支持错误定位与数据恢复的多云关键词审计
作者:
作者单位:

作者简介:

通讯作者:

中图分类号:

TP309

基金项目:

国家自然科学基金(61902327); 通信安全重点实验室科技基金(61421030107012102); 四川省自然科学基金(2023NSFSC1398, 2022YFG0172, 2022JDRC0061); 成都市重点研发项目(2021-YF05-00965-SN)


Keyword-based Multi-cloud Auditing with Fault Localization and Data Recovery
Author:
Affiliation:

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    基于关键词的审计(KA)技术是保障云审计经济适用性的重要手段. 不同于概率性审计对外包数据进行随机抽样验证, KA考虑多用户多属性数据的审计需求, 执行关键词检索和定向审计, 能有效降低审计开销. 然而, 现有的KA方案通常聚焦于目标数据的审计效率, 而很少关注审计失败后的错误定位及数据恢复等补救措施; 这无益于保障数据的可用性. 因此, 提出基于关键词的多云审计方案(简称KMCA), 结合智能合约技术实现定向审计、批量错位定位与数据恢复功能. 具体来说, 定向审计模块借鉴可搜索加密技术的索引结构, 定义关键词-文件数据映射关系, 并利用布隆过滤器的误报率特性来隐藏审计词频, 保护关键词隐私; 错误定位模块采用二分思想实现出错云服务器批量定位和受损数据细粒度定位; 数据恢复模块提出多云冗余存储与数据恢复策略, 避免单点故障, 提升存储容错率. 在随机预言机模型下, KMCA是可证明安全的. 性能分析表明, KMCA具备可行性.

    Abstract:

    Keyword-based auditing (KA) technology is a crucial measure to achieve cost-effectiveness in cloud auditing applications. Different from probabilistic auditing, which verifies outsourced data by random sampling and verification, KA considers the auditing requirements of multi-user and multi-attribute data by performing keyword searches and targeted audits. KA can significantly reduce auditing costs. However, existing KA schemes usually focus only on auditing the efficiency of target data while paying little attention to remedial measures such as fault localization and data recovery after audit failures. This lack of attention to remediation measures does not guarantee data availability. Therefore, this study proposes a keyword-based multi-cloud auditing scheme (referred to as KMCA) that leverages smart contracts to enable targeted auditing, batch fault localization, and data recovery. Specifically, the targeted auditing module defines the keyword-file mapping based on the searchable encryption index structure and employs Bloom filters’ false-positive rate characteristic to hide keyword frequency and protect privacy. The fault localization module uses a binary search approach to locate error-prone cloud servers in batches and fine-grained localization of corrupted data. The data recovery module formulates multi-cloud redundant storage and data recovery strategies to avoid single-point failure and improve storage fault tolerance. Under the random oracle model, KMCA is provably secure. Performance analysis shows that KMCA is feasible.

    参考文献
    相似文献
    引证文献
引用本文

薛婧婷,罗抒琴,张文政,李发根,周宇,张晓均.支持错误定位与数据恢复的多云关键词审计.软件学报,,():1-21

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2023-06-14
  • 最后修改日期:2023-11-13
  • 录用日期:
  • 在线发布日期: 2024-08-21
  • 出版日期:
文章二维码
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号