管理型SaaS信息安全关键技术研究
|
摘要
软件即服务(Software as a Service,SaaS)是一种21世纪完全创新的软件托管应用模式。它将软件部署为托管服务,租户(Tenant,企业/机构)通过互联网获得应用服务。由于应用的所有权和使用权、数据的所有权和维护权发生了分离,敏感信息安全成为制约SaaS发展的核心问题之一。
针对保护租户敏感信息安全,导致系统复杂度增加、成本上升、密文计算效率低,且缺少安全信息共享方案的问题,论文综合运用密码学、信息安全的基本理论,研究保护单租户的单粒度和多粒度文本信息、实数域数值信息以及2个租户间通过服务提供方(Service Provider, SP)公平共享最少必要信息等安全方案。主要研究内容和结论如下:
(1)基于分层的思想,改进了无完全可信私钥生成中心(Un-Credible Private KeyGenerator, Un-Credible PKG)的单个验证和批量验证分层身份签名(Identity-BasedSignature, IBS)。安全分析表明,2个签名均满足抗适应性选择消息下的存在性伪造攻击。
(2)针对单粒度文本的安全问题,基于Un-Credible PKG的分层身份单个验证签名和批验证签名,提出了一个单个验证和批量验证Un-Credible PKG分层IBS方案。安全性分析表明,该方案具有敏感信息保密性、员工私钥产生与交付的可行性、用户私钥的私密性、敏感数据的数据完整性及不可否认性。
(3)针对多粒度文本的安全问题,基于分层CES-CommitVector方案和广义指定多验证者签名,改进了一个Un-Credible PKG的分层身份CES-CommitVector方案和分层广义指定多验证者身份CES-CommitVector方案。安全分析表明,2个方案的摘录签名均正确,等价于签名者对摘录子文档的直接签名;当SP和租户的PKG无串通时,用户私钥具有私密性,满足内容摘录签名(Content Extraction Siganture, CES)的隐私性和不可伪造性。
(4)在证明了Josep Domingo秘密同态(Privacy Homomorphism, PH)的4个性质的基础上,构造了一种实数域的PH。验证实例和安全性证明表明,构造的PH能够在实数域上直接执行加、减、乘和除等4种算术运算,能够抵抗已知明文攻击,可保证计算型敏感信息的保密性和隐私性。与Josep Domingo PH相比,构造的PH不存在泄露数量级的风险,克服了分母不同的加密数据不能直接执行同态运算的问题,且节省了存储空间。
(5)基于跨私有数据库信息共享的思想,提出了交集、交集大小安全共享方案,分别实现了2个租户通过不完全可信SP,公平共享私有加密关系数据库属性的交集、交集大小。完备性、安全性证明表明,在半诚实模型下,2个协议均安全可证,满足最少必要信息共享。效率分析表明,2个协议的计算代价和通信代价分别仅为安全两方计算协议的40.00%和4.00%,是通过Rakesh交集安全查询协议实现安全共享的25.00%和66.67%。
(6)基于跨私有数据库信息共享的思想,提出等值连接、等值连接大小安全共享方案,分别实现了2个租户通过不完全可信SP,公平共享私有加密关系数据库元组的等值连接、等值连接大小。完备性、安全性证明,在半诚实模型下,2个协议均安全可证,满足最少必要信息共享。效率分析表明,等值连接安全共享协议的计算代价和通信代价分别仅为Rakesh协议实现公平共享的57.14%和75.00%,等值连接大小共享协议的计算代价和通信代价分别仅为4×104Ce和4×107。
(7)构建了一个肉牛生产SaaS信息安全测试与应用平台。测试分析表明,面向单租户的单粒度和多粒度文本信息、实数域算术运算PH以及2个租户间公平共享加密信息等安全方案均具有可行性。
Software as a service (SaaS) is an application model which is regarded as a new hostedservice that springs up in the21st century. Software is deployed as a hosted service and tenantaccessed over the Internet. Because the ownership is separated from both usufruct ofapplication and maintenance of data, the problem of sensitive information security becomeone of the core constraints of SaaS.
In order to protect tenant’s sensitive information security, accordance with the problemsthat it increased the system complexity, rose tenants’ costs, lowed the computationalefficiency of ciphertext, and lacked of secure information sharing scheme, based on the basictheories of cryptography and information security, they were researched to protect tenant’ssensitive text-information security of the single granularity and multi-granularity, thenumerical information of the real field in single tenant and share information between twotenants through the service provider (SP). The main researchs and results are as follows:
(1) Based on hierarchical ideology, non-credible private key generator (PKG) hierarchialidentity-based signature (IBS) for single and batch validation were improved. It is shown bysafety analysis that they are resistant to the existential forgery under an adaptivelychosen-message attack.
(2) For the secturity problems of the single granularity text-information, based on thenon-credible PKG hierarchial IBS for single and batch validation, the scheme of non-crediblePKG Hierarchial IBS for single and batch validation was proposed. It is shown by safetyanalysis that it has the confidentiality of sensitive information, and the feasibility of privatekey generated and delivered, and the privacy of user’s private key, the integrity and thenon-repudiation of sensitive information.
(3) Aiming at the secturity problems of the multi-granularity text-information, based onboth hierarchial CES-CommitVector and universal designated multi-verifiers signature, thenon-credible PKG scheme of both hierarchial IBS CES-CommitVector and hierarchialdesignated multi-verifiers IBS CES-CommitVector were proposed. It is shown by safetyanalysis that both of the content extaction singnatures are correct, and equivalent to signaturethat signer sign the extraction subdocuments directly, user’s privator keys are privacy when PKG between SP and tenant are not collusion, they have CES’s privacy and unforgeability.
(4) After four properties of Josep Domingo’s privacy homomorphism (PH) were prove, aPH in real field was constructed. It is shown by example and safety analysis that it candirectly run the arithmetic operations including addition, subtraction, multiplication anddivision on encrypted data in real field, be against the known-plaintext attack, and be sure tothe confidentiality and privacy of the numerical sensitive information. Comparing to JosepDomingo’s PH, it is not has the risk of leakage of magnitude, overcomes the problem that thedifferent denominator of the encrypted data can not be directly perform homomorphiccomputing, and saves the storage space.
(5) Based on the ideology of information sharing across private databases, theinformation sharing scheme of both intersection and intersection size were proposed, whichcould fairly share the attributesof intersection and intersection size of private encryptedrelational database between two tenants by un-creditible SP. It is shown by the completenessand security proven that they are safty in the semi-honest model, and meet the minimalnecessary information sharing. It is shown by the efficiency analysis that the costs ofcomputation and communication are40.00%and4.00%of two-party secure computation,25.00%and66.67%of those in utilizing the fair sharing information by AGRAWAL’sprotocol.
(6) Based on the ideology of information sharing across private databases, theinformation sharing scheme of both equijoin and equijoin size were proposed, which canfairly share the tuples of equijoin and equijoin size of private encrypted relational databasebetween two tenants by un-creditible SP. It is shown by the completeness and security proventhat they are safty in the semi-honest model, meet the minimal necessary information sharing.It is shown by the efficiency analysis that the equijoin schme’s cost of computation andcommunication are57.14%and75.00%, of those in utilizing the fair sharing information byRakesh’s protocol, the equijoin size schme’s cost of computation and communication are4×104Ceand4×107.
(7) An information security testing and application SaaS platform of beef production wasconstructed. It is shown by test and analysis that All of tenant’s sensitive text-informationsecurity of single granularity and multi-granularity, the numerical information of the real fieldin single tenant and share information between two tenants through SP are feasible.
针对保护租户敏感信息安全,导致系统复杂度增加、成本上升、密文计算效率低,且缺少安全信息共享方案的问题,论文综合运用密码学、信息安全的基本理论,研究保护单租户的单粒度和多粒度文本信息、实数域数值信息以及2个租户间通过服务提供方(Service Provider, SP)公平共享最少必要信息等安全方案。主要研究内容和结论如下:
(1)基于分层的思想,改进了无完全可信私钥生成中心(Un-Credible Private KeyGenerator, Un-Credible PKG)的单个验证和批量验证分层身份签名(Identity-BasedSignature, IBS)。安全分析表明,2个签名均满足抗适应性选择消息下的存在性伪造攻击。
(2)针对单粒度文本的安全问题,基于Un-Credible PKG的分层身份单个验证签名和批验证签名,提出了一个单个验证和批量验证Un-Credible PKG分层IBS方案。安全性分析表明,该方案具有敏感信息保密性、员工私钥产生与交付的可行性、用户私钥的私密性、敏感数据的数据完整性及不可否认性。
(3)针对多粒度文本的安全问题,基于分层CES-CommitVector方案和广义指定多验证者签名,改进了一个Un-Credible PKG的分层身份CES-CommitVector方案和分层广义指定多验证者身份CES-CommitVector方案。安全分析表明,2个方案的摘录签名均正确,等价于签名者对摘录子文档的直接签名;当SP和租户的PKG无串通时,用户私钥具有私密性,满足内容摘录签名(Content Extraction Siganture, CES)的隐私性和不可伪造性。
(4)在证明了Josep Domingo秘密同态(Privacy Homomorphism, PH)的4个性质的基础上,构造了一种实数域的PH。验证实例和安全性证明表明,构造的PH能够在实数域上直接执行加、减、乘和除等4种算术运算,能够抵抗已知明文攻击,可保证计算型敏感信息的保密性和隐私性。与Josep Domingo PH相比,构造的PH不存在泄露数量级的风险,克服了分母不同的加密数据不能直接执行同态运算的问题,且节省了存储空间。
(5)基于跨私有数据库信息共享的思想,提出了交集、交集大小安全共享方案,分别实现了2个租户通过不完全可信SP,公平共享私有加密关系数据库属性的交集、交集大小。完备性、安全性证明表明,在半诚实模型下,2个协议均安全可证,满足最少必要信息共享。效率分析表明,2个协议的计算代价和通信代价分别仅为安全两方计算协议的40.00%和4.00%,是通过Rakesh交集安全查询协议实现安全共享的25.00%和66.67%。
(6)基于跨私有数据库信息共享的思想,提出等值连接、等值连接大小安全共享方案,分别实现了2个租户通过不完全可信SP,公平共享私有加密关系数据库元组的等值连接、等值连接大小。完备性、安全性证明,在半诚实模型下,2个协议均安全可证,满足最少必要信息共享。效率分析表明,等值连接安全共享协议的计算代价和通信代价分别仅为Rakesh协议实现公平共享的57.14%和75.00%,等值连接大小共享协议的计算代价和通信代价分别仅为4×104Ce和4×107。
(7)构建了一个肉牛生产SaaS信息安全测试与应用平台。测试分析表明,面向单租户的单粒度和多粒度文本信息、实数域算术运算PH以及2个租户间公平共享加密信息等安全方案均具有可行性。
Software as a service (SaaS) is an application model which is regarded as a new hostedservice that springs up in the21st century. Software is deployed as a hosted service and tenantaccessed over the Internet. Because the ownership is separated from both usufruct ofapplication and maintenance of data, the problem of sensitive information security becomeone of the core constraints of SaaS.
In order to protect tenant’s sensitive information security, accordance with the problemsthat it increased the system complexity, rose tenants’ costs, lowed the computationalefficiency of ciphertext, and lacked of secure information sharing scheme, based on the basictheories of cryptography and information security, they were researched to protect tenant’ssensitive text-information security of the single granularity and multi-granularity, thenumerical information of the real field in single tenant and share information between twotenants through the service provider (SP). The main researchs and results are as follows:
(1) Based on hierarchical ideology, non-credible private key generator (PKG) hierarchialidentity-based signature (IBS) for single and batch validation were improved. It is shown bysafety analysis that they are resistant to the existential forgery under an adaptivelychosen-message attack.
(2) For the secturity problems of the single granularity text-information, based on thenon-credible PKG hierarchial IBS for single and batch validation, the scheme of non-crediblePKG Hierarchial IBS for single and batch validation was proposed. It is shown by safetyanalysis that it has the confidentiality of sensitive information, and the feasibility of privatekey generated and delivered, and the privacy of user’s private key, the integrity and thenon-repudiation of sensitive information.
(3) Aiming at the secturity problems of the multi-granularity text-information, based onboth hierarchial CES-CommitVector and universal designated multi-verifiers signature, thenon-credible PKG scheme of both hierarchial IBS CES-CommitVector and hierarchialdesignated multi-verifiers IBS CES-CommitVector were proposed. It is shown by safetyanalysis that both of the content extaction singnatures are correct, and equivalent to signaturethat signer sign the extraction subdocuments directly, user’s privator keys are privacy when PKG between SP and tenant are not collusion, they have CES’s privacy and unforgeability.
(4) After four properties of Josep Domingo’s privacy homomorphism (PH) were prove, aPH in real field was constructed. It is shown by example and safety analysis that it candirectly run the arithmetic operations including addition, subtraction, multiplication anddivision on encrypted data in real field, be against the known-plaintext attack, and be sure tothe confidentiality and privacy of the numerical sensitive information. Comparing to JosepDomingo’s PH, it is not has the risk of leakage of magnitude, overcomes the problem that thedifferent denominator of the encrypted data can not be directly perform homomorphiccomputing, and saves the storage space.
(5) Based on the ideology of information sharing across private databases, theinformation sharing scheme of both intersection and intersection size were proposed, whichcould fairly share the attributesof intersection and intersection size of private encryptedrelational database between two tenants by un-creditible SP. It is shown by the completenessand security proven that they are safty in the semi-honest model, and meet the minimalnecessary information sharing. It is shown by the efficiency analysis that the costs ofcomputation and communication are40.00%and4.00%of two-party secure computation,25.00%and66.67%of those in utilizing the fair sharing information by AGRAWAL’sprotocol.
(6) Based on the ideology of information sharing across private databases, theinformation sharing scheme of both equijoin and equijoin size were proposed, which canfairly share the tuples of equijoin and equijoin size of private encrypted relational databasebetween two tenants by un-creditible SP. It is shown by the completeness and security proventhat they are safty in the semi-honest model, meet the minimal necessary information sharing.It is shown by the efficiency analysis that the equijoin schme’s cost of computation andcommunication are57.14%and75.00%, of those in utilizing the fair sharing information byRakesh’s protocol, the equijoin size schme’s cost of computation and communication are4×104Ceand4×107.
(7) An information security testing and application SaaS platform of beef production wasconstructed. It is shown by test and analysis that All of tenant’s sensitive text-informationsecurity of single granularity and multi-granularity, the numerical information of the real fieldin single tenant and share information between two tenants through SP are feasible.
引文
柴永飞,罗宁,赵明.2005.无线养殖信息记录器的研究与实现.中国农学通报,(21):229-231.
陈海东.2006. SaaS软件服务模式下的人力资源管理系统.[硕士学位论文].上海:上海交通大学.
冯登国,张敏,张妍,徐震.2011.云计算安全研究.软件学报,22(1):71-83.
冯登国.2005.可证明安全性理论与方法研究.软件学报,16(10):1743-1756.
冯登国.2009.信息安全中的数学方法与技术.北京:清华大学出版社:161.
冯登国.2010.安全协议理论与实践.北京:清华大学出版社:35-68.
计世资讯.2008.中国SaaS应用呈现5大特点.计算机世界,2(45):1-2.
蒋亚军,杨波,张明武,陈旭日.2011a.外包数据库系统中隐私匹配与包含关系的安全计算协议.计算机科学,38(3):120-122,135.
蒋亚军,杨波,张明武,陈旭日.2011b.具有隐私保护的外包数据库合计查询方案.中南大学学报(自然科学版),42(3):721-725.
荆巍巍,黄刘生,罗永龙,姚亦飞,徐维江.2006.安全查询方案的设计与实现.计算机工程,32(22):144-145,158.
康瑞娟,张小栓,傅泽田,穆维松.2010.基于PDA和FSM的肉牛养殖可追溯信息采集与传输方法.农业工程学报,26(1):227-231.
孔兰菊,李庆忠,史玉良,王学.2010.面向SaaS应用基于键值对模式的多租户索引研究.计算机学报,33(12):2239-2247.
孔兰菊.2011. SaaS应用交付平台中多租户云数据管理关键技术研究.[博士学位论文].济南:山东大学.
蓝才会,王彩芬.2007.基于身份的可截取签名方案.计算机应用,27(10):2456-2458.
李志敏.2009.哈希函数设计与分析.[博士学位论文].北京:北京邮电大学.
梁成全,宋余庆,耿飙,陈健美,严振.2010.基于ECC的病历文档内容抽取签名方案的研究.计算机应用研究,27(7):2650-2653.
林子雨,赖永炫,林琛,谢怡,邹权.2012.云数据库研究.软件学报,23(5):1148-1166.
刘德强,赵航,徐桂芳,徐尚忠.2009.2008年我国肉牛业形势分析与展望.中国畜牧杂志,45(4):31-34.
刘军龙.2007.可截取签名体制研究.[硕士学位论文].兰州:西北师范大学.
刘文,罗守山,王永滨.2010.安全两方向量优势统计协议及其应用.电子学报,38(11):2573-2577.
刘武,段海新,张洪,任萍,吴建平.2011. TRBAC:基于信任的访问控制模型.计算机研究与发展,48(8):1414-1420.
任毅,彭智勇,唐祖锴,叶凌青.2008.隐私数据库——概念、发展和挑战.小型微型计算机系统.8(8):1467-1474.
施亮,傅泽田,张领先.2010.基于RFID技术的肉牛养殖质量安全可追溯系统研究.计算机应用与软件,27(1):40-43.
石中盘,蔡萃燕,王显峰.2009.面向数据库加密的秘密同态算法的研究.计算机应用研究,26(4):1535-1537.
苏万力.2009.若干具有特殊性质的数字签名的研究与设计.[博士学位论文].西安:西安电子科技大学.
孙鹏.2010.面向SaaS应用的多租户海量存储系统设计与实现.[硕士学位论文].杭州:浙江大学.
孙迅.2009.若干基于身份签名体制的研究与设计.[博士学位论文].上海:上海交通大学.
田野,张玉军,李忠诚.2006.使用对技术的基于身份密码学研究综述.计算机研究与发展,43(10):1810-1819.
王家忙.2010.面向SaaS的工作流管理系统设计与实现.[硕士学位论文].杭州:浙江大学.
王珊,萨师煊.2006.数据库系统概论.第4版.北京:高等教育出版社.
王晓峰,张璟,王尚平,王秋萍,张翔.2007.分布式协同设计内容摘录签名方案.计算机集成制造系统,13(9):1710-1715.
王晓峰,王尚平.2003.秘密同态技术在数据库安全中的应用.计算机工程与应用,13:194-196.
王晓峰,张璟,王尚平,张亚铃,秦波.2007.新的基于身份的广义指定验证者签名方案.电子学报,35(8):1432-1436.
王亚勇,李大兴.2000. PKI研究进展及其应用.通信保密,3:18-22.
王卓昊,赵卓峰,房俊,王希诚.2010.1种SaaS模式下的服务社区模型及其在全国科技信息服务网中的应用.计算机学报,33(11):2033-2043.
阎召祥.2010. ZS加密方案的选密安全性证明.山东大学学报(理学版).45(11):115-121.
杨勇,方勇,周安民.2005.秘密同态技术研究及其算法实现.计算机工程,31(2):157-159.
叶伟.2009.互联网时代的软件的软件革命——SaaS架构设计.北京:电子工业出版社.
尹隽,翁翔.2009.元数据驱动用于制造企业的敏捷搜索平台研究.中国造船,50(3):166-174.
袁卫忠,王德强,茅兵,谢立.2004.公钥基础设施的研究与进展.计算机科学,3l(2):82-88.
昝林森,郑同超,申光磊,王立国,曾祥虎.2006.牛肉安全生产加工全过程质量跟踪与追溯系统研发.中国农业科学,39(10):2083-2088.
张海亮,何东健.2006.肉牛体形参数计算机视觉检测.农业机械学报,37(2):164-167.
张学军.2008.新的基于身份的广义指定验证者签名.计算机工程与应用,44(13):33-35.
周永彬.2011.同态密码学研究进展.见:中国密码学会.中国密码学发展报告2010.北京:电子工业出版社:160-184.
Abraham Silberschatz, HenryF.Korth, S.Sudarshan.2006. Database System Concepts. Fifth Edition.杨冬青,李红燕,唐世渭等译.北京:机械工业出版社,2008.
A. C. Yao, Andrew Chi-Chih.1986. How to Generate and Exchange Secrets. The27th AnnualSymposium on Foundations of Computer Science:162-167.
Adi Shamir.1984. Identity-based Cryptosystems and Signature Schemes. Lecture Notes in ComputerScience,196:47-53.
Alberto Trombetta, Wei Jiang, Elisa Bertino.2010. Advanced Privacy-Preserving Data Managementand Analysis. Privacy and Anonymity in Information Management Systems, Springer-Verlag London,1:7-27.
Alfred Menezes, Scott Vanstone.1993. Reducing Elliptic Curve Logarithms to Logarithms in a FiniteField. IEEE Trans. on Information Theory,39(5):16391646.
Alfred J. Menezes, Paul C. van Oorschot, Scott A. Vanstone.1996. Handbook of AppliedCryptography.胡磊,王鹏译.2005.北京:电子工业出版社:289-343.
Andrew Burnett, Keith Winters, Tom Dowling.2002. A Java Implementation of an Elliptic Curve.Principle and Practice of Programming in Java:83-88.
Antoine Joux.2000. A One Round Protocol for Tripartite Diffie-Hellman. Lecture Notes in ComputerScience,1838:385-394.
Antoine Joux.2002. The Weil and Tate Pairings as Building Blocks for Public Key Cryptosystems.Lecture Notes in Computer Science,2369:20-32.
Ben Lynn.2002. Authenticated ID-based Encryption. http://eprint.iacr.org/2002/072.pdf[2013-01-18].
Brent Waters.2005. Efficient Identity-based Encryption without Random Oracles. Lecture Notes inComputer Science,3494:114-127.
Carlos Aguilar Melchor, Philippe Gaborit, Javier Herranz.2010. Additively Homomorphic Encryptionwith d-Operand Multipications. Lecture Notes in Computer Science,6223:138-154.
Christopher G. Davis, Biing-Hwan Lin.2005-10. Factors Affecting U.S. Beef Consumption.http://naldc.nal.usda.gov/download/41246/PDF [2013-01-18].
Cooper BF, Ramakrishnan R, Srivastava U, Silberstein A, Bohannon P, Jacobsen HA, Puz N, WeaverD, Yerneni R. Pnuts.2008. Yahoo!’s Hosted Data Serving Platform. The Internaional Journal on VeryLarge Data Bases,1(2):1277-1288.
Cor-Paul Bezemer, Andy Zaidman.2010. Challenges of Reengineering into Multi-Tenant SaaSApplications. Delft University of Technology, Tech. Rep. TUD-SERG-2010-012.
Craig D. Weissman, Steve Bobrowski.2009. The Design of the Force.com Multitenant InternetApplication Development Platform. Special Interest Group on Management Of Data:889-896.
Craig Gentry, Alice Silverberg.2002. Hierarchical ID-based Cryptography. Lecture Notes inComputer Science2501:548-566.
Craig Gentry.2009. Fully Homomorphic Encryption Using Ideal Lattices. ACM Symposium onTheory of Computer:169-178.
Craig Gentry.2010. Computing Arbitrary Functions of Encrypted Data. Communications of the ACM,53(3):97-105.
Craig Gentry, Shai Halevi.2011. Implementing Gentry's Fully-Homomorphic Encryption Scheme.Lecture Notes in Computer Science,6632:129-148.
Curt Devlin.2008. SaaS Capacity Planning: Transaction Cost Analysis Revisited.http://msdn.microsoft.com/en-us/library/cc261632.aspx [2013-01-18].
Damien Stehlé, Ron Steinfeld.2010. Faster Fully Homomorphic Encryption. Lecture Notes inComputer Science,6477:377-394.
Dan Boneh, Eu-Jin Goh, Kobbi Nissim.2005. Evaluating2-DNF Formulas on Ciphertexts. LectureNotes in Computer Science,3378:325-341.
Dan Boneh, Matthew Franklin.2003. Identity-based Encryption from the Weil Pairing. SIAM Journalof Computing,32(3):586-615.
Dan Boneh, Xavier Boyen, Eu-Jin Goh.2005. Hierarchical Identity-based Encryption with ConstantSize Ciphertext. Lecture Notes in Computer Science,3494:440-456.
Dan Boneh, Xavier Boyen.2004a, Secure Identity-based Encryption without Random Oracles. LecureNotes in Computer Science,3152:443-459.
Dan Boneh, Xavier Boyen.2004b. Efficient Selective-ID Secure Identity-based Encryption withoutRandom Oracles. Lecture Notes in Computer Science,3027:223-238.
Daniela Florescu, Donald Kossmann.1999. A Performance Evaluation of Alternative MappingSchemes for Storing XML Data in a Relational Database. Technical report, Inria, France.
David Barling.2007. Food Supply Chain Governance and Public Health Externalities: UpstreamPolicy Interventions and the UK State, Journal of Agricultural and Environmental Ethics,5:285-300.
David Galindo, Eric R.Verheul.2010. Pseudonymized Data Sharing. Privacy and Anonymity inInformation Management Systems,1:157-179.
David Naccache, Jacques Stern.1998. A New Public Key Cryptosystem based on Higher Residues.ACM Computer and Communications Security:59-66.
David Wagner.2003. Cryptanalysis of an Algebraic Privacy Homomorphism. Lecture Notes inComputer Science,2851:234-239.
Eiichiro Fujisaki, Tatsuaki Okamoto.1999. Secure Integration of Asymmetric and SymmetricEncryption Schemes. Lecture Notes in Computer Science,1666:537-554.
Eric R. Verheul.2004. Evidence that XTR is More Than Secure Supersingular Elliptic CurveCryptosystems. Journal of Cryptology,17(6):277-296.
Fay Chang, Jeffrey Dean, Sanjay Ghemawat, Wilson C. Hsieh, Deborah A. Wallach, Mike Burrows,Tushar Chandra, Andrew Fikes, Robert E. Gruber.2006. Bigtable: A Distributed Storage System forStructured Data. Operating Systems Design Implementation:1-14.
Floriran Hess.2003. Efficient Identity-based Signature Schemes based on Pairings. Lecture Notes inComputer Science,2595:310-324.
Frederick Chong, Gianpaolo Carraro.2006. Architecture Strategies for Catching the Long Tail.http://msdn.microsoft.com/en-us/architecture/aa479069.aspx [2013-01-18].
Frederick Chong, Gianpaolo Carraro, Roger Wolter.2006. Multi-Tenant Data Architecture.http://msdn.microsoft.com/en-us/library/aa479086.aspx [2013-01-18].
G. H. Hardy, E. M. Wright.1993. An Introduction to the Theory of Numbers.5th Edition. Oxford:Clarendon:263,268.
Gang Liang, Sudarshan S. Chawathe.2004. Privacy-Preserving Inter-database Operations. LectureNotes in Computer Science,3073:66–82.
Gerhard Frey, Hans-Georg Rück.1994. A Rremark Concerning m-divisibility and the DiscreteLogarithm in the Divisor Class Group of Curves. Mathematics Computation,62(206):865874.
Giuseppe DeCandia, Deniz Hastorun, Madan Jampani, Gunavardhan Kakulapati, Avinash Lakshman,Alex Pilchin, Swaminathan Sivasubramanian, Peter Vosshall, Werner Vogels.2007. Dynamo: Amazon’shighly available Key-value Store. ACM Symposium on Operating Systems Principles:205-220.
Hector Gonzalez, Alon Y. Halevy, Christian S. Jensen, Anno Langen, Jayant Madhavan, RebeccaShapley, Warren Shen, Jonathan Goldberg-Kidon.2010. Google Fusion Tables: Web-centered DataManagement and Collaboration. Special Interest Group on Management Of Data:1061-1066.
Ivan Damg rd, Mads Jurik.2001. A Generalisation, a Simplification and Some Applications ofPaillier's Probabilistic Public-Key System. Lecture Notes in Computer Science,1992:119-136.
Jae Choon Cha, Jung Hee Cheon.2003. An Identity-based Signature from Gap Diffie Hellman Groups.Lecture Notes in Computer Science,2567:18-30.
Jean-Daniel Cryans, Alain April, Alain Abran.2008. Criteria to Compare Cloud Computing withCurrent Database Technology. Lecture Notes in Computer Science,5338:114126.
Jeremy Horwitz, Ben Lynn.2002. Toward Hierarchical Identity-based Encryption. Lecture Notes inComputer Science,2332:466-481.
Jong P. Yoon.2011. Access Control and Trustiness for Resource Management in Cloud Databases.the Int'l Conf. on Grid and Cloud Database Management:109-131.
Josep Domingo i Ferrer.1996. A New Privacy Homomorphism and Applications. InformationProcessing Letters,60(5):277-282.
Josep Domingo-Ferrer.2002. A Provably Secure Additive and Multiplicative Privacy Homomorphism.Lecture Notes in Computer Science,2433:471-483.
Joseph H. Silverman.2005. A Friendly Introduction to Number Theory.3rd Edition. London: PrenticeHall:52-53,71.
Kenneth G. Paterson.2002. ID-based Signature from Pairing on Elliptic Curves. Electronics Letters,38(18):1025-1025.
Laurence Bull, David McG. Squire, Yuliang Zheng.2004. A Hierarchical Extraction Policy forContent Extraction Signatures. International Journal on Digital Libraries,4(3):208-222.
Louise Owens, Adam Duffy, Tom Dowling.2004. An Identity-based Encryption System. Principlesand Practice of Programming in Java,91:154-159.
M. R. Schroeder.1986. Number Theory in Science and Communication.2nd Edition. Berlin:Springer-Verlag:45.
Matt Bishop.2003. Computer Secturity: Art and Science.王立斌,黄征译.2005.北京:电子工业出版社.
Michael P. Papazoglou, Paolo Traverso, Schahram Dustdar, Frank Leymann.2007. Service-orientedComputing: State of the Art and Research Challenges. IEEE Computer,40(11):38-45.
Mihir Bellare, Phillip Rogawayy.1993. Random Oracles are Practical: a Paradigm for DesigningEfficient Protocols. The First ACM Conference on Computer and Communications Security:62-73.
Mihir Bellare, Phillip Rogawayy.1994. Optimal Asymmetric Encryption-How to Encrypt with RSA.Lecture Notes in Computer Science,950:92-111.
Mihir Bellare, Philip Rogaway.1996. The Exact Security of Digital Signatures-How to Sign withRSA and Rabin.Lecture Notes in Computer Science,1070:399-416.
Moni Naor, Benny Pinkas, Reuben Sumner.1999. Privacy Preserving Auctions and MechanismDesign. The1st ACM Conference on Electronic Commerce:129-139.
National Institute of Standards and Technology.2001. Advanced Encryption Standard. FIPS197.
National Security Agency.1993. Secure Hash Standard. National Institute of Standards andTechnology, FIPS PUB180.
National Security Agency.1995. Secure Hash Standard. National Institute of Standards andTechnology, FIPS PUB180-1.
National Security Agency.2002. Secure Hash Standard. National Institute of Standards andTechnology, FIPS PUB180-2.
National Security Agency.2004. Secure Hash Standard. National Institute of Standards andTechnology, FIPS PUB180-2.
National Security Agency.2006. Secure Hash Standard. National Institute of Standards andTechnology, FIPS PUB180-4.
Paulo S. L. M. Barreto, Hae Y. Kim, Ben Lynn, Michael Scott.2002. Efficient Algorithms for PairingBased Cryptosystems. Lecture Notes in Computer Science,2442:354-368.
Peter Guttman.2002. PKI: It's not Dead, just Resting. IEEE Computer,35(8):41-49.
Peter Mell, Timothy Grance.2011. The NIST Definition of Cloud Computing(800-145). NationalInstitute of Standards and Technology.
Petersen B, Sknura-Desczka, E Ponsgen-Schmidt, S. Gimnich.2002. Computerized Food SafetyMonitoring in Animal Production. Livestock Production Science,76(9):207-213.
Phillip Rogaway.1991. The Round Complexity of Secure Protocols.[博士学位论文]. Boston:Massachusetts Institute of Technology.
P. Paillier.1999. Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. LectureNotes in Computer Science,1592:223-238.
Progress Software.2012. Saas Architecture. http://www.progress.com/docs/whitepapers/public/SaaS/SaaS-Architecture.pdf [2013-03-18].
Rakesh Agrawal, Alexandre Evfimievski, Ramakrishnan Srikant.2008-05-13. Information Integrationacross Autonomous Enterprises.美国发明专利, US2008/0065910A1.
Ran Canetti, Shai Halevi, Jonathan Katz.2004. Chosen Ciphertext Security from Identity-basedEncryption. Lecture Notes in Computer Science,3027:207-222.
Richard Kissel.2011. Glossary of Key Information Security Terms (NIST IR7298). National Instituteof Standards and Technology.
R. L. Rivest, A. Shamir, L. Adleman.1978. A Method for Obtaining Digital Signatures andPublic-key Cryptosystems. Communications of the ACM,121(2):120-126.
Ronald L. Rivest.1991. The MD4Message Digest Algorithm. CRYPTO. Alfred Menezes, Scott A.Vanstone. Springer-Verlag London,8:303-311.
Ronald L. Rivest, Len Adleman, Michael L. Dertouzos.1978. On Data Banks and PrivacyHomomorphisms. Foundations of Secure Computation:169-179.
Ron Steinfeld, Laurence Bull, Huaxiong Wang, Josef Piperzyk.2003. Universal Designated VerifierSignatures. Lecture Notes in Computer Science,2894:523-542.
Ron Steinfeld, Laurence Bull, Yuliang Zheng.2002. Content Extraction Signatures, Lecture Notes inComputer Science,2288:285-304.
R. Rivest.1992. The MD5Message-Digest Algorithm. Internet RFC1321.
Saleforce.com.2008. The Force.com Multitenant Architecture. http://wiki.developerforce.com/page/Multi_Tenant_Architecture.
Scott Contini, Arjen K. Lenstra, Ron Steinfeld.2006. VSH, an Efficient and Provable Collision-Resistant Hash Function. Lecture Notes in Computer Science,4004:165-182.
Sejong Oh, Seog Park.2003. Task-role-based access Control Model. Information Systems,28(6):533-562.
Seung-Hyun Seo, Jung Yeon Hwang, Kyu Young Choi, Dong Hoon Lee.2008. Identity-basedUniversal Designated Multi-verifiers Signature Schemes. Computer Standards&Interfaces,30(5):288-295.
Shafi Goldwasser, Silvio Micali.1984. Probabilistic Encryption. Special issue of Journal of Computerand Systems Sciences,28(2):270-299.
Sherman S.M. Chow, Lucas C.K. Hui, Siu Ming Yiu, K.P.chow.2004. Secure HierarchicalIdentity-based Signature and its Application. Lecture Notes in Computer Science,3269:275-279.
Software and Information Industry Association.2001. Software as a Service: Strategic Backgrounder.Washington, DC.
Stefan Aulbach, Torsten Grust, Dean Jacobs, Alfons Kemper,Jan Rittinger.2008. Multi-TenantDatabases for Software as a Service: Schema-Mapping Technique. Special Interest Group on ManagementOf Data:1195-1206.
Taha, Fawzi, A.2004. The Poultry Sector in Middle-income Countries and its Feed Requirements:Egypt. http://www.thepoultrysite.com/articles/116/the-poultry-sector-in-middleincome-countries-and-its-feed-requirements-egypt [2013-01-18].
Taher ElGamal.1984. A Public-Key Cryptosystem and a Signature Scheme based on DiscreteLogarithms. Lecture Notes in Computer Science,196:10-18.
Tatsuaki Okamoto, Shigenori Uchiyama.1998. A New public-key Cryptosystem as Secure asFactoring. Lecture Notes in Computer Science,1403:308-318.
The Force.com.2009. The Force.com Multitenant Architecture. http://www.developerforce.com/media/ForcedotcomBookLibrary/Force.com_Multitenancy_WP_101508.pdf [2013-01-18].
The JACOB Project.2004. A Java-COM Bridge. http://danadler.com/jacob/[2013-01-18].
Thomas Kwok, Thao Nguyen, Linh Lam.2008. A Software as a Service with Multi-tenancy Supportfor an Electronic Contract Management Application. Service Computing:179-186.
Ueil M. Maumr, Stefan Wolf.1996. Diffie-Hellman Oracles. Lecture Notes in Computer Science,1109:268-282.
Victor S. Miller.2004. The Weil Pairing and its Efficient Calculation. Journal of Cryptology,17(4):235-261.
Vidyan, Choudhary.2007. Comparison of Software Quality under Perpetual Licensing and Softwareas a Service. Journal of Management Information Systems,24(2):141-165.
Wei Sun, Kuo Zhang, Shyh-Kwei Chen.2007. Software as a Service: An Integration Perspective.ICSOC,8:558-569.
William Stallings.2006. Cryptography and Network Secturity. Forth Edition.王丽娜,傅建明译.2009.北京:电子工业出版社.
Xiaofeng Chen, Fangguo Zhang, Kwangjo Kim.2003. A New ID-based Group Signature Schemefrom Bilinear Pairings. Workshopon Information Security Applications:1-14.
Xiaoyun Wang, DengguoFeng, Xuejia Lai, Hongbo Yu.2004. Collisions for Hash Functions MD4,MD5, HAVAL-128and RIPEMD. Rump session, Advances in Cryptology-CRYPTO, Cryptology ePrintArchive:1-4.
Xiaoyun Wang, Hongbo Yu.2005. How to Break MD5and Other Hash Functions. Lecture Notes inComputer Science,3494:19-35.
Xiaoyun Wang, Xuejia Lai, Dengguo Feng, Hui Chen, Xiuyuan Yu.2005. Cryptanalysis of the HashFunctions MD4and RIPEMD. Lecture Notes in Computer Science,3494:1-18.
Xiaoyun Wang, Yiqun Lisa Yin, Hongbo Yu.2005. Finding Collisoion in Full SHA-1. Lecture Notesin Computer Science,3621:17-36.
Xun Yi.2003. An Identity-based Signature Scheme from the Weil Pairing. IEEE CommunicationLetters,7(2):76-78.
Yehuda Lindell, Benny Pinkas.2002. Privacy Preserving Data Mining. Journal of Cryptology,15(3):177–206.
Yingpeng Sang, Hong Shen.2009. Efficient and Secure Protocols for Privacy Preserving SetOperations. ACM Transactions on Information and System Security,13(1):1-34.
Yuecel Karabulut, Ike Nassi.2009. Secure Enterprise Services Consumption for SaaS TechnologyPlatforms. IEEE International Conference on Data Engineering,3:1749-1756.
Yuliang Zheng, Josef Pieprzyk, Jennifer Seberry.1993. HAVAL---a One-way Hashing Algorithmwith Variable Length of Output. Lecture Notes in Computer Science,718:83-104.
Zeeshan Pervez, Sungyoung Lee.2010. Multi-Tenant, Secure, Load Disseminated SaaS Architecture.Advanced Communication Technology,2:214-219.
陈海东.2006. SaaS软件服务模式下的人力资源管理系统.[硕士学位论文].上海:上海交通大学.
冯登国,张敏,张妍,徐震.2011.云计算安全研究.软件学报,22(1):71-83.
冯登国.2005.可证明安全性理论与方法研究.软件学报,16(10):1743-1756.
冯登国.2009.信息安全中的数学方法与技术.北京:清华大学出版社:161.
冯登国.2010.安全协议理论与实践.北京:清华大学出版社:35-68.
计世资讯.2008.中国SaaS应用呈现5大特点.计算机世界,2(45):1-2.
蒋亚军,杨波,张明武,陈旭日.2011a.外包数据库系统中隐私匹配与包含关系的安全计算协议.计算机科学,38(3):120-122,135.
蒋亚军,杨波,张明武,陈旭日.2011b.具有隐私保护的外包数据库合计查询方案.中南大学学报(自然科学版),42(3):721-725.
荆巍巍,黄刘生,罗永龙,姚亦飞,徐维江.2006.安全查询方案的设计与实现.计算机工程,32(22):144-145,158.
康瑞娟,张小栓,傅泽田,穆维松.2010.基于PDA和FSM的肉牛养殖可追溯信息采集与传输方法.农业工程学报,26(1):227-231.
孔兰菊,李庆忠,史玉良,王学.2010.面向SaaS应用基于键值对模式的多租户索引研究.计算机学报,33(12):2239-2247.
孔兰菊.2011. SaaS应用交付平台中多租户云数据管理关键技术研究.[博士学位论文].济南:山东大学.
蓝才会,王彩芬.2007.基于身份的可截取签名方案.计算机应用,27(10):2456-2458.
李志敏.2009.哈希函数设计与分析.[博士学位论文].北京:北京邮电大学.
梁成全,宋余庆,耿飙,陈健美,严振.2010.基于ECC的病历文档内容抽取签名方案的研究.计算机应用研究,27(7):2650-2653.
林子雨,赖永炫,林琛,谢怡,邹权.2012.云数据库研究.软件学报,23(5):1148-1166.
刘德强,赵航,徐桂芳,徐尚忠.2009.2008年我国肉牛业形势分析与展望.中国畜牧杂志,45(4):31-34.
刘军龙.2007.可截取签名体制研究.[硕士学位论文].兰州:西北师范大学.
刘文,罗守山,王永滨.2010.安全两方向量优势统计协议及其应用.电子学报,38(11):2573-2577.
刘武,段海新,张洪,任萍,吴建平.2011. TRBAC:基于信任的访问控制模型.计算机研究与发展,48(8):1414-1420.
任毅,彭智勇,唐祖锴,叶凌青.2008.隐私数据库——概念、发展和挑战.小型微型计算机系统.8(8):1467-1474.
施亮,傅泽田,张领先.2010.基于RFID技术的肉牛养殖质量安全可追溯系统研究.计算机应用与软件,27(1):40-43.
石中盘,蔡萃燕,王显峰.2009.面向数据库加密的秘密同态算法的研究.计算机应用研究,26(4):1535-1537.
苏万力.2009.若干具有特殊性质的数字签名的研究与设计.[博士学位论文].西安:西安电子科技大学.
孙鹏.2010.面向SaaS应用的多租户海量存储系统设计与实现.[硕士学位论文].杭州:浙江大学.
孙迅.2009.若干基于身份签名体制的研究与设计.[博士学位论文].上海:上海交通大学.
田野,张玉军,李忠诚.2006.使用对技术的基于身份密码学研究综述.计算机研究与发展,43(10):1810-1819.
王家忙.2010.面向SaaS的工作流管理系统设计与实现.[硕士学位论文].杭州:浙江大学.
王珊,萨师煊.2006.数据库系统概论.第4版.北京:高等教育出版社.
王晓峰,张璟,王尚平,王秋萍,张翔.2007.分布式协同设计内容摘录签名方案.计算机集成制造系统,13(9):1710-1715.
王晓峰,王尚平.2003.秘密同态技术在数据库安全中的应用.计算机工程与应用,13:194-196.
王晓峰,张璟,王尚平,张亚铃,秦波.2007.新的基于身份的广义指定验证者签名方案.电子学报,35(8):1432-1436.
王亚勇,李大兴.2000. PKI研究进展及其应用.通信保密,3:18-22.
王卓昊,赵卓峰,房俊,王希诚.2010.1种SaaS模式下的服务社区模型及其在全国科技信息服务网中的应用.计算机学报,33(11):2033-2043.
阎召祥.2010. ZS加密方案的选密安全性证明.山东大学学报(理学版).45(11):115-121.
杨勇,方勇,周安民.2005.秘密同态技术研究及其算法实现.计算机工程,31(2):157-159.
叶伟.2009.互联网时代的软件的软件革命——SaaS架构设计.北京:电子工业出版社.
尹隽,翁翔.2009.元数据驱动用于制造企业的敏捷搜索平台研究.中国造船,50(3):166-174.
袁卫忠,王德强,茅兵,谢立.2004.公钥基础设施的研究与进展.计算机科学,3l(2):82-88.
昝林森,郑同超,申光磊,王立国,曾祥虎.2006.牛肉安全生产加工全过程质量跟踪与追溯系统研发.中国农业科学,39(10):2083-2088.
张海亮,何东健.2006.肉牛体形参数计算机视觉检测.农业机械学报,37(2):164-167.
张学军.2008.新的基于身份的广义指定验证者签名.计算机工程与应用,44(13):33-35.
周永彬.2011.同态密码学研究进展.见:中国密码学会.中国密码学发展报告2010.北京:电子工业出版社:160-184.
Abraham Silberschatz, HenryF.Korth, S.Sudarshan.2006. Database System Concepts. Fifth Edition.杨冬青,李红燕,唐世渭等译.北京:机械工业出版社,2008.
A. C. Yao, Andrew Chi-Chih.1986. How to Generate and Exchange Secrets. The27th AnnualSymposium on Foundations of Computer Science:162-167.
Adi Shamir.1984. Identity-based Cryptosystems and Signature Schemes. Lecture Notes in ComputerScience,196:47-53.
Alberto Trombetta, Wei Jiang, Elisa Bertino.2010. Advanced Privacy-Preserving Data Managementand Analysis. Privacy and Anonymity in Information Management Systems, Springer-Verlag London,1:7-27.
Alfred Menezes, Scott Vanstone.1993. Reducing Elliptic Curve Logarithms to Logarithms in a FiniteField. IEEE Trans. on Information Theory,39(5):16391646.
Alfred J. Menezes, Paul C. van Oorschot, Scott A. Vanstone.1996. Handbook of AppliedCryptography.胡磊,王鹏译.2005.北京:电子工业出版社:289-343.
Andrew Burnett, Keith Winters, Tom Dowling.2002. A Java Implementation of an Elliptic Curve.Principle and Practice of Programming in Java:83-88.
Antoine Joux.2000. A One Round Protocol for Tripartite Diffie-Hellman. Lecture Notes in ComputerScience,1838:385-394.
Antoine Joux.2002. The Weil and Tate Pairings as Building Blocks for Public Key Cryptosystems.Lecture Notes in Computer Science,2369:20-32.
Ben Lynn.2002. Authenticated ID-based Encryption. http://eprint.iacr.org/2002/072.pdf[2013-01-18].
Brent Waters.2005. Efficient Identity-based Encryption without Random Oracles. Lecture Notes inComputer Science,3494:114-127.
Carlos Aguilar Melchor, Philippe Gaborit, Javier Herranz.2010. Additively Homomorphic Encryptionwith d-Operand Multipications. Lecture Notes in Computer Science,6223:138-154.
Christopher G. Davis, Biing-Hwan Lin.2005-10. Factors Affecting U.S. Beef Consumption.http://naldc.nal.usda.gov/download/41246/PDF [2013-01-18].
Cooper BF, Ramakrishnan R, Srivastava U, Silberstein A, Bohannon P, Jacobsen HA, Puz N, WeaverD, Yerneni R. Pnuts.2008. Yahoo!’s Hosted Data Serving Platform. The Internaional Journal on VeryLarge Data Bases,1(2):1277-1288.
Cor-Paul Bezemer, Andy Zaidman.2010. Challenges of Reengineering into Multi-Tenant SaaSApplications. Delft University of Technology, Tech. Rep. TUD-SERG-2010-012.
Craig D. Weissman, Steve Bobrowski.2009. The Design of the Force.com Multitenant InternetApplication Development Platform. Special Interest Group on Management Of Data:889-896.
Craig Gentry, Alice Silverberg.2002. Hierarchical ID-based Cryptography. Lecture Notes inComputer Science2501:548-566.
Craig Gentry.2009. Fully Homomorphic Encryption Using Ideal Lattices. ACM Symposium onTheory of Computer:169-178.
Craig Gentry.2010. Computing Arbitrary Functions of Encrypted Data. Communications of the ACM,53(3):97-105.
Craig Gentry, Shai Halevi.2011. Implementing Gentry's Fully-Homomorphic Encryption Scheme.Lecture Notes in Computer Science,6632:129-148.
Curt Devlin.2008. SaaS Capacity Planning: Transaction Cost Analysis Revisited.http://msdn.microsoft.com/en-us/library/cc261632.aspx [2013-01-18].
Damien Stehlé, Ron Steinfeld.2010. Faster Fully Homomorphic Encryption. Lecture Notes inComputer Science,6477:377-394.
Dan Boneh, Eu-Jin Goh, Kobbi Nissim.2005. Evaluating2-DNF Formulas on Ciphertexts. LectureNotes in Computer Science,3378:325-341.
Dan Boneh, Matthew Franklin.2003. Identity-based Encryption from the Weil Pairing. SIAM Journalof Computing,32(3):586-615.
Dan Boneh, Xavier Boyen, Eu-Jin Goh.2005. Hierarchical Identity-based Encryption with ConstantSize Ciphertext. Lecture Notes in Computer Science,3494:440-456.
Dan Boneh, Xavier Boyen.2004a, Secure Identity-based Encryption without Random Oracles. LecureNotes in Computer Science,3152:443-459.
Dan Boneh, Xavier Boyen.2004b. Efficient Selective-ID Secure Identity-based Encryption withoutRandom Oracles. Lecture Notes in Computer Science,3027:223-238.
Daniela Florescu, Donald Kossmann.1999. A Performance Evaluation of Alternative MappingSchemes for Storing XML Data in a Relational Database. Technical report, Inria, France.
David Barling.2007. Food Supply Chain Governance and Public Health Externalities: UpstreamPolicy Interventions and the UK State, Journal of Agricultural and Environmental Ethics,5:285-300.
David Galindo, Eric R.Verheul.2010. Pseudonymized Data Sharing. Privacy and Anonymity inInformation Management Systems,1:157-179.
David Naccache, Jacques Stern.1998. A New Public Key Cryptosystem based on Higher Residues.ACM Computer and Communications Security:59-66.
David Wagner.2003. Cryptanalysis of an Algebraic Privacy Homomorphism. Lecture Notes inComputer Science,2851:234-239.
Eiichiro Fujisaki, Tatsuaki Okamoto.1999. Secure Integration of Asymmetric and SymmetricEncryption Schemes. Lecture Notes in Computer Science,1666:537-554.
Eric R. Verheul.2004. Evidence that XTR is More Than Secure Supersingular Elliptic CurveCryptosystems. Journal of Cryptology,17(6):277-296.
Fay Chang, Jeffrey Dean, Sanjay Ghemawat, Wilson C. Hsieh, Deborah A. Wallach, Mike Burrows,Tushar Chandra, Andrew Fikes, Robert E. Gruber.2006. Bigtable: A Distributed Storage System forStructured Data. Operating Systems Design Implementation:1-14.
Floriran Hess.2003. Efficient Identity-based Signature Schemes based on Pairings. Lecture Notes inComputer Science,2595:310-324.
Frederick Chong, Gianpaolo Carraro.2006. Architecture Strategies for Catching the Long Tail.http://msdn.microsoft.com/en-us/architecture/aa479069.aspx [2013-01-18].
Frederick Chong, Gianpaolo Carraro, Roger Wolter.2006. Multi-Tenant Data Architecture.http://msdn.microsoft.com/en-us/library/aa479086.aspx [2013-01-18].
G. H. Hardy, E. M. Wright.1993. An Introduction to the Theory of Numbers.5th Edition. Oxford:Clarendon:263,268.
Gang Liang, Sudarshan S. Chawathe.2004. Privacy-Preserving Inter-database Operations. LectureNotes in Computer Science,3073:66–82.
Gerhard Frey, Hans-Georg Rück.1994. A Rremark Concerning m-divisibility and the DiscreteLogarithm in the Divisor Class Group of Curves. Mathematics Computation,62(206):865874.
Giuseppe DeCandia, Deniz Hastorun, Madan Jampani, Gunavardhan Kakulapati, Avinash Lakshman,Alex Pilchin, Swaminathan Sivasubramanian, Peter Vosshall, Werner Vogels.2007. Dynamo: Amazon’shighly available Key-value Store. ACM Symposium on Operating Systems Principles:205-220.
Hector Gonzalez, Alon Y. Halevy, Christian S. Jensen, Anno Langen, Jayant Madhavan, RebeccaShapley, Warren Shen, Jonathan Goldberg-Kidon.2010. Google Fusion Tables: Web-centered DataManagement and Collaboration. Special Interest Group on Management Of Data:1061-1066.
Ivan Damg rd, Mads Jurik.2001. A Generalisation, a Simplification and Some Applications ofPaillier's Probabilistic Public-Key System. Lecture Notes in Computer Science,1992:119-136.
Jae Choon Cha, Jung Hee Cheon.2003. An Identity-based Signature from Gap Diffie Hellman Groups.Lecture Notes in Computer Science,2567:18-30.
Jean-Daniel Cryans, Alain April, Alain Abran.2008. Criteria to Compare Cloud Computing withCurrent Database Technology. Lecture Notes in Computer Science,5338:114126.
Jeremy Horwitz, Ben Lynn.2002. Toward Hierarchical Identity-based Encryption. Lecture Notes inComputer Science,2332:466-481.
Jong P. Yoon.2011. Access Control and Trustiness for Resource Management in Cloud Databases.the Int'l Conf. on Grid and Cloud Database Management:109-131.
Josep Domingo i Ferrer.1996. A New Privacy Homomorphism and Applications. InformationProcessing Letters,60(5):277-282.
Josep Domingo-Ferrer.2002. A Provably Secure Additive and Multiplicative Privacy Homomorphism.Lecture Notes in Computer Science,2433:471-483.
Joseph H. Silverman.2005. A Friendly Introduction to Number Theory.3rd Edition. London: PrenticeHall:52-53,71.
Kenneth G. Paterson.2002. ID-based Signature from Pairing on Elliptic Curves. Electronics Letters,38(18):1025-1025.
Laurence Bull, David McG. Squire, Yuliang Zheng.2004. A Hierarchical Extraction Policy forContent Extraction Signatures. International Journal on Digital Libraries,4(3):208-222.
Louise Owens, Adam Duffy, Tom Dowling.2004. An Identity-based Encryption System. Principlesand Practice of Programming in Java,91:154-159.
M. R. Schroeder.1986. Number Theory in Science and Communication.2nd Edition. Berlin:Springer-Verlag:45.
Matt Bishop.2003. Computer Secturity: Art and Science.王立斌,黄征译.2005.北京:电子工业出版社.
Michael P. Papazoglou, Paolo Traverso, Schahram Dustdar, Frank Leymann.2007. Service-orientedComputing: State of the Art and Research Challenges. IEEE Computer,40(11):38-45.
Mihir Bellare, Phillip Rogawayy.1993. Random Oracles are Practical: a Paradigm for DesigningEfficient Protocols. The First ACM Conference on Computer and Communications Security:62-73.
Mihir Bellare, Phillip Rogawayy.1994. Optimal Asymmetric Encryption-How to Encrypt with RSA.Lecture Notes in Computer Science,950:92-111.
Mihir Bellare, Philip Rogaway.1996. The Exact Security of Digital Signatures-How to Sign withRSA and Rabin.Lecture Notes in Computer Science,1070:399-416.
Moni Naor, Benny Pinkas, Reuben Sumner.1999. Privacy Preserving Auctions and MechanismDesign. The1st ACM Conference on Electronic Commerce:129-139.
National Institute of Standards and Technology.2001. Advanced Encryption Standard. FIPS197.
National Security Agency.1993. Secure Hash Standard. National Institute of Standards andTechnology, FIPS PUB180.
National Security Agency.1995. Secure Hash Standard. National Institute of Standards andTechnology, FIPS PUB180-1.
National Security Agency.2002. Secure Hash Standard. National Institute of Standards andTechnology, FIPS PUB180-2.
National Security Agency.2004. Secure Hash Standard. National Institute of Standards andTechnology, FIPS PUB180-2.
National Security Agency.2006. Secure Hash Standard. National Institute of Standards andTechnology, FIPS PUB180-4.
Paulo S. L. M. Barreto, Hae Y. Kim, Ben Lynn, Michael Scott.2002. Efficient Algorithms for PairingBased Cryptosystems. Lecture Notes in Computer Science,2442:354-368.
Peter Guttman.2002. PKI: It's not Dead, just Resting. IEEE Computer,35(8):41-49.
Peter Mell, Timothy Grance.2011. The NIST Definition of Cloud Computing(800-145). NationalInstitute of Standards and Technology.
Petersen B, Sknura-Desczka, E Ponsgen-Schmidt, S. Gimnich.2002. Computerized Food SafetyMonitoring in Animal Production. Livestock Production Science,76(9):207-213.
Phillip Rogaway.1991. The Round Complexity of Secure Protocols.[博士学位论文]. Boston:Massachusetts Institute of Technology.
P. Paillier.1999. Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. LectureNotes in Computer Science,1592:223-238.
Progress Software.2012. Saas Architecture. http://www.progress.com/docs/whitepapers/public/SaaS/SaaS-Architecture.pdf [2013-03-18].
Rakesh Agrawal, Alexandre Evfimievski, Ramakrishnan Srikant.2008-05-13. Information Integrationacross Autonomous Enterprises.美国发明专利, US2008/0065910A1.
Ran Canetti, Shai Halevi, Jonathan Katz.2004. Chosen Ciphertext Security from Identity-basedEncryption. Lecture Notes in Computer Science,3027:207-222.
Richard Kissel.2011. Glossary of Key Information Security Terms (NIST IR7298). National Instituteof Standards and Technology.
R. L. Rivest, A. Shamir, L. Adleman.1978. A Method for Obtaining Digital Signatures andPublic-key Cryptosystems. Communications of the ACM,121(2):120-126.
Ronald L. Rivest.1991. The MD4Message Digest Algorithm. CRYPTO. Alfred Menezes, Scott A.Vanstone. Springer-Verlag London,8:303-311.
Ronald L. Rivest, Len Adleman, Michael L. Dertouzos.1978. On Data Banks and PrivacyHomomorphisms. Foundations of Secure Computation:169-179.
Ron Steinfeld, Laurence Bull, Huaxiong Wang, Josef Piperzyk.2003. Universal Designated VerifierSignatures. Lecture Notes in Computer Science,2894:523-542.
Ron Steinfeld, Laurence Bull, Yuliang Zheng.2002. Content Extraction Signatures, Lecture Notes inComputer Science,2288:285-304.
R. Rivest.1992. The MD5Message-Digest Algorithm. Internet RFC1321.
Saleforce.com.2008. The Force.com Multitenant Architecture. http://wiki.developerforce.com/page/Multi_Tenant_Architecture.
Scott Contini, Arjen K. Lenstra, Ron Steinfeld.2006. VSH, an Efficient and Provable Collision-Resistant Hash Function. Lecture Notes in Computer Science,4004:165-182.
Sejong Oh, Seog Park.2003. Task-role-based access Control Model. Information Systems,28(6):533-562.
Seung-Hyun Seo, Jung Yeon Hwang, Kyu Young Choi, Dong Hoon Lee.2008. Identity-basedUniversal Designated Multi-verifiers Signature Schemes. Computer Standards&Interfaces,30(5):288-295.
Shafi Goldwasser, Silvio Micali.1984. Probabilistic Encryption. Special issue of Journal of Computerand Systems Sciences,28(2):270-299.
Sherman S.M. Chow, Lucas C.K. Hui, Siu Ming Yiu, K.P.chow.2004. Secure HierarchicalIdentity-based Signature and its Application. Lecture Notes in Computer Science,3269:275-279.
Software and Information Industry Association.2001. Software as a Service: Strategic Backgrounder.Washington, DC.
Stefan Aulbach, Torsten Grust, Dean Jacobs, Alfons Kemper,Jan Rittinger.2008. Multi-TenantDatabases for Software as a Service: Schema-Mapping Technique. Special Interest Group on ManagementOf Data:1195-1206.
Taha, Fawzi, A.2004. The Poultry Sector in Middle-income Countries and its Feed Requirements:Egypt. http://www.thepoultrysite.com/articles/116/the-poultry-sector-in-middleincome-countries-and-its-feed-requirements-egypt [2013-01-18].
Taher ElGamal.1984. A Public-Key Cryptosystem and a Signature Scheme based on DiscreteLogarithms. Lecture Notes in Computer Science,196:10-18.
Tatsuaki Okamoto, Shigenori Uchiyama.1998. A New public-key Cryptosystem as Secure asFactoring. Lecture Notes in Computer Science,1403:308-318.
The Force.com.2009. The Force.com Multitenant Architecture. http://www.developerforce.com/media/ForcedotcomBookLibrary/Force.com_Multitenancy_WP_101508.pdf [2013-01-18].
The JACOB Project.2004. A Java-COM Bridge. http://danadler.com/jacob/[2013-01-18].
Thomas Kwok, Thao Nguyen, Linh Lam.2008. A Software as a Service with Multi-tenancy Supportfor an Electronic Contract Management Application. Service Computing:179-186.
Ueil M. Maumr, Stefan Wolf.1996. Diffie-Hellman Oracles. Lecture Notes in Computer Science,1109:268-282.
Victor S. Miller.2004. The Weil Pairing and its Efficient Calculation. Journal of Cryptology,17(4):235-261.
Vidyan, Choudhary.2007. Comparison of Software Quality under Perpetual Licensing and Softwareas a Service. Journal of Management Information Systems,24(2):141-165.
Wei Sun, Kuo Zhang, Shyh-Kwei Chen.2007. Software as a Service: An Integration Perspective.ICSOC,8:558-569.
William Stallings.2006. Cryptography and Network Secturity. Forth Edition.王丽娜,傅建明译.2009.北京:电子工业出版社.
Xiaofeng Chen, Fangguo Zhang, Kwangjo Kim.2003. A New ID-based Group Signature Schemefrom Bilinear Pairings. Workshopon Information Security Applications:1-14.
Xiaoyun Wang, DengguoFeng, Xuejia Lai, Hongbo Yu.2004. Collisions for Hash Functions MD4,MD5, HAVAL-128and RIPEMD. Rump session, Advances in Cryptology-CRYPTO, Cryptology ePrintArchive:1-4.
Xiaoyun Wang, Hongbo Yu.2005. How to Break MD5and Other Hash Functions. Lecture Notes inComputer Science,3494:19-35.
Xiaoyun Wang, Xuejia Lai, Dengguo Feng, Hui Chen, Xiuyuan Yu.2005. Cryptanalysis of the HashFunctions MD4and RIPEMD. Lecture Notes in Computer Science,3494:1-18.
Xiaoyun Wang, Yiqun Lisa Yin, Hongbo Yu.2005. Finding Collisoion in Full SHA-1. Lecture Notesin Computer Science,3621:17-36.
Xun Yi.2003. An Identity-based Signature Scheme from the Weil Pairing. IEEE CommunicationLetters,7(2):76-78.
Yehuda Lindell, Benny Pinkas.2002. Privacy Preserving Data Mining. Journal of Cryptology,15(3):177–206.
Yingpeng Sang, Hong Shen.2009. Efficient and Secure Protocols for Privacy Preserving SetOperations. ACM Transactions on Information and System Security,13(1):1-34.
Yuecel Karabulut, Ike Nassi.2009. Secure Enterprise Services Consumption for SaaS TechnologyPlatforms. IEEE International Conference on Data Engineering,3:1749-1756.
Yuliang Zheng, Josef Pieprzyk, Jennifer Seberry.1993. HAVAL---a One-way Hashing Algorithmwith Variable Length of Output. Lecture Notes in Computer Science,718:83-104.
Zeeshan Pervez, Sungyoung Lee.2010. Multi-Tenant, Secure, Load Disseminated SaaS Architecture.Advanced Communication Technology,2:214-219.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |