Journal on Communications ›› 2020, Vol. 41 ›› Issue (6): 184-201.doi: 10.11959/j.issn.1000-436x.2020088

• Correspondences • Previous Articles     Next Articles

Multi-tenant virtual domain isolation construction method based on L-DHT

Lifeng CAO,Xin LU(),Zhensheng GAO,Xuehui DU   

  1. College of Cryptogram Engineering,Information Engineering University,Zhengzhou 450001,China
  • Revised:2020-04-07 Online:2020-06-25 Published:2020-07-04
  • Supported by:
    The National Natural Science Foundation of China(61502531);The National Natural Science Foundation of China(61702550);The National Key Research and Development Program of China(2018YFB0803603);The National Key Research and Development Program of China(2016YFB0501901)

Abstract:

Aiming at the problem of security isolation of multi-tenant data in cloud environment,a tenant virtual domain isolation construction method based on L-DHT was proposed.Firstly,through the design of multi-tenant isolation mapping algorithm based on label-hash mapping,the balanced mapping mechanism of tenant resources was constructed to realize the distributed management of tenant resources.Secondly,for the security isolation and access between tenant data mapped to the same storage node,based on the predicate encryption mechanism,through the effective binding of security labels and tenant data,a tenant data isolation storage algorithm based on label predicate encryption was designed.Finally,by the design of multi-dimensional tenant data isolation control rules and using the analysis and authentication of security labels,independent,logical and secure virtual domains between tenants were built hierarchically.The security analysis shows that the method constructs tenant virtual domains which are secure and non-interference with each other.The simulation results show that the mapping algorithm can achieve a better dynamic load balance.The efficiency and security of data access are verified by the comparative analysis of tenant data retrieval efficiency and authentication access security.

Key words: tenant virtual domain, domain isolator, security label, multi-tenant mapping, data isolation

CLC Number: 

No Suggested Reading articles found!