跳到主要內容

臺灣博碩士論文加值系統

(44.200.140.218) 您好!臺灣時間:2024/07/18 04:08
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:李軒豪
研究生(外文):Syuan-HaoLi
論文名稱:具提升雲端運算系統效能之私密保護機制研發
論文名稱(外文):Development of An Effective Privacy Protection Scheme for Cloud Computing
指導教授:郭耀煌郭耀煌引用關係
指導教授(外文):Yau-Hwang Kuo
學位類別:碩士
校院名稱:國立成功大學
系所名稱:資訊工程學系碩博士班
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2010
畢業學年度:98
語文別:英文
論文頁數:67
中文關鍵詞:雲端運算安全需求安全量化金鑰管理安全保護組合
外文關鍵詞:Cloud Computingsecurity requirementsecurity quantificationkey managementsecurity composition
相關次數:
  • 被引用被引用:1
  • 點閱點閱:519
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:2
隨著科技的進步和商業成本考量,雲端運算成為新一代的運算型態,越來越多的雲端應用服務進入了人們的生活提供更為便利的服務,但是由於雲端的其中一個特性是將使用者的資料都集中儲存在同一個資料中心,這也就造成了新的資料安全問題─隱私保護。然而,在雲端服務提供者所提供的安全保護之中,資料的保密性卻不在其所提供的安全範圍內,這讓使用者在雲端上的資料很容易受到威脅。現在有許多加密演算法可以提供資料的保密性安全,可是執行這些加密演算法將會對系統的效能造成很大負擔。因此,如何提供資料安全並兼顧系統效能是一個重要的議題。
在本論文中,我們提出了一個具提升雲端系統效能的私密保護機制,以提供能滿足使用者安全需求並維持系統效能的保護方法。首先,先依據使用者需求的安全等級和所需的相關資訊來做安全分析。接著,做安全量化根據不同加密演算法要被破解和執行的時間來量化其安全性和效能負擔。最後,根據上述分析、量化的結果以及搭配金鑰管理和資料分割儲存的方式,我們將選擇出最適當的安全保護組合,以期望能在滿足使用者安全需求下提供最好的系統效能。
透過模擬的數據,我們將展示在不同的安全需求等級和雲端環境之中,利用本論文所提出之私密保護機制不僅能達到所需的安全需求,亦能維持系統的效能,並且與其他保護機制相較之下,可提升35~50%的系統效能。
With the development of technology and the consideration of business cost, Cloud Computing becomes the next generation of computing pattern. There are more and more cloud services into our daily life to provide more convenient services. However, one of its characteristic is that storing users’ data centralized in the same data center, and it also generates new issue of data security – Privacy. Nevertheless, the securities offered by cloud providers are not including the data confidentiality, which allows users’ material in the cloud is vulnerable to threats. Many existed encryption algorithms can be used to provide the confidentiality of data security, but perform these encryption algorithms causing huge overhead on system performance. Therefore, it is a difficult issue to protect data security and maintain system performance at the same time.
In the thesis, an Effective Privacy Protection Scheme is proposed to provide a protecting method for satisfying user-demand security and maintain system performance. At first, we analyze the security level users require and the related information. Next, the security and performance of encryption algorithms are quantified by their cracked and executing time. Then, by using the above result of analysis and quantification, key management, and data division, an appropriate security composition is derived to fulfill the user-demand security and offer the optimal system performance.
Finally, according to the simulation results, the derived security composition not only satisfies the different user-demand security but also maintains the cloud system performance in different cloud environment. The execution period of EPPS outperforms the other encryption algrithms by 35% to 50%.

List of Tables xi
List of Figures xii
Chapter 1 Introduction 1
1.1 MOTIVATION 3
1.2 ADVANTAGES OF THIS SCHEME 4
1.3 ORGANIZATION OF THIS THESIS 5
Chapter 2 Background 6
2.1 CLOUD COMPUTING ARCHITECTURAL FRAMEWORK 6
2.1.1 Essential Characteristics 7
2.1.2 Deployment Models 8
2.1.3 Service Models 9
2.1.4 Security Reference Model 10
2.2 CLOUD COMPUTING SYSTEM 12
2.2.1 Amazon Web Services 12
2.2.2 Eucalyptus 14
2.3 SECURITY ALGORITHM 17
2.4 SHAMIR’S SECRET SHARING 19
Chapter 3 Effective Privacy Protection Scheme 22
3.1 CLOUD DATA PROTECTION SYSTEM (CDPS) 23
3.1.1 Operation Overview 23
3.1.2 System Architecture 26
3.2 SECURITY REQUIREMENT AND ANALYSIS 27
3.2.1 Security Level 28
3.2.2 Key Update Frequency 30
3.3 SECURITY QUANTIFICATION 31
3.3.1 Security Metric 32
3.3.2 Security Margin 33
3.3.3 Calculating the Crack Year 34
3.4 KEY MANAGEMENT 37
3.4.1 NT Secret Sharing Scheme 38
3.4.2 Key Encrypt Key Composition Scheme 39
3.5 DATA DIVISION 39
3.6 DATA PROTECTION PROCEDURE OF CDPS 41
3.6.1 Preparation 42
3.6.2 Selection Scheme 44
3.6.3 Data Processing 46
Chapter 4 Simulation 48
4.1 SIMULATION ENVIRONMENT 48
4.2 SIMULATION RESULTS 50
4.2.1 General Case 50
4.2.2 Special Case 55
Chapter 5 Conclusion and Future Work 62
5.1. CONCLUSION 62
5.2. FUTURE WORK 62
References 64
[AMA-1] Amazon Web Services (AWS), Available: http://aws.amazon.com/.
[AMA-2] Amazon Elastic Compute Cloud (Amazon EC2),
Available: http://aws.amazon.com/ec2/.
[AMA-3] Amazon Simple Storage Service (Amazon S3),
Available: http://aws.amazon.com/s3/.
[AMA-4] Amazon Web Services: Overview of Security Processes,
Available:http://awsmedia.s3.amazonaws.com/pdf/AWS_Security_Whitepaper.pdf.
[BAR03] P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. “Xen and the art of virtualization, In Proceedings of the Symposium on Operating Systems Principles (SOSP), Oct. 2003.
[CLO09-1] Cloud Security Alliance, “Security Guidance for Critical Areas of Focus in Cloud Computing, April 2009
[CLO09-2] Cloud Security Alliance, “Security Guidance for Critical Areas of Focus in Cloud Computing V2.1, Dec. 2009
[CUN09] V. D. Cunsolo, S. Distefano, A. Puliafito, and M. Scarpa, “Achieving Information Security in Network Computing Systems, in Dependable, Autonomic and Secure Computing, 2009. DASC '09. Eighth IEEE International Conference on, 2009, pp. 71-77.
[ELM08]Diaa Salama Abdul. Elminaam, Hatem Mohamed Abdul Kader and Mohie Mohamed Hadhoud, “Performance Evaluation of Symmetric Encryption Algorithms, International Journal of Computer Science and Network Security, vol. 8, Dec. 2008
[HSI09] Chou-Ting Hsieh, “An Adaptive Cross-Layer Design Approach for Network Security Management, 2009
[ITA09] W. Itani, A. Kayssi, and A. Chehab, “Privacy as a Service: Privacy-Aware Data Storage and Processing in Cloud Computing Architectures, in Dependable, Autonomic and Secure Computing, 2009. DASC '09. Eighth IEEE International Conference on, 2009, pp. 711-716.
[JEN09] M. Jensen, J. Schwenk, N. Gruschka, and L. L. Iacono, “On Technical Security Issues in Cloud Computing, in Cloud Computing, 2009. CLOUD '09. IEEE International Conference on, 2009, pp. 109-116.
[JI09] H. Ji and A. Klein, “A Benchmark of Transparent Data Encryption for Migration of Web Applications in the Cloud, in Dependable, Autonomic and Secure Computing, 2009. DASC '09. Eighth IEEE International Conference on, 2009, pp. 735-740.
[LEN99]Arjen K. Lenstra and Eric R. Verheul, “Selecting Cryptographic Key Sizes, Journal of Cryptology, vol. 14, pp. 255-293, 1999
[MEL09] P. Mell and T. Grance, “Cloud computing definition, NIST, June 2009., Available:http://csrc.nist.gov/groups/SNS/cloud-computing/index.html
[NUR09] D. Nurmi, R. Wolski, C. Grzegorczyk, G. Obertelli, S. Soman, L. Youseff, and D. Zagorodnov, “The Eucalyptus Open-Source Cloud-Computing System, in Cluster Computing and the Grid, 2009. CCGRID '09. 9th IEEE/ACM International Symposium on, 2009, pp. 124-131.
[PEA09] S. Pearson, “Taking account of privacy when designing cloud computing services, in Software Engineering Challenges of Cloud Computing, 2009. CLOUD '09. ICSE Workshop on, 2009, pp. 44-52.
[PRA07] R. Prabhakar, S. Seung Woo, C. Patrick, S. H. K. Narayanan, and M. Kandemir, “Securing Disk-Resident Data through Application Level Encryption, in Security in Storage Workshop, 2007. SISW '07. Fourth International IEEE, 2007, pp. 46-57.
[SHA79] Adi Shamir, “How to share a secret, Communications of the ACM, v.22 n.11,p.612-613, Nov. 1979
連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top