A Survey for Cloud Data Security

Jintian LU; Ruizhi XIAO; Shuyuan JIN

doi:10.11999/JEIT200158

Volume 43 Issue 4

Apr. 2021

Turn off MathJax

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2021 > 43(4): 881-891

Jintian LU, Ruizhi XIAO, Shuyuan JIN. A Survey for Cloud Data Security[J]. Journal of Electronics & Information Technology, 2021, 43(4): 881-891. doi: 10.11999/JEIT200158

Citation:

Jintian LU, Ruizhi XIAO, Shuyuan JIN. A Survey for Cloud Data Security[J]. Journal of Electronics & Information Technology, 2021, 43(4): 881-891. doi: 10.11999/JEIT200158

Jintian LU, Ruizhi XIAO, Shuyuan JIN. A Survey for Cloud Data Security[J]. Journal of Electronics & Information Technology, 2021, 43(4): 881-891. doi: 10.11999/JEIT200158

Citation:

Jintian LU, Ruizhi XIAO, Shuyuan JIN. A Survey for Cloud Data Security[J]. Journal of Electronics & Information Technology, 2021, 43(4): 881-891. doi: 10.11999/JEIT200158

PDF( 2603 KB)

A Survey for Cloud Data Security

doi: 10.11999/JEIT200158

1.
School of Data and Computer Science, Sun Yat-sen University, Guangzhou 510006, China
2.
Cyberspace Security Research Center, Peng Cheng Laboratory, Shenzhen 518000, China

Funds: The National Key Research and Development Program of China (2018YFB1800705), The National Natural Science Foundation of China (61672494)

Received Date: 2020-03-10
Rev Recd Date: 2020-08-05

Available Online: 2020-08-12

Publish Date: 2021-04-20

Abstract

Abstract

The security of cloud data is one of the most important factors to obstruct the development of cloud computing. Therefore, on the basis of proposed three-tiers cloud architecture that consists of physical resources layer, virtual component layer, and cloud service layer, this paper makes a detail survey on existing works that focus on the security of cloud data, which involves in cloud identify authentication, cloud access control, cloud data secure computing, virtualization, cloud data security storage, cloud data secure deletion, information flow control, cloud data secure auditing, cloud data privacy preserving, and cloud business continuity, respectively. Finally, research trends in the field of cloud data security are presented.
- Cloud data security,
- Cloud data privacy preserving,
- Cloud data secure deletion,
- Information flow control,
- Cloud data secure auditing

FullText(HTML)

References(57)

References

[1]	SAKIMURA N, NRI, BRADLEY J, et al. OpenID Authentication 2.0[OL]. https://openid.net/specs/openid-authentication-2_0-11.html, 2007.
[2]	SAKIMURA N, NRI, BRADLEY J, et al. OpenID Connect Core 1.0[OL]. https://openid.net/specs/openid-connect-core-1_0.html#toc. 2014, 2014.
[3]	JIANG Qi, MA Jianfeng, and WEI Fushan. On the security of a privacy-aware authentication scheme for distributed mobile cloud computing services[J]. IEEE Systems Journal, 2018, 12(2): 2039–2042. doi: 10.1109/JSYST.2016.2574719
[4]	SERVOS D and OSBORN S L. Current research and open problems in attribute-based access control[J]. ACM Computing Surveys, 2017, 49(4): 65. doi: 10.1145/3007204
[5]	LI Jiguo, YAO Wei, ZHANG Yichen, et al. Flexible and fine-grained attribute-based data storage in cloud computing[J]. IEEE Transactions on Services Computing, 2017, 10(5): 785–796. doi: 10.1109/TSC.2016.2520932
[6]	ALAM Q, MALIK S U R, AKHUNZADA A, et al. A Cross Tenant Access Control (CTAC) model for cloud computing: Formal specification and verification[J]. IEEE Transactions on Information Forensics and Security, 2017, 12(6): 1259–1268. doi: 10.1109/TIFS.2016.2646639
[7]	ALMUTAIRI A, SARFRAZ M I, and GHAFOOR A. Risk-aware management of virtual resources in access controlled service-oriented cloud datacenters[J]. IEEE Transactions on Cloud Computing, 2018, 6(1): 168–181. doi: 10.1109/TCC.2015.2453981
[8]	ACAR A, AKSU H, ULUAGAC A S, et al. A survey on homomorphic encryption schemes: Theory and Implementation[J]. ACM Computing Surveys, 2018, 51(4): 79. doi: 10.1145/3214303
[9]	GENTRY C. Fully homomorphic encryption using ideal lattices[C]. The 41st Annual ACM Symposium on Theory of Computing, Bethesda, USA, 2009: 169–178. doi: 10.1145/1536414.1536440.
[10]	POTEY M M, DHOTE C A, and SHARMA D H. Homomorphic encryption for security of cloud data[J]. Procedia Computer Science, 2016, 79: 175–181. doi: 10.1016/j.procs.2016.03.023
[11]	SHEN Changxiang. Constructing cloud security with trusted computing[J]. China Economic & Trade Herald, 2017(16): 56–57.
[12]	CONTRACTOR D and PATEL D. Accountability in cloud computing by means of chain of trust[J]. International Journal of Network Security, 2017, 19(2): 251–259. doi: 10.6633/IJNS.201703.19(2).10
[13]	拱长青, 肖芸, 李梦飞, 等. 云计算安全研究综述[J]. 沈阳航空航天大学学报, 2017, 34(4): 1–17. doi: 10.3969/j.issn.2095-1248.2017.04.001 GONG Changqing, XIAO Yun, LI Mengfei, et al. Summary of cloud computing security research[J]. Journal of Shenyang Aerospace University, 2017, 34(4): 1–17. doi: 10.3969/j.issn.2095-1248.2017.04.001
[14]	SIERRA-ARRIAGA F, BRANCO R, and LEE B. Security issues and challenges for virtualization technologies[J]. ACM Computing Surveys, 2020, 53(2): 45. doi: 10.1145/3382190
[15]	KUMAR N, AUJLA G S, GARG S, et al. Renewable energy-based multi-indexed job classification and container management scheme for sustainability of cloud data centers[J]. IEEE Transactions on Industrial Informatics, 2019, 15(5): 2947–2957. doi: 10.1109/TII.2018.2800693
[16]	AIKAT J, AKELLA A, CHASE J S, et al. Rethinking security in the era of cloud computing[J]. IEEE Security & Privacy, 2017, 15(3): 60–69. doi: 10.1109/MSP.2017.80
[17]	LIANG Xiaohui, CAO Zhenfu, LIN Huang, et al. Attribute based proxy re-encryption with delegating capabilities[C]. The 4th International Symposium on Information, Computer, and Communications Security, Sydney, Australia, 2009: 276–286. doi: 10.1145/1533057.1533094.
[18]	LUO Song, HU Jianbin, and CHEN Zhong. Ciphertext policy attribute-based proxy re-encryption[C]. The 12th International Conference on Information and Communications Security, Barcelona, Spain, 2010: 401–415. doi: 10.1007/978-3-642-17650-0_28.
[19]	冯朝胜, 罗王平, 秦志光, 等. 支持多种特性的基于属性代理重加密方案[J]. 通信学报, 2019, 40(6): 177–189. doi: 10.11959/j.issn.1000-436x.2019127 FENG Chaosheng, LUO Wangping, QIN Zhiguang, et al. Attribute-based proxy re-encryption scheme with multiple features[J]. Journal on Communications, 2019, 40(6): 177–189. doi: 10.11959/j.issn.1000-436x.2019127
[20]	苏铓, 史国振, 付安民, 等. 基于代理重加密的云端多要素访问控制方案[J]. 通信学报, 2018, 39(2): 96–104. doi: 10.11959/j.issn.1000-436x.2018028 SU Mang, SHI Guozhen, FU Anmin, et al. Proxy re-encryption based multi-factor access control scheme in cloud[J]. Journal on Communications, 2018, 39(2): 96–104. doi: 10.11959/j.issn.1000-436x.2018028
[21]	XIONG Hu, ZHAO Yanan, PENG Li, et al. Partially policy-hidden attribute-based broadcast encryption with secure delegation in edge computing[J]. Future Generation Computer Systems, 2019, 97: 453–461. doi: 10.1016/j.future.2019.03.008
[22]	张玉磊, 文龙, 王浩浩, 等. 多用户环境下无证书认证可搜索加密方案[J]. 电子与信息学报, 2020, 42(5): 1094–1101. doi: 10.11999/JEIT190437 ZHANG Yulei, WEN Long, WANG Haohao, et al. Certificateless authentication searchable encryption scheme for multi-user[J]. Journal of Electronics &Information Technology, 2020, 42(5): 1094–1101. doi: 10.11999/JEIT190437
[23]	牛淑芬, 谢亚亚, 杨平平, 等. 加密邮件系统中基于身份的可搜索加密方案[J]. 电子与信息学报, 2020, 42(7): 1803–1810. doi: 10.11999/JEIT190578 NIU Shufen, XIE Yaya, YANG Pingping, et al. Identity-based searchable encryption scheme for encrypted email system[J]. Journal of Electronics &Information Technology, 2020, 42(7): 1803–1810. doi: 10.11999/JEIT190578
[24]	BOST R, MINAUD B, and OHRIMENKO O. Forward and backward private searchable encryption from constrained cryptographic primitives[C]. 2017 ACM SIGSAC Conference on Computer and Communications Security, Dallas, USA, 2017: 1465–1482. doi: 10.1145/3133956.3133980.
[25]	CHAMANI J G, PAPADOPOULOS D, PAPAMANTHOU C, et al. New constructions for forward and backward private symmetric searchable encryption[C]. 2018 ACM SIGSAC Conference on Computer and Communications Security, Toronto, Canada, 2018: 1038–1055. doi: 10.1145/3243734.3243833.
[26]	SUN Shifeng, YUAN Xingliang, LIU J K, et al. Practical backward-secure searchable encryption from symmetric puncturable encryption[C]. 2018 ACM SIGSAC Conference on Computer and Communications Security, Toronto, Canada, 2018: 763–780. doi: 10.1145/3243734.3243782.
[27]	ZUO C, SUN Shifeng, LIU J K, et al. Dynamic searchable symmetric encryption with forward and stronger backward privacy[C]. The 24th European Symposium on Research in Computer Security, Luxembourg, 2019: 283–303. doi: 10.1007/978-3-030-29962-0_14.
[28]	NAJAFI A, JAVADI H H S, and BAYAT M. Verifiable ranked search over encrypted data with forward and backward privacy[J]. Future Generation Computer Systems, 2019, 101: 410–419. doi: 10.1016/j.future.2019.06.018
[29]	PAUL M and SAXENA A. Proof of erasability for ensuring comprehensive data deletion in cloud computing[C]. The 3rd International Conference on Recent Trends in Network Security and Applications, Chennai, India, 2010: 340–348. doi: 10.1007/978-3-642-14478-3_35.
[30]	LUO Yuchuan, XU Ming, FU Shaojing, et al. Enabling assured deletion in the cloud storage by overwriting[C]. The 4th ACM International Workshop on Security in Cloud Computing, Xi’an, China, 2016: 17–23. doi: 10.1145/2898445.2898447.
[31]	TANG Yang, LEE P P C, LUI J C S, et al. Secure overlay cloud storage with access control and assured deletion[J]. IEEE Transactions on Dependable and Secure Computing, 2012, 9(6): 903–916. doi: 10.1109/TDSC.2012.49.
[32]	杜瑞忠, 石朋亮, 何欣枫. 基于覆写验证的云数据确定性删除方案[J]. 通信学报, 2018, 40(1): 130–140. doi: 10.11959/j.issn.1000-436x.2019012 DU Ruizhong, SHI Pengliang, and HE Xinfeng. Cloud data assured deletion scheme based on overwrite verification[J]. Journal on Communications, 2018, 40(1): 130–140. doi: 10.11959/j.issn.1000-436x.2019012
[33]	XUE Liang, YU Yong, LI Yannan, et al. Efficient attribute-based encryption with attribute revocation for assured data deletion[J]. Information Sciences, 2019, 479: 640–650. doi: 10.1016/j.ins.2018.02.015
[34]	PAPPAS V, KEMERLIS V P, ZAVOU A, et al. CloudFence: Data flow tracking as a cloud service[C]. The 16th International Symposium on Research in Attacks, Intrusions, and Defenses, Rodney Bay, USA, 2013: 411–431. doi: 10.1007/978-3-642-41284-4_21.
[35]	PASQUIER T F J M, SINGH J, EYERS D, et al. Camflow: Managed data-sharing for cloud services[J]. IEEE Transactions on Cloud Computing, 2017, 5(3): 472–484. doi: 10.1109/tcc.2015.2489211
[36]	PRIEBE C, MUTHUKUMARAN D, KEEFFE D O, et al. CloudSafetyNet: Detecting data leakage between cloud tenants[C]. The 6th edition of the ACM Workshop on Cloud Computing Security, Scottsdale, USA, 2014: 117–128. doi: 10.1145/2664168.2664174.
[37]	ATENIESE G, BURNS R, CURTMOLA R, et al. Provable data possession at untrusted stores[C]. The 14th ACM Conference on Computer and Communications Security, Alexandria, USA, 2007: 598–609. doi: 10.1145/1315245.1315318.
[38]	ERWAY C C, KÜPÇÜ A, PAPAMANTHOU C, et al. Dynamic provable data possession[J]. ACM Transactions on Information and System Security, 2015, 17(4): 15. doi: 10.1145/2699909
[39]	WANG Yujue, WU Qianhong, QIN Bo, et al. Online/offline provable data possession[J]. IEEE Transactions on Information Forensics and Security, 2017, 12(5): 1182–1194. doi: 10.1109/TIFS.2017.2656461
[40]	WANG Huaqun, HE Debiao, FU Anmin, et al. Provable data possession with outsourced data transfer[J]. IEEE Transactions on Services Computing, To be published. doi: 10.1109/TSC.2019.2892095
[41]	WANG Huaqun, HE Debiao, YU Jia, et al. Incentive and unconditionally anonymous identity-based public provable data possession[J]. IEEE Transactions on Services Computing, 2019, 12(5): 824–835. doi: 10.1109/TSC.2016.2633260
[42]	JUELS A and KALISKI B S. Pors: Proofs of retrievability for large files[C]. The 14th ACM conference on Computer and communications security, Alexandria, USA, 2007: 584–597. doi: 10.1145/1315245.1315317.
[43]	SHACHAM H and WATERS B. Compact proofs of retrievability[J]. Journal of Cryptology, 2013, 26(3): 442–483. doi: 10.1007/s00145-012-9129-2
[44]	WANG Cong, WANG Qian, REN Kui, et al. Toward secure and dependable storage services in cloud computing[J]. IEEE Transactions on Services Computing, 2012, 5(2): 220–232. doi: 10.1109/TSC.2011.24
[45]	JIANG Tao, CHEN Xiaofeng, and MA Jianfeng. Public integrity auditing for shared dynamic cloud data with group user revocation[J]. IEEE Transactions on Computers, 2016, 65(8): 2363–2373. doi: 10.1109/TC.2015.2389955
[46]	LI Yannan, YU Yong, MIN Geyong, et al. Fuzzy identity-based data integrity auditing for reliable cloud storage systems[J]. IEEE Transactions on Dependable and Secure Computing, 2019, 16(1): 72–83. doi: 10.1109/TDSC.2017.2662216
[47]	DU Minxin, WANG Qian, HE Meiqi, et al. Privacy-preserving indexing and query processing for secure dynamic cloud storage[J]. IEEE Transactions on Information Forensics and Security, 2018, 13(9): 2320–2332. doi: 10.1109/TIFS.2018.2818651
[48]	SUN Jianfei, HU Shengnan, NIE Xuyun, et al. Efficient ranked multi-keyword retrieval with privacy protection for multiple data owners in cloud computing[J]. IEEE Systems Journal, 2020, 14(2): 1728–1739. doi: 10.1109/JSYST.2019.2933346
[49]	PINKAS B and REINMAN T. Oblivious RAM revisited[C]. The 30th Annual Cryptology Conference on Advances in Cryptology, Santa Barbara, USA, 2010: 502–519. doi: 10.1007/978-3-642-14623-7_27.
[50]	TANG Jun, CUI Yong, LI Qi, et al. Ensuring security and privacy preservation for cloud data services[J]. ACM Computing Surveys, 2016, 49(1): 13. doi: 10.1145/2906153
[51]	WILLIAMS P, SION R, and CARBUNAR B. Building castles out of mud: Practical access pattern privacy and correctness on untrusted storage[C]. The 15th ACM Conference on Computer and Communications Security, Alexandria, USA, 2008: 139–148. doi: 10.1145/1455770.1455790.
[52]	UENO Y, MIYAHO N, SUZUKI S, et al. Performance evaluation of a disaster recovery system and practical network system applications[C]. 2010 5th International Conference on Systems and Networks Communications, Nice, France, 2010: 195–200. doi: 10.1109/ICSNC.2010.37.
[53]	JAVARAIAH V. Backup for cloud and disaster recovery for consumers and SMBs[C]. 2011 5th IEEE International Conference on Advanced Telecommunication Systems and Networks (ANTS), Bangalore, India, 2011: 1–3. doi: 10.1109/ANTS.2011.6163671.
[54]	UENO Y, MIYAHO N, and SUZUKI S. Disaster recovery mechanism using widely distributed networking and secure metadata handling technology[C]. The 4th Edition of the UPGRADE-CN Workshop on Use of P2P, GRID and Agents for the Development of Content Networks, New York, USA, 2009: 45–48. doi: 10.1145/1552486.1552514.
[55]	PALKOPOULOU E, SCHUPKE D A, and BAUSCHERT T. Recovery time analysis for the Shared Backup Router Resources (SBRR) architecture[C]. 2011 IEEE International Conference on Communications (ICC), Kyoto, Japan, 2011: 1–6. doi: 10.1109/icc.2011.5963411.
[56]	LU Jintian, YAO Lili, HE Xudong, et al. A security analysis method for security protocol implementations based on message construction[J]. Applied Sciences, 2018, 8(12): 2543. doi: 10.3390/app8122543
[57]	ZHAO Chuan, ZHAO Shengnan, ZHAO Minghao, et al. Secure multi-party computation: Theory, practice and applications[J]. Information Sciences, 2019, 476: 357–372. doi: 10.1016/j.ins.2018.10.024