Journal on Communications ›› 2020, Vol. 41 ›› Issue (6): 184-201.doi: 10.11959/j.issn.1000-436x.2020088
• Correspondences • Previous Articles Next Articles
Lifeng CAO,Xin LU(),Zhensheng GAO,Xuehui DU
Revised:
2020-04-07
Online:
2020-06-25
Published:
2020-07-04
Supported by:
CLC Number:
Lifeng CAO,Xin LU,Zhensheng GAO,Xuehui DU. Multi-tenant virtual domain isolation construction method based on L-DHT[J]. Journal on Communications, 2020, 41(6): 184-201.
"
元素集 | 含义 |
租户隔离系统D={μ,ν,DR,…}表示租户虚拟域集合,“ | |
S | 系统的状态集S={S0,…,Si,…,Sn},S0表示系统的初始状态,Si表示系统的中间某状态 |
A | 租户动作集A= {r,a,w,storage,…},r,a,w,storage分别表示读、只写、写入、隔离存储 |
obsμ(si)表示虚拟域μ在状态si下所观察到的输出,O表示输出集 | |
step(S,A):S×A→S | 状态转换函数,sα表示状态s经过动态序列α后的状态;同时,s×ε=s,ε为空序列,sαa=step(sα,a) |
dom(a) | a∈A,动作a所对应的虚拟域 |
(T,R) | 每个虚拟域内的组成,包括用户集和资源集,T={U1,U2,…,Un},R={R1,R2,…,Rn} |
valμ(s,n):s×n→V | 在虚拟域μ中,名称为n的资源在状态s时的取值 |
A(μ):μ→M(e) | 域μ中可被执行A动作的资源集合,例如:r(μ):μ→M(e):M(e)为域μ中可读的资源集合 |
Aggregation:D×R→T(e) | Aggregation分为impat和sim函数,分别表示域μ中与R不兼容和具有相似聚合问题的资源集合 |
Encry:VDSTk(Data,tSAk) | 利用tSAk对传输的数据进行安全通道的协议封装、加密、认证等处理,安全强度与安全关联相关 |
Decry:VDSTk(Data,tSAk) | 利用tSAk对安全通道中的信息进行协议解封装、解密、认证等处理 |
[1] | LELE A . Cloud computing,in book:disruptive technologies for the militaries and security[M]. Berlin: SpringerPress, 2018. |
[2] | COOK A , ROBINSON M , FERRAG M A ,et al. Internet of cloud:security and privacy issues,in book cloud computing for optimization:foundations,applications,and challenges[M]. Berlin: SpringerPress, 2018. |
[3] | WALIA M K , HALGAMUGE M N , HETTIKANKANAMAGE N ,et al. Cloud computing security issues of sensitive data,in book:handbook of research on the IoT,cloud computing,and wireless network optimization[M]. Hershey: IGI GlobalPress, 2019. |
[4] | 石勇, 郭煜, 刘吉强 ,等. 一种透明的可信云租户隔离机制研究[J]. 软件学报, 2016,27(6): 1538-1548. |
SHI Y , GUO Y , LIU J Q ,et al. Trusted cloud tenant separation mechanism supporting transparency[J]. Journal of Software, 2016,27(6): 1538-1548. | |
[5] | 李顺东, 窦家维, 王道顺 . 同态加密算法及其在云安全中的应用[J]. 计算机研究与发展, 2015,52(6): 1378-1388. |
LI S D , DOU J W , WANG D S . Survey on homomorphic encryption and its applications to cloud security[J]. Journal of Computer Research and Development, 2015,52(6): 1378-1388. | |
[6] | 杨艳, 陈性元, 杜学绘 . 多机构身份及属性加密机制综述[J]. 通信学报, 2018,39(10): 118-129. |
YANG Y , CHEN X Y , DU X H . Survey of multi-authority identity-based and attribute-based encryption scheme[J]. Journal on Communications, 2018,39(10): 118-129. | |
[7] | 杨丹婷 . 谓词加密的理论研究及推广应用[D]. 南京:南京理工大学, 2015. |
YANG D T . Research on predicate encryption theory and its popularization[D]. Nanjing:Nanjing University of Science & Technology, 2015. | |
[8] | SUKMANA M I.H , TORKURA K A. , GRAUPNER H ,et al. Unified cloud access control model for cloud storage broker[C]// 2019 International Conference on Information Networking (ICOIN). Piscataway:IEEE Press, 2019: 60-65. |
[9] | ZHOU H Z , BA H H , WANG Y J . Tenant-oriented monitoring for customized security services in the cloud[J]. Symmetry, 201911(2),252 |
[10] | 易倍汀 . 基于SaaS平台的多租户间数据共享机制的设计与实现[D]. 北京:北京邮电大学, 2014. |
YING B T . The design and implementation on multi-tenant data sharing mechanism based on SaaS platform[D]. Beijing:Beijing University of Posts and Telecommunications, 2014. | |
[11] | ZHANG D F , WANG Y , SUH G E ,et al. A hardware design language for timing-sensitive information-flow security[J]. ACM Sigplan Notices, 2015,50(4): 503-516. |
[12] | YOON M K , SALAGEGHEH N , CHEN Y ,et al. PIFT:predictive information-flow tracking[C]// ACM SIGARCH Computer Architecture News. New York:ACM Press, 2016: 246-253. |
[13] | 郑显义, 史岗, 孟丹 . 系统安全隔离技术研究综述[J]. 计算机学报, 2017,40(5): 1057-1079. |
ZHENG X Y , SHI G , MENG D . A survey on system security isolation technology[J]. Chinese Journal of Computers, 2017,40(5): 1057-1079. | |
[14] | ROY I , PORTER D E , BOND M D ,et al. Laminar:practical fine-grained decentralized information flow control[C]// Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation. New York:ACM Press, 2009: 63-74. |
[15] | 杨永娇, 严飞, 于钊 ,等. 一种基于VT-d技术的虚拟机安全隔离框架研究[J]. 信息网络安全, 2015(11): 7-14. |
YANG Y J , YAN F , YU Z ,et al. Research on VT-d based virtual machine isolation framework[J]. Netinfo Security, 2015(11): 7-14. | |
[16] | MALKA M , AMIT N , BEN-YEHUDA M ,et al. rIOMMU:efficient IOMMU for I/O devices that employ ring buffers[J]. ACM SIGPLAN Notices, 2015,50(4): 355-368. |
[17] | 吴泽智, 陈性元, 杜学绘 ,等. 基于双层信息流控制的云敏感数据安全增强[J]. 电子学报, 2018,46(9): 2245-2250. |
WU Z Z , CHEN X Y , DU X H ,et al. Enhancing sensitive data security based-on double-layer information flow controlling in the cloud[J]. Acta Electronica Sinica, 2018,46(9): 2245-2250. | |
[18] | JITHIN R , CHANDRAN P . Virtual Machine Isolation[C]// International Conference on Security in Computer Networks and Distributed Systems. Berlin:Springer, 2014: 91-102. |
[19] | 缪天翔 . 虚拟化环境下操作系统安全性和性能的研究[D]. 上海:上海交通大学, 2015. |
MIAO T X . Research on operating system security and performance in virtualized environments[D]. Shanghai:Shanghai Jiao Tong University, 2015. | |
[20] | QIN G , ROY G , GROOKS D ,et al. Cluster optimisation using cgroups at a Tier-2[J]. Journal of Physics:Conference Series, 2016,762(1):012010. |
[21] | RANJBAR A , ANTIKANINEN M , AURA T . Domain isolation in a multi-tenant software-defined network[C]// IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC). Piscataway:IEEE Press, 2015: 16-25. |
[22] | 黄世轩 . 基于SDN的数据中心网络流量优化策略的研究[D]. 西安:西安电子科技大学, 2017. |
HUANG S X . Research of traffic optimization strategy in data center network based on SDN[D]. Xi’an:Xidian University, 2017. | |
[23] | SALAH K , CALERO J M A , ZEADALLY S ,et al. Using cloud computing to implement a security overlay network[J]. IEEE Security and Privacy, 2013,11(1): 44-53. |
[24] | KINOSHITA J , MAEDA K , YABUSAKI H ,et al. Realization of VXLAN gateway-based data center network virtualization[C]// 5th IIAI International Congress on Advanced Applied Informatics(IIAI-AAI 2016). Piscataway:IEEE Press, 2016: 884-887. |
[25] | AMAMOU A , HADDADOU K , PUGOLLE G . A TRILL-based multi-tenant data center network[J]. Computer Networks, 2014,68(8): 35-53. |
[26] | 严立宇, 祖立军, 叶家炜 ,等. 云计算网络中多租户虚拟网络隔离的分布式实现研究[J]. 计算机应用与软件, 2016,33(11): 93-98. |
YAN L Y , ZU L J , YE J Y ,et al. Research on distributed virtual network isolation in multi-tenant cloud-computing network[J]. Computer Applications and Software, 2016,33(11): 93-98. | |
[27] | 孙延涛, 位月, 耿岚岚 ,等. 一种基于DHT的数据中心网络租户隔离技术[J]. 北京交通大学学报(自然科学版), 2018,42(5): 55-60. |
SUN Y T , WEI Y , GENG L L ,et al. A data center network tenant isolation technology based on DHT[J]. Journal of Beijing Jiaotong University(Science Edition), 2018,42(5): 55-60. | |
[28] | 李满 . 面向 SAAS 多租户的数据隔离模式系统研究与实现[D]. 成都:西南交通大学, 2018. |
LI M . Research and implementation of data isolation mode customization system for SaaS multi-tenants[D]. Chengdu:Southwest Jiaotong University, 2018. | |
[29] | GENTRY C , . Fully homomorphic encryption using ideal lattices[C]// 41st Annual ACM Symposium on Theory of Computing (STOC 2009). New York:ACM Press, 2009: 169-178. |
[30] | 光焱, 祝跃飞, 费金龙 ,等. 利用容错学习问题构造基于身份的全同态加密体制[J]. 通信学报, 2014,35(2): 111-117. |
GUANG Y , ZHU Y F , FEI J L ,et al. Identity-based fully homomorphic encryption from learning with error problem[J]. Journal on Communications, 2014,35(2): 111-117. | |
[31] | 段然, 顾纯祥, 祝跃飞 ,等. NTRU 格上高效的基于身份的全同态加密体制[J]. 通信学报, 2017,38(1): 66-75. |
DUAN R , GU C X , ZHU Y F ,et al. Efficient identity-based fully homomorphic encryption over NTRU[J]. Journal on Communications, 2017,38(1): 66-75. | |
[32] | 杜瑞忠, 王少泫 . 基于封闭环境加密的云存储方案[J]. 通信学报, 2017,38(7): 1-10. |
DU R Z , WANG S X . Cloud storage scheme based on closed-box encryption[J]. Journal on Communications, 2017,38(7): 1-10. | |
[33] | IIYA A S , SERGEY V Z . An access control model for cloud storage using attribute-based encryption[C]// 2017 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus). Piscataway:IEEE Press, 2017: 578-581. |
[34] | GOGUEN J A , MESEGUER J . Inference control and unwinding[C]// 1984 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 1984: 75-86. |
[35] | MEYDEN R V D , . What,indeed,is intransitive noninterference?[C]// 12th European Symposium On Research In Computer Security (ESORICS 2007). Berlin:Springer, 2007: 235-250. |
[36] | 吕从东 . 基于无干扰模型的云计算中信息流安全研究[D]. 北京:北京交通大学, 2016. |
LYU C D . Research on information flow security of cloud computing based on noninterference models[D]. Beijing:Beijing Jiaotong University, 2016. | |
[37] | ESTRIN D , HANDLEY M , HELMY A ,et al. A dynamic bootstrap mechanism for rendezvous-based multicast routing[C]// IEEE Conference on Computer Communications. Piscataway:IEEE Press, 1999: 1090-1098. |
[38] | DENIEL E E , CHENG Y , CARLO C ,et al. Maglev:a fast and reliable software network load balancer[C]// Proceedings of the 13th Usenix Conference on Networked Systems Design and Implementation. New York:ACM Press, 2016. 523-535. |
[39] | 王小明, 付红, 张立臣 . 基于属性的访问控制研究进展[J]. 电子学报, 2010,38(7): 1660-1667. |
WANG X M , FU H , ZHANG L C . Research progress on attribute-based access control[J]. Acta Electronica Sinica, 2010,38(7): 1660-1667. |
[1] | Kang CHEN,Hong-liang YU,Wei-min ZHENG. Private data isolation for OpenSSH based on virtual machines [J]. Journal on Communications, 2009, 30(2): 1-5. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|