文章首先分析了现实中混合云存在的安全问题:由于混合云的开放性,云服务器的管理者与外部攻击者能够直接或间接获取用户数据,特别是用户敏感数据,从而造成用户隐私数据泄漏与滥用。文章结合可信计算技术对各问题做出解决,并给出具体的操作步骤:身份认证中为用户划分信用组别,同时也对混合云上的各种应用和事项进行登记评估;存储中将数据分开处理,采用全同态加密算法加密数据后再对其进行操作,并对服务器数据的完整持有进行验证,保障数据正确持有;跨云身份认证中由第三方认证平台管理用户身份,用户跨云无需多次认证。然后对此方案的性能进行分析,说明此方案适用于用户变化不大的一般性企业。最后,对可行性、数据安全性、数据可用性、用户隐私安全、效率性等指标与现有研究方案进行比较,表明此混合云安全存储系统具有更好的优越性。%In this paper, author analyzes the security problems of the hybrid cloud. Because of the openness of the hybrid cloud, cloud server management and external attackers can directly or indirectly get the user data, especially the user sensitive data, which causes the user's privacy data leakage and abuse. This paper gives a concrete operation steps: the identiifcation of various applications and issues of the hybrid cloud, and then uses the full encryption algorithm to verify the server data and ensure the correct data hold; the authentication platform management user identity, users across the cloud without multiple authentication. Then the performance of the scheme is analyzed, which shows that the scheme is suitable for the general enterprises with little change. Finally, author analyzes the feasibility, data security, data availability, user privacy and security, efifciency and other indicators of the existing research programs are compared, which shows that the hybrid cloud security storage system has better advantages.
展开▼
