Discussion on database security problem based on cloud computing service

Source: Internet
Author: User
Keywords Cloud computing security
Tags access access control applications authentication authorized access based certification cloud

1. Introduction

Cloud computing using virtualization technology, users do not need to understand its specific operating mechanism, but simply through the network to connect to the cloud computing services to obtain the services they need to achieve a greater degree of network resource sharing. Peng, a Chinese grid computing and cloud computing expert, defines cloud computing as follows: "Cloud computing tasks are distributed across a pool of computer-intensive resources, enabling applications to gain computing power, storage space and various software services as needed." Cloud computing is a distributed computing, the further development of parallel processing and grid computing, it is based on the Internet, with the help of the high-speed transmission ability of the Internet, a large amount of data and computing resources are distributed on a large number of computer pool, the process of data processing from personal computers or servers to the computer cluster on the Internet, Provide storage and computing as a service to cloud users.

2, the characteristics of cloud environment database

Cloud Database regards various relational database as a series of simple two-dimensional tables, compared with traditional database, database in cloud environment has the following advantages:

2.1 Transparency

Cloud computing provides software and hardware services. Users do not need to understand the specific mechanism of cloud computing, you can get the services needed, the service implementation mechanism for the user is transparent, with strong ease of use

2.2 Efficiency and reliability

Cloud computing provides the benefits of hardware sharing, process automation, and technical proficiency. Users can access the database from anywhere, using any computer, mobile device, or browser. It also reduces the use of resources as a whole. It realizes autonomous processing and self control in the technical strategy, which embodies the efficiency of cloud computing and the good fault-tolerant function.

2.3 Powerful computing power and storage space

Cloud computing database uses the way of distributed storage system, cloud computing will be a large number of computing tasks and storage resources distributed in the cloud of powerful computer clusters, by summarizing the results of the calculation of each computer to obtain the final results, in the full use of resources, but also greatly improve the cloud operation speed.

2.4 Economics and extensibility

Cloud database implementations dramatically reduce operating costs and expenditures from hardware, software licensing, and service implementation. In terms of terminal equipment and user requirements, users can enjoy the services provided by cloud computing as long as they join the cloud environment, and realize the maximum sharing of computing and storage resources.

2.5 Versatility and Scalability

The cloud computing platform supports different applications on its server, and constructs a variety of applications based on different user requirements. Cloud computers can extend their subnodes on a large scale, and even thousands of of nodes handle different applications at the same time. It has dynamic scalability according to the growth of user scale and the increase of application scale.

3. Security of database in cloud environment

Because cloud computing development time is short, the technology is immature, the cloud environment database faces the formidable challenge in the security aspect, mainly has the following question:

3.1 Non-authorized access

Non-authorized access is an act of accessing network and computer resources without access to permissions. In cloud computing environment, have the data priority access is cloud service provider, this is the cloud computing faces the biggest security problem, how to solve the cloud service provider to the data access Authority question will be the most important problem at present.

3.2 Data integrity and confidentiality

Due to the immaturity of the technology, the data in the transmission process has been malicious deletion, modification, and interference with the normal use of users, but also may be due to the problem of the service provider confidential information leakage occurred.

3.3 Data consistency

Regardless of the traditional database or the database in the cloud environment, there are usually three factors to consider: reliability (reliability), availability (availability), and consistency (consistency). In the cloud environment database, redundant storage is often used to ensure the reliable availability of database. That is to produce multiple copies of each user's data and store them in different servers and data centers, how to solve the "consistency" of data between redundant replicas becomes the problem that the cloud environment database tries to solve.

3.4 Rules and regulations

All data in cloud computing is kept by the cloud service provider, which has super privileges and often needs to reconfigure and domain mobile Virtual server hosted data, which may span several data center locations. How to protect the copyright and ownership of data information in cloud in the process of cloud service, it is urgent to establish third party supervision and audit related laws.

4, the Cloud Database security problem Solving strategy

4.1 Security Authentication Mechanism

Using dual security authentication and access control lists to control visitors is an effective way to prevent hackers from destroying system databases.

(1) authentication. Common authentication mainly includes: Password Authentication, evidence authentication and biometric authentication, in which the security of password authentication is relatively close, there are some factors to be cracked. The cost of biological certification is relatively high, so evidence certification is widely used, such as the use of web shopping u shield is an example of evidence certification.

(2) Access control list. During access control lists include access control, network rights control, directory-level control and attribute control, etc., to protect the integrity and authenticity of data by controlling the data source, destination address and port number, etc. This dual security mechanism ensures the legality of the user.

4.2 Protecting data integrity

We can use the Peer Entity authentication Service at the start of a connection, and a method of peer authentication [5] can effectively protect the integrity of the data after the user establishes the connection. In the communication link and network, the introduction of contrast error correction, code group error and sequence error detection associated with the detection of message flow tampering, while ensuring that users need to live in the connection with integrity services and corruption detection.

4.3 Database audit

An audit trail can learn which objects are accessed or changed and when and who is illegally accessed. Storing all the records of the user operations database in the audit log (Audit log) is important to facilitate the investigation and analysis of future problems. Enable the audit function of the cloud database to identify suspicious activities before data is lost or stolen. The vulnerability of databases and cloud environments can also be found through trusted third party audits. From the point of view of software engineering, Audit mode is an indispensable part of the safe database system, and it is also the last important security line of the database system.

5. Concluding remarks

In the cloud era, database protection is the key link of information security. With the increasing of cloud database software, the traditional database will be compatible with the application of cloud database gradually. This paper analyzes the security problems in cloud database, and puts forward some proper security management methods by comparing the traditional database with the cloud database. As the security of cloud computing is widespread and complex, it is far from enough to take these measures, and more scholars need further research.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.