標題: | 安全資料庫之完整性檢查設計與實現 Secure Database Design and Implementation for Integrity Checking |
作者: | 劉麗君 Liu, Li-Chun 曾文貴 Tzeng, Wen-Guey 網路工程研究所 |
關鍵字: | 完整性檢查;安全資料庫;資料隱私性;Integrity Checking;Secure Database;Data Confidentiality |
公開日期: | 2012 |
摘要: | 近年來,科技產業或是個人的龐大資料儲存到雲端資料庫的趨勢。資料交給對方管理時,好奇又惡意的資料庫管理者有可能外洩給非法使用者,例如:資料擁有者非授權的使用者或是外部攻擊者。資料儲存到對方控制的環境下,不被任何人偷竊、修改或刪除是我們考慮的主要課題。為了解決這個問題,我們採用了基礎在SQL資料庫的CryptDB系統,它可以在加密資料上可以執行最基本的SQL查詢運算,且也可以執行關鍵字查詢、order preserving等功能。但是它沒有資料庫安全原理中大家所關注的另一個議題是資料完整性檢查。因此我們想要在CryptDB資料庫系統中加上完整性驗證的功能,讓使用者不須花下載資料的傳輸成本,也能按時地驗證自己資料的完整性。這樣一來,CryptDB系統就能達到資料庫的基本安全原理,包含資料的隱私性、完整性及可得性。並且使用者的方便性為考量,我們透過網頁伺服器設計並實作使用者與代理伺服器之間的介面,讓使用者更加便利的使用CryptDB資料庫系統。 For recent years, it has been a trend that large amount of data in personal information or high technology industry are stored in cloud storage. When we outsource our data, curious and malicious database administrator can possibly leak our privacy to illegal parties such as the parties unauthorized by data owners or external adversaries. In view of this, one important issue we concerned in this study is that how we could prevent someone from stealing, modifying, and deleting the data stored in the cloud. To solve this issue, we adopted a system called CryptDB based by SQL databases which is a system that can execute primitive SQL operators on encrypted data, and which can also run the functions such as keyword search, and order preserving. However, CryptDB has no data integrity check and it is also an important issue concerned in database security principles. Therefore, we want to add integrity check on CryptDB and check our data integrity regularly without downloading data to spare communication cost. In this way, CryptDB can follow the database security principles such as data confidentiality, data integrity and data availability. Besides, for user’s convenience, the user interface between the user and the MySQL proxy server via web server are also designed and implemented. |
URI: | http://140.113.39.130/cdrfb3/record/nctu/#GT070056535 http://hdl.handle.net/11536/71562 |
顯示於類別: | 畢業論文 |