Research On Secure Search And Fuzzing Test For Structured Data

With the advent of Big Data era,the data scale is growing explosively,which results in great difficulty for data storage and management.Structured data has become the main data form for this situation due to its advantage of being easily stored,queried and analyzed.However,structured data faces new problems and challenges in the research field of secure protocol design and fuzzing test.In the design of secure protocol for structured data,not only the data security has to be protected,the data structure also needs to be preserved to guarantee its advantage in data processing;In fuzzing test,traditional generating method of test cases can not adapt to programs accepting only highly-structured data(data with certain grammar structure).It leads to low code coverage rate and failure to detect security vulnerabilities.Focusing on these problems,we have carried out research work on security of structured data and achieved the following results.(1)We propose a secure multi-keyword search scheme which supports results ranking and dynamic document updating.In the scenario of cloud computing,users usually encrypt their sensitive data before uploading them into the cloud for the concern of privacy,which leads to the research of secure search.However,few existing secure search schemes can support the functionalities of multi-keyword search,result ranking and document update at the same time.Focusing on this problem,we propose a secure multi-keyword search scheme supporting results ranking and dynamic update.In the scheme,we combine the Vector Space Model and B~+tree to construct a new index:Keyword B~+tree which enables the results to be ranked according to their relevance with the query.Function-hiding encryption is adopted to encrypt the index.On the premise that data security and query privacy is guaranteed,we can search and update documents efficiently.The tree structure index has the feature of multiple branches to enhance the I/O efficiency,which is very suitable to large-scale cloud data.We provide a comprehensive security analysis to prove that our scheme can achieve adaptively semantical security under the condition of certain leakage.Experiments over real data show that our scheme has better performance than existing works.(2)We propose a shortest distance query scheme on encrypted graph data in cloud comput-ing.Since many large-scale network data can be modeled as graph,graph database has been widely applied.In cloud computing,graph database also needs to be encrypted before out-sourcing to protect users’privacy.It makes the query problems in graph very challenging.To solve this problem,we propose a secure shortest distance query scheme for encrypted data.In our scheme,we first present a direct construction which combines the matrix index and symmetric encryption to achieve accurate shortest distance query.However,its prepro-cessing time is too long and storage complexity is too large.To solve these problems,we propose a second construction which combines Somewhat Homomorphic Encryption and Distance Oracle as the index to achieve approximate shortest distance query.It reduces the preprocessing time and decreases the index size.At last,we prove both schemes achieve adaptively semantical security under the condition of certain leakage.Experiment results show the high efficiency of the proposed scheme in both index encryption time and query time;(3)We propose a new fuzzing method for highly-structured input.Traditional fuzzing tech-niques can not deal with programs with highly-structured input.The testcases generated by them will be rejected in the program’s verifying stage.We propose a grammar-based fuzzing scheme to solve this problem.We break down the existing test cases to multiple grammar segments and infer the grammar of them.Guided by the inferred grammar,we can construct a new series of test cases.These cases can pass the verification stage in the program and reach the place where it has never been.We implement this method in our general fuzzing framework.Traditional test case generator based on grammar targets at specific language.By contrast,our design does not depend on specific grammar,any fuzzing generator of spe-cific language can be built on our framework.Compared with other black box fuzzing tools,our framework can achieve higher code coverage.