisco, CA: USENIX Association.2005:281-294.
[123]Manber U. Finding similar files in a large file system. In Proceedings of the USENIX Winter 1994 Technical Conference on USENIX Winter 1994 Technical Conference. San Francisco, California:USENIX Association.1994:1-10.