云存储环境下生命周期可控的数据销毁模型

doi:10.11772/j.issn.1001-9081.2017.05.1335

计算机应用 ›› 2017, Vol. 37 ›› Issue (5): 1335-1340.DOI: 10.11772/j.issn.1001-9081.2017.05.1335

云存储环境下生命周期可控的数据销毁模型

曹景源¹, 李立新¹, 李全良², 丁永善¹

1. 信息工程大学, 郑州 450001;
2. 中国洛阳电子装备试验中心, 河南洛阳 471003

收稿日期:2016-10-08 修回日期:2016-12-06 出版日期:2017-05-10 发布日期:2017-05-16
通讯作者: 李立新
作者简介:曹景源(1991-),男,山东郓城人,硕士研究生,主要研究方向:信息安全、云计算;李立新(1967-),男,重庆人,研究员,博士,主要研究方向:网络计算、数据库、信息安全;李全良(1967-),男,山西运城人,高级工程师,主要研究方向:网络信息安全;丁永善(1992-),男,河南周口人,硕士研究生,主要研究方向:信息安全。
基金资助:
国家重点研发计划项目（2016YFB0501900）。

Data destruction model for cloud storage based on lifecycle control

CAO Jingyuan¹, LI Lixin¹, LI Quanliang², DING Yongshan¹

1. Information Engineering University, Zhengzhou Henan 450001, China;
2. Luoyang Electronic Equipment Examination Center of China, Luoyang Henan 471003, China

Received:2016-10-08 Revised:2016-12-06 Online:2017-05-10 Published:2017-05-16
Supported by:
This work is partially supported by the National Key Research Program of China (2016YFB0501900).

摘要/Abstract

摘要： 用户数据在云存储环境下缺乏有效的数据销毁机制，其数据安全性在生命周期内面临威胁，销毁时间受控，大大限制了云存储服务的发展。为此，提出一种云存储环境下生命周期可控的数据销毁模型。首先，通过函数变换处理明文生成密文和元数据，避免复杂的密钥管理；其次，为提高数据销毁的可控性，设计一种基于时间可控的自销毁数据对象，使得过期数据的任何非法访问都会触发数据重写程序对自销毁数据对象进行确定性删除，从而实现生命周期可控的数据销毁功能。分析及实验结果表明，该方案在保护数据安全的同时，能够有效地销毁数据，增强数据销毁的灵活性、可控性，且具有较低的性能开销。

关键词: 云存储, 数据销毁, 生命周期, 自销毁数据对象, 安全访问

Abstract: A data destruction model based on lifecycle control under cloud storage environment was proposed to solve the lack of effective data destruction mechanism for user data, and that data security was threatened and destruction time was controlled in the life cycle, which greatly limited the development of cloud services. The plain text was processed by functional transformation to generate the cipher text and metadata and avoid the complex key management. Secondly, in order to improve the controllability of data destruction, a self-destruction data objects based on controllable time was designed, which made any illegal access of expired objects to trigger the assured deletion by rewriting program, and realized the data destruction based on lifecycle control. The analysis and experimental results show that the scheme can enhance the flexibility and controllability of data destruction and reduce the performance cost, while protecting the data safely and effectively.

Key words: cloud storage, data destruction, data lifecycle, self-destruction data object, secure access

中图分类号:

TP309.2

曹景源, 李立新, 李全良, 丁永善. 云存储环境下生命周期可控的数据销毁模型[J]. 计算机应用, 2017, 37(5): 1335-1340.

CAO Jingyuan, LI Lixin, LI Quanliang, DING Yongshan. Data destruction model for cloud storage based on lifecycle control[J]. Journal of Computer Applications, 2017, 37(5): 1335-1340.

参考文献

[1] 熊金波, 李凤华, 王彦超,等. 基于密码学的云数据确定性删除研究进展[J]. 通信学报, 2016, 37(8):167-184.(XIONG J B, LI F H, WANG Y C, et al. Research progress on cloud data assured deletion based on cryptography[J].Journal on Communications, 2016, 37(8):167-184.)
[2] 冯登国,张敏,张妍,等.云计算安全研究[J].软件学报,2011,22(1):71-83.(FENG D G, ZHANG M, ZHANG Y, et al. Research on cloud computing security[J]. Journal of Software, 2011,22(1):71-83.)
[3] Cloud security alliance[EB/OL].[2016-06-20].http://www.cloudsecurityalliance.org.
[4] RIVEST R L. All-or-nothing encryption and the package transform[C]//Proceedings of the 4th International Workshop on Fast Software Encryption. London:Springer-Verlag, 1998:210-218.
[5] PERLMAN R. File system design with assured delete[C]//Proceedings of the 3rd IEEE International Security in Storage Workshop. Piscataway, NJ:IEEE,2005:83-88.
[6] PERLMAN R. The ephemerizer:making data disappear[J].Journal of Information Systems Security,2005,1(1):21-32.
[7] TANG Y, LEE P P C, LUI J C S, et al. Secure overlay cloud storage with access control and assured deletion[J]. IEEE Transactions on Dependable and Secure Computing, 2012,9(6):903-916.
[8] GEAMBASU R, KOHNO T, LEVY A A, et al. Vanish:increasing data privacy with self-destructing data[C]//Proceedings of the 18th Conference on USENIX Security Symposium. Berkeley, CA:USENIX Association, 2009:299-316.
[9] ZENG L F, SHI Z, XU S J, et al. SafeVanish:an improved data self-destruction for protecting data privacy[C]//Proceedings of the 2010 IEEE Second International Conference on Cloud Computing Technology and Science. Washington, DC:IEEE Computer Society, 2010:531-528.
[10] 王丽娜,任正伟,余荣威,等.一种适于云存储的数据确定性删除方法[J].电子学报,2012, 40(2):266-272.(WANG L N,REN Z W,YU R W, et al. A data assured deletion approach adapted for cloud storage[J]. Acta Electronica Sinica,2012,40(2):266-272.)
[11] 熊金波,姚志强,马津峰, 等.面向网络内容隐私的基于身份加密的安全自毁方案[J].计算机学报, 2014, 37(1):139-150.(XIONG J B, YAO Z Q, MA J F, et al. A secure self-destruction scheme with IBE for the internet content privacy[J]. Chinese Journal of Computers, 2014, 37(1):139-150.)
[12] 徐小龙,龚培培,章韵,等.一种基于移动Agent的云端(Cloud-P2P)数据复合销毁机制[J].计算机科学, 2015,42(10):138-146.(XU X L, GONG P P, ZHANG Y, et al. Mobile-Agent-based composite data destruction mechanism for cloud-P2P[J]. Computer Science,2015,42(10):138-146.)
[13] 张坤,杨超,马建峰,等.基于密文采样分片的云端数据确定性删除方法[J].通信学报, 2015,36(11):108-117.(ZHANG K,YANG C,MA J F, et al. Novel cloud data assured deletion approach based on ciphertext sample slice[J].Journal on Communications,2015,36(11):108-117.)
[14] PETERSON Z J, RANDAL B, JOE H. Secure deletion for a versioning file system[C]//Proceedings of the 4th USENIX Conference on File and Storage Technologies. Berkeley, CA:USENIX Association, 2005:143-154.
[15] 沈薇薇,熊金波,黄阳群, 等.基于生命周期控制的电子文件安全删除方案[J].小型微型计算机系统,2016,37(5):1091-1096.(SHEN W W, XIONG J B, HUANG Y Q, et al. Assured deletion scheme for electronic files based on life cycle control[J].Journal of Chinese Computer Systems,2016,37(5):1091-1096.)

云存储环境下生命周期可控的数据销毁模型

Data destruction model for cloud storage based on lifecycle control

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	李秀艳, 刘明曦, 史闻博, 董国芳. 面向资源受限用户的高效动态数据审计方案[J]. 计算机应用, 2021, 41(2): 422-432.
[2]	唐鑫, 周琳娜. 基于响应模糊化的抗附加块攻击云数据安全去重方法[J]. 计算机应用, 2020, 40(4): 1085-1090.
[3]	付伟, 顾晨阳, 高强. 基于属性加密的多用户共享ORAM方案[J]. 计算机应用, 2020, 40(2): 497-502.
[4]	王海勇, 彭垚, 郭凯璇. 云存储中基于代理重加密的CP-ABE访问控制方案[J]. 计算机应用, 2019, 39(9): 2611-2616.
[5]	柳玉东, 王绪安, 涂广升, 王涵. 全生命周期的云外包数据安全审计协议[J]. 计算机应用, 2019, 39(7): 1954-1958.
[6]	明洋, 何宝康. 支持属性撤销的可验证外包的多授权属性加密方案[J]. 计算机应用, 2019, 39(12): 3556-3562.
[7]	周坚, 金瑜, 何亨, 李鹏. 基于嵌套Merkle Hash tree区块链的云数据动态审计模型[J]. 计算机应用, 2019, 39(12): 3575-3583.
[8]	李静, 刘冬实. 主动容错云存储系统的可靠性评价模型[J]. 计算机应用, 2018, 38(9): 2631-2636.
[9]	陈博, 何连跃, 严巍巍, 徐照淼, 徐俊. 海量小文件系统的可移植操作系统接口兼容技术[J]. 计算机应用, 2018, 38(5): 1389-1392.
[10]	杨宏宇, 王玥. 云存储环境下的多关键字密文搜索方法[J]. 计算机应用, 2018, 38(2): 343-347.
[11]	王敏燊, 熊金波, 林倩, 王丽丽. 基于密钥分发和密文抽样的云数据确定性删除方案[J]. 计算机应用, 2018, 38(1): 194-200.
[12]	李强, 刘晓峰. 基于Hopfield神经网络的云存储负载均衡策略[J]. 计算机应用, 2017, 37(8): 2214-2217.
[13]	莫文杰, 郑霖. 优化网络生命周期和最短化路径的WSN移动sink路径规划算法[J]. 计算机应用, 2017, 37(8): 2150-2156.
[14]	高秋田, 杨文忠, 张振宇, 石研, 李双双. 移动传感网社区间能量均衡路由算法[J]. 计算机应用, 2017, 37(7): 1855-1860.
[15]	李昊宇, 张龙军, 李庆鹏. 基于B⁺树的动态数据持有性证明方案[J]. 计算机应用, 2017, 37(7): 1931-1935.