雲端資料庫之行為違反證明技術
No Thumbnail Available
Date
2015
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
雲端資料庫是一種執行在雲端運算平台上的資料庫,使用者不需要自己維護資料庫,由雲端服務提供者負責安裝、維護資料庫實體。服務提供者可能因為系統當機、錯誤的操作或是遭受嚴重的攻擊而造成我們重要的資料遺失或被更動導致給我們不一致的版本。某些雲端資料庫可以讓使用者透過Web interfacec或是API(Application programming interface)存取資料庫操作的日誌檔,但使用者無法使用日誌檔去證明服務提供者是否有違反Query Integrity與Transaction Serializability,因為這些日誌檔不是經由密碼學加密的證據。
證明違約(Proof of Violation)協定使得使用者與服務提供者雙方留下一個珍貴的證據,用來證明服務提供者是否有違反他所保障的屬性。首先我們展現舊有的證明違約協定但它無法應用在我們的雲端資料庫系統上,我們提出一個新的證明違約協定雙重鏈結雜湊(Double Hashes)應用在雲端資料庫系統,除此之外舊有的稽核方法也不適用於SQL資料庫,我們設計一個新的稽核方法取代它。服務提供者藉由我們新的證明違約協定保障其服務階層協議內對於資料庫操作的承諾,因為證明違約協定的證據具有服務提供者與使用者雙方的不可否認性。
A cloud database is a database that typically runs on a cloud computing platform which is not maintained by the user but a service provider. The service provider can leak confidential data, modify the data, or return inconsistent data to users due to bugs, crashes, operator errors, or even malicious security attacks. Some cloud database systems provide Web interface or application programming interface for clients to access logs of database transactions. However, these logs are not cryptography-based proofs. Clients cannot use these logs to prove whether a cloud service provider has violated some required properties such as query integrity and transaction serializability. A POV scheme enables a user or a service provider to produce a precise proof of either the occurrence of the violation of properties or the innocence of the service provider. In this thesis, we develop POV and auditing schemes for cloud database systems. We first show that previously developed POV schemes cannot be applied to cloud database systems directly. Then, we propose a new POV scheme called double hashes (DH). In addition, previously proposed auditing schemes also cannot be applied to perform auditing requirements of SQL database according to collected attestations. We design a new auditing scheme for cloud database systems. Service providers can use the proposed schemes to provide a mutual nonrepudiation guarantee for database transactions in their service-level agreements.
A cloud database is a database that typically runs on a cloud computing platform which is not maintained by the user but a service provider. The service provider can leak confidential data, modify the data, or return inconsistent data to users due to bugs, crashes, operator errors, or even malicious security attacks. Some cloud database systems provide Web interface or application programming interface for clients to access logs of database transactions. However, these logs are not cryptography-based proofs. Clients cannot use these logs to prove whether a cloud service provider has violated some required properties such as query integrity and transaction serializability. A POV scheme enables a user or a service provider to produce a precise proof of either the occurrence of the violation of properties or the innocence of the service provider. In this thesis, we develop POV and auditing schemes for cloud database systems. We first show that previously developed POV schemes cannot be applied to cloud database systems directly. Then, we propose a new POV scheme called double hashes (DH). In addition, previously proposed auditing schemes also cannot be applied to perform auditing requirements of SQL database according to collected attestations. We design a new auditing scheme for cloud database systems. Service providers can use the proposed schemes to provide a mutual nonrepudiation guarantee for database transactions in their service-level agreements.
Description
Keywords
雲端資料庫, 雲端安全, 不可否認性, 證明違約, Cloud database, cloud security, nonrepudiation, proof of violation