基于L-DHT的多租户虚拟域隔离构建方法

doi:10.11959/j.issn.1000-436x.2020088

摘要/Abstract

摘要：

针对云环境下多租户数据的安全隔离的问题，提出了一种基于 L-DHT 的多租户虚拟域隔离构建方法。首先，通过设计一种基于标签 Hash 映射的多租户隔离映射算法，构建了租户资源的均衡映射机制，实现对租户资源的分布式管理；然后，针对映射到同一存储节点上租户数据间的安全隔离与访问，基于谓词加密机制，通过安全标签和租户数据的有效绑定，给出了一种基于标签谓词加密的租户数据隔离存储算法；最后，通过设计多维度的租户数据隔离控制规则，利用对安全标签的解析与认证，层次化地构建起租户间相互独立、逻辑、安全的虚拟域。安全性分析表明，所提方法构建了相互间安全无干扰的租户虚拟域。仿真实验结果表明，映射算法能够更好地实现负载的动态平衡，并通过数据检索效率与访问安全性的对比分析，验证了租户访问数据的安全性与高效性。

关键词: 租户虚拟域, 域隔离器, 安全标签, 多租户映射, 数据隔离

Abstract:

Aiming at the problem of security isolation of multi-tenant data in cloud environment,a tenant virtual domain isolation construction method based on L-DHT was proposed.Firstly,through the design of multi-tenant isolation mapping algorithm based on label-hash mapping,the balanced mapping mechanism of tenant resources was constructed to realize the distributed management of tenant resources.Secondly,for the security isolation and access between tenant data mapped to the same storage node,based on the predicate encryption mechanism,through the effective binding of security labels and tenant data,a tenant data isolation storage algorithm based on label predicate encryption was designed.Finally,by the design of multi-dimensional tenant data isolation control rules and using the analysis and authentication of security labels,independent,logical and secure virtual domains between tenants were built hierarchically.The security analysis shows that the method constructs tenant virtual domains which are secure and non-interference with each other.The simulation results show that the mapping algorithm can achieve a better dynamic load balance.The efficiency and security of data access are verified by the comparative analysis of tenant data retrieval efficiency and authentication access security.

Key words: tenant virtual domain, domain isolator, security label, multi-tenant mapping, data isolation

中图分类号:

TP393

曹利峰,卢新,高振升,杜学绘. 基于L-DHT的多租户虚拟域隔离构建方法[J]. 通信学报, 2020, 41(6): 184-201.

Lifeng CAO,Xin LU,Zhensheng GAO,Xuehui DU. Multi-tenant virtual domain isolation construction method based on L-DHT[J]. Journal on Communications, 2020, 41(6): 184-201.

图/表 19

图1

图2

图3

图4

图5

图6

图7

表1

图8

表2

表3

云租户隔离系统的形式化定义"

元素集	含义
$M (D, \mapsto)$	租户隔离系统D={μ,ν,DR,…}表示租户虚拟域集合，“ $\mapsto$ ”表示数据安全控制规则(信息流策略)
S	系统的状态集S={S₀,…,S_i,…,S_n}，S₀表示系统的初始状态，S_i表示系统的中间某状态
A	租户动作集A= {r,a,w,storage,…}，r,a,w,storage分别表示读、只写、写入、隔离存储
$o b s_{μ} (s_{i}) : s_{i} \times μ \to O$	obs_μ(s_i)表示虚拟域μ在状态s_i下所观察到的输出，O表示输出集
step(S,A):S×A→S	状态转换函数，sα表示状态s经过动态序列α后的状态；同时，s×ε=s,ε为空序列，sαa=step(sα,a)
dom(a)	a∈A，动作a所对应的虚拟域
(T,R)	每个虚拟域内的组成，包括用户集和资源集，T={U₁,U₂,…,U_n}，R={R₁,R₂,…,R_n}
val_μ(s,n):s×n→V	在虚拟域μ中，名称为n的资源在状态s时的取值
A(μ):μ→M(e)	域μ中可被执行A动作的资源集合，例如：r(μ):μ→M(e):M(e)为域μ中可读的资源集合
Aggregation:D×R→T(e)	Aggregation分为impat和sim函数，分别表示域μ中与R不兼容和具有相似聚合问题的资源集合
Encry:VDST_k(Data,tSA_k)	利用tSA_k对传输的数据进行安全通道的协议封装、加密、认证等处理，安全强度与安全关联相关
Decry:VDST_k(Data,tSA_k)	利用tSA_k对安全通道中的信息进行协议解封装、解密、认证等处理

表3

图9

图10

图11

表4

图12

图13

表5

表6

参考文献 39

[1]	LELE A . Cloud computing,in book:disruptive technologies for the militaries and security[M]. Berlin: SpringerPress, 2018.
[2]	COOK A , ROBINSON M , FERRAG M A ,et al. Internet of cloud:security and privacy issues,in book cloud computing for optimization:foundations,applications,and challenges[M]. Berlin: SpringerPress, 2018.
[3]	WALIA M K , HALGAMUGE M N , HETTIKANKANAMAGE N ,et al. Cloud computing security issues of sensitive data,in book:handbook of research on the IoT,cloud computing,and wireless network optimization[M]. Hershey: IGI GlobalPress, 2019.
[4]	石勇, 郭煜, 刘吉强 ,等. 一种透明的可信云租户隔离机制研究[J]. 软件学报, 2016,27(6): 1538-1548.
	SHI Y , GUO Y , LIU J Q ,et al. Trusted cloud tenant separation mechanism supporting transparency[J]. Journal of Software, 2016,27(6): 1538-1548.
[5]	李顺东, 窦家维, 王道顺 . 同态加密算法及其在云安全中的应用[J]. 计算机研究与发展, 2015,52(6): 1378-1388.
	LI S D , DOU J W , WANG D S . Survey on homomorphic encryption and its applications to cloud security[J]. Journal of Computer Research and Development, 2015,52(6): 1378-1388.
[6]	杨艳, 陈性元, 杜学绘 . 多机构身份及属性加密机制综述[J]. 通信学报, 2018,39(10): 118-129.
	YANG Y , CHEN X Y , DU X H . Survey of multi-authority identity-based and attribute-based encryption scheme[J]. Journal on Communications, 2018,39(10): 118-129.
[7]	杨丹婷 . 谓词加密的理论研究及推广应用[D]. 南京:南京理工大学, 2015.
	YANG D T . Research on predicate encryption theory and its popularization[D]. Nanjing:Nanjing University of Science ＆ Technology, 2015.
[8]	SUKMANA M I.H , TORKURA K A. , GRAUPNER H ,et al. Unified cloud access control model for cloud storage broker[C]// 2019 International Conference on Information Networking (ICOIN). Piscataway:IEEE Press, 2019: 60-65.
[9]	ZHOU H Z , BA H H , WANG Y J . Tenant-oriented monitoring for customized security services in the cloud[J]. Symmetry, 201911(2),252
[10]	易倍汀 . 基于SaaS平台的多租户间数据共享机制的设计与实现[D]. 北京:北京邮电大学, 2014.
	YING B T . The design and implementation on multi-tenant data sharing mechanism based on SaaS platform[D]. Beijing:Beijing University of Posts and Telecommunications, 2014.
[11]	ZHANG D F , WANG Y , SUH G E ,et al. A hardware design language for timing-sensitive information-flow security[J]. ACM Sigplan Notices, 2015,50(4): 503-516.
[12]	YOON M K , SALAGEGHEH N , CHEN Y ,et al. PIFT:predictive information-flow tracking[C]// ACM SIGARCH Computer Architecture News. New York:ACM Press, 2016: 246-253.
[13]	郑显义, 史岗, 孟丹 . 系统安全隔离技术研究综述[J]. 计算机学报, 2017,40(5): 1057-1079.
	ZHENG X Y , SHI G , MENG D . A survey on system security isolation technology[J]. Chinese Journal of Computers, 2017,40(5): 1057-1079.
[14]	ROY I , PORTER D E , BOND M D ,et al. Laminar:practical fine-grained decentralized information flow control[C]// Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation. New York:ACM Press, 2009: 63-74.
[15]	杨永娇, 严飞, 于钊 ,等. 一种基于VT-d技术的虚拟机安全隔离框架研究[J]. 信息网络安全, 2015(11): 7-14.
	YANG Y J , YAN F , YU Z ,et al. Research on VT-d based virtual machine isolation framework[J]. Netinfo Security, 2015(11): 7-14.
[16]	MALKA M , AMIT N ， BEN-YEHUDA M ,et al. rIOMMU:efficient IOMMU for I/O devices that employ ring buffers[J]. ACM SIGPLAN Notices, 2015,50(4): 355-368.
[17]	吴泽智, 陈性元, 杜学绘 ,等. 基于双层信息流控制的云敏感数据安全增强[J]. 电子学报, 2018,46(9): 2245-2250.
	WU Z Z , CHEN X Y , DU X H ,et al. Enhancing sensitive data security based-on double-layer information flow controlling in the cloud[J]. Acta Electronica Sinica, 2018,46(9): 2245-2250.
[18]	JITHIN R , CHANDRAN P . Virtual Machine Isolation[C]// International Conference on Security in Computer Networks and Distributed Systems. Berlin:Springer, 2014: 91-102.
[19]	缪天翔 . 虚拟化环境下操作系统安全性和性能的研究[D]. 上海:上海交通大学, 2015.
	MIAO T X . Research on operating system security and performance in virtualized environments[D]. Shanghai:Shanghai Jiao Tong University, 2015.
[20]	QIN G , ROY G , GROOKS D ,et al. Cluster optimisation using cgroups at a Tier-2[J]. Journal of Physics:Conference Series, 2016,762(1):012010.
[21]	RANJBAR A , ANTIKANINEN M , AURA T . Domain isolation in a multi-tenant software-defined network[C]// IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC). Piscataway:IEEE Press, 2015: 16-25.
[22]	黄世轩 . 基于SDN的数据中心网络流量优化策略的研究[D]. 西安:西安电子科技大学, 2017.
	HUANG S X . Research of traffic optimization strategy in data center network based on SDN[D]. Xi’an:Xidian University, 2017.
[23]	SALAH K , CALERO J M A , ZEADALLY S ,et al. Using cloud computing to implement a security overlay network[J]. IEEE Security and Privacy, 2013,11(1): 44-53.
[24]	KINOSHITA J , MAEDA K , YABUSAKI H ,et al. Realization of VXLAN gateway-based data center network virtualization[C]// 5th IIAI International Congress on Advanced Applied Informatics(IIAI-AAI 2016). Piscataway:IEEE Press, 2016: 884-887.
[25]	AMAMOU A , HADDADOU K , PUGOLLE G . A TRILL-based multi-tenant data center network[J]. Computer Networks, 2014,68(8): 35-53.
[26]	严立宇, 祖立军, 叶家炜 ,等. 云计算网络中多租户虚拟网络隔离的分布式实现研究[J]. 计算机应用与软件, 2016,33(11): 93-98.
	YAN L Y , ZU L J , YE J Y ,et al. Research on distributed virtual network isolation in multi-tenant cloud-computing network[J]. Computer Applications and Software, 2016,33(11): 93-98.
[27]	孙延涛, 位月, 耿岚岚 ,等. 一种基于DHT的数据中心网络租户隔离技术[J]. 北京交通大学学报(自然科学版), 2018,42(5): 55-60.
	SUN Y T , WEI Y , GENG L L ,et al. A data center network tenant isolation technology based on DHT[J]. Journal of Beijing Jiaotong University(Science Edition), 2018,42(5): 55-60.
[28]	李满 . 面向 SAAS 多租户的数据隔离模式系统研究与实现[D]. 成都:西南交通大学, 2018.
	LI M . Research and implementation of data isolation mode customization system for SaaS multi-tenants[D]. Chengdu:Southwest Jiaotong University, 2018.
[29]	GENTRY C , . Fully homomorphic encryption using ideal lattices[C]// 41st Annual ACM Symposium on Theory of Computing (STOC 2009). New York:ACM Press, 2009: 169-178.
[30]	光焱, 祝跃飞, 费金龙 ,等. 利用容错学习问题构造基于身份的全同态加密体制[J]. 通信学报, 2014,35(2): 111-117.
	GUANG Y , ZHU Y F , FEI J L ,et al. Identity-based fully homomorphic encryption from learning with error problem[J]. Journal on Communications, 2014,35(2): 111-117.
[31]	段然, 顾纯祥, 祝跃飞 ,等. NTRU 格上高效的基于身份的全同态加密体制[J]. 通信学报, 2017,38(1): 66-75.
	DUAN R , GU C X , ZHU Y F ,et al. Efficient identity-based fully homomorphic encryption over NTRU[J]. Journal on Communications, 2017,38(1): 66-75.
[32]	杜瑞忠, 王少泫 . 基于封闭环境加密的云存储方案[J]. 通信学报, 2017,38(7): 1-10.
	DU R Z , WANG S X . Cloud storage scheme based on closed-box encryption[J]. Journal on Communications, 2017,38(7): 1-10.
[33]	IIYA A S , SERGEY V Z . An access control model for cloud storage using attribute-based encryption[C]// 2017 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus). Piscataway:IEEE Press, 2017: 578-581.
[34]	GOGUEN J A , MESEGUER J . Inference control and unwinding[C]// 1984 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 1984: 75-86.
[35]	MEYDEN R V D , . What,indeed,is intransitive noninterference?[C]// 12th European Symposium On Research In Computer Security (ESORICS 2007). Berlin:Springer, 2007: 235-250.
[36]	吕从东 . 基于无干扰模型的云计算中信息流安全研究[D]. 北京:北京交通大学, 2016.
	LYU C D . Research on information flow security of cloud computing based on noninterference models[D]. Beijing:Beijing Jiaotong University, 2016.
[37]	ESTRIN D , HANDLEY M , HELMY A ,et al. A dynamic bootstrap mechanism for rendezvous-based multicast routing[C]// IEEE Conference on Computer Communications. Piscataway:IEEE Press, 1999: 1090-1098.
[38]	DENIEL E E , CHENG Y , CARLO C ,et al. Maglev:a fast and reliable software network load balancer[C]// Proceedings of the 13th Usenix Conference on Networked Systems Design and Implementation. New York:ACM Press, 2016. 523-535.
[39]	王小明, 付红, 张立臣 . 基于属性的访问控制研究进展[J]. 电子学报, 2010,38(7): 1660-1667.
	WANG X M , FU H , ZHANG L C . Research progress on attribute-based access control[J]. Acta Electronica Sinica, 2010,38(7): 1660-1667.

字段名称	字段类型	主键	允许空	字段说明
TID	bit(32)	否	否	租户的TID码
H(TK)	varchar(16)	是	否	查询令牌的Hash值

字段名称	字段长度/B
类型字段	1
安全标签长度	1
TID码	4
Hash(S\|\|T)	4
BAN_TIME	4
Trans_Type	2
Hash(VLabel)	4

租户TID数量	DR个数	虚拟节点倍数（与DR个数对应）
10 000	16、36、64、144	110、50、30、20

索引方法	时间复杂度
二叉树索引	O(lbN)~O(N)
B树索引	O(logN)
Hash索引	O(1)
本文索引方法	O(1)

访问方法	数据安全性	细粒度认证	复杂度	云环境适应性	扩展性
ABAC	○	3	3	3	3
非对称谓词加密方法	3	3	3	○	3
本文方法	3	3	2	3	3