Research on SGX-based Cloud Outsourcing Computing Trust Problem Solution

Abstract

Abstract: General users and small and mediumsized enterprises mostly use the distributed big data computing environment provided by cloud service providers. The consequence is that users lose some control over code and data and are vulnerable to internal cloud attacks. Therefore, a cloud outsourcing computing security solution based on Intel SGX (software guard extensions) is proposed with the participation of a trusted third party. The trusted third party formulates a unified computing environment security standard and creates a trusted execution environment in the cloud through SGX technology. It performs authentication and maintenance to ensure that user code data is calculated in a secure computing environment configured by a trusted third party to solve data security and user trust issues in cloud outsourcing computing. The application and simulation experiment of the security scheme is carried out under the Hadoop architecture. The experimental results show that the security scheme can ensure data security in the cloud computing process, and at the same time, the user’s trust in the cloud computing environment can be solved through the authentication and management of the trusted environment by a trusted third party, and compared with the standard MapReduce computing Performance loss is small.

Key words: cloud outsourcing, big data, distributed computing, Intel SGX, cloud security

摘要： 一般用户与中小企业多使用云服务商提供的分布式大数据计算环境，带来的后果是用户对代码及数据失去了部分控制权并极易遭受云端内部攻击.因此提出了可信第三方参与的基于Intel SGX(software guard extensions)的云外包计算安全方案，由可信第三方进行统一的计算环境安全标准制定，在云端通过SGX技术创建可信执行环境并对其进行认证与维护，保证用户代码数据在可信第三方配置的安全计算环境中执行计算，解决云外包计算中数据安全与用户信任问题.在Hadoop架构下进行安全方案的应用与模拟实验.实验结果表明，安全方案可以有效实现上述安全目标，相比标准的MapReduce计算性能损耗较小.

关键词: 云外包, 大数据, 分布式计算, Intel SGX, 云安全

王冠, 尹煜. 基于SGX的云外包计算信任问题解决方案研究[J]. 信息安全研究, 2022, 8(10): 1028-.

References

参考文献
［1］Ghemawat S, Gobioff H, LeeungS T. The google file system［C］ Proc of the 19th ACM Symp on Operating System Principles. New York: ACM, 2003: 2943［2］Dean J, Ghemawat S. MapRedcue: Simplified data processing on large clusters［J］. Communication of the ACM, 2008, 5(1): 107113［3］Chang F, Dean J, Ghemawat S, et al. A distributed storage system for structured data［C］ Proc of the 7th USENIX Symp on Operating Systems Design and Implementation. Berkelery, CA: USENIX Association, 2006: 205218［4］姜栋瀚, 刘晓平, 吴作栋. 云计算技术发展现状研究综述［J］. 信息与电脑: 理论版, 2019 (8): 170171［5］刘莎莎. 云计算安全问题研究综述［J］. 数字技术与应用, 2020, 38(5): 175176［6］Schuster F, Costa M, Fournet C, et al. VC3: Trustworthy data analytics in the cloud using SGX［C］ Proc of the 2015 IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2015: 3854［7］Kelbert F, Gregor F, Pires R, et al. SecureCloud: Secure big data processing in untrusted clouds［C］ Proc of the Conf on Design, Automation & Test. Piscataway, NJ: IEEE, 2017: 282285［8］Arnautov S, Trach B, Gregor F, et al. SCONE: Secure Linux containers with Intel SGX［C］ Proc of the 12th USENIX Symp on Operating Systems Design and Implementation (OSDI). Berkelery, CA: USENIX Association, 2016: 689703［9］Tramer F, Boneh D. Slalom: Fast, verifiable and private execution of neural networks in trusted hardware［J］. arXiv preprint, arXiv:1806.03287, 2018［10］The MesaTEE Team. MesaTEE: A framework for universal secure computing［CPOL］. ［20220120］. https:github.comzjshen14mesatee［11］金瑜, 王凡, 赵红武, 等. 云计算环境下信任机制综述［J］. 小型微型计算机系统, 2016, 37(1): 111［12］Wang J W, Jiang Y, Li Q, et al. Survey of research on SGX technology application［J］. Journal of Network New Media, 2017, 6(5): 39［13］Intel Corporation. Intel software guard extensions programming reference［ROL］. 2014 ［20220120］. https:www.intel.comcontentdamdevelopexternalusendocuments329298002629101.pdf［14］Shaun D, Richard F. SGX: The good, the bad and the downright ugly［EBOL］. 2014 ［20220120］. https:www.virusbulletin.comvirusbulletin201401sgxgoodbadanddownrightugly［15］涂山山, 胡俊, 宁振虎, 等. 可信计算:打造云安全新架构［J］. 信息安全研究, 2017, 3(5): 440450［16］Jauernig P, Sadeghi A R, Stapf E. Trusted execution environments: Properties, applications, and challenges［J］. IEEE Security & Privacy, 2020, 18(2): 5660［17］Anati I, Gueron S, Johnson S, et al. Innovative technology for CPU based attestation and sealing［EBOL］.  ［20220120］. https:dh6.inkksvoc［18］Johnson S, Scarlata V, Rozas C, et al. Intel software guard extensions: Epid provisioning and attestation services［J］. White Paper, 2016, 1(110): 119129［19］Apache. Hadoop［EBOL］.［20220120］. http:Hadoop.apache.orgindex.html［20］Apache. Hadoop Streaming［EBOL］.［20220120］. https:hadoop.apache.orgdocsr3.1.3hadoopstreamingHadoopStreaming.html

[1]	. Data Security Governance Technology and Practice in Big Data Applications [J]. Journal of Information Security Reserach, 2022, 8(4): 326-.
[2]	. Research on Smart Contract Method in the Framework of Secure Multi-party Computation [J]. Journal of Information Security Reserach, 2022, 8(10): 956-.
[3]	. Research on Multi-Dimensional Big Data Analysis Method of Distribution Network Power Supply Reliability [J]. Journal of Information Security Reserach, 2022, 8(1): 79-.
[4]	. Design of CrossDomain Data Fusion Traceability Framework Based on Secondary Chain Structure#br# [J]. Journal of Information Security Reserach, 2021, 7(8): 728-738.
[5]	. Research on Acceleration Method of Searchable Encryption of Private Data Based on Trusted Hardware [J]. Journal of Information Security Reserach, 2021, 7(4): 319-327.
[6]	. Kerberos Security Enhancements Based on Intel SGX [J]. Journal of Information Security Reserach, 2021, 7(4): 374-383.
[7]	. Review of Multi-Party Secure Computing Research [J]. Journal of Information Security Reserach, 2021, 7(12): 1161-.
[8]	. Research on the protection of big data rights and interests with the protection of personal data rights and interests as the core [J]. Journal of Information Security Reserach, 2021, 7(12): 1166-.
[9]	. Research on the Application of Beidou Space-time Information in the Field of Industrial Internet Security [J]. Journal of Information Security Reserach, 2021, 7(10): 989-.
[10]	. A Study of Big Data Platform Architecture to Address Cybersecurity Protection and Defense [J]. Journal of Information Security Research, 2021, 7(1): 75-80.
[11]	. Research and application of remote mobile office security standard [J]. Journal of Information Security Research, 2020, 6(6): 0-0.
[12]	. Application of Situation Awareness in E-government Information Security [J]. Journal of Information Security Research, 2020, 6(6): 0-0.
[13]	. Research on Cloud Security System Based on Big Data Security Technology [J]. Journal of Information Security Research, 2020, 6(5): 404-420.
[14]	. Research on The Harm of Data Hegemony to Countries and Individuals and The Countermeasures [J]. Journal of Information Security Research, 2020, 6(5): 448-453.
[15]	. Analysis of China's Personal Information Rrights Protection System in the Era of Big Data Based on the Background of Government Data Fusion [J]. Journal of Information Security Research, 2020, 6(12): 1088-1100.