政大學術集成


Please use this identifier to cite or link to this item: https://ah.nccu.edu.tw/handle/140.119/128990


Title: 公有雲資料庫委外安全保護機制:CryptDB與Fragmentation的比較
Public Cloud Database Outsourcing Security Protection Mechanism:Comparison of CryptDB with Fragmentation
Authors: 陳柏廷
Chen, Bo-Ting
Contributors: 胡毓忠
Hu, Yuh-Jong
陳柏廷
Chen, Bo-Ting
Keywords: 雲端
隱私
Cloud
Privacy
CryptDB
Fragmentation
Date: 2020
Issue Date: 2020-03-02 11:37:49 (UTC+8)
Abstract: 雲端服務是近年各企業相當重視的資訊系統應用,現今的網路環境,為了更方便、快速分享佈署資料、應用服務和同時兼顧儲存成本和提升效率,從個人到企業逐漸選擇把資料移往雲端存放,利用雲端服務協助完成工作。現在一般使用者在操作電腦時,大多數會額外安裝防毒軟體和防火牆,原因是使用者已經了解到保護資料對個人隱私的重要,同樣當把資料上傳至雲端後,因資料不再受到使用者的管控,而是由雲端平台服務商全權管理,對安全的顧慮更加提高,系統服務商該如何保護客戶的資料完整、隱私和可用性,是每位雲端服務使用者最重視的部分。

本研究將透過兩種公有雲資料庫保護方式:CryptDB與Fragmentation,探討企業如何在雲端環境保護委外資料的運作,同時能符合機密、完整、可用性的資安三要條件,以及在儲存管理、數據操作、使用流程上的差異比較,給予建置資料庫時的建議與選擇判斷,藉此提供具體貢獻。
During the past few years, cloud service is an information system application that enterprises pay great attention to. In today's network environment, to make it easier and faster to share deployed data, application services, and to balance storage costs and efficiency, individuals and businesses are choosing to move data to the cloud and use cloud services to help you get the job done. Store and use the cloud service to assist with the work. Nowadays, the general public use computers and most of them will install anti-virus software and firewalls. The reason is that users have learned that protecting data is important to personal privacy. Similarly, when data is uploaded to the cloud, data is no longer controlled by users. It is managed by the cloud platform service provider and the security concerns are further enhanced. How the system service provider can protect the customer's data integrity, privacy and availability is the most important part of every cloud service user.

In this study will use two public cloud database protection methods: CryptDB and Fragmentation to explore how companies can operate outsourced data in the cloud while meeting the three essential conditions of confidentiality, integrity, and availability, as well as the comparison of differences in storage management, data operation, and usage processes. Give specific contributions by giving advice and choice to build a database.
Reference: [1] “Cisco Visual Networking Index: Forecast and Trends, 2017–2022 White Paper,” https://www.cisco.com/c/en/us/solutions/collateral/service-provider/visual-networking-index-vni/white-paper-c11-741490.html, accessed: 2019-10-10.

[2] R. A. Popa et al., “Cryptdb: Protecting confidentiality with encrypted query processing,” in Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, ser. SOSP ’11. New York, NY, USA: ACM, 2011, pp. 85–100. [Online]. Available: http://doi.acm.org/10.1145/2043556.2043566

[3] S. D. C. di Vimercati et al., “Encryption and fragmentation for data confidentiality in the cloud,” Lecture Notes in Computer Science, vol. 8604, pp.212–243, 2012.

[4] S. De Capitani di Vimercati et al., “Fragmentation in presence of data dependencies,” IEEE Transactions on Dependable and Secure Computing (TDSC), vol. 11, no. 6, pp. 510–523, November/December 2014.

[5] M. Almorsy, J. C. Grundy, and I. Müller, “An analysis of the cloud
computing security problem,” CoRR, vol. abs/1609.01107, 2016. [Online]. Available: http://arxiv.org/abs/1609.01107

[6] M. Pearce, M. Pearce, and M. Pearce, “Virtualization: Issues, security threats, and solutions,” ACM Computing Surveys (CSUR), vol. 45, no. 2, 2013.

[7] R. L. Rivest and A. T. Sherman, “Randomized encryption techniques,” in Advances in Cryptology, D. Chaum, R. L. Rivest, and A. T. Sherman, Eds. Boston, MA: Springer US, 1983, pp. 145–163.

[8] A. Boldyreva, N. Chenette, Y. Lee, and A. O'neill, “Order-preserving symmetric encryption,” in Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 2009, pp. 224–241.

[9] C. Gentry et al., “Fully homomorphic encryption using ideal lattices.” in Stoc, vol. 9, no. 2009, 2009, pp. 169–178.

[10] K. Krombholz et al., “Advanced social engineering attacks,” J. Inf. Secur. Appl., vol. 22, no. C, pp. 113–122, Jun. 2015. [Online]. Available:http://dx.doi.org/10.1016/j.jisa.2014.09.005

[11] B. H. Bloom, “Space/time trade-offs in hash coding with allowable errors,” Commun. ACM, vol. 13, no. 7, pp. 422–426, Jul. 1970. [Online]. Available:http://doi.acm.org/10.1145/362686.362692

[12] H. Hacigumus, B. Iyer, and S. Mehrotra, “Providing database as a service,” 02 2002, pp. 29 – 38.

[13] S. D. C. di Vimercati, S. Foresti, and P. Samarati, Selective and Fine-Grained Access to Data in the Cloud. New York, NY: Springer New York, 2014, pp. 123–148. [Online]. Available: https://doi.org/10.1007/978-1-4614-9278-8_6

[14] S. Jajodia et al., Secure Cloud Computing. Springer-Verlag New York, 2014.

[15] E. Damiani et al., “Balancing confidentiality and efficiency in untrusted relational dbmss,” in Proceedings of the 10th ACM Conference on Computer and Communications Security, ser. CCS ’03. New York, NY, USA: ACM, 2003, pp. 93–102. [Online]. Available: http://doi.acm.org/10.1145/948109.948124

[16] G. Aggarwal et al., “Two can keep a secret: A distributed architecture for secure database services,” in CIDR, 2005.

[17] V. Ciriani et al., “Fragmentation and encryption to enforce privacy in data storage,” in Computer Security – ESORICS 2007, J. Biskup and J. López, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2007, pp. 171–186.

[18] ——, “Combining fragmentation and encryption to protect privacy in data storage,” ACM Trans. Inf. Syst. Secur., vol. 13, 07 2010.

[19] ——, “Keep a few: Outsourcing data while maintaining confidentiality,” vol. 5789, 09 2009, pp. 440–455.

[20] ——, “Selective data outsourcing for enforcing privacy,” Journal of Computer Security, vol. 19, pp. 531–566, 01 2011.

[21] S. Tu, M. F. Kaashoek, S. Madden, and N. Zeldovich, “Processing analytical queries over encrypted data,” Proc. VLDB Endow., vol. 6, no. 5, pp. 289–300, Mar. 2013. [Online]. Available: http://dx.doi.org/10.14778/2535573.2488336
Description: 碩士
國立政治大學
資訊科學系碩士在職專班
103971018
Source URI: http://thesis.lib.nccu.edu.tw/record/#G0103971018
Data Type: thesis
Appears in Collections:[Executive Master Program of Computer Science of NCCU] Theses

Files in This Item:

File SizeFormat
101801.pdf1223KbAdobe PDF0View/Open


All items in 學術集成 are protected by copyright, with all rights reserved.


社群 sharing