Tenant-Oriented Composite Authentication Tree for Data Integrity Protection in SaaS

SaaS is an emerging model that allows tenants to host computation and data to cloud service providers. However, untrustworthy service providers might violate tenants’ data integrity by deleting, modifying and falsifying tenants’ data due to some benefits. So it is important for tenants to verify their query results integrity. In this paper, we propose a tenant query result authentication structure, called MTAS(Multi-tenant Authentication Structure), that applies to multi-tenant shared pivot-universal storage model. MTAS separates indexes with authentication structures to support isolation and customization characteristics of multi-tenant application. And we present composite authentication tree-PUA tree for tenant data in pivot table and universal table in MTAS. Comparing with traditional authentication tree approaches, PUA tree only needs one tree travel to get verification object(VO) corresponding to query results in pivot table and universal table. And PUA tree saves about 30% hash computing at verification stage.

[1]  Yuliang Shi,et al.  Meta-data Driven Data Chunk Based Secure Data Storage for SaaS , 2011 .

[2]  Stefan Katzenbeisser,et al.  Hardware-based Security for Virtual Trusted Platform Modules , 2013, ArXiv.

[3]  Feifei Li,et al.  Authenticated Index Structures for Aggregation Queries , 2010, TSEC.

[4]  Douglas Comer,et al.  Ubiquitous B-Tree , 1979, CSUR.

[5]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[6]  Kian-Lee Tan,et al.  Verifying completeness of relational query results in data publishing , 2005, SIGMOD '05.

[7]  Craig D. Weissman,et al.  The design of the force.com multitenant internet application development platform , 2009, SIGMOD Conference.

[8]  Xiaofeng Meng,et al.  Providing freshness guarantees for outsourced databases , 2008, EDBT '08.

[9]  Alfons Kemper,et al.  A comparison of flexible schemas for software as a service , 2009, SIGMOD Conference.

[10]  Gene Tsudik,et al.  Authentication and integrity in outsourced databases , 2006, TOS.

[11]  Jeffrey S. Chase,et al.  Trusted platform-as-a-service: a foundation for trustworthy cloud-hosted applications , 2011, CCSW '11.

[12]  Xiaofeng Meng,et al.  Integrity Auditing of Outsourced Data , 2007, VLDB.

[13]  Yin Yang,et al.  Continuous authentication on relational streams , 2009, The VLDB Journal.

[14]  Philip S. Yu,et al.  Dual encryption for query integrity assurance , 2008, CIKM '08.

[15]  Gene Tsudik,et al.  Authentication of Outsourced Databases Using Signature Aggregation and Chaining , 2006, DASFAA.

[16]  Ting Yu,et al.  iBigTable: practical data integrity for bigtable in public cloud , 2013, CODASPY '13.

[17]  Feifei Li,et al.  Dynamic authenticated index structures for outsourced databases , 2006, SIGMOD Conference.

[18]  Michael Gertz,et al.  Authentic Third-party Data Publication , 2000, DBSec.

[19]  Dimitris Sacharidis,et al.  Partially materialized digest scheme: an efficient verification method for outsourced databases , 2008, The VLDB Journal.

[20]  Kyriakos Mouratidis,et al.  Scalable Verification for Outsourced Dynamic Databases , 2009, Proc. VLDB Endow..

[21]  Torsten Grust,et al.  Multi-tenant databases for software as a service: schema-mapping techniques , 2008, SIGMOD Conference.