ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2021, Vol. 58 ›› Issue (10): 2079-2098.doi: 10.7544/issn1000-1239.2021.20210805

所属专题: 2021密码学与网络空间安全治理专题

• 信息安全 • 上一篇    下一篇



  1. 1(南京信息工程大学计算机与软件学院 南京 210044);2(上海市高可信计算重点实验室(华东师范大学) 上海 200062) (
  • 出版日期: 2021-10-01
  • 基金资助: 
    国家自然科学基金项目(61922045, U1836115, 61672295);江苏省自然科学基金项目(BK20181408);鹏城实验室网络空间安全研究中心项目(PCL2018KP004)

Protection Methods for Cloud Data Security

Shen Jian1, Zhou Tianqi1, Cao Zhenfu2   

  1. 1(School of Computer and Software, Nanjing University of Information Science and Technology, Nanjing 210044);2(Shanghai Key Laboratory of Trustworthy Computing (East China Normal University), Shanghai 200062)
  • Online: 2021-10-01
  • Supported by: 
    This work was supported by the National Natural Science Foundation of China (61922045, U1836115, 61672295), the Natural Science Foundation of Jiangsu Province (BK20181408), and the Project of the Cyberspace Security Research Center, Peng Cheng Laboratory of Guangdong Province (PCL2018KP004).

摘要: 计算机网络的快速发展与大数据的普及推动了云计算技术的进一步发展.云环境是网络与信息时代下数据交互的重要平台,为个人、企业和国家的数据高效交互提供了极大的便利,但同时也为云数据安全和隐私保护提出了新的挑战.首先给出了现有云计算模型,调研和分析云数据安全保护中存在的威胁.在此基础上,从云数据安全的访问控制、密钥协商、安全审计和安全共享4个方面出发,对国内外云数据安全保护方案的最新研究成果进行系统分析.其次,针对现有云数据安全保护方案存在访问控制过程中用户隐私易被泄露、密钥生成过程中开销难以控制、审计过程中动态操作效率低下、错误恢复较难实现、数据共享过程中恶意用户难以追踪等问题,进行系统研究,提出解决思路.最后,探讨云数据安全保护当前面临的挑战和未来研究方向,以期推动更加完善的云数据保护体系的建立.

关键词: 云数据安全, 访问控制, 密钥协商, 安全数据审计, 安全数据共享

Abstract: The rapid development of computer networks and the popularization of big data have promoted the further development of cloud computing. The cloud environment is an important platform for data interaction in the network and information age. It provides great convenience for the efficient data interaction of individuals, enterprises and countries, but it also poses new challenges for the security of cloud data. In this paper, we first present the existing cloud computing model, investigate and analyze the threats in cloud data security protection schemes. On this basis, a systematic analysis of the latest research results of cloud data security protection schemes at home and abroad is conducted, namely, access control, key agreement, secure data auditing and secure data sharing. Secondly, we conduct systematic research and propose solutions to the problems such as easy disclosure of user privacy during the access control process, difficulty in controlling overhead during key generation, low efficiency in dynamic operations during auditing, and difficulty in tracking malicious users during data sharing in existing cloud data security protection schemes. Finally, the current challenges and future research directions of cloud data security protection are discussed, with a view to promoting the establishment of a more complete cloud data protection system.

Key words: cloud data security, access control, key agreement, secure data auditing, secure data sharing