Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Cloud platform trusted log auditing method for privacy protection based on trusted third party

A privacy protection, cloud platform technology, applied in the field of cloud computing, which can solve the problems of unclear cloud audit objects, no longer clear CT and CSP security boundaries, and CSP administrator removal and destruction.

Active Publication Date: 2018-07-24
BEIJING UNIV OF TECH
View PDF12 Cites 34 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

First, the object content of cloud audit is not clear, and it is difficult to hold accountable
Second, audit logs lack reliable and efficient integrity and authenticity protection
Third, the audit method may leak the privacy of cloud users and cloud service providers
The content of the cloud audit object is unclear: this is because the current cloud computing usually provides IaaS, PaaS, and SaaS services based on virtualization technology, multi-tenant architecture, and outsourcing. Many implementation details are shielded, and the security boundary between CT and CSP is no longer Clear, so the object of cloud audit is not clear, and it is not possible to pursue accountability for different cloud service models; the lack of integrity and authenticity protection of audit logs, audit log data is usually recorded on the cloud platform by software, and it is easy to be malicious The CSP administrator clears and destroys, unable to protect its integrity and authenticity, resulting in audit failure
In addition, in the face of the massive audit logs generated by the cloud platform, how to improve the verification efficiency is also a difficult problem; for the problem that the cloud audit method may leak the privacy of the audited object: first, because the cloud is provided to the user in the form of a service, it is visible to the user Poor security, cloud users have no way of knowing whether their own audit information has been leaked to unauthorized parties (such as other cloud users or malicious cloud service provider administrators), introducing a trusted third party can partially solve this problem
[0004] Most of the existing cloud service and cloud security audit researches focus on the overall performance of the cloud platform or the collection and verification test of the security evidence of a single service model. The evaluation was carried out and the factors leading to the instability of its service were found. Chen C et al. tested the memory and CPU usage of the cloud platform IaaS resources used by users to verify whether the user payment is reasonable. Audit object description methods for different cloud service models; AnbangRuan et al. proposed RepCloud, which uses TPM trusted hardware to protect the generated cloud evaluation data from tampering, but did not consider the low verification efficiency of audit logs in this way; Xu Ziyao et al. Trust computing technology uses the Merkle hash tree as the audit log storage structure, which improves the verification efficiency, but the verification process needs to modify the internal functions of the existing TPM security chip, which is not conducive to application promotion; Gu L et al. discussed cloud users, cloud services The problem of privacy protection of suppliers, but no specific implementation method is given
Deming et al. proposed a security log generation method for cloud computing environments, which mainly generates security logs by merging the unique identity of the user in the resource state table with the meta log. However, this method does not Logs provide integrity protection measures; Ye Sihai et al. proposed a trustworthy measurement method for cloud computing platforms, which introduces a third party to measure software operation indicators in cloud computing platforms, but does not consider privacy protection in the process of user audit verification question

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Cloud platform trusted log auditing method for privacy protection based on trusted third party
  • Cloud platform trusted log auditing method for privacy protection based on trusted third party
  • Cloud platform trusted log auditing method for privacy protection based on trusted third party

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0070] The present invention will be further described below in conjunction with the accompanying drawings and specific embodiments.

[0071] The execution flow chart of the privacy protection-oriented cloud platform trusted log audit method based on a trusted third party proposed by the present invention is shown in the attached figure 2 As shown, it mainly includes third-party hosts, cloud platform hosts, and virtual machines of different tenants.

[0072] Among them, the third party includes a client verification module, through which tenants send audit log verification requests to the server module and view verification results. Deploy the server module on the audit management node. The audit management node is responsible for storing the unified audit logs sent back by the cloud platform host and the virtual machines belonging to the tenants. The server module is used to receive the audit log sent back and the audit log verification request sent by the client verificat...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a cloud platform trusted log auditing method for privacy protection based on a trusted third party, and belongs to the field of cloud computing. The method comprises the following steps: step 1: collecting a cloud platform auditing log; step 2: securely transmitting the auditing log; step 3: generating and publishing a verification data structure of a third party auditing log; and step 4 verifying the auditing logs of a cloud service provider and the cloud user. Auditing responsibility association objects are added in the auditing events of different cloud service modes(IaaS, PaaS, SaaS), reliable collection and transmission of the auditing logs are provided based on trusted hardware, auditing log verification supporting privacy protection is provided based on a hierarchical random Merkle hash tree, and the cloud auditing responsibility chasing of cloud service providers and cloud users is supported.

Description

technical field [0001] The invention relates to a cloud security audit method, in particular to a privacy protection-oriented cloud platform trusted log audit method based on a trusted third party, which belongs to the field of cloud computing. Background technique [0002] More and more enterprises and individual users choose to deploy their business systems on public cloud, private cloud or hybrid cloud. In order to protect the legitimate rights and interests of both parties using and providing cloud services, it is more fair for the cloud service provider (Cloud Service Provider, CSP, also known as cloud service provider) to entrust a trusted third party (Trusted ThirdParty, TTP) Audit the use of cloud users (Cloud Tenant, CT, also known as cloud tenants) and the status of the cloud platform itself, and find out the illegal operations of cloud platform service providers and cloud users according to the information contained in the audit logs, and carry out corresponding a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/08H04L9/32H04L29/06H04L29/08G06F9/455
CPCG06F9/45533G06F2009/45587H04L9/0877H04L9/3236H04L9/3247H04L63/083H04L63/0876H04L63/123H04L63/1425H04L67/025H04L67/30H04L2209/127
Inventor 詹静樊旭东赵勇韩瑾夏晓晴张茜
Owner BEIJING UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products