跳到主要內容

臺灣博碩士論文加值系統

(18.97.14.83) 您好!臺灣時間:2025/01/25 17:22
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:林永旺
研究生(外文):Lin, Yung-Wang
論文名稱:雲端資料隱私保護機制之研究
論文名稱(外文):The Study of Cloud Data Privacy Preserving Mechanisms
指導教授:陳永欽陳永欽引用關係林詠章林詠章引用關係
指導教授(外文):Chen, Yung-ChinLin, Yung-Jang
口試委員:魏清泉陳文淵梁瑛心黃明祥陳永欽曹世昌林詠章
口試委員(外文):Wei, hing-ChiuanChen, Wun-YuanLiang, Ying-ShinHuang, Ming-ShyangChen, Yung-ChinTsau, Shr-ChangLin, Yung-Jang
口試日期:2015-07-06
學位類別:博士
校院名稱:亞洲大學
系所名稱:資訊工程學系
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2015
畢業學年度:103
語文別:英文
論文頁數:72
中文關鍵詞:雲端運算雲端資料庫數據加密數據碎片資料遮罩存取控制
外文關鍵詞:Cloud ComputingCloud DatabaseData EncryptionData FragmentationData MaskingAccess Control
相關次數:
  • 被引用被引用:0
  • 點閱點閱:679
  • 評分評分:
  • 下載下載:74
  • 收藏至我的研究室書目清單書目收藏:0
隨著網際網路技術越來越純熟,網路頻寬與速度不斷的增長,雲端運算遂因應而生。雲端的發展提供了多樣化的儲存和共享的平台。這些雲資源使我們能迅速、方便地共享及儲存資料。各級機構及個人不需購買大量的資訊設備,便能從供應商處得到多功能的雲端服務。因此在面對人力逐年減少與資訊設備耗費甚鉅狀況下,運用雲端資源實為最佳選項。然而使用雲端系統對於機構或個人而言,則存在有無法避免的風險;資料儲存在雲平台上,如果雲端計算平台遭到入侵,攻擊者可能會通過平台的身份驗證機制,直接訪問主機平台獲得他人資料。這將會使雲環境的資料安全受到嚴重的考驗。
本研究將針對在雲環境中非法使用他人文件資料的議題, 尋求解決之道。我們針對如何確保資料安全提出了三個研究主題。其一是將存於雲端中的個人資料依據ISO標準及國內法的要求,建構個資盤點與管理系統,俾做有效的管理。其二是針對存放於雲端資料庫中的資料如何確保隱私提出解決的方法,我們討論目前常用的方法共分為兩類,即數據加密和數據碎片。在數據加密的方法,我們討論K-匿名的方法作為解決方案及其挑戰。在數據碎片的方法中,我們也引入集群的思維並討論其優缺點。據此本研究提出兩者混合運用近似較優的個資隱私保護方法。其三則針對屬機密文件部分提出一個基於資料遮罩的存取控制機制。利用使用者驗證資訊置換數位檔案位元資料,使數位檔案因位元資料不正確而無法被正確且完整的開啟。合法使用者利用正確的驗證資訊可還原數位檔案被破壞的部分。本研究主要目的在維護一個低風險、且高信賴度的雲端環境。

Due to the ever-updated technology of the Internet and the acceleration of network bandwidth, cloud computing has arisen. The development of cloud has offered an effective platform, which enables users to swiftly store and share the data. Organizations at all levels or individuals no longer need to pay extra cost purchasing information technology equipment, but seek multi-functional cloud service from the providers. Thus, to cater to the cost down of manpower and the decreased budge of the equipment, cloud will be the best option. Nonetheless, using the cloud system has its inevitable risk. It is highly possible that hackers visit the platform with its authentication mechanisms and access others personal data, which has posed a threat to cloud data.
This study focuses on the issue of illegal access of personal documents and seeks corresponding solutions. Three focal points will be brought up regarding the information security. First and foremost, we will discuss the management of personal data as per ISO SOP and domestic regulations. Secondly, we discuss the solutions to the privacy of cloud databases, which include data encryption and data fragmentations. K-anonymity is adopted to discuss data encryption; as for data fragmentations, we use collection as a solution. This study suggests enterprises adopt both methodologies to ensure personal data preserving. Thirdly, this study focuses on discussing data masking in regard to classified documents. With authorization mechanisms, data bits of digital archives can only be correctly and completely accessed by legitimate users. This study aims at preserving a low-risk and high-reliability cloud environment.

Contents
Chapter 1: Introduction - 1 -
1.1 Research Background - 1 -
1.2 Purpose - 2 -
1.3 Research Scheme - 3 -
Chapter 2: Introduction and Application of Cloud Computing - 5 -
2.1 Definition of Cloud Computing - 5 -
2.2 Application of Cloud Computing - 5 -
2.3 Cloud Computing Service Features - 6 -
2.4 Evolution of Cloud Computing - 7 -
2.5 Service Type and Deployment of Cloud Computing - 9 -
2.6 Applications of Cloud Computing - 12 -
2.7 Information Security of Cloud Computing - 13 -
2.7.1 Challenge of Cloud Computing - 13 -
2.7.2 Threat of Cloud Computing - 14 -
2.8 Safety Assessment of Cloud Computing - 16 -
2.9 Summary - 20 -
Chapter 3: Developing a Personal Data Inventory Tracking and Managing System - 22 -
3.1 Relate work - 22 -
3.2 Purpose and Research Field - 27 -
3.3 System Model - 28 -
3.3.1 Name of the System - 28 -
3.3.2 Purpose of the System - 29 -
3.3.3 System Structure Model - 30 -
3.3.4 System Functions - 30 -
3.3.5 System Users - 32 -
3.3.6 System Management - 32 -
3.3.7 Database Table Structure - 32 -
3.4 Nodulus - 33 -
Chapter 4: Preserving Privacy in Cloud Database - 35 -
4.1 Relate work - 35 -
4.2 Data Encryption - 39 -
4.2.1 Anonymity by generalization - 39 -
4.2.2 Challenge - 42 -
4.3 Data Fragmentation - 43 -
4.3.1 Confidentiality Constraints - 44 -
4.3.2 Data Partition using Clustering - 45 -
4.3.3 Challenge - 46 -
4.4 Hybrid of Encryption and Fragmentation - 47 -
4.5 Summary - 49 -
Chapter 5: Data Masking - 51 -
5.1 Relate work - 51 -
5.1.1 Cloud computing service model - 51 -
5.1.2 RBAC access control model - 52 -
5.1.3 Data coloring - 53 -
5.2 The Proposed Scheme - 57 -
5.2.1 The mask generation stage - 57 -
5.2.2 The data mask stage - 59 -
5.2.3 The mask verification removal stage - 59 -
5.3 Security and analysis - 60 -
5.3.1 cloud platform file data security - 60 -
5.3.2 Data mask interceptor and guessing attacks - 61 -
5.3.3 Brute force attack - 61 -
5.3.4 Important files using data mask - 61 -
5.3.5 Hardware support computational efficiency - 62 -
5.4 Nodulus - 62 -
Chapter 6: Conclusions and Suggestions - 64 -
References - 68 -

Figures of Contents
Figure 1.1 Research scheme diagram - 3 -
Figure 3.1 PDCA cycle applied to the management of personal information …….- 25 -
Figure 3.2 System structure diagram - 30 -
Figure 4.1 The process of data stored in cloud database - 38 -
Figure 4.2 Overview of data fragmentation - 44 -
Figure 4.3 Confidentiality constraints - 44 -
Figure 4.4 Hybrid of encryption and data fragmentation - 49 -
Figure 5.1 RBAC model - 52 -
Figure 5.2 Each user will have different roles in different session.High-level role hierarchy will inherit the permissions of the lower-middle class - 53 -
Figure 5.3 Use watermarking techniques to complete the coloring that embedded cloud dropsin the file and re-use watermarking technique in the verification stage to remove the authentication information to match - 54 -
Figure 5.4 The access control model use data coloring - 55 -
Figure 5.5 User first enter, and to the deviceto generate data masking and use a masking to protect files F . - 58 -
Figure 5.6 framework computing - 60 -

Tables of Contents
Table 3.1 The differences between Personal Data Information Protection Act and Computer-Processed Personal Data Protection Act - 24 -
Table 3.2 Database table structure - 33 -
Table 4.1 Patient relation - 41 -
Table 4.2 The Relation after 3-Anonymity - 42 -
Table 5.1 Notations - 56 -

[1]維京百科雲端運算
http://zh.wikipedia.org/zhtw/%E9%9B%B2%E7%AB%AF%E9%81%8B%E7%AE%97
[2]Google 應用入口網雲端服務的型態
http://www.maximol.com.tw/cloudcomputing
[3]雲端運算產業發展方案經濟部, 2010 年4 月.
[4]財團法人資訊工業策進會產業情報室(MIC), 雲端運算應用趨勢與我國商機研究, 2009 年10 月.
[5]雲端策略, 陳瀅, 天下出版2010 年6 月.
[6]財團法人資訊工業策進會產業情報室(MIC) 相元翰(雲端服務資訊安全評估), 2010/09/08.
[7]10 Security Concerns for Cloud Computing Global Knowledge Training LLC, 2010 march.
[8]Top Threats to Cloud Computing V1.0 cloud security alliance , 2010march
http://www.cloudsecurityalliance.org/topthreats__
[9]Waegemann C. P.Spotlight on Healthcare: Document Imaging in Healthcare: One Piece of the Puzzle in Creating Electronic patient Record Systems.Inform,14(1), pp.8-11,2000.
[10]Laws & Regulations Database of The Republic of China: Personal Information ProtectionAct, http://law.moj.gov.tw/ENG/LawClass/LawAll.aspx?PCode=I0050021.
[11]The British Standards Institution: BRITISH STANDARDBS10012:2009Data protection –Specification for a personal information management system, http://img.21food.cn/img/biaozhun/20100729/187/11294278.pdf.
[12]Arne Roock. Applying the PDCA Cycle in knowledge work,2012. http://p-a-m.org/2012/10/applying-the-pdca-cycle-in-knowledge-work
[13]Gong Jhen.System Analysis and Design,Taiwan: Kao-Une Press, 2010.
[14]Chun-Huang Yan. Database System ,Taiwan : GOTOP Press, 2013.
[15]SatzingerJ. W. , Jackson R. B. &BurdS. D. , Systems Analysis & Design in a Changing World., Sixth Edition, Boston: Course TechnologyP.
[16]Aggarwal, G., M. Bawa, and P. Ganesan, “Two can keep a secret: A distributed architecture for secure database services,” in Proceedings of Conference on Innovative Data Systems Research, 2005.
https://database.cs.wisc.edu/cidr/cidr2005/papers/P16.pdf
[17]Aggarwal, G., T. Feder, and K. Kenthapadi, “Anonymizing tables,” in Proceedings of International Conference on Database Theory, pp. 246-258, 2005.
[18]Bayardo, R., and R. Agrawal, “Data Privacy through Optimal k-Anonymiztion,” in Proceedings of IEEE International Conference on Data Engineering, pp. 217-228, 2005.
[19]Ciriani, V., S. Vimercati, S. Foresti, and S. Jajodia, “Combining fragmentation and encryption to protect privacy in data storage,” journal of ACM Transactions on Information and System Security, vol. 13, no. 3, pp. 1-33, 2010.
[20]Ciriani, V., S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati, “Fragmentation and Encryption to Enforce Privacy in Data Storage,” in Proceedings of European Symposium on Research in Computer Security, pp. 171-186, 2007.
[21]Evdokimov, S., M. Fischmann, O. Günther, “Provable security for outsourcing database operations,” in Proceedings of IEEE International Conference on Data Engineering, pp. 117, 2006.
[22]Fung, B. C. M., K. Wang, R. Chen, P. S. Yu, “Privacy-Preserving Data Publishing: A Survey of Recent Developments,” Journal of ACM Computing Surveys, vol. 42, no. 4, pp. 14:1-53, 2010.
[23]Hacigumus, H., B. Iyer, and S. Mehrotra, “Providing database as a service,” in Proceedings of IEEE International Conference on Data Engineering, pp. 29-38, 2002.
[24]Imran, S., I. Hyder, “Security Issues in Databases,” in Proceedings of IEEE International Conference on Future Information Technology and Management Engineering, pp. 541-545, 2009.
[25]Mei, A., L. V. Mancini, S. Jajodia, “Secure dynamic fragment and replica allocation in large-scale distributed file systems,” Journal of IEEE Transactions on Parallel and Distributed Systems, vol. 14, no. 9, pp. 885-896, 2003.
[26]Millen, J. K., T. F. Lunt, “Security for object-oriented database systems,” in Proceedings of IEEE Symposium on Security and Privacy, pp. 260-272, 1992.
[27]Samarati, P., and S. Vimercati, “Data protection in outsourcing scenarios: Issues and directions,” in Proceedings of ACM Symposium on Information, Computer and Communications Security, pp. 1-14, 2010.
[28]Sayi, T. J. V. R. K. M. K., R. K. N. S. Krishna, R. Mukkamala, and P. K. Baruah, “Preserving privacy of cloud data: A cluster-based approach,” in Proceedings of IEEE International Conference on Information Reuse and Integration, pp. 215-223, 2012.
[29]Tassa, T. and E. Gudes, “Secure distributed computation of anonymized views of shared databases,” Journal of ACM Transactions on Database Systems, vol. 37, no. 2, pp. 1-43, 2012.
[30]Yu, Y., “Privacy Protection in Secure Database Service,” in Proceedings of IEEE International Conference on Networks Security, Wireless Communications and Trusted Computing, pp. 218-222, 2010.
[31]Zhang, X., C. Liu, S. Nepal, J. Chen, “An efficient quasi-identifier index based approach for privacy preservation over incremental data sets on cloud,” journal of Computer and System Sciences, vol. 79, no. 5, pp. 542-555, 2013.
[32]Zubi, Z. S., “On distributed database security aspects,” in Proceedings of IEEE International Conference on Multimedia Computing and Systems, pp. 231-235, 2009.
[33]Viega, J., “Cloud Computing and the Common Man,” Computers, Vol. 42, No. 8, pp. 106-108, 2009.
[34]Sandhu, R., Coyne, E.J., Feinstein, H.L., and Youman, C.E., “Role-based access control models,” Computer, Vol. 29, No. 2, pp. 38-47, 1996.
[35]Ferraiolo, D.F. and Kuhn, D.R., “Role-Based Access Control,” National Computer Security Conference, 15th ed., Baltimore, 1992.
[36]Lan, Z., Vijay, V., and Michael, H., “Enforcing Role-Based Access Control for Secure Data Storage in the Cloud,” Computers Journal, Vol. 54, No. 10, pp. 1675-1687, 2011.
[37]Hwang, K. and Li, D., “Trusted Cloud Computing with Secure Resources and Data Coloring,” IEEE Internet Computing, Vol. 14, No. 5, pp. 14-22, 2010.
[38]http://ithelp.ithome.com.tw/question/10053820.
[39]Google android device, http://zh.wikipedia.org/wiki/Galaxy_Nexus.
[40]iPad2, http://zh.wikipedia.org/wiki/IPad_2.

QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊