CN109190410B - Log behavior auditing method based on block chain in cloud storage environment - Google Patents

Log behavior auditing method based on block chain in cloud storage environment Download PDF

Info

Publication number
CN109190410B
CN109190410B CN201811126706.7A CN201811126706A CN109190410B CN 109190410 B CN109190410 B CN 109190410B CN 201811126706 A CN201811126706 A CN 201811126706A CN 109190410 B CN109190410 B CN 109190410B
Authority
CN
China
Prior art keywords
user
data
cloud storage
data file
log
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811126706.7A
Other languages
Chinese (zh)
Other versions
CN109190410A (en
Inventor
周可
李春花
邓虹雨
胡家琦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huazhong University of Science and Technology
Original Assignee
Huazhong University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huazhong University of Science and Technology filed Critical Huazhong University of Science and Technology
Priority to CN201811126706.7A priority Critical patent/CN109190410B/en
Publication of CN109190410A publication Critical patent/CN109190410A/en
Application granted granted Critical
Publication of CN109190410B publication Critical patent/CN109190410B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6272Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database by registering files or documents with a third party
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

本发明公开了一种云存储环境下的基于区块链的日志行为审计方法,该方法流程中所需的各个接口由智能合约编写,保证双方均不可对其行为否认,从而使得区块链网络中的日志记录是完全可信的。当有审计需求时调用智能合约的审计接口,由智能合约对日志记录进行审查后将结果返回给提出请求的用户。本发明通过将云日志存储从云存储提供方转移到区块链,利用区块链的去中心化,去信任化和高可靠性等特点,保证了日志数据的安全性和完整性;利用智能合约使区块链网络提供了日志的读写接口和审计结构,并针对用户和云服务提供方之间的交互设计了数据访问流程,可以保证用户和云存储双方会将日志完整地记录在区块链网络上,且不可对日志记录进行否认和篡改。

Figure 201811126706

The invention discloses a blockchain-based log behavior audit method in a cloud storage environment. All interfaces required in the method process are written by smart contracts to ensure that neither party can deny their behaviors, thereby enabling the blockchain network The logging in is completely trusted. When there is an audit requirement, the audit interface of the smart contract is called, and the smart contract reviews the log records and returns the result to the user who made the request. The present invention ensures the security and integrity of log data by transferring the cloud log storage from the cloud storage provider to the block chain, and utilizes the characteristics of block chain decentralization, de-trust and high reliability; The contract enables the blockchain network to provide the log reading and writing interface and audit structure, and designs the data access process for the interaction between the user and the cloud service provider, which can ensure that both the user and the cloud storage will completely record the log in the zone. On the blockchain network, the log records cannot be denied or tampered with.

Figure 201811126706

Description

Log behavior auditing method based on block chain in cloud storage environment
Technical Field
The invention belongs to the technical field of cloud storage safety, and particularly relates to a block chain-based log behavior auditing method in a cloud storage environment.
Background
A public auditing service utilizing cloud data storage may allow users to turn to an independent Third Party Auditor (TPA) when outsourced data needs to be reviewed. The TPA has professional knowledge and ability which are not possessed by a user, and can periodically audit the integrity of all data stored in the cloud storage server on behalf of the user, so that a simpler and more economic mode is provided for the user, and the data can be correctly stored in the cloud. In addition, besides helping users to evaluate the risk of the ordered cloud storage service, the auditing result of the TPA also helps cloud storage providers to improve the cloud-based service platform, and even can realize independent arbitration purpose by using the TPA. In sum, public auditing services will play an important role in this emerging cloud storage field and may become an important way to establish a trust relationship between users and cloud storage providers.
Whether the data owner or the ordinary user relies on a trusted third party for authentication and authorization, but some security problems such as data leakage and tampering which frequently occur in recent years are enough to show that: trusted third parties are not always trustworthy and may sell secure information such as the user's data or access controls for the benefit of the third party. On the other hand, the user may maliciously declare data loss and ask the service provider for high compensation. The lack of trust between the cloud storage platform and the user has influenced the development of the cloud storage technology, and new methods and new technical means are needed to solve the current problems.
At present, most of research on cloud data auditing is about data integrity, the research on cloud data operation behavior auditing is less, the operation behavior auditing based on log records is greatly helpful for confirming responsibility attribution, tracing user data, limiting illegal operation and the like, and the trust problem between a user and a cloud storage provider can be effectively relieved.
Disclosure of Invention
Aiming at the defects of the prior art, the cloud data auditing method and device aim to solve the technical problems that cloud data auditing depends on a third party and the auditing of cloud data operation behaviors is lacked in the prior art.
In order to achieve the above object, in a first aspect, an embodiment of the present invention provides a block chain-based log behavior auditing method in a cloud storage environment, where the method includes:
s1, a data owner and a cloud service provider negotiate an intelligent contract together, the intelligent contract is deployed on a block chain network, if the deployment is successful, the step S2 is carried out, and if not, the operation is finished;
s2, for a data owner, after uploading a data file to a cloud storage server, calling an intelligent contract to add a log record to a block chain network;
s3, for a common user, calling an intelligent contract to input operation request information to be performed on the data file on the cloud storage server, returning the intelligent contract to the metadata information of the data file of the common user, and turning to the step S4;
s4, the common user initiates an operation request to the cloud storage server and sends a log record according to the operation request information and the metadata information, judges whether the operation request is a read operation request or a write operation request, and if the operation request is the write operation request, the step S5 is carried out; if the request is a read operation request, go to step S6;
s5, the cloud storage provider calls an intelligent contract to authenticate the log record, executes corresponding write-in operation according to the write-in operation request after receiving feedback that the intelligent contract agrees with the write-in operation request, and calls the intelligent contract to add the log record to the blockchain network;
s6, the cloud storage provider calls an intelligent contract to authenticate the log record, after feedback that the intelligent contract agrees to the read operation request is received, corresponding read operation is executed according to the read operation request, the requested data file is returned to a common user, the intelligent contract is called to add the log record to the block chain network, and the step S7 is carried out;
and S7, when the data file returned by the cloud storage server is inconsistent with the data file obtained through the intelligent contract, the common user calls the intelligent contract to initiate an audit request on the data file.
More specifically, the intelligent contract includes a plurality of interfaces, specifically as follows:
upload: the data owner records the metadata information of the data file uploaded to the cloud service provider to the blockchain network through the interface, generates an initial access record of the data file, records a log signed by a user private key to the blockchain network for broadcasting, and packages the log into blocks to achieve consensus in the blockchain network;
getfile: the method comprises the steps that a user obtains an address L of a data file in a cloud storage server through an interface, and when the user sends a remote read/write request to a cloud storage server, the user needs to obtain the address and a temporary token through the interface;
VerifyRequest: the interface is provided for a cloud storage provider to use and can only be called by the cloud storage provider, when the cloud storage provider receives an operation request of a user, the interface is called to inquire whether the user has access authority or not, and meanwhile, the interface can acquire access request information of the user and store the access request information as a log record on a blockchain network;
grant: the data owner sets the access authority of a common user to the data stored on the cloud storage server through the interface, and the interface is used for authorizing the common user, namely endowing the user with the read-write authority to the data file;
revoke: the data owner gives the read-write authority to the data file stored on the cloud storage server by the common user before revoking through the interface;
and (2) Audit: the auditing user tracks the life cycle of the data file through the interface, namely knows when the data file is created and destroyed, accessed by a common user and executed operations;
and (3) Logging: the interface is used for broadcasting the access data file of the common user in the blockchain network to generate an access log record, and adding and storing the log record to the blockchain, and the access log record is completed by the interface together.
More specifically, the address L is url.
More specifically, step S2 is specifically as follows:
s201, a data owner creates a serial number fid for each data file to be uploaded, and uploads the data file to a cloud storage provider;
s202, a data owner calls an Upload interface of an intelligent contract to record metadata information of a data file to a block chain network;
s203, the data owner sends the signed log record (uid, fid, type, H (X0), OPM, ts, sign) to the cloud storage provider;
s204, the cloud storage provider checks the correctness of each field of the log record, if the fields are correct, a Logging interface of an intelligent contract is called to add the log record to the block chain network, and if the fields are not correct, the process is ended;
wherein uid is a unique user identification number for remotely accessing data, fid is a unique identifier for accessed data files, type is an operation type of the data files by the user, and H (X0) is a data hash value before being operated; ts is the current timestamp; sign is a signature generated by the user accessing the data at present by using the private key of the user to access the record; the OPM is an open data tracing model.
More specifically, the operation request information is (type, fit), where the type is an operation type of a user on the data file, and there are three types of types, namely Create, Read, and Write, which respectively represent uploading data, reading data, and writing data; fid is the only identification of the accessed data file; the metadata information of the data file comprises an address L of the data file on the cloud storage server, a hash value of the data file before operation and a token.
More specifically, the read operation request is (read, L, H (X0), token), and the write operation request is (write, L, H (Xn), token); the log record is generated by the private key signature of the access record (uid, fid, type, H (X0), H (Xn), OPM, ts, sign) in step S4;
wherein uid is a unique user identification number for remotely accessing data, fid is a unique identifier for accessed data files, type is an operation type of the data files by the user, and H (X0) is a data hash value before being operated; h (Xn) is the operated data hash value; ts is the current timestamp; sign is a signature generated by the user accessing the data at present by using the private key of the user to access the record; the OPM is an open data tracing model.
More specifically, step S5 is specifically as follows:
s501, after receiving a request of a common user, the cloud storage provider checks the correctness of each field of the log record, if the correctness is right, the step S502 is carried out, and if not, the process is ended;
s502, invoking a VerifyRequest interface of the intelligent contract to verify the identity of the common user, inquiring an access control strategy of a corresponding data file in the intelligent contract, if the identity of the user meets the condition, agreeing to the request, and turning to the step S503, if not, rejecting the request of the user, and ending the process;
s503, after receiving feedback that the intelligent contract agrees to the write operation request, the cloud storage provider executes corresponding write operation according to the request of the user;
s504, the intelligent contract adds the log record to the block chain network.
More specifically, step S6 is specifically as follows:
s601, after receiving a request of a user, a cloud storage provider checks the correctness of each field of the log record, if the correctness is right, the step S602 is switched to, and if not, the process is ended;
s602, invoking a VerifyRequest interface of the intelligent contract to verify the identity of the user, inquiring an access control strategy of a corresponding data file in the intelligent contract, if the identity of the user meets the condition, agreeing to the request, and turning to the step S603, otherwise, rejecting the request of the user and ending the process;
s603, after receiving feedback that the intelligent contract agrees to the read operation request, the cloud storage provider executes corresponding read operation according to the request of the user and returns the requested data file to the common user;
s604, the intelligent contract adds the log record to the block chain network, and the step S7 is carried out.
More specifically, step S7 is specifically as follows:
after receiving a data file sent by a cloud storage server, a common user calculates a hash value of the data file, compares the hash value with a latest hash value H (X0) of the data file acquired through an intelligent contract, if the hash value H is the same as the latest hash value H, the read data file is proved to be correct, otherwise, the read data file is proved to be tampered or not to be a latest version, and the user can call an Audit interface of the intelligent contract to initiate an Audit request for the data file.
In a second aspect, an embodiment of the present invention provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when executed by a processor, the computer program implements the log behavior auditing method according to the first aspect.
Generally, compared with the prior art, the above technical solution conceived by the present invention has the following beneficial effects:
1. according to the cloud log storage method and the cloud log storage system, the cloud log storage is transferred from the cloud storage provider to the block chain, and the safety and the integrity of log data are guaranteed by the characteristics of decentralization, distrust, high reliability and the like of the block chain.
2. According to the invention, the block chain network provides a read-write interface and an audit structure of the log by using the intelligent contract, and a data access flow is designed aiming at the interaction between the user and the cloud service provider, so that the log can be completely recorded on the block chain network by both the user and the cloud storage, and the log record cannot be denied or tampered.
Drawings
Fig. 1 is a schematic diagram of a block chain-based log behavior audit model in a cloud storage environment according to the present invention;
fig. 2 is a flowchart of a block chain-based log behavior auditing method in a cloud storage environment according to the present invention;
FIG. 3 is a flowchart of step S2 provided by the present invention;
FIG. 4 is a flowchart illustrating a remote write operation performed on data stored in a cloud storage server according to the present invention;
fig. 5 is a flowchart of performing a remote read operation on data stored in a cloud storage server according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Fig. 1 is a schematic diagram of a block chain-based log behavior audit model in a cloud storage environment. As shown in fig. 1, the log behavior audit model includes the following components:
cloud storage users: the data management system consists of two types, namely a data owner and a common user, and can be an individual or an organization.Data congestion One of whom isThe data can be uploaded to a cloud storage provider, the uploading operation is broadcasted in the blockchain network at the same time, and the operation log is recorded by the blockchain;general usersAnd mainly performing read-write operation on the cloud data, and broadcasting in the block chain network and recording the operation record of the block chain network.
The cloud storage provider: and the cloud storage provider provides the virtualized resources to the user in a storage resource pool mode for free use according to the requirements of the user. The user can upload data to the cloud data server and perform remote read-write operation on the data, and meanwhile, the cloud storage provider is added into the block chain network to verify the log records together with the user.
Block chain network: the user and the cloud storage provider serve as nodes to form the whole block chain network, each node equally receives operation record information broadcasted by the user node, and the record information is packaged into blocks through a mining algorithm. The entire blockchain network stores the operational behavior log as a distributed database.
A third party auditor: the cloud storage system has professional knowledge and ability which are not possessed by a user, and can periodically audit the integrity of all data stored in the cloud storage server on behalf of the user, so that a simpler and more economic mode is provided for the user, and the data can be correctly stored in the cloud.
In order to enable both a cloud storage user and a cloud storage provider to be incapable of denying log records and to obtain confirmation of both the cloud storage user and the cloud storage provider when a log is recorded, the invention provides a block chain-based log behavior auditing method in a cloud storage environment.
Fig. 2 is a flowchart of a block chain-based log behavior auditing method in a cloud storage environment according to the present invention. As shown in fig. 2, the method comprises the steps of:
s1, a data owner and a cloud service provider negotiate an intelligent contract together, the intelligent contract is deployed on a block chain network, if the deployment is successful, the step S2 is carried out, and if not, the operation is finished;
s2, for a data owner, after uploading a data file to a cloud storage server, calling an intelligent contract to add a log record to a block chain network;
s3, for a common user, calling an intelligent contract to input operation request information to be performed on the data file on the cloud storage server, returning the intelligent contract to the metadata information of the data file of the common user, and turning to the step S4;
s4, the common user initiates an operation request to the cloud storage server and sends a log record according to the operation request information and the metadata information, judges whether the operation request is a read operation request or a write operation request, and if the operation request is the write operation request, the step S5 is carried out; if the request is a read operation request, go to step S6;
s5, the cloud storage provider calls an intelligent contract to authenticate the log record, executes corresponding write-in operation according to the write-in operation request after receiving feedback that the intelligent contract agrees with the write-in operation request, and calls the intelligent contract to add the log record to the blockchain network;
s6, the cloud storage provider calls an intelligent contract to authenticate the log record, after feedback that the intelligent contract agrees to the read operation request is received, corresponding read operation is executed according to the read operation request, the requested data file is returned to a common user, the intelligent contract is called to add the log record to the block chain network, and the step S7 is carried out;
and S7, when the data file returned by the cloud storage server is inconsistent with the data file obtained through the intelligent contract, the common user calls the intelligent contract to initiate an audit request on the data file.
Step S1, a data owner and a cloud service provider negotiate an intelligent contract together, the intelligent contract is deployed on a block chain network, if the deployment is successful, the step S2 is carried out, and otherwise, the operation is finished.
Firstly, the system needs to be initialized, a user and a cloud service provider jointly negotiate an intelligent contract rule, then the contract is deployed on a blockchain network, the contract deployment process initiates a transaction with an acceptance address of 0, and a data field of the transaction contains a contract code which is compiled into byte codes. The transaction is broadcast over the blockchain network, received by the nodes and packaged into blocks, which now get a unique contract address from which we can invoke the contract. Since the transaction containing the contract code is packaged into blocks and agreed upon throughout the network, the contract code cannot be tampered with, and we can believe that this piece of code must be run according to the rules we have formulated. The process returns the smart contract address to the user side and the cloud service provider.
The intelligent contract comprises a plurality of interfaces, and a user, a cloud storage provider and a forensics investigator realize log recording and auditing work through the following interfaces:
upload: the data owner records the metadata information of the data file uploaded to the cloud service provider to the blockchain network through the interface, generates an initial access record of the data file, broadcasts the log record signed by the private key of the user in the blockchain network, and packs the log record into blocks to achieve consensus in the blockchain network.
The log records are treated as transaction data packaged into blocks.
Getfile: the user acquires the address L of the data file in the cloud storage server through the interface, and when the user sends a remote read/write request to the cloud storage server, the user needs to acquire the address and a temporary token through the interface.
Preferably, the address L is url. After receiving the request, the intelligent contract records the action as a pre-request log for auditing the operation action of the user in the follow-up process, and meanwhile, the token can prevent the user from directly utilizing the url acquired by calling the Getfile interface last time to make a request for the cloud storage server.
VerifyRequest: the interface is provided for a cloud storage provider to use and can only be called by the cloud storage provider, when the cloud storage provider receives an operation request of a user, the interface is called to inquire whether the user has access authority, and meanwhile, the interface can acquire access request information of the user and store the access request information as a log record on a blockchain network.
Grant: the data owner sets the access authority of a common user to the data stored on the cloud storage server through the interface, and the interface is used for authorizing the common user, namely endowing the user with the read-write authority to the data file.
Revoke: and the data owner gives the read-write permission to the data file stored on the cloud storage server to the common user before revoking through the interface.
And (2) Audit: the audit user tracks the lifecycle of the data file through the interface, i.e., knows when the data file was created and destroyed, when it was accessed by the average user, and which operations were performed.
And (3) Logging: the interface is used for broadcasting the access data file of the common user in the blockchain network to generate an access log record, and adding and storing the log record to the blockchain, and the access log record is completed by the interface together.
And S2, for a data owner, after uploading a data file to a cloud storage server, calling an intelligent contract to add a log record to the block chain network.
Step S2 corresponds to a Create access operation of the data owner to the data. After contract deployment is successful, the system is initialized. Then, each time the data owner uploads data to the cloud, the data owner calls an Upload interface of the intelligent contract to Upload file metadata and writes a log record, the process of calling the intelligent contract is a process of broadcasting a transaction in the blockchain network, the receiving address of the transaction is an intelligent contract address, a data field contains parameters provided by a sender, and the transaction contains the signature of the sender and can be verified by other nodes.
When the transaction is received by other nodes, the intelligent contract is executed and corresponding state variables are stored, then the transaction is packaged into blocks and is agreed on the whole network, the state of the intelligent contract after operation is confirmed by the whole network, and therefore file metadata and log records are written into a block chain and cannot be tampered.
The data owner can also make an access control strategy for the file through the Grant interface and the Revoke interface. When the transaction is broadcast over the blockchain network, the receiving node verifies the signature of the transaction and only the data owner can formulate a policy, otherwise the call is considered an invalid operation.
Fig. 3 is a flowchart of step S2 provided by the present invention. As shown in fig. 3, step S2 is specifically as follows:
s201, a data owner creates a serial number fid for each data file to be uploaded, and uploads the data file to a cloud storage provider;
and S202, the data owner calls an Upload interface of the intelligent contract to record the metadata information of the data file to the block chain network.
S203, the data owner sends the signed log record (uid, fid, type, H (X0), OPM, ts, sign) to the cloud storage provider.
The user's signature attached to the log record can ensure that the user cannot repudiate the action.
S204, the cloud storage provider checks the correctness of each field of the log record, if the fields are correct, a Logging interface of an intelligent contract is called to add the log record to the block chain network, and if the fields are not correct, the process is ended;
wherein uid is a unique user identification number for remotely accessing data, fid is a unique identifier for accessed data files, type is an operation type of the data files by the user, and H (X0) is a data hash value before being operated; ts is the current timestamp; sign is a signature generated by the user accessing the data at present by using the private key of the user to access the record; the OPM is an open data tracing model.
For example, whether the user uid is correct and whether the operation type corresponds to the user uid is checked, the validity of the user signature is verified, whether the hash value of the data file is the same as that of H (X0) is calculated finally, and if the hash value is correct, the Logging interface of the intelligent contract can be called to write the log record into the block chain network.
S3, for a common user, calling an intelligent contract to input operation request information to be performed on the data file on the cloud storage server, returning the intelligent contract to the metadata information of the data file of the common user, and turning to the step S4;
specifically, the operation request information is (type, fit), wherein the type is an operation type of a user on the data file, and the types include Create, Read, and Write, which respectively represent uploading data, reading data, and writing data; fid is the unique identification of the data file being accessed. The metadata information of the data file comprises an address L of the data file on the cloud storage server, a hash value of the data file before operation and a token. The access control policy specified by the file owner to the file is also included, and is implemented by using an access control list in the system.
S4, the common user initiates an operation request to the cloud storage server and sends a log record according to the operation request information and the metadata information, judges whether the operation request is a read operation request or a write operation request, and if the operation request is the write operation request, the step S5 is carried out; if the request is a read operation request, the process proceeds to step S6.
Specifically, the read operation request is (read, L, H (X0), token), the write operation request is (write, L, H (Xn), token); the log record is generated by the private key signature of the access record (uid, fid, type, H (X0), H (Xn), OPM, ts, sign) in step S4;
wherein uid is a unique user identification number for remotely accessing data, fid is a unique identifier for accessed data files, type is an operation type of the data files by the user, and H (X0) is a data hash value before being operated; h (Xn) is the operated data hash value; ts is the current timestamp; sign is a signature generated by the user accessing the data at present by using the private key of the user to access the record; the OPM is an open data tracing model.
And S5, the cloud storage provider calls an intelligent contract to authenticate the log record, executes corresponding write-in operation according to the write-in operation request after receiving feedback that the intelligent contract agrees to the write-in operation request, and calls the intelligent contract to add the log record into the block chain network.
Fig. 4 is a flowchart illustrating a remote write operation performed on data stored in a cloud storage server according to the present invention. As shown in fig. 4, step S5 is specifically as follows:
s501, after receiving a request of a common user, the cloud storage provider checks the correctness of each field of the log record, if the correctness is right, the step S502 is carried out, and if not, the process is ended;
s502, invoking a VerifyRequest interface of the intelligent contract to verify the identity of the common user, inquiring an access control strategy of a corresponding data file in the intelligent contract, if the identity of the user meets the condition, agreeing to the request, and turning to the step S503, if not, rejecting the request of the user, and ending the process;
s503, after receiving feedback that the intelligent contract agrees to the write operation request, the cloud storage provider executes corresponding write operation according to the request of the user;
s504, the intelligent contract adds the log record to the block chain network.
And S6, the cloud storage provider calls an intelligent contract to authenticate the log record, after receiving feedback that the intelligent contract agrees to the read operation request, executes corresponding read operation according to the read operation request, returns the requested data file to a common user, calls the intelligent contract to add the log record to the block chain network, and the step S7 is carried out.
Fig. 5 is a flowchart of performing a remote read operation on data stored in a cloud storage server according to the present invention. As shown in fig. 5, step S6 is specifically as follows:
s601, after receiving a request of a user, a cloud storage provider checks the correctness of each field of the log record, if the correctness is right, the step S602 is switched to, and if not, the process is ended;
s602, invoking a VerifyRequest interface of the intelligent contract to verify the identity of the user, inquiring an access control strategy of a corresponding data file in the intelligent contract, if the identity of the user meets the condition, agreeing to the request, and turning to the step S603, otherwise, rejecting the request of the user and ending the process;
s603, after receiving feedback that the intelligent contract agrees to the read operation request, the cloud storage provider executes corresponding read operation according to the request of the user and returns the requested data file to the common user;
s604, the intelligent contract adds the log record to the block chain network, and the step S7 is carried out.
And S7, when the data file returned by the cloud storage server is inconsistent with the data file acquired through the intelligent contract, the common user calls the intelligent contract to initiate an audit request on the data file.
After receiving data sent by the cloud storage server, a common user calculates a hash value of the data, and then compares the hash value with a latest hash value H (X0) of the data obtained through the intelligent contract, if the hash value H is the same as the latest hash value H, the read data is proved to be correct, otherwise, the data is proved to be falsified or not to be the latest version, and at the moment, the user can call an Audit interface of the intelligent contract to initiate an Audit request for the data file.
The intelligent contract is characterized in that the intelligent contract can only read data and does not need to write data because the data is damaged or maliciously tampered, but the intelligent contract also provides an interface through which a user can perform integrity audit on the data at any time. Auditing of data manipulation behavior may be based on extraction and analysis of log records. When there is audit demand, first, the audit interface of intelligent contract is called, and the intelligent contract checks the log record and returns the result to the user who has made the request.
The invention provides three auditing functions and can be used as a public auditing interface Audit to be opened for all users. The audit can be invoked by a third party auditor or any other user. These three audit functions are: obtaining the life cycle of the file, inquiring illegal users and verifying the integrity of the file.
Acquiring the file life cycle provides all operation records of the data file from uploading to deleting.
The inquiry of the illegal users provides which users try to perform illegal operations, so that some punishment measures can be taken for the users or the authority of the malicious users can be timely revoked. By comparing whether the request sent by the Getfile and the request sent by the VerifyRequest are consistent or not, if the request operations of the Getfile and the VerifyRequest are inconsistent, the user is proved to have initiated an illegal request, and the user is an illegal user.
Verifying the integrity of the file provides the user with a verification that the file he or she has obtained has been tampered with. By comparing the hash value of the data with the hash value of the data in the most recent record, if not, it is said that the integrity of the data is compromised.
The above description is only for the preferred embodiment of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present application should be covered within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (10)

1.一种云存储环境下的基于区块链的日志行为审计方法,其特征在于,该方法包括以下步骤:1. a block chain-based log behavior audit method under cloud storage environment, is characterized in that, this method comprises the following steps: S1.数据拥有者和云服务提供方共同商议一个智能合约,将所述智能合约部署至区块链网络上,如果部署成功,则转入步骤S2,否则,结束;S1. The data owner and the cloud service provider jointly negotiate a smart contract, and deploy the smart contract on the blockchain network. If the deployment is successful, go to step S2, otherwise, end; S2.对于数据拥有者,在向云存储服务器端上传数据文件后,调用智能合约向区块链网络添加日志记录;S2. For the data owner, after uploading the data file to the cloud storage server, call the smart contract to add log records to the blockchain network; S3.对于普通用户,调用智能合约输入想要对云存储服务器上数据文件进行的操作请求信息,智能合约返回给普通用户所述数据文件的元数据信息,转入步骤S4;S3. For ordinary users, call the smart contract to input the operation request information that they want to perform on the data file on the cloud storage server, and the smart contract returns the metadata information of the data file to the ordinary user, and goes to step S4; S4.普通用户根据操作请求信息和元数据信息,向云存储服务器发起操作请求并发送日志记录,判断所述操作请求是读操作请求还是写操作请求,若为写操作请求,则转入步骤S5;若为读操作请求,则转入步骤S6;S4. Ordinary users initiate an operation request to the cloud storage server and send log records according to the operation request information and metadata information, and determine whether the operation request is a read operation request or a write operation request, and if it is a write operation request, then go to step S5 ; If it is a read operation request, then go to step S6; S5.云存储提供方调用智能合约认证日志记录,在收到智能合约同意所述写操作请求的反馈后,按照所述写操作请求执行相应的写入操作,并调用智能合约向区块链网络中添加日志记录;S5. The cloud storage provider invokes the smart contract authentication log record, and after receiving the feedback that the smart contract agrees to the write operation request, executes the corresponding write operation according to the write operation request, and calls the smart contract to the blockchain network Add logging in; S6.云存储提供方调用智能合约认证日志记录,在收到智能合约同意所述读操作请求的反馈后,按照所述读操作请求执行相应的读取操作,将请求的数据文件返回给普通用户,并调用智能合约向区块链网络中添加日志记录,转入步骤S7;S6. The cloud storage provider invokes the smart contract authentication log record, and after receiving the feedback that the smart contract agrees to the read operation request, executes the corresponding read operation according to the read operation request, and returns the requested data file to the ordinary user , and call the smart contract to add log records to the blockchain network, and go to step S7; S7.当云存储服务器返回的数据文件与之前通过智能合约获取的数据文件不一致,普通用户调用智能合约对该数据文件发起审计请求。S7. When the data file returned by the cloud storage server is inconsistent with the data file obtained through the smart contract before, the ordinary user invokes the smart contract to initiate an audit request for the data file. 2.如权利要求1所述的日志行为审计方法,其特征在于,所述智能合约包括多种接口,具体如下:2. The log behavior auditing method as claimed in claim 1, wherein the smart contract comprises multiple interfaces, which are specifically as follows: Upload:数据拥有者通过该接口将已经上传到云服务提供方的数据文件的元数据信息记录至区块链网络,并生成该数据文件的初始访问记录,由用户私钥签名后的日志记录在区块链网络进行广播,并被打包入块在区块链网络中达成共识;Upload: The data owner records the metadata information of the data file that has been uploaded to the cloud service provider to the blockchain network through this interface, and generates the initial access record of the data file. The log signed by the user's private key is recorded in the The blockchain network broadcasts and is packaged into blocks to reach consensus in the blockchain network; Getfile:用户通过此接口获取数据文件在云存储服务器的地址L,用户在向云存储服务器端发出远程读/写请求时,需要通过该接口获取地址和一个临时token;Getfile: The user obtains the address L of the data file in the cloud storage server through this interface. When the user sends a remote read/write request to the cloud storage server, the user needs to obtain the address and a temporary token through this interface; VerifyRequest:该接口提供给云存储提供方使用且只能由云存储提供方调用,当云存储提供方收到用户的操作请求时,首先调用该接口查询用户是否有访问权限,同时该接口会获取用户的访问请求信息,并将其作为日志记录存储在区块链网络上;VerifyRequest: This interface is provided to the cloud storage provider and can only be called by the cloud storage provider. When the cloud storage provider receives an operation request from the user, it will first call this interface to check whether the user has access rights, and this interface will obtain User access request information and store it on the blockchain network as a log record; Grant:数据拥有者通过该接口设置普通用户对自己存放于云存储服务器上的数据的访问权限,该接口用于给普通用户授权,即赋予该用户对数据文件的读写权限;Grant: The data owner sets the access rights of ordinary users to the data stored on the cloud storage server through this interface. This interface is used to authorize ordinary users, that is, to give the user the read and write rights to data files; Revoke:数据拥有者通过该接口撤销之前赋予普通用户对自己存放于云存储服务器上的数据文件的读写权限;Revoke: The data owner revokes the read and write permissions of the data files stored on the cloud storage server by ordinary users before revoking through this interface; Audit:审计用户通过该接口追踪数据文件的生命周期,即知道该数据文件何时被创建和销毁、何时被普通用户访问以及被执行过哪些操作;Audit: Audit users track the life cycle of data files through this interface, that is, know when the data files are created and destroyed, when they are accessed by ordinary users, and what operations have been performed; Logging:该接口用于在区块链网络中广播普通用户访问数据文件产生访问日志记录,并向区块链添加存储所述日志记录,由上述接口共同完成。Logging: This interface is used to broadcast ordinary user access data files in the blockchain network to generate access log records, and add and store the log records to the blockchain, which are jointly completed by the above interfaces. 3.如权利要求2所述的日志行为审计方法,其特征在于,所述地址L为url。3. The method for auditing log behavior according to claim 2, wherein the address L is a url. 4.如权利要求2所述的日志行为审计方法,其特征在于,步骤S2具体如下:4. log behavior auditing method as claimed in claim 2, is characterized in that, step S2 is as follows: S201.数据拥有者为每一个待上传的数据文件创建一个编号fid,并将该数据文件上传至云存储提供方;S201. The data owner creates a serial number fid for each data file to be uploaded, and uploads the data file to the cloud storage provider; S202.数据拥有者调用智能合约的Upload接口将数据文件的元数据信息记录至区块链网络;S202. The data owner calls the Upload interface of the smart contract to record the metadata information of the data file to the blockchain network; S203.数据拥有者将签名后的日志记录(uid,fid,type,H(X0),OPM,ts,sign)发送给云存储提供方;S203. The data owner sends the signed log record (uid, fid, type, H(X0), OPM, ts, sign) to the cloud storage provider; S204.云存储提供方检查日志记录各个字段的正确性,如果都正确,则调用智能合约的Logging接口将日志记录添加至区块链网络中,否则,结束过程;S204. The cloud storage provider checks the correctness of each field of the log record, and if all are correct, calls the Logging interface of the smart contract to add the log record to the blockchain network, otherwise, ends the process; 其中,uid为远程访问数据的用户唯一识别编号,fid为被访问的数据文件的唯一标识,type为用户对数据文件的操作类型,H(X0)为被操作前的数据哈希值;ts为当前时间戳;sign为当前访问数据的用户利用其私钥对访问记录生成的签名;OPM为开放的数据溯源模型。Among them, uid is the unique identification number of the user who remotely accesses the data, fid is the unique identifier of the accessed data file, type is the operation type of the data file by the user, H(X0) is the data hash value before being operated; ts is The current timestamp; sign is the signature generated by the user currently accessing the data using his private key to the access record; OPM is an open data traceability model. 5.如权利要求2所述的日志行为审计方法,其特征在于,所述操作请求信息为(type,fid),其中,type为用户对数据文件的操作类型,type有Create、Read、Write三种,分别表示上传数据、读数据和写数据;fid为被访问的数据文件的唯一标识;所述数据文件的元数据信息包括数据文件在云存储服务器上的地址L、数据文件被操作前的哈希值以及令牌token。5. The log behavior auditing method according to claim 2, wherein the operation request information is (type, fid), wherein, type is the operation type of the data file by the user, and the type has three types: Create, Read, and Write. type, representing uploading data, reading data and writing data respectively; fid is the unique identifier of the accessed data file; the metadata information of the data file includes the address L of the data file on the cloud storage server, the address L of the data file before the data file is operated Hash value and token token. 6.如权利要求5所述的日志行为审计方法,其特征在于,读操作请求为(read,L,H(X0),token),写操作请求为(write,L,H(Xn),token);步骤S4中所述日志记录由访问记录(uid,fid,type,H(X0),H(Xn),OPM,ts,sign)私钥签名生成;6. The log behavior auditing method of claim 5, wherein the read operation request is (read, L, H(X0), token), and the write operation request is (write, L, H(Xn), token) ); log record described in step S4 is generated by access record (uid, fid, type, H(X0), H(Xn), OPM, ts, sign) private key signature; 其中,uid为远程访问数据的用户唯一识别编号,fid为被访问的数据文件的唯一标识,type为用户对数据文件的操作类型,H(X0)为被操作前的数据哈希值;H(Xn)为被操作后的数据哈希值;ts为当前时间戳;sign为当前访问数据的用户利用其私钥对访问记录生成的签名;OPM为开放的数据溯源模型。Among them, uid is the unique identification number of the user accessing the data remotely, fid is the unique identifier of the accessed data file, type is the operation type of the data file by the user, H(X0) is the data hash value before being operated; H( Xn) is the hash value of the operated data; ts is the current timestamp; sign is the signature generated by the user currently accessing the data using his private key to access the record; OPM is an open data traceability model. 7.如权利要求2所述的日志行为审计方法,其特征在于,步骤S5具体如下:7. log behavior auditing method as claimed in claim 2, is characterized in that, step S5 is as follows: S501.云存储提供方接收到普通用户的请求后,检查日志记录各个字段的正确性,如果都正确,则转入步骤S502,否则,结束过程;S501. After the cloud storage provider receives the request of the common user, it checks the correctness of each field of the log record, if all are correct, then goes to step S502, otherwise, ends the process; S502.调用智能合约的VerifyRequest接口对普通用户的身份进行验证,在智能合约内部查询对应数据文件的访问控制策略,若用户身份符合条件,则同意该请求,并转入步骤S503,若不符合,则拒绝用户的请求,并结束过程;S502. Call the VerifyRequest interface of the smart contract to verify the identity of the common user, and query the access control policy of the corresponding data file in the smart contract. If the user's identity meets the conditions, the request is approved, and the process goes to step S503. If not, then reject the user's request and end the process; S503.云存储提供方在收到智能合约同意所述写操作请求的反馈后,按照用户的请求执行相应的写入操作;S503. After receiving the feedback that the smart contract agrees to the write operation request, the cloud storage provider performs the corresponding write operation according to the user's request; S504.智能合约将该日志记录添加至区块链网络中。S504. The smart contract adds the log record to the blockchain network. 8.如权利要求2所述的日志行为审计方法,其特征在于,步骤S6具体如下:8. log behavior auditing method as claimed in claim 2, is characterized in that, step S6 is as follows: S601.云存储提供方接收到用户的请求后,检查日志记录各个字段的正确性,如果都正确,则转入步骤S602,否则,结束过程;S601. After the cloud storage provider receives the user's request, it checks the correctness of each field of the log record, and if all are correct, then goes to step S602, otherwise, the process ends; S602.调用智能合约的VerifyRequest接口对该用户的身份进行验证,在智能合约内部查询对应数据文件的访问控制策略,若用户身份符合条件,则同意该请求,并转入步骤S603,否则,拒绝用户的请求,并结束过程;S602. Call the VerifyRequest interface of the smart contract to verify the identity of the user, and query the access control policy of the corresponding data file in the smart contract. If the user's identity meets the conditions, the request is approved, and the process goes to step S603, otherwise, the user is rejected request and end the process; S603.云存储提供方在收到智能合约同意所述读操作请求的反馈后,按照用户的请求执行相应的读取操作,并将请求的数据文件返回给普通用户;S603. After receiving the feedback that the smart contract agrees to the read operation request, the cloud storage provider performs the corresponding read operation according to the user's request, and returns the requested data file to the ordinary user; S604.智能合约将该日志记录添加至区块链网络中,转入步骤S7。S604. The smart contract adds the log record to the blockchain network, and goes to step S7. 9.如权利要求2所述的日志行为审计方法,其特征在于,步骤S7具体如下:9. log behavior auditing method as claimed in claim 2, is characterized in that, step S7 is as follows: 普通用户在接收到云存储服务器发送的数据文件后,先计算其hash值,再与之前通过智能合约获取的数据文件最新hash值H(X0)进行比较,若相同,则证明读取的数据文件是正确的,否则,说明数据文件被篡改或者不是最新的版本,用户可调用智能合约的Audit接口对该数据文件发起审计请求。After receiving the data file sent by the cloud storage server, the ordinary user first calculates its hash value, and then compares it with the latest hash value H(X0) of the data file obtained through the smart contract. If it is the same, it proves the read data file. If it is correct, otherwise, it means that the data file has been tampered with or is not the latest version, and the user can call the Audit interface of the smart contract to initiate an audit request for the data file. 10.一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储有计算机程序,所述计算机程序被处理器执行时实现如权利要求1至9任一项所述的日志行为审计方法。10. A computer-readable storage medium, wherein the computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, the log behavior according to any one of claims 1 to 9 is implemented Audit method.
CN201811126706.7A 2018-09-26 2018-09-26 Log behavior auditing method based on block chain in cloud storage environment Active CN109190410B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811126706.7A CN109190410B (en) 2018-09-26 2018-09-26 Log behavior auditing method based on block chain in cloud storage environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811126706.7A CN109190410B (en) 2018-09-26 2018-09-26 Log behavior auditing method based on block chain in cloud storage environment

Publications (2)

Publication Number Publication Date
CN109190410A CN109190410A (en) 2019-01-11
CN109190410B true CN109190410B (en) 2020-05-19

Family

ID=64907256

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811126706.7A Active CN109190410B (en) 2018-09-26 2018-09-26 Log behavior auditing method based on block chain in cloud storage environment

Country Status (1)

Country Link
CN (1) CN109190410B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110084069A (en) * 2019-04-17 2019-08-02 江苏全链通信息科技有限公司 Server log monitoring method and system based on block chain

Families Citing this family (57)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109829334B (en) * 2019-01-30 2022-12-20 复旦大学 Block chain-based data box configuration, use and billing method and its operating system
CN109903046A (en) * 2019-02-02 2019-06-18 中国互联网络信息中心 User data management and device based on block chain
CN109815203A (en) * 2019-02-12 2019-05-28 山东超越数控电子股份有限公司 A kind of log audit method and system based on block chain
CN109862103B (en) * 2019-02-26 2022-02-25 上海南潮信息科技有限公司 File data secure sharing method and device based on block chain
CN109977089A (en) * 2019-03-13 2019-07-05 深圳壹账通智能科技有限公司 Blog management method, device, computer equipment and computer readable storage medium
CN110138733B (en) * 2019-04-03 2021-09-21 华南理工大学 Block chain-based object storage system trusted evidence storage and access authority control method
CN109902074B (en) * 2019-04-17 2021-02-09 江苏全链通信息科技有限公司 Data center-based log storage method and system
CN110048828A (en) * 2019-04-17 2019-07-23 江苏全链通信息科技有限公司 Log storing method and system based on data center
US11360946B2 (en) * 2019-05-17 2022-06-14 International Business Machines Corporation Tracking data transfers
CN110263584B (en) * 2019-06-19 2020-10-27 华中科技大学 Block chain-based data integrity auditing method and system
CN110365766A (en) * 2019-07-12 2019-10-22 全链通有限公司 Cloud storage method, equipment and computer readable storage medium based on block chain
CN110430248B (en) * 2019-07-23 2022-03-25 平安科技(深圳)有限公司 Block chain construction method, device, medium and electronic equipment based on cloud service
CN110457898B (en) * 2019-07-29 2020-10-30 创新先进技术有限公司 Operation record storage method, device and equipment based on trusted execution environment
US10783054B2 (en) 2019-07-29 2020-09-22 Alibaba Group Holding Limited Method, apparatus, and device for storing operation record based on trusted execution environment
US11251963B2 (en) 2019-07-31 2022-02-15 Advanced New Technologies Co., Ltd. Blockchain-based data authorization method and apparatus
US11057189B2 (en) 2019-07-31 2021-07-06 Advanced New Technologies Co., Ltd. Providing data authorization based on blockchain
CN110473096A (en) * 2019-07-31 2019-11-19 阿里巴巴集团控股有限公司 Data grant method and device based on intelligent contract
CN110473094B (en) * 2019-07-31 2021-05-18 创新先进技术有限公司 Data authorization method and device based on block chain
US11252166B2 (en) 2019-07-31 2022-02-15 Advanced New Technologies Co., Ltd. Providing data authorization based on blockchain
CN110457875B (en) * 2019-07-31 2021-04-27 创新先进技术有限公司 Data authorization method and device based on block chain
CN110414270B (en) * 2019-08-01 2022-12-06 谈建中 Personal data protection system and method based on block chain
CN110417909B (en) * 2019-08-07 2022-04-08 中国联合网络通信集团有限公司 Wireless network remote login method and system
US10936581B2 (en) 2019-08-30 2021-03-02 Advanced New Technologies Co., Ltd. Blockchain transaction processing method and apparatus
CN110633309A (en) * 2019-08-30 2019-12-31 阿里巴巴集团控股有限公司 Block chain transaction processing method and device
CN112527825B (en) * 2019-09-19 2022-12-06 上海哔哩哔哩科技有限公司 Data storage method and device and computer equipment
CN112561695B (en) * 2019-09-25 2021-07-23 支付宝(杭州)信息技术有限公司 Method and apparatus for concurrently executing transactions in a blockchain
CN110677407B (en) * 2019-09-26 2022-04-22 北京笔新互联网科技有限公司 Safety control method of lightweight block chain platform
CN111092745A (en) * 2019-10-12 2020-05-01 深圳壹账通智能科技有限公司 Log processing method and device based on block chain, computer equipment and storage medium
CN110798478B (en) * 2019-11-06 2022-04-15 中国联合网络通信集团有限公司 Data processing method and device
CN111131191A (en) * 2019-12-10 2020-05-08 山东超越数控电子股份有限公司 Method and system for auditing cloud storage service operation and cloud storage system
CN111177096A (en) * 2019-12-11 2020-05-19 招银云创(深圳)信息技术有限公司 Log management method and device, computer equipment and storage medium
CN111241104B (en) * 2020-01-14 2024-12-20 腾讯科技(深圳)有限公司 Operation audit method, device, electronic device and computer-readable storage medium
US11310051B2 (en) 2020-01-15 2022-04-19 Advanced New Technologies Co., Ltd. Blockchain-based data authorization method and apparatus
WO2021154157A1 (en) * 2020-01-31 2021-08-05 Agency For Science, Technology And Research Blockchain-based data exchange
CN111339550B (en) * 2020-02-01 2023-08-29 温州理工学院 Comment information credibility method based on blockchain technology
CN111448565B (en) * 2020-02-14 2024-04-05 支付宝(杭州)信息技术有限公司 Data authorization based on decentralised identification
CN111698278B (en) * 2020-04-10 2021-06-25 湖南大学 A method for multi-cloud data storage based on blockchain
CN111428207B (en) * 2020-04-23 2023-11-14 重庆邮电大学 Digital copyright registration and transaction method based on blockchain technology
CN111611614B (en) * 2020-04-29 2023-09-08 南京财经大学 Blockchain-based anti-malicious auditor cloud storage public audit method and system
CN111797142A (en) * 2020-07-06 2020-10-20 北京荷月科技有限公司 Method and system for auditing data on link
CN111950020B (en) * 2020-07-20 2024-04-19 北京思特奇信息技术股份有限公司 Block chain-based data sharing system, method, computing device and storage medium
CN112134698B (en) * 2020-09-10 2022-10-11 江苏大学 A method and system for fast communication authentication method and system for Internet of Vehicles based on blockchain
CN112134869B (en) * 2020-09-16 2023-04-18 北方工业大学 Cloud service examination system and examination method based on block chain
CN112417496A (en) * 2020-10-28 2021-02-26 北京八分量信息科技有限公司 Method for realizing white list based on intelligent contract based on deep learning
CN112307233B (en) * 2020-10-30 2024-08-06 圆通速递有限公司 Method and system for deleting repeated images in cloud storage based on block chain
CN112448946B (en) * 2020-11-09 2024-03-19 北京工业大学 Log auditing method and device based on block chain
CN112306983B (en) * 2020-11-18 2024-04-09 武汉德尔达科技有限公司 Ship electronic turbine log system and data protection method
CN112434040B (en) * 2020-11-30 2023-09-22 泰康保险集团股份有限公司 Data storage method, data acquisition method, device, system and equipment
CN112564985A (en) * 2020-12-24 2021-03-26 南京联成科技发展股份有限公司 Safe operation and maintenance management method based on block chain
CN113094754B (en) * 2021-05-08 2022-11-01 重庆银行股份有限公司 Big data platform data modification system and modification, response, cache and verification method
CN113382073B (en) * 2021-06-08 2022-06-21 重庆邮电大学 A system and method for monitoring edge nodes in a cloud-edge-end industrial control system
CN113486082B (en) * 2021-06-28 2023-03-28 电子科技大学 Outsourcing data access control system based on block chain
CN113285812A (en) * 2021-07-26 2021-08-20 西南石油大学 Cloud storage self-auditing method based on SGX and Ether house block chain
CN113836237A (en) * 2021-09-30 2021-12-24 北京中经惠众科技有限公司 Method and device for auditing data operation of database
CN114119219A (en) * 2021-11-02 2022-03-01 浙江网商银行股份有限公司 Detection method and device for risk monitoring coverage
CN114020726B (en) * 2021-11-26 2024-09-10 中国电力科学研究院有限公司 Log auditing method, system, equipment and medium based on multivariate log data analysis
US11768821B1 (en) 2022-03-23 2023-09-26 International Business Machines Corporation Blockchain based multi vendor change monitoring system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10805393B2 (en) * 2015-12-02 2020-10-13 Olea Networks, Inc. System and method for data management structure using auditable delta records in a distributed environment
CN106650478B (en) * 2016-12-28 2019-12-06 优刻得科技股份有限公司 data operation management device and method
CN107707410B (en) * 2017-10-26 2021-04-27 上海点融信息科技有限责任公司 Method for configuring system audit service, information processing device and readable storage medium
CN108446407B (en) * 2018-04-12 2021-04-30 北京百度网讯科技有限公司 Database auditing method and device based on block chain

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110084069A (en) * 2019-04-17 2019-08-02 江苏全链通信息科技有限公司 Server log monitoring method and system based on block chain

Also Published As

Publication number Publication date
CN109190410A (en) 2019-01-11

Similar Documents

Publication Publication Date Title
CN109190410B (en) Log behavior auditing method based on block chain in cloud storage environment
US11170092B1 (en) Document authentication certification with blockchain and distributed ledger techniques
US10552627B2 (en) System and method for the creation and management of decentralized authorizations for connected objects
CN109691015B (en) Dynamic access control method and system on block chain
CN108737370B (en) Block chain-based Internet of things cross-domain authentication system and method
CN110060162B (en) Data authorization and query method and device based on block chain
CN107480555B (en) Database access authority control method and device based on block chain
KR101590076B1 (en) Method for managing personal information
CN110855777B (en) Node management method and device based on block chain
CN111767527A (en) Block chain-based data authority control method and device and computer equipment
Lee et al. Modifiable public blockchains using truncated hashing and sidechains
CN109962890B (en) Block chain authentication service device and node admission and user authentication method
CN115552441A (en) Low Trust Privileged Access Management
JP2013514587A (en) Content management method using certificate revocation list
CN113656780B (en) Cross-chain access control method and device
JP2009003854A (en) Information security apparatus and information security system
CN109242404B (en) Resume information management method, resume information management device, computer equipment and readable storage medium
CN111651794A (en) Alliance chain-based electronic data management method and device and storage medium
Purushothaman et al. An approach for data storage security in cloud computing
CN110908786A (en) A smart contract calling method, device and medium
CN112712372A (en) Alliance chain cross-chain system and information calling method
Yang et al. An access control model based on blockchain master-sidechain collaboration
KR20220050606A (en) System and Method for Intelligent mediating based enhanced smart contract for privacy protection
CN115865515A (en) Credible access control method based on decentralized identification and related device
CN103069767B (en) Consigning authentication method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant