云存储中基于隐式可信第三方的数据自保护

项目名称： 云存储中基于隐式可信第三方的数据自保护

项目编号： No.61202082

项目类型： 青年科学基金项目

立项/批准年度： 2013

项目学科： 计算机科学学科

项目作者： 肖达

作者单位： 北京邮电大学

项目金额： 25万元

中文摘要： 云存储作为云计算的一种重要形式，具有屏蔽底层管理复杂性，随时随地数据访问，按需资源部署和付费等众多优势。数据安全问题是阻碍云存储得到更广泛应用的重要原因。现有云存储中数据保护方法存在用户负担过大、缺少问责机制等局限，难以在实际系统中应用。本项目针对云存储访问模式和信任假设的特点，研究基于隐式可信第三方的数据自保护架构和方法，在半可信的云存储环境下保护用户数据的完整性和提供问责，同时最大限度减轻用户负担。具体内容包括：符合云存储访问模式特点的数据表示更新模型和自保护架构；基于自检查和自恢复的数据完整性保护，最小化用户在检查过程中参与度；基于自记录的双向问责机制，以不可抵赖的方式证明过失方的不当行为；基于部署在云服务器端的可信硬件的隐式可信第三方实现方法，提高其安全性、易部署性并降低交互开销。本项目旨在提出一种新的更加实用的数据保护方法，为提供具有安全保障的云存储服务奠定理论和技术基础。

中文关键词： 云存储；可信第三方；存储安全；完整性检查；可问责性

英文摘要： As an important form of cloud computing, cloud storage has many advantages such as masking the complexity of low-level management, accessing data anytime and anywhere, resource deployment and pay on demand. The issue of data security is a major reason hindering the further application of cloud storage. The existing data protection methods for cloud storage have the drawbacks of introducing heavy burden on users, lacking accountability mechanism, etc. It is difficult to use them in real systems. On account of the access pattern and trust assumption characteristics of cloud storage, research is conducted on the framework and methods of data self-protection based on implicit trusted third party, in order to protect the integrity of user data and provide accountability, meanwhile maximally relieving user burden. Research topics include: data representation and update model and the self-protection framework in accord with the access pattern characteristics of cloud storage; data integrity protection based on self-checking and self-recovery to minimize user participation in the checking process; mutual accountability mechanism based on self-logging to prove the misbehavior of the faulty party undeniably; the implementation method of the implicit trusted third party based on trusted hardware deployed on the cloud serve

英文关键词： cloud storage；trusted third party；storage security；integrity checking；accountability