面向云端融合计算的防御性数据销毁机制

云端融合计算将云计算和对等计算有机地融合，充分挖掘网络中心集群服务器端和网络边缘终端所蕴含的各种可利用的资源。引入了动态性比较强的网络边缘节点之后，云端融合计算环境下的数据安全保护和远程数据销毁更加困难，特别是恶意的异地主体可能对被托管的数据实施非法篡改等攻击行为。为此，本文提出了基于移动Agent的防御性数据销毁机制，利用移动Agent对云端数据进行检测，将待上传密文数据的HASH值拼接在密文后面，并定时对数据进行双重检测，有效区分云端数据的正常修改和非法篡改。通过预测相关数据受攻击的可能性，对已被非法篡改或有被非法篡改可能性的数据进行有效处理。设计并构建了基于移动Agent的云端数据防御性数据销毁原型系统。实验结果表明，基于移动Agent的防御性数据销毁机制在检测准确性、安全性、时间开销等方面具有良好的性能表现。 

Defensive Data Destruction Mechanism for Cloud-P2P Computing

In order to fully tap various resources from network center cluster servers and edge nodes in cloud-P2P computing, that integrates cloud computing and peer-to-peer computing organically; to implement the data security and the remote data destruction in the cloud-P2P computing environment, after introducing the dynamic network edge nodes; furthermore, to prevent some malicious subjects with illegal tamper behaviors from uploading data, a defensive data destruction mechanism was proposed based on mobile agent for cloud-P2P systems. With the mechanism, the mobile agent can be used to detect data, the HASH values of the encrypted data can be put at the end of the ciphertext, and the data can be detected doubly at regular time, the normal data modification can be distinguished effectively from illegal tampering. The prediction of the attack possibility can be realized for related data, and the data, which have been or will be illegally tampered, can be deal with in time. A prototype system was designed and constructed based on the defensive data destruction mechanism. The experimental results show that the defensive data destruction mechanism based on mobile agent has the ideal performance in detection accuracy, safety and time cost.