隨著科技的進步和商業成本考量，雲端運算成為新一代的運算型態，越來越多的雲端應用服務進入了人們的生活提供更為便利的服務，但是由於雲端的其中一個特性是將使用者的資料都集中儲存在同一個資料中心，這也就造成了新的資料安全問題─隱私保護。然而，在雲端服務提供者所提供的安全保護之中，資料的保密性卻不在其所提供的安全範圍內，這讓使用者在雲端上的資料很容易受到威脅。現在有許多加密演算法可以提供資料的保密性安全，可是執行這些加密演算法將會對系統的效能造成很大負擔。因此，如何提供資料安全並兼顧系統效能是一個重要的議題。
在本論文中，我們提出了一個具提升雲端系統效能的私密保護機制，以提供能滿足使用者安全需求並維持系統效能的保護方法。首先，先依據使用者需求的安全等級和所需的相關資訊來做安全分析。接著，做安全量化根據不同加密演算法要被破解和執行的時間來量化其安全性和效能負擔。最後，根據上述分析、量化的結果以及搭配金鑰管理和資料分割儲存的方式，我們將選擇出最適當的安全保護組合，以期望能在滿足使用者安全需求下提供最好的系統效能。
透過模擬的數據，我們將展示在不同的安全需求等級和雲端環境之中，利用本論文所提出之私密保護機制不僅能達到所需的安全需求，亦能維持系統的效能，並且與其他保護機制相較之下，可提升35~50%的系統效能。

With the development of technology and the consideration of business cost, Cloud Computing becomes the next generation of computing pattern. There are more and more cloud services into our daily life to provide more convenient services. However, one of its characteristic is that storing users’ data centralized in the same data center, and it also generates new issue of data security – Privacy. Nevertheless, the securities offered by cloud providers are not including the data confidentiality, which allows users’ material in the cloud is vulnerable to threats. Many existed encryption algorithms can be used to provide the confidentiality of data security, but perform these encryption algorithms causing huge overhead on system performance. Therefore, it is a difficult issue to protect data security and maintain system performance at the same time.
In the thesis, an Effective Privacy Protection Scheme is proposed to provide a protecting method for satisfying user-demand security and maintain system performance. At first, we analyze the security level users require and the related information. Next, the security and performance of encryption algorithms are quantified by their cracked and executing time. Then, by using the above result of analysis and quantification, key management, and data division, an appropriate security composition is derived to fulfill the user-demand security and offer the optimal system performance.
Finally, according to the simulation results, the derived security composition not only satisfies the different user-demand security but also maintains the cloud system performance in different cloud environment. The execution period of EPPS outperforms the other encryption algrithms by 35% to 50%.

[AMA-1] Amazon Web Services (AWS), Available: http://aws.amazon.com/.
[AMA-2] Amazon Elastic Compute Cloud (Amazon EC2),
Available: http://aws.amazon.com/ec2/.
[AMA-3] Amazon Simple Storage Service (Amazon S3),
Available: http://aws.amazon.com/s3/.
[AMA-4] Amazon Web Services: Overview of Security Processes,
Available:http://awsmedia.s3.amazonaws.com/pdf/AWS_Security_Whitepaper.pdf.
[BAR03] P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. “Xen and the art of virtualization,” In Proceedings of the Symposium on Operating Systems Principles (SOSP), Oct. 2003.
[CLO09-1] Cloud Security Alliance, “Security Guidance for Critical Areas of Focus in Cloud Computing”, April 2009
[CLO09-2] Cloud Security Alliance, “Security Guidance for Critical Areas of Focus in Cloud Computing V2.1”, Dec. 2009
[CUN09] V. D. Cunsolo, S. Distefano, A. Puliafito, and M. Scarpa, “Achieving Information Security in Network Computing Systems,” in Dependable, Autonomic and Secure Computing, 2009. DASC '09. Eighth IEEE International Conference on, 2009, pp. 71-77.
[ELM08] Diaa Salama Abdul. Elminaam, Hatem Mohamed Abdul Kader and Mohie Mohamed Hadhoud, “Performance Evaluation of Symmetric Encryption Algorithms,” International Journal of Computer Science and Network Security, vol. 8, Dec. 2008
[HSI09] Chou-Ting Hsieh, “An Adaptive Cross-Layer Design Approach for Network Security Management,” 2009
[ITA09] W. Itani, A. Kayssi, and A. Chehab, “Privacy as a Service: Privacy-Aware Data Storage and Processing in Cloud Computing Architectures,” in Dependable, Autonomic and Secure Computing, 2009. DASC '09. Eighth IEEE International Conference on, 2009, pp. 711-716.
[JEN09] M. Jensen, J. Schwenk, N. Gruschka, and L. L. Iacono, “On Technical Security Issues in Cloud Computing,” in Cloud Computing, 2009. CLOUD '09. IEEE International Conference on, 2009, pp. 109-116.
[JI09] H. Ji and A. Klein, “A Benchmark of Transparent Data Encryption for Migration of Web Applications in the Cloud,” in Dependable, Autonomic and Secure Computing, 2009. DASC '09. Eighth IEEE International Conference on, 2009, pp. 735-740.
[LEN99] Arjen K. Lenstra and Eric R. Verheul, “Selecting Cryptographic Key Sizes,” Journal of Cryptology, vol. 14, pp. 255-293, 1999
[MEL09] P. Mell and T. Grance, “Cloud computing definition”, NIST, June 2009., Available:http://csrc.nist.gov/groups/SNS/cloud-computing/index.html
[NUR09] D. Nurmi, R. Wolski, C. Grzegorczyk, G. Obertelli, S. Soman, L. Youseff, and D. Zagorodnov, “The Eucalyptus Open-Source Cloud-Computing System,” in Cluster Computing and the Grid, 2009. CCGRID '09. 9th IEEE/ACM International Symposium on, 2009, pp. 124-131.
[PEA09] S. Pearson, “Taking account of privacy when designing cloud computing services,” in Software Engineering Challenges of Cloud Computing, 2009. CLOUD '09. ICSE Workshop on, 2009, pp. 44-52.
[PRA07] R. Prabhakar, S. Seung Woo, C. Patrick, S. H. K. Narayanan, and M. Kandemir, “Securing Disk-Resident Data through Application Level Encryption,” in Security in Storage Workshop, 2007. SISW '07. Fourth International IEEE, 2007, pp. 46-57.
[SHA79] Adi Shamir, “How to share a secret,” Communications of the ACM, v.22 n.11,p.612-613, Nov. 1979