學術產出-Theses
Article View/Open
Publication Export
-
題名 公有雲資料庫委外安全保護機制:CryptDB與Fragmentation的比較
Public Cloud Database Outsourcing Security Protection Mechanism:Comparison of CryptDB with Fragmentation作者 陳柏廷
Chen, Bo-Ting貢獻者 胡毓忠
Hu, Yuh-Jong
陳柏廷
Chen, Bo-Ting關鍵詞 雲端
隱私
Cloud
Privacy
CryptDB
Fragmentation日期 2020 上傳時間 2-Mar-2020 11:37:49 (UTC+8) 摘要 雲端服務是近年各企業相當重視的資訊系統應用,現今的網路環境,為了更方便、快速分享佈署資料、應用服務和同時兼顧儲存成本和提升效率,從個人到企業逐漸選擇把資料移往雲端存放,利用雲端服務協助完成工作。現在一般使用者在操作電腦時,大多數會額外安裝防毒軟體和防火牆,原因是使用者已經了解到保護資料對個人隱私的重要,同樣當把資料上傳至雲端後,因資料不再受到使用者的管控,而是由雲端平台服務商全權管理,對安全的顧慮更加提高,系統服務商該如何保護客戶的資料完整、隱私和可用性,是每位雲端服務使用者最重視的部分。本研究將透過兩種公有雲資料庫保護方式:CryptDB與Fragmentation,探討企業如何在雲端環境保護委外資料的運作,同時能符合機密、完整、可用性的資安三要條件,以及在儲存管理、數據操作、使用流程上的差異比較,給予建置資料庫時的建議與選擇判斷,藉此提供具體貢獻。
During the past few years, cloud service is an information system application that enterprises pay great attention to. In today`s network environment, to make it easier and faster to share deployed data, application services, and to balance storage costs and efficiency, individuals and businesses are choosing to move data to the cloud and use cloud services to help you get the job done. Store and use the cloud service to assist with the work. Nowadays, the general public use computers and most of them will install anti-virus software and firewalls. The reason is that users have learned that protecting data is important to personal privacy. Similarly, when data is uploaded to the cloud, data is no longer controlled by users. It is managed by the cloud platform service provider and the security concerns are further enhanced. How the system service provider can protect the customer`s data integrity, privacy and availability is the most important part of every cloud service user.In this study will use two public cloud database protection methods: CryptDB and Fragmentation to explore how companies can operate outsourced data in the cloud while meeting the three essential conditions of confidentiality, integrity, and availability, as well as the comparison of differences in storage management, data operation, and usage processes. Give specific contributions by giving advice and choice to build a database.參考文獻 [1] “Cisco Visual Networking Index: Forecast and Trends, 2017–2022 White Paper,” https://www.cisco.com/c/en/us/solutions/collateral/service-provider/visual-networking-index-vni/white-paper-c11-741490.html, accessed: 2019-10-10.[2] R. A. Popa et al., “Cryptdb: Protecting confidentiality with encrypted query processing,” in Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, ser. SOSP ’11. New York, NY, USA: ACM, 2011, pp. 85–100. [Online]. Available: http://doi.acm.org/10.1145/2043556.2043566[3] S. D. C. di Vimercati et al., “Encryption and fragmentation for data confidentiality in the cloud,” Lecture Notes in Computer Science, vol. 8604, pp.212–243, 2012.[4] S. De Capitani di Vimercati et al., “Fragmentation in presence of data dependencies,” IEEE Transactions on Dependable and Secure Computing (TDSC), vol. 11, no. 6, pp. 510–523, November/December 2014.[5] M. Almorsy, J. C. Grundy, and I. Müller, “An analysis of the cloudcomputing security problem,” CoRR, vol. abs/1609.01107, 2016. [Online]. Available: http://arxiv.org/abs/1609.01107[6] M. Pearce, M. Pearce, and M. Pearce, “Virtualization: Issues, security threats, and solutions,” ACM Computing Surveys (CSUR), vol. 45, no. 2, 2013.[7] R. L. Rivest and A. T. Sherman, “Randomized encryption techniques,” in Advances in Cryptology, D. Chaum, R. L. Rivest, and A. T. Sherman, Eds. Boston, MA: Springer US, 1983, pp. 145–163.[8] A. Boldyreva, N. Chenette, Y. Lee, and A. O'neill, “Order-preserving symmetric encryption,” in Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 2009, pp. 224–241.[9] C. Gentry et al., “Fully homomorphic encryption using ideal lattices.” in Stoc, vol. 9, no. 2009, 2009, pp. 169–178.[10] K. Krombholz et al., “Advanced social engineering attacks,” J. Inf. Secur. Appl., vol. 22, no. C, pp. 113–122, Jun. 2015. [Online]. Available:http://dx.doi.org/10.1016/j.jisa.2014.09.005[11] B. H. Bloom, “Space/time trade-offs in hash coding with allowable errors,” Commun. ACM, vol. 13, no. 7, pp. 422–426, Jul. 1970. [Online]. Available:http://doi.acm.org/10.1145/362686.362692[12] H. Hacigumus, B. Iyer, and S. Mehrotra, “Providing database as a service,” 02 2002, pp. 29 – 38.[13] S. D. C. di Vimercati, S. Foresti, and P. Samarati, Selective and Fine-Grained Access to Data in the Cloud. New York, NY: Springer New York, 2014, pp. 123–148. [Online]. Available: https://doi.org/10.1007/978-1-4614-9278-8_6[14] S. Jajodia et al., Secure Cloud Computing. Springer-Verlag New York, 2014.[15] E. Damiani et al., “Balancing confidentiality and efficiency in untrusted relational dbmss,” in Proceedings of the 10th ACM Conference on Computer and Communications Security, ser. CCS ’03. New York, NY, USA: ACM, 2003, pp. 93–102. [Online]. Available: http://doi.acm.org/10.1145/948109.948124[16] G. Aggarwal et al., “Two can keep a secret: A distributed architecture for secure database services,” in CIDR, 2005.[17] V. Ciriani et al., “Fragmentation and encryption to enforce privacy in data storage,” in Computer Security – ESORICS 2007, J. Biskup and J. López, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2007, pp. 171–186.[18] ——, “Combining fragmentation and encryption to protect privacy in data storage,” ACM Trans. Inf. Syst. Secur., vol. 13, 07 2010.[19] ——, “Keep a few: Outsourcing data while maintaining confidentiality,” vol. 5789, 09 2009, pp. 440–455.[20] ——, “Selective data outsourcing for enforcing privacy,” Journal of Computer Security, vol. 19, pp. 531–566, 01 2011.[21] S. Tu, M. F. Kaashoek, S. Madden, and N. Zeldovich, “Processing analytical queries over encrypted data,” Proc. VLDB Endow., vol. 6, no. 5, pp. 289–300, Mar. 2013. [Online]. Available: http://dx.doi.org/10.14778/2535573.2488336 描述 碩士
國立政治大學
資訊科學系碩士在職專班
103971018資料來源 http://thesis.lib.nccu.edu.tw/record/#G0103971018 資料類型 thesis dc.contributor.advisor 胡毓忠 zh_TW dc.contributor.advisor Hu, Yuh-Jong en_US dc.contributor.author (Authors) 陳柏廷 zh_TW dc.contributor.author (Authors) Chen, Bo-Ting en_US dc.creator (作者) 陳柏廷 zh_TW dc.creator (作者) Chen, Bo-Ting en_US dc.date (日期) 2020 en_US dc.date.accessioned 2-Mar-2020 11:37:49 (UTC+8) - dc.date.available 2-Mar-2020 11:37:49 (UTC+8) - dc.date.issued (上傳時間) 2-Mar-2020 11:37:49 (UTC+8) - dc.identifier (Other Identifiers) G0103971018 en_US dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/128990 - dc.description (描述) 碩士 zh_TW dc.description (描述) 國立政治大學 zh_TW dc.description (描述) 資訊科學系碩士在職專班 zh_TW dc.description (描述) 103971018 zh_TW dc.description.abstract (摘要) 雲端服務是近年各企業相當重視的資訊系統應用,現今的網路環境,為了更方便、快速分享佈署資料、應用服務和同時兼顧儲存成本和提升效率,從個人到企業逐漸選擇把資料移往雲端存放,利用雲端服務協助完成工作。現在一般使用者在操作電腦時,大多數會額外安裝防毒軟體和防火牆,原因是使用者已經了解到保護資料對個人隱私的重要,同樣當把資料上傳至雲端後,因資料不再受到使用者的管控,而是由雲端平台服務商全權管理,對安全的顧慮更加提高,系統服務商該如何保護客戶的資料完整、隱私和可用性,是每位雲端服務使用者最重視的部分。本研究將透過兩種公有雲資料庫保護方式:CryptDB與Fragmentation,探討企業如何在雲端環境保護委外資料的運作,同時能符合機密、完整、可用性的資安三要條件,以及在儲存管理、數據操作、使用流程上的差異比較,給予建置資料庫時的建議與選擇判斷,藉此提供具體貢獻。 zh_TW dc.description.abstract (摘要) During the past few years, cloud service is an information system application that enterprises pay great attention to. In today`s network environment, to make it easier and faster to share deployed data, application services, and to balance storage costs and efficiency, individuals and businesses are choosing to move data to the cloud and use cloud services to help you get the job done. Store and use the cloud service to assist with the work. Nowadays, the general public use computers and most of them will install anti-virus software and firewalls. The reason is that users have learned that protecting data is important to personal privacy. Similarly, when data is uploaded to the cloud, data is no longer controlled by users. It is managed by the cloud platform service provider and the security concerns are further enhanced. How the system service provider can protect the customer`s data integrity, privacy and availability is the most important part of every cloud service user.In this study will use two public cloud database protection methods: CryptDB and Fragmentation to explore how companies can operate outsourced data in the cloud while meeting the three essential conditions of confidentiality, integrity, and availability, as well as the comparison of differences in storage management, data operation, and usage processes. Give specific contributions by giving advice and choice to build a database. en_US dc.description.tableofcontents 第一章 導論 11.1 研究動機 11.2 研究目的 21.3 研究章節與具體成果 2第二章 研究背景 32.1 雲端環境 32.2 雲端環境安全探討 42.3 雲端環境資料保護 62.4 資料保護相關研究 6第三章 資料庫委外的安全保護 83.1 CryptDB 83.2 CryptDB 安全定義 103.3 CryptDB 加密模型 103.4 Fragmentation 133.5 Fragmentation 安全定義 133.6 Fragmentation 加密方法 14第四章 研究架構與方法設計 224.1 研究架構 224.2 產生實驗範例資料-以支付交易資料為例 224.3 資料保護方法-Fragmentation 234.4 Fragmentation 資料保護-加密與索引 234.5 Fragmentation 資料保護-兩個可保守秘密 244.6 Fragmentation 資料保護-多個不可連結片段 254.7 Fragmentation 資料保護-保留少數 254.8 資料保護實作-新增一筆刷卡交易資料 264.9 資料保護實作-查詢一筆刷卡交易資料 27第五章 Fragmentation 與CryptDB 實作結果探討 295.1 Fragmentation 與CryptDB 新增比較 295.2 Fragmentation 與CryptDB 查詢比較 315.3 Fragmentation 與CryptDB 更新比較 335.4 Fragmentation 與CryptDB 刪除比較 345.5 Fragmentation 與CryptDB 優缺點探討 355.6 Fragmentation 與CryptDB 安全風險探討 37第六章 結論 396.1 結論 396.2 未來展望 40第七章 參考文獻 41 zh_TW dc.format.extent 1253002 bytes - dc.format.mimetype application/pdf - dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0103971018 en_US dc.subject (關鍵詞) 雲端 zh_TW dc.subject (關鍵詞) 隱私 zh_TW dc.subject (關鍵詞) Cloud en_US dc.subject (關鍵詞) Privacy en_US dc.subject (關鍵詞) CryptDB en_US dc.subject (關鍵詞) Fragmentation en_US dc.title (題名) 公有雲資料庫委外安全保護機制:CryptDB與Fragmentation的比較 zh_TW dc.title (題名) Public Cloud Database Outsourcing Security Protection Mechanism:Comparison of CryptDB with Fragmentation en_US dc.type (資料類型) thesis en_US dc.relation.reference (參考文獻) [1] “Cisco Visual Networking Index: Forecast and Trends, 2017–2022 White Paper,” https://www.cisco.com/c/en/us/solutions/collateral/service-provider/visual-networking-index-vni/white-paper-c11-741490.html, accessed: 2019-10-10.[2] R. A. Popa et al., “Cryptdb: Protecting confidentiality with encrypted query processing,” in Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, ser. SOSP ’11. New York, NY, USA: ACM, 2011, pp. 85–100. [Online]. Available: http://doi.acm.org/10.1145/2043556.2043566[3] S. D. C. di Vimercati et al., “Encryption and fragmentation for data confidentiality in the cloud,” Lecture Notes in Computer Science, vol. 8604, pp.212–243, 2012.[4] S. De Capitani di Vimercati et al., “Fragmentation in presence of data dependencies,” IEEE Transactions on Dependable and Secure Computing (TDSC), vol. 11, no. 6, pp. 510–523, November/December 2014.[5] M. Almorsy, J. C. Grundy, and I. Müller, “An analysis of the cloudcomputing security problem,” CoRR, vol. abs/1609.01107, 2016. [Online]. Available: http://arxiv.org/abs/1609.01107[6] M. Pearce, M. Pearce, and M. Pearce, “Virtualization: Issues, security threats, and solutions,” ACM Computing Surveys (CSUR), vol. 45, no. 2, 2013.[7] R. L. Rivest and A. T. Sherman, “Randomized encryption techniques,” in Advances in Cryptology, D. Chaum, R. L. Rivest, and A. T. Sherman, Eds. Boston, MA: Springer US, 1983, pp. 145–163.[8] A. Boldyreva, N. Chenette, Y. Lee, and A. O'neill, “Order-preserving symmetric encryption,” in Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 2009, pp. 224–241.[9] C. Gentry et al., “Fully homomorphic encryption using ideal lattices.” in Stoc, vol. 9, no. 2009, 2009, pp. 169–178.[10] K. Krombholz et al., “Advanced social engineering attacks,” J. Inf. Secur. Appl., vol. 22, no. C, pp. 113–122, Jun. 2015. [Online]. Available:http://dx.doi.org/10.1016/j.jisa.2014.09.005[11] B. H. Bloom, “Space/time trade-offs in hash coding with allowable errors,” Commun. ACM, vol. 13, no. 7, pp. 422–426, Jul. 1970. [Online]. Available:http://doi.acm.org/10.1145/362686.362692[12] H. Hacigumus, B. Iyer, and S. Mehrotra, “Providing database as a service,” 02 2002, pp. 29 – 38.[13] S. D. C. di Vimercati, S. Foresti, and P. Samarati, Selective and Fine-Grained Access to Data in the Cloud. New York, NY: Springer New York, 2014, pp. 123–148. [Online]. Available: https://doi.org/10.1007/978-1-4614-9278-8_6[14] S. Jajodia et al., Secure Cloud Computing. Springer-Verlag New York, 2014.[15] E. Damiani et al., “Balancing confidentiality and efficiency in untrusted relational dbmss,” in Proceedings of the 10th ACM Conference on Computer and Communications Security, ser. CCS ’03. New York, NY, USA: ACM, 2003, pp. 93–102. [Online]. Available: http://doi.acm.org/10.1145/948109.948124[16] G. Aggarwal et al., “Two can keep a secret: A distributed architecture for secure database services,” in CIDR, 2005.[17] V. Ciriani et al., “Fragmentation and encryption to enforce privacy in data storage,” in Computer Security – ESORICS 2007, J. Biskup and J. López, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2007, pp. 171–186.[18] ——, “Combining fragmentation and encryption to protect privacy in data storage,” ACM Trans. Inf. Syst. Secur., vol. 13, 07 2010.[19] ——, “Keep a few: Outsourcing data while maintaining confidentiality,” vol. 5789, 09 2009, pp. 440–455.[20] ——, “Selective data outsourcing for enforcing privacy,” Journal of Computer Security, vol. 19, pp. 531–566, 01 2011.[21] S. Tu, M. F. Kaashoek, S. Madden, and N. Zeldovich, “Processing analytical queries over encrypted data,” Proc. VLDB Endow., vol. 6, no. 5, pp. 289–300, Mar. 2013. [Online]. Available: http://dx.doi.org/10.14778/2535573.2488336 zh_TW dc.identifier.doi (DOI) 10.6814/NCCU202000271 en_US
