CN111200613B - End-to-end model-based code trusted execution method - Google Patents

End-to-end model-based code trusted execution method Download PDF

Info

Publication number
CN111200613B
CN111200613B CN202010012451.2A CN202010012451A CN111200613B CN 111200613 B CN111200613 B CN 111200613B CN 202010012451 A CN202010012451 A CN 202010012451A CN 111200613 B CN111200613 B CN 111200613B
Authority
CN
China
Prior art keywords
data
code
execution
provider
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010012451.2A
Other languages
Chinese (zh)
Other versions
CN111200613A (en
Inventor
陈虹
林婧
丘志杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Liandao Technology Co ltd
Original Assignee
Beijing Liandao Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Liandao Technology Co ltd filed Critical Beijing Liandao Technology Co ltd
Priority to CN202010012451.2A priority Critical patent/CN111200613B/en
Publication of CN111200613A publication Critical patent/CN111200613A/en
Application granted granted Critical
Publication of CN111200613B publication Critical patent/CN111200613B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a code credible execution method based on an end-to-end model.A data user writes codes according to data specifications set by a data provider and encrypts and transmits the codes to the data provider; the data provider provides an isolated computing operation environment for the data user, the data provider starts a trusted execution environment, the data user sends the encrypted codes and the encrypted keys to the trusted execution environment respectively, the trusted execution environment recovers the codes and executes the codes, the codes are obtained and processed through the data access agent in the execution process, and the results are returned to the data user through the code execution agent. The invention can protect the data of the data provider and the code of the data user at the same time, so that the data provider and the data user can exchange information under the condition of non-credibility.

Description

End-to-end model-based code trusted execution method
Technical Field
The invention belongs to the technical field of information, and particularly relates to a code credible execution method based on an end-to-end model.
Background
In a conventional data usage model, the data owner typically packages the source data for transmission to the data consumer. Now, however, data owners become aware that the data they own is a business asset from which they can obtain benefits; they begin to worry about the equity issues and privacy risks posed to the operation of communicating data out.
In order to eliminate the leakage risk caused by the fact that data is not grasped by the user, the industry begins to solve the problem by adopting a concept of giving codes to the data instead of giving the data to the codes. Different from the traditional method that data is sent to a code party and the code is placed in the environment of the data party for operation, the data is not exported, and various safety problems caused by the fact that the data is opened to the outside can be effectively avoided.
However, the method of giving the code to the data side has two problems: 1. the code is not credible, and data leakage can be caused by subjective stealing or external attack in the calculation process; 2. the data side is not trusted, and the insecurity of the execution environment may cause the code to be decompiled, so that the application side knows the property right to be damaged.
Therefore, it is necessary to provide a trusted execution method to support data interaction between a data provider and a user without mutual trust, and to ensure the security of the user code and the provider data.
Disclosure of Invention
The invention aims to overcome the defects of the prior art, provides a code credible execution method based on an end-to-end model, and simultaneously protects the data of a data provider and the code of a data user, so that the data provider and the data user can perform information interaction under the condition of mutual non-credibility.
In order to achieve the above object, the end-to-end model-based code trusted execution method of the present invention includes the following steps:
s1: the data provider formulates the code to the use specification of the data, including constructing a data access agent, setting the data access authority and calculating the result return format; simultaneously, a code execution agent and a trusted execution environment are established, the execution agent runs in an untrusted environment, the trusted execution environment is initialized, and a starting entrance and a communication assembly are established;
s2: the data user builds a code file according to the data use specification of the data provider, and encrypts the code file by adopting a symmetric encryption algorithm, and the encrypted code file and the key K1 are safely stored by the data user;
s3: the data user and the data provider carry out identity authentication, and the data user and the trusted execution environment negotiate a session key K2 for transmission and establish a secure channel;
s4: the data user encrypts the encrypted code file and a key K1 by using a key K2 and sends the encrypted code file and the key K1 to the data provider, the data provider forwards the encrypted code file and the key K2 to the trusted execution environment after receiving the encrypted code file, the trusted execution environment decrypts the received file by using a key K2, decrypts and recovers the code file by using a key K1, and then the secure channel is closed;
s5: the execution agent of the data provider starts the running of the code in the trusted execution environment, and data access is carried out through the data access agent in the code execution process;
s6: and after the code is executed, the execution agent judges the legality of the execution result according to a rule preset by the data provider, if the execution result passes the legality judgment, the execution result is fed back to the data user, and otherwise, an illegal execution result prompt is sent to the data user.
The invention relates to a code credible execution method based on an end-to-end model.A data user writes codes according to a data specification set by a data provider and encrypts and transmits the codes to the data provider; the data provider provides an isolated computing operation environment for the data user, the data provider starts a trusted execution environment, the data user sends the encrypted codes and the encrypted keys to the trusted execution environment respectively, the trusted execution environment recovers the codes and executes the codes, the codes are obtained and processed through the data access agent in the execution process, and the results are returned to the data user through the code execution agent.
The invention comprehensively considers the problems of data security and code security, the data provider provides the operation environment of the code of the data user, all the input and output of the code are in the limit of the code execution agent, and the code of the data user can not directly send the source data from the trusted execution environment to the outside, thereby ensuring the data security; meanwhile, the code of the data user is transmitted to the trusted execution environment in the form of an encrypted file and is decrypted in the trusted execution environment, and the trusted execution environment is isolated from privileged users such as an operating system on the upper layer of the data provider and can only interact through a fixed code execution agent, so that the code of the data user is isolated and safe in the trusted execution environment. Therefore, the invention can ensure that the two parties can safely cooperate to process data and interact information under the condition of mutual distrust.
Drawings
FIG. 1 is a flow chart of an embodiment of a trusted code execution method based on an end-to-end model;
fig. 2 is a schematic diagram of a data provider execution environment in the present invention.
Detailed Description
The following description of the embodiments of the present invention is provided in order to better understand the present invention for those skilled in the art with reference to the accompanying drawings. It is to be expressly noted that in the following description, a detailed description of known functions and designs will be omitted when it may obscure the subject matter of the present invention.
Examples
In the invention, an end-to-end application environment is set, and two core roles exist in the environment: one end is a data provider and the other end is a data user. The data provider has a large amount of data, the data is private assets of the provider, and on one hand, the data provider has the requirement of opening the data to a third party for use and acquiring benefits; on the other hand, the method needs to protect data from being leaked, and protect own data rights and privacy security. The data user is a code provider, the code needs to operate on the data, the code needs to be deployed to the data provider, the data user wants to protect the code against reverse engineering, and intellectual property rights are guaranteed. The roles of the two parties are distinguished in a logical structure, and are not forcibly distinguished on physical equipment.
Fig. 1 is a flowchart of a specific embodiment of the trusted code execution method based on an end-to-end model according to the present invention. As shown in fig. 1, the specific steps of the end-to-end model-based code trusted execution method of the present invention include:
s101: constructing an execution environment:
the data provider formulates the code to the use specification of the data, including constructing the data access agent, setting the data access authority and executing the result to return to the format; and meanwhile, a code execution agent and a trusted execution environment are constructed, the execution agent runs in an untrusted environment, the trusted execution environment is initialized, and a starting entrance and a communication assembly are constructed. The starting entry is a recovery entry of the encrypted code, and the communication component is used for realizing message construction and forwarding between the trusted execution environment and the data user. Fig. 2 is a schematic diagram of a data provider execution environment in the present invention. A Trusted Execution Environment (TEE) is a secure computing environment, consisting of memory and storage functions. The TEE is isolated from the normal operating environment of the operating system and the application program, and sensitive operation is limited in the TEE. The authenticity of the executing code, the integrity of the runtime state (e.g., CPU registers, memory and sensitive I/O), and the confidentiality of the code, data, and runtime state stored in persistent memory are guaranteed. The TEE architecture commonly used today includes ARM TrustZone Technology, Intel Software Guard Extensions (SGX), AMD Platform Secure Processor, and mesa, which can be selected as required in practical applications.
S102: constructing a code file:
and the data user builds a code file according to the data use specification of the data provider, encrypts the code file by adopting a symmetric encryption algorithm, and the encrypted code file and the key K1 are safely stored by the data user. The specific encryption algorithm can be selected by the data user, such as an AES symmetric encryption algorithm.
S103: establishing a secure channel:
the data user and the data provider perform identity authentication, and the data user and the trusted execution environment negotiate a session key K2 for transmission to establish a secure channel, which specifically comprises the following steps:
the data provider builds and enables a trusted execution environment through the execution agent, and enters the trusted execution environment through an entrance function; the trusted execution environment builds a request for establishing a secure channel, attaches an identity certificate of the trusted execution environment to the message, and sends the identity certificate to the data user through the execution agent.
After receiving the request information of the trusted execution environment, the execution agent adds self identity information to the message and signs, and then constructs a complete request to be sent to the data user.
After receiving the request information for establishing the secure connection, the data user performs signature verification operation according to the identity information and the signature in the request message, and after the signature verification is passed, the data user performs session key negotiation with a trusted execution environment of the data provider by using a key exchange protocol such as ECDH and the like so as to establish a secure channel for data exchange. The negotiated session key K2 is stored in the server of the data consumer and the trusted execution environment of the data provider.
S104: and (3) code file transmission:
the data user encrypts the encrypted code file and the key K1 by using a key K2 and sends the encrypted code file and the key K1 to the data provider, the data provider forwards the encrypted code file and the key K2 to the trusted execution environment after receiving the encrypted code file, the trusted execution environment decrypts the received file by using a key K2, decrypts and recovers the code file by using a key K1, and then the secure channel is closed.
S105: executing the code:
and the execution agent of the data provider starts the running of the code in the trusted execution environment, and data access is carried out through the data access agent in the code execution process. Due to the characteristics of the trusted execution environment, the memory risk of codes and the problem of hacking can be effectively avoided, and meanwhile, the data is prevented from being illegally accessed through the data access agent.
S106: and (3) executing result feedback:
and after the code is executed, the execution agent judges the legality of the execution result according to a rule preset by the data provider, if the execution result passes the legality judgment, the execution result is fed back to the data user, and otherwise, a prompt that the execution result is illegal is sent to the data user. The rule for judging the legality generally comprises a data format and a message length in an execution result, limits the calling frequency of a code within a certain time, and prevents a code result from containing source data, thereby preventing the source data from being transmitted to the outside.
As can be seen from the above description, the present invention can improve the security of code execution from the following three aspects:
(1) and (3) data security: the data provider provides the actual running environment of the code, and the process that the data provider distributes data outwards in the traditional operation process is changed into the process that the data user delivers the code to the provider for execution. The source data does not leave the environment controlled by the data provider all the time in the whole workflow. The code accesses the data through the data access agent, the data access agent can refuse suspicious data transmission to communicate with the network, and malicious leakage of the data in the running process of the code can be effectively avoided through the control.
(2) And (4) code security: and the data user sends the encrypted code and the encrypted key to the data provider through a secure channel between the trusted execution environment of the data provider and the data user, so that the code is encrypted in the network transmission process. The key is held by both sides of the secure channel link, and the code can be decrypted only in a trusted execution environment reaching a data provider, so that the security of the code of the data user is effectively ensured.
(3) And (4) executing safety: because the trusted execution environment constructed by the data provider is an isolated running environment, and the memory space of the trusted execution environment is isolated from all other programs (including an operating system) of the computer, except the trusted execution environment interacting with the trusted execution environment through an execution agent, any program has no access right to the environment, the purpose of isolated computation is achieved, and the safety of codes and source data in the operation process is protected.
In order to better explain the technical scheme of the invention, the invention is specifically explained by combining a specific application example in the field of the internet of things. In a plurality of application scenes of the Internet of things, the problem of data island exists. Since the data collection terminal belongs to different manufacturers and developers, a large amount of available data in the same use scene is scattered, and is difficult to be utilized by research fields such as big data processing or machine learning. Meanwhile, each data collector is also reluctant to distribute the data resources of the data collector outwards, so that the data rights and interests of the data collector are damaged.
Taking the smart home industry in the field of internet of things as an example, the smart home is formed by connecting various smart home appliances in a house with furniture through the internet of things technology, and provides functions of convenient control, detection and the like. The intelligent home collects operation data of the intelligent home terminal, such as temperature control, power consumption and the like, through intelligent hardware on the intelligent home terminal, and transmits the operation data back to a server of a provider through a network. The running data of the intelligent home terminals are analyzed, and the intelligent home terminal has reference significance in the directions of product optimization, energy conservation, environmental protection, advertisement putting and the like. In this usage scenario, the provider of each smart home product is a data provider, and the provided data is operation data of the smart home terminal. The data user is a mechanism which needs to analyze the operation data of the intelligent home terminal and takes the analysis result as an operation decision reference, for example, an advertiser which needs data for accurate advertisement delivery reference, an environmental protection worker which needs data for energy-saving scheme design reference, and the code which needs to be executed is an intelligent home terminal operation data analysis code.
However, since the data uploaded from each smart home terminal is owned by each provider, each provider is not willing to directly provide its original data due to the competitive relationship. This makes it difficult for data users to study the prevalence characteristics, after all, correlation analysis relying on data from only one provider is inaccurate and unobtrusive. Therefore, the invention can realize the analysis and calculation of the data by the program controlled by the non-provider in the environment controlled by the data provider, and simultaneously ensure the safety of both the data and the code.
The data user writes the running data analysis code of the intelligent home terminal according to the data specification set by the data provider; the data provider provides an isolated computing operating environment for the data consumer. According to the flow of the invention, the trusted execution environment is started by the data provider, the encrypted running data analysis code of the intelligent home terminal and the key are respectively sent to the trusted execution environment by the data user, and the running data analysis code of the intelligent home terminal is recovered. The intelligent home terminal operates the data analysis code, obtains and processes the data through the data access agent, and returns the result to the data user through the execution agent.
Although illustrative embodiments of the present invention have been described above to facilitate the understanding of the present invention by those skilled in the art, it should be understood that the present invention is not limited to the scope of the embodiments, and various changes may be made apparent to those skilled in the art as long as they are within the spirit and scope of the present invention as defined and defined by the appended claims, and all matters of the invention which utilize the inventive concepts are protected.

Claims (1)

1. A trusted code execution method based on an end-to-end model, comprising the steps of:
s1: the data provider formulates the code to the use specification of the data, including constructing a data access agent, setting the data access authority and calculating the result return format; simultaneously constructing a code execution agent and a trusted execution environment, wherein the execution agent runs in an untrusted environment to realize the initialization of the trusted execution environment, and constructing a starting entrance and a communication component and simultaneously constructing a data access agent;
s2: the data user builds a code file according to the data use specification of the data provider, and encrypts the code file by adopting a symmetric encryption algorithm, and the encrypted code file and the key K1 are safely stored by the data user;
s3: the data user and the data provider carry out identity authentication, and the data user and the trusted execution environment negotiate a session key K2 for transmission and establish a secure channel;
s4: the data user encrypts the encrypted code file and a key K1 by using a key K2 and sends the encrypted code file and the key K1 to the data provider, the data provider forwards the encrypted code file and the key K2 to the trusted execution environment after receiving the encrypted code file, the trusted execution environment decrypts the received file by using a key K2, decrypts and recovers the code file by using a key K1, and then the secure channel is closed;
s5: the execution agent of the data provider starts the running of the code in the trusted execution environment, and data access is carried out through the data access agent in the code execution process;
s6: and after the code is executed, the execution agent judges the legality of the execution result according to a rule preset by the data provider, if the execution result passes the legality judgment, the execution result is fed back to the data user, and otherwise, an illegal execution result prompt is sent to the data user.
CN202010012451.2A 2020-01-07 2020-01-07 End-to-end model-based code trusted execution method Active CN111200613B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010012451.2A CN111200613B (en) 2020-01-07 2020-01-07 End-to-end model-based code trusted execution method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010012451.2A CN111200613B (en) 2020-01-07 2020-01-07 End-to-end model-based code trusted execution method

Publications (2)

Publication Number Publication Date
CN111200613A CN111200613A (en) 2020-05-26
CN111200613B true CN111200613B (en) 2022-06-07

Family

ID=70747594

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010012451.2A Active CN111200613B (en) 2020-01-07 2020-01-07 End-to-end model-based code trusted execution method

Country Status (1)

Country Link
CN (1) CN111200613B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112989324A (en) * 2021-03-10 2021-06-18 中国民航信息网络股份有限公司 Data interaction method and device, electronic equipment and storage medium

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2778952B1 (en) * 2011-11-11 2017-06-28 NEC Corporation Database device, method and program
US9558366B2 (en) * 2014-05-12 2017-01-31 Compugroup Medical Se Computer system for storing and retrieval of encrypted data items, client computer, computer program product and computer-implemented method
CN105868987B (en) * 2016-03-28 2019-08-13 中国银联股份有限公司 A kind of method and system of shared information between devices
CN109886046A (en) * 2019-02-25 2019-06-14 广东工业大学 A kind of location privacy protection method and system
CN110210251A (en) * 2019-06-17 2019-09-06 阿里巴巴集团控股有限公司 Data query method, apparatus, equipment and computer readable storage medium
CN110580245B (en) * 2019-11-08 2020-03-10 支付宝(杭州)信息技术有限公司 Private data sharing method and device

Also Published As

Publication number Publication date
CN111200613A (en) 2020-05-26

Similar Documents

Publication Publication Date Title
Breiling et al. Secure communication for the robot operating system
US8352740B2 (en) Secure execution environment on external device
Tschofenig et al. Cyberphysical security for the masses: A survey of the internet protocol suite for internet of things security
Hwang et al. A business model for cloud computing based on a separate encryption and decryption service
US20150304736A1 (en) Technologies for hardening the security of digital information on client platforms
CN106603487B (en) Method for improving security of TLS protocol processing based on CPU space-time isolation mechanism
US7194759B1 (en) Used trusted co-servers to enhance security of web interaction
Valadares et al. Achieving data dissemination with security using FIWARE and Intel software guard extensions (SGX)
Al-Hasnawi et al. Fog-based local and remote policy enforcement for preserving data privacy in the Internet of Things
Chang et al. A practical secure and efficient enterprise digital rights management mechanism suitable for mobile environment
Liu et al. Understanding the security of app-in-the-middle IoT
Sampaio et al. Secure and privacy-aware data dissemination for cloud-based applications
Mazzeo et al. TROS: Protecting Humanoids ROS from Privileged Attackers
CN111200613B (en) End-to-end model-based code trusted execution method
Yamada et al. Access control for security and privacy in ubiquitous computing environments
Muzammal et al. A study on secured authentication and authorization in Internet of Things: Potential of blockchain technology
CN111510462B (en) Communication method, system, device, electronic equipment and readable storage medium
Ahila et al. Overview of mobile agent security issues—Solutions
WO2023019964A1 (en) Data security processing method and apparatus
Pearson How trusted computers can enhance privacy preserving mobile applications
KR101737747B1 (en) Improving tamper resistance of aggregated data
Hein et al. An autonomous attestation token to secure mobile agents in disaster response
Misra et al. Vulnerable features and threats
Banyal et al. Security vulnerabilities, challenges, and schemes in IoT-enabled technologies
Coppolino et al. An approach for securing critical applications in untrusted clouds

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant