Abstract: Protection of user privacy has always been important issues affecting cloud computing promotion. Currently, researches on user privacy protection for cloud service providers are rare and designed for specific areas and there is not a more common scenario. This seriously hampers the users’ trust in the cloud service provider and cloud computing services. To resolve this problem, this paper begins with an analysis of the characteristics of information disclosure in a cloud environment, and puts forward an idea of making a cloud layer or module mutual isolated and restricted about user privacy protection, based on the features of cloud computing services and module. Based on this, it concludes with a set of full privacy protection for PaaS and SaaS-based layer separation. Let different cloud service providers provide PaaS layer and SaaS layer services separately, and let cloud service providers limit the other disclosure of user privacy according to the corresponding specification when they provide service. Then it makes a detailed security analysis of the programme and utilizes an example to explain the role in user privacy protection. The cloud computing is implemented in the framework of the program in general and can pass for all kinds of SaaS services, with strong theoretical and applied value.

Key words: public clouds, cloud computing, cloud security, Software as a Service（SaaS）, privacy protection

摘要： 用户隐私保护一直是影响云计算推广的重要问题。当前，针对云服务提供商的用户隐私保护研究还只局限于少数特定领域，没有一个较为通用的方案。这严重阻碍了用户对云服务提供商及云计算服务模式的信任。为解决这一问题，首先分析了云环境中信息泄露的特点，并根据云计算服务及模型的特点，引出了一个让云服务各层或各模块相互分离、相互制约的用户隐私保护思路。随后沿用该思路，提出了一套基于PaaS层和SaaS层分离的完整隐私保护方案，让PaaS层和SaaS层服务有不同的云服务商分别提供，并让云服务商在提供服务的同时，根据相应规范限制对方泄露用户隐私。最后，对该方案进行了详细的安全性分析论证，并采用一个实际例子说明了该方案在保护用户隐私中的作用。该方案能在一般的云计算架构中实行，可通用于各类SaaS服务中，具有较强的理论和应用价值。

关键词: 公有云, 云计算, 云安全, 软件即服务（SaaS）, 隐私保护