CN111382131A

CN111382131A - Data processing method, device and storage medium

Info

Publication number: CN111382131A
Application number: CN201811610521.3A
Authority: CN
Inventors: 李嘉奇; 周亚金; 于昇; 张帆; 任奎
Original assignee: Zhejiang University ZJU
Current assignee: Zhejiang University ZJU
Priority date: 2018-12-27
Filing date: 2018-12-27
Publication date: 2020-07-07
Anticipated expiration: 2038-12-27
Also published as: CN111382131B

Abstract

The present disclosure relates to a data processing method, apparatus, and storage medium. The method comprises the following steps: the method comprises the steps of obtaining a compiling result of a data processing logic, data to be processed and a task configuration file, wherein the compiling result comprises a first isolated memory space file and a second isolated memory space file; encrypting the data to be processed to obtain encrypted data to be processed; uploading the encrypted data to be processed to a control node; submitting a data processing task to the control node according to the task configuration file, wherein the data processing task carries the compiling result; receiving an encrypted data processing result returned by at least one computing node; and decrypting the encrypted data processing result to obtain a decrypted data processing result. The present disclosure provides a scheme for providing security protection for data processing using isolated memory spaces in a distributed computing scenario, thereby improving security of data processing on the cloud.

Description

Data processing method, device and storage medium

Technical Field

The present disclosure relates to the field of computer technologies, and in particular, to a data processing method, an apparatus, and a storage medium.

Background

Because data on the cloud is at risk of being leaked or tampered, the user cannot completely trust the cloud service environment. These risks come from the cloud service provider, or an attacker who successfully invades and controls the cloud service node, etc. Under the Hadoop framework, even if the data encryption function of the HDFS (Hadoop Distributed File System) is enabled, only low-permission applications cannot access confidential data. In the case where the cloud service environment is not trusted, simple encryption cannot secure confidential data. And under the distributed operation scene, the attack surface of an attacker is further expanded. An attacker can destroy the integrity of data and destroy a calculation result by destroying data transmission among nodes. How to improve the security of data processing on the cloud is an urgent problem to be solved.

Disclosure of Invention

In view of the above, the present disclosure provides a data processing method, an apparatus and a storage medium.

According to a first aspect of the present disclosure, there is provided a data processing method, which is applied in a user side, the method including:

the method comprises the steps of obtaining a compiling result of a data processing logic, data to be processed and a task configuration file, wherein the compiling result comprises a first isolated memory space file and a second isolated memory space file;

encrypting the data to be processed to obtain encrypted data to be processed;

uploading the encrypted data to be processed to a control node;

submitting a data processing task to the control node according to the task configuration file, wherein the data processing task carries the compiling result;

receiving an encrypted data processing result returned by at least one computing node;

and decrypting the encrypted data processing result to obtain a decrypted data processing result.

In a possible implementation manner, the compilation result further includes a framework program, and the framework program is an executable file.

In one possible implementation, encrypting the data to be processed includes:

and encrypting the data to be processed by adopting the associated data of the data to be processed.

In one possible implementation, decrypting the encrypted data processing result includes:

and under the condition that the encrypted data processing result passes the verification, decrypting the encrypted data processing result.

In a possible implementation manner, the data processing task is used as a basis for the control node to issue a data processing subtask to at least one computing node, where the data processing subtask carries the compiling result and the encrypted data to be processed.

According to a second aspect of the present disclosure, there is provided a data processing method, which is applied in a control node, the method including:

receiving encrypted data to be processed uploaded by a user side;

receiving a data processing task submitted by the user side according to a task configuration file, wherein the data processing task carries a compiling result, the compiling result is obtained by the user side according to data processing logic compiling, and the compiling result comprises a first isolated memory space file and a second isolated memory space file;

and issuing a data processing subtask to at least one computing node according to the data processing task, wherein the data processing subtask carries a compiling result and the encrypted data to be processed.

In a possible implementation manner, the encrypted data to be processed is obtained by encrypting the data to be processed according to the associated data of the data to be processed.

According to a third aspect of the present disclosure, there is provided a data processing method, which is applied in a computing node, the method including:

receiving a data processing subtask issued by a control node, wherein the data processing subtask carries a compiling result and encrypted data to be processed, the compiling result is obtained by a user side according to data processing logic compiling, and the compiling result comprises a first isolated memory space file and a second isolated memory space file;

loading the second isolated memory space file through a framework program to create a second isolated memory space;

initiating remote verification to the user side through the second isolated memory space, and acquiring a key set from the user side after the remote verification is passed;

decrypting a first isolated memory space file based on a decryption key of the first isolated memory space file in the key set, and loading the first isolated memory space file to create a first isolated memory space;

initiating local verification to the second isolated memory space through the first isolated memory space, and acquiring at least one key in the key set from the second isolated memory space after the verification is passed, wherein the at least one key comprises a data decryption key;

and decrypting the encrypted data to be processed by adopting the data decryption key through the first isolated memory space, and executing a data processing program in the first isolated memory space to obtain a data processing result.

In one possible implementation manner, decrypting the first isolated memory space file based on the decryption key of the first isolated memory space file in the key set includes:

encapsulating the decryption key of the first isolated memory space file in the key set outside the isolated memory space through the second isolated memory space to obtain an encapsulated key;

and decrypting the first isolated memory space file by the framework program by adopting the packaging secret key.

In one possible implementation manner, after obtaining at least one key in the key set from the second isolated memory space, the method further includes:

destroying the second isolated memory space through the framework program.

In one possible implementation, the data processing program is a binary program compiled by the data processing logic.

In a possible implementation manner, the data processing program reads the data to be processed through a read interface provided by the first isolated memory space, and the data processing program writes the data processing result through a write interface provided by the first isolated memory space.

In one possible implementation, after the data processing is completed, the method further includes:

destroying the first isolated memory space through the framework program.

In one possible implementation manner, executing the data processing program in the first isolated memory space to obtain a data processing result includes:

executing a data processing program in the first isolated memory space to obtain a data processing intermediate result;

encrypting the data processing intermediate result to obtain an encrypted data processing intermediate result;

and sending the encrypted data processing intermediate result to a reduction node, and obtaining a data processing result by the reduction node according to the encrypted data processing intermediate result.

In one possible implementation, the at least one key further comprises a key for encrypting intermediate data;

encrypting the data processing intermediate result, comprising:

and encrypting the data processing intermediate result by adopting the key for encrypting the intermediate data and the identification information of the computing node to obtain an encrypted data processing intermediate result.

According to a fourth aspect of the present disclosure, there is provided a data processing apparatus comprising:

the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring a compiling result of data processing logic, data to be processed and a task configuration file, and the compiling result comprises a first isolated memory space file and a second isolated memory space file;

the first encryption module is used for encrypting the data to be processed to obtain encrypted data to be processed;

the uploading module is used for uploading the encrypted data to be processed to a control node;

the submitting module is used for submitting a data processing task to the control node according to the task configuration file, wherein the data processing task carries the compiling result;

the first receiving module is used for receiving the encrypted data processing result returned by at least one computing node;

and the first decryption module is used for decrypting the encrypted data processing result to obtain a decrypted data processing result.

In one possible implementation manner, the first encryption module is configured to: and encrypting the data to be processed by adopting the associated data of the data to be processed.

In one possible implementation manner, the first decryption module is configured to: and under the condition that the encrypted data processing result passes the verification, decrypting the encrypted data processing result.

According to a fifth aspect of the present disclosure, there is provided a data processing apparatus comprising:

the second receiving module is used for receiving the encrypted data to be processed uploaded by the user side;

a third receiving module, configured to receive a data processing task submitted by the user side according to a task configuration file, where the data processing task carries a compilation result, the compilation result is obtained by the user side through compilation according to a data processing logic, and the compilation result includes a first isolated memory space file and a second isolated memory space file;

and the issuing module is used for issuing a data processing subtask to at least one computing node according to the data processing task, wherein the data processing subtask carries a compiling result and the encrypted data to be processed.

According to a sixth aspect of the present disclosure, there is provided a data processing apparatus comprising:

a fourth receiving module, configured to receive a data processing subtask issued by a control node, where the data processing subtask carries a compilation result and encrypted data to be processed, where the compilation result is obtained by a user end through compilation according to a data processing logic, and the compilation result includes a first isolated memory space file and a second isolated memory space file;

the first loading module is used for loading the second isolated memory space file through a framework program and creating a second isolated memory space;

the remote verification module is used for initiating remote verification to the user side through the second isolated memory space and acquiring a key set from the user side after the remote verification is passed;

a second loading module, configured to decrypt the first isolated memory space file based on a decryption key of the first isolated memory space file in the key set, and load the first isolated memory space file, creating a first isolated memory space;

a local authentication module, configured to initiate local authentication to the second isolated memory space through the first isolated memory space, and obtain at least one key in the key set from the second isolated memory space after the local authentication is passed, where the at least one key includes a data decryption key;

and the data processing module is used for decrypting the encrypted data to be processed by adopting the data decryption key through the first isolated memory space, and executing a data processing program in the first isolated memory space to obtain a data processing result.

In one possible implementation manner, the second loading module includes:

the encapsulation submodule is used for encapsulating the decryption key of the first isolated memory space file in the key set outside the isolated memory space through the second isolated memory space to obtain an encapsulation key;

and the decryption submodule is used for decrypting the first isolated memory space file by adopting the packaging secret key through the framework program.

In one possible implementation, the apparatus further includes:

and the first destroying module is used for destroying the second isolated memory space through the frame program.

In one possible implementation, the apparatus further includes:

and the second destroying module is used for destroying the first isolated memory space through the frame program.

In one possible implementation, the data processing module is configured to:

the data processing module is used for:

According to a seventh aspect of the present disclosure, there is provided a data processing apparatus comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor is configured to perform the data processing method of the first aspect.

According to an eighth aspect of the present disclosure, there is provided a data processing apparatus comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor is configured to perform the data processing method of the second aspect.

According to a ninth aspect of the present disclosure, there is provided a data processing apparatus comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor is configured to perform the data processing method of the third aspect.

According to a tenth aspect of the present disclosure, there is provided a computer readable storage medium having stored thereon computer program instructions, characterized in that the computer program instructions, when executed by a processor, implement the data processing method of the first aspect described above.

According to an eleventh aspect of the present disclosure, there is provided a computer readable storage medium having stored thereon computer program instructions, characterized in that the computer program instructions, when executed by a processor, implement the data processing method of the second aspect described above.

According to a twelfth aspect of the present disclosure, there is provided a computer-readable storage medium having computer program instructions stored thereon, wherein the computer program instructions, when executed by a processor, implement the data processing method of the third aspect described above.

In the embodiment of the present disclosure, the user terminal obtains the compiling result of the data processing logic, the data to be processed and the task configuration file, wherein the compiling result comprises a first isolated memory space file and a second isolated memory space file, the user side encrypts the data to be processed to obtain the encrypted data to be processed, uploads the encrypted data to be processed to the control node, submits the data processing task to the control node according to the task configuration file, wherein the data processing task carries a compiling result, the user side receives the encrypted data processing result returned by at least one computing node and decrypts the encrypted data processing result to obtain a decrypted data processing result, therefore, a scheme of providing safety protection for data processing by using isolated memory space in a distributed operation scene is provided, and the safety of data processing on the cloud can be improved.

Other features and aspects of the present disclosure will become apparent from the following detailed description of exemplary embodiments, which proceeds with reference to the accompanying drawings.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate exemplary embodiments, features, and aspects of the disclosure and, together with the description, serve to explain the principles of the disclosure.

Fig. 1 shows a flow diagram of a data processing method according to an embodiment of the present disclosure.

Fig. 2 shows another flow diagram of a data processing method according to an embodiment of the present disclosure.

Fig. 3 shows another flow diagram of a data processing method according to an embodiment of the present disclosure.

Fig. 4 shows a flow diagram of a data processing method according to an embodiment of the present disclosure.

Fig. 5 shows another flow diagram of a data processing method according to an embodiment of the present disclosure.

Fig. 6 shows a block diagram of a data processing apparatus according to an embodiment of the present disclosure.

Fig. 7 illustrates another block diagram of a data processing apparatus according to an embodiment of the present disclosure.

Fig. 8 shows another block diagram of a data processing apparatus according to an embodiment of the present disclosure.

FIG. 9 shows an architecture diagram of a data processing system according to an embodiment of the present disclosure.

Fig. 10 is a block diagram illustrating an apparatus 800 for data processing in accordance with an example embodiment.

Fig. 11 is a block diagram illustrating an apparatus 1900 for data processing according to an example embodiment.

Detailed Description

Various exemplary embodiments, features and aspects of the present disclosure will be described in detail below with reference to the accompanying drawings. In the drawings, like reference numbers can indicate functionally identical or similar elements. While the various aspects of the embodiments are presented in drawings, the drawings are not necessarily drawn to scale unless specifically indicated.

The word "exemplary" is used exclusively herein to mean "serving as an example, embodiment, or illustration. Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments.

Furthermore, in the following detailed description, numerous specific details are set forth in order to provide a better understanding of the present disclosure. It will be understood by those skilled in the art that the present disclosure may be practiced without some of these specific details. In some instances, methods, means, elements and circuits that are well known to those skilled in the art have not been described in detail so as not to obscure the present disclosure.

Fig. 1 shows a flow diagram of a data processing method according to an embodiment of the present disclosure. The data processing method is applied to the user side. In some possible implementations, the data processing method may be implemented by a processor calling computer readable instructions stored in a memory. As shown in fig. 1, the data processing method includes steps S11 through S16.

In step S11, a compiling result of the data processing logic, the data to be processed, and the task configuration file are obtained, where the compiling result includes a first isolated memory space file and a second isolated memory space file.

In the disclosed embodiments, data processing logic may refer to code for data processing. For example, the data processing logic may be user-written code for processing data to be processed.

In the embodiment of the present disclosure, the isolated memory space may refer to Enclave in SGX (Software Guard Extensions). The isolated memory space file may be referred to as an Enclave file. The isolated memory space file may be a so file, where a so file refers to a file suffixed with a so. For example, the first isolated memory space file and the second isolated memory space file may both be dynamic library files suffixed with.

In a possible implementation manner, the user side may compile the data processing logic through the first component to obtain a compilation result. For example, the first component may be an SDK (Software Development Kit) of DataCapsule.

In embodiments of the present disclosure, the first component may provide other functionality in addition to data processing logic. For example, the first component may provide a framework, implement security protocols, and perform input and output flow control, among other things. In addition, since many function libraries in the Enclave of the SGX cannot be normally used, the first component may also provide some necessary function libraries.

In one possible implementation, the compilation result further includes a framework program, and the framework program is an executable file. In this implementation, the compilation result includes a first isolated memory space file, a second isolated memory space file, and a framework program. For example, the framework program may be framework F. In the disclosed embodiment, the framework program is the main process.

In another possible implementation manner, the compilation result may include the first isolated memory space file and the second isolated memory space file, and does not include the framework program. Because the frame programs are the same for different data processing logics, the frame programs can keep running states on the computing nodes, and when a user side needs to submit a data processing task, only the first isolated memory space file and the second isolated memory space file need to be uploaded, and the frame programs do not need to be uploaded. And loading the first isolated memory space file and the second isolated memory space file by a framework program running in the computing node, and entering a data processing flow.

In step S12, the data to be processed is encrypted, resulting in encrypted data to be processed.

In a possible implementation manner, the user side may encrypt the data to be processed through the second component. For example, the second component may be a Client Library. In the embodiment of the present disclosure, the second component may act as an intermediate layer between the user side and the service side (control node or computing node), which enables the security protocol to be transparent to the user. In the embodiment of the present disclosure, the second component may provide an API (Application Programming Interface) for other programs, and may also be an executable program similar to the client program.

In this embodiment of the present disclosure, before encrypting the data to be processed, the second component may further perform blocking on the data to be processed.

In one possible implementation, the key used to encrypt the data to be processed may be provided by the user.

In another possible implementation, the key used to encrypt the data to be processed may be generated by the second component.

For ease of understanding the following notation is defined herein:

m | n represents the direct stitching of m and n, e.g., m is hellow, n is world, and then m | n is hellowworld;

Enc_k(text, ad) denotes AES-GCM (Advanced Encryption Standard-Galois/counter mode, Advanced Encryption Standard-Galois field/counter mode) encrypts data text using a symmetric key k, the associated data encrypted being ad;

Enc_k[ad]{ text } denotes ad | Enc_k(text,ad)；

PRF_k(text) represents a function that generates a pseudo-random value based on the key k and the data text.

In one possible implementation, encrypting data to be processed includes: and encrypting the data to be processed by adopting the associated data of the data to be processed. In this implementation, the associated data of the data to be processed may be identification information of the data to be processed. The identification information of the data to be processed may be a summary of the data to be processed. For example, identification information l of data block Input of each data to be processed may be determined_inThe identification information l_inObtaining the encrypted data blocks of the data to be processed as the associated data of the data block Input of the data to be processed

Wherein k is_inRepresenting the key used to encrypt the data to be processed. Since the data to be processed is input data of a Map node among the compute nodes, k is_inBut also a key used to encrypt the input data of the mapping node.

In step S13, the encrypted data to be processed is uploaded to the control node.

In the embodiment of the present disclosure, the control node may represent a node in the server for task allocation.

In one possible implementation, the encrypted data to be processed may be uploaded to the control node by the second component.

In one possible implementation, the encrypted data to be processed may be uploaded to the HDFS of the control node.

In one possible implementation, the encrypted data to be processed may be uploaded to the control node in the form of data chunks of the encrypted data to be processed.

In step S14, a data processing task is submitted to the control node according to the task configuration file, where the data processing task carries the compilation result.

In one possible implementation, the data processing task may be submitted to the control node by the second component according to a task profile.

In one possible implementation, the data processing task may be submitted to a YARN (Another Resource coordinator) Resource Manager (Resource Manager) in the control node.

In this disclosure, if the compilation result includes the first isolated memory space file, the second isolated memory space file, and the framework program, the data processing task carries the first isolated memory space file, the second isolated memory space file, and the framework program; and if the compiling result comprises the first isolated memory space file and the second isolated memory space file and does not comprise the framework program, carrying the first isolated memory space file and the second isolated memory space file by the data processing task and not carrying the framework program.

In the embodiment of the present disclosure, the data processing task may be used as a basis for the control node to issue a data processing subtask to at least one computing node, where the data processing subtask carries the compilation result and the encrypted to-be-processed data. In other words, the control node may issue the data processing subtasks to the at least one compute node according to the data processing tasks. In this embodiment of the present disclosure, if the compilation result includes the first isolated memory space file, the second isolated memory space file, and the framework program, the data processing subtask carries the first isolated memory space file, the second isolated memory space file, and the framework program; and if the compiling result comprises the first isolated memory space file and the second isolated memory space file and does not comprise the frame program, carrying the first isolated memory space file and the second isolated memory space file by the data processing subtask without carrying the frame program.

In step S15, an encrypted data processing result returned by at least one computing node is received.

In the embodiment of the disclosure, the computing nodes of the server may include a mapping node and a reduction (Reduce) node. The mapping node can perform data processing on data to be processed to obtain a data processing intermediate result, the reduction node can perform reduction according to the data processing intermediate result from at least one mapping node to obtain a data processing result, the data processing result is encrypted to obtain an encrypted data processing result, and the encrypted data processing result is returned to the user side.

In step S16, the encrypted data processing result is decrypted to obtain a decrypted data processing result.

In one possible implementation, the encrypted data processing result may be decrypted by the second component.

In one possible implementation, decrypting the encrypted data processing result includes: and decrypting the encrypted data processing result under the condition that the encrypted data processing result passes the verification. In this implementation, the encrypted data processing result may be verified before being decrypted. If the encrypted data processing result passes the verification, the encrypted data processing result can be decrypted; if the encrypted data processing result fails to be verified, it can be determined that an attack exists.

In this implementation, the encrypted data processing result may be verified by the second component.

In a possible implementation manner, the second component may perform a calibration on the encrypted data processing result through a calibration (verify) moduleAnd (6) testing. In this implementation, the second component may save the following information for verification when submitting a data processing task: task identifier j of data processing task and key k corresponding to verification information_jobThe number R of reduction nodes and identification information l of all data to be processed_inSet B of_in。

In this implementation, the verification module in the second component may perform one or more of the following verifications:

verifying whether the task identifier in the received checking information FR and the checking information FM is consistent with the task identifier j stored by the checking module;

verifying whether the serial number R of the reduction node in the received check information FR belongs to [0, R-1 ];

verifying P in received check information FR_rSet P of_vAnd l collected from the check information FM_mSet P of_verifierWhether or not P is satisfied_v＝P_verifier；

Verifying all B's in received check information FM_in,mWhether there is no intersection and all B_in,mIs exactly equal to B_in；

Verifying all B's in received check information FR_out,rWhether there is no intersection and all of its B' s_out,rIs exactly equal to KV'_outAll of_outThe union of (a).

As an example of this implementation, the encrypted data processing result may be determined to check for a pass when one or more of the following conditions are satisfied: the task identifier in the received checking information FR and the checking information FM is consistent with the task identifier j stored by the checking module; the serial number R of the reduction node in the received check information FR belongs to 0, R-1](ii) a P in received check information FR_rSet P of_vAnd l collected from the check information FM_mSet P of_verifierSatisfy P_v＝P_verifier(ii) a All B in received check information FM_in,mThere is no intersection and all B_in,mIs exactly equal to B_in(ii) a All B's in the received check information FR_out,rThere is no intersection, and itAll B_out,rIs exactly equal to KV'_outAll of_outThe union of (a).

Fig. 2 shows another flow diagram of a data processing method according to an embodiment of the present disclosure. The data processing method is applied to the control node. In some possible implementations, the data processing method may be implemented by a processor calling computer readable instructions stored in a memory. As shown in fig. 2, the data processing method includes steps S21 through S23.

In step S21, the encrypted to-be-processed data uploaded by the user side is received.

In one possible implementation manner, the encrypted data to be processed is obtained by encrypting the data to be processed according to the associated data of the data to be processed.

In step S22, a data processing task submitted by the user end according to the task configuration file is received, where the data processing task carries a compilation result, and the compilation result is compiled by the user end according to the data processing logic, and the compilation result includes a first isolated memory space file and a second isolated memory space file.

In one possible implementation, the compilation result further includes a framework program, and the framework program is an executable file.

In step S23, a data processing sub-task is issued to at least one computing node according to the data processing task, where the data processing sub-task carries the compilation result and the encrypted data to be processed.

In a possible implementation manner, the control node may issue data processing subtasks to each computing node through a Hadoop resource management process. For example, the control node may issue data processing subtasks to the respective compute nodes through the YARN resource manager.

In the embodiment of the disclosure, the control node receives the encrypted to-be-processed data uploaded by the user side, receives the data processing task submitted by the user side according to the task configuration file, wherein the data processing task carries a compiling result, the compiling result is compiled by the user side according to the data processing logic, the compiling result comprises a first isolated memory space file and a second isolated memory space file, and issues the data processing subtask to at least one computing node according to the data processing task, wherein the data processing subtask carries the compiling result and the encrypted to-be-processed data, so that a scheme for providing security protection for data processing by using the isolated memory space in a distributed operation scene is provided, and the security of data processing on the cloud can be improved.

Fig. 3 shows another flow diagram of a data processing method according to an embodiment of the present disclosure. The data processing method is applied to the computing nodes. In some possible implementations, the data processing method may be implemented by a processor calling computer readable instructions stored in a memory. As shown in fig. 3, the data processing method includes steps S31 through S36.

In step S31, a data processing subtask issued by the control node is received, where the data processing subtask carries a compilation result and encrypted to-be-processed data, where the compilation result is compiled by the user side according to a data processing logic, and the compilation result includes a first isolated memory space file and a second isolated memory space file.

In one possible implementation, the compilation result further includes a framework program, and the framework program is an executable file. In this implementation, the compilation result includes a first isolated memory space file, a second isolated memory space file, and a framework program.

In step S32, a second isolated memory space file is loaded by the framework program to create a second isolated memory space.

In an embodiment of the present disclosure, the second isolated memory space file may be loaded by the framework program in the form of a so file.

In step S33, remote authentication is initiated to the user side through the second isolated memory space, and after the remote authentication is passed, the key set is obtained from the user side.

In one possible implementation, remote authentication may be initiated to the second component at the user side through the second isolated memory space. In other words, the user terminal can perform remote verification by using the second component as a verifier of remote verification. After the validation is passed, the second component provides the set of keys to the compute node.

In the embodiment of the present disclosure, the key set may include a decryption key of the first isolated memory space file, a data decryption key, a key for encrypting intermediate data, and the like.

In step S34, the first isolated memory space file is decrypted based on the decryption key of the first isolated memory space file in the key set, and the first isolated memory space file is loaded to create a first isolated memory space.

In an embodiment of the present disclosure, the first isolated memory space file may be loaded by the framework program in the form of a so file.

In one possible implementation, decrypting the first isolated memory space file based on the decryption key of the first isolated memory space file in the key set includes: packaging the decryption key of the first isolated memory space file in the key set outside the isolated memory space through the second isolated memory space to obtain a packaged key; and decrypting the first isolated memory space file by the framework program by adopting the packaging secret key. For example, the encapsulation key may be a Sealed _ key.

In this implementation, although the encapsulation key is kept outside the isolated memory space, the security of the encapsulation key may be guaranteed by the encryption mechanism.

In step S35, a local authentication is initiated to the second isolated memory space through the first isolated memory space, and after the authentication is passed, at least one key in the key set is obtained from the second isolated memory space, where the at least one key includes a data decryption key.

In one possible implementation, after obtaining at least one key in the key set from the second isolated memory space, the method further includes: destroying the second isolated memory space by the framework program. In this implementation, resources can be released by destroying the second isolated memory space.

In step S36, the encrypted data to be processed is decrypted by the first isolated memory space using the data decryption key, and the data processing program in the first isolated memory space is executed to obtain the data processing result.

In one possible implementation, the data processing program is a binary program compiled from data processing logic.

In one possible implementation, the mapping node may verify the data to be processed before executing the data processing program. In this implementation, the identification information is l_mThe mapping node can record all the identification information l of the data to be processed input into the mapping node_inSaved as set B_in,m. Before processing the new data to be processed, B_in,mSearching the identification information l of the new data to be processed_inAnd if so, determining that the repeated input attack exists, otherwise, determining that the new to-be-processed data passes the verification.

In one possible implementation, executing a data processing program in the first isolated memory space to obtain a data processing result includes: executing a data processing program in the first isolated memory space to obtain a data processing intermediate result; encrypting the intermediate result of data processing to obtain an encrypted intermediate result of data processing; and sending the encrypted data processing intermediate result to the reduction node, and obtaining a data processing result by the reduction node according to the encrypted data processing intermediate result.

In one possible implementation, the at least one key further comprises a key for encrypting intermediate data; encrypting the data processing intermediate results, comprising: and encrypting the data processing intermediate result by using the key for encrypting the intermediate data and the identification information of the computing node to obtain the encrypted data processing intermediate result.

In this implementation, the data processing intermediate result is the output of the mapping node, i.e., the input of the reduction node. For example, the plain text of the intermediate result of the data processing output by the mapping node is<K_inter:V_inter>The intermediate result of the encrypted data processing is<K′_inter:V′_inter>. Wherein the content of the first and second substances,

wherein R is the number of reduction nodes, and R is the processed data processing intermediate result K_interThe value range of R is [0, R-1] for the serial number of the corresponding reduction node, i.e. the serial number of the reduction node to which the intermediate result of the data processing needs to be sent](ii) a j is a task identifier, namely the unique identifier of the task; l_mFor the identification of mapping nodesInformation, i_m,rIs the sequence number of the data block sent from mapping node m to reduction node r; k is a radical of_interA key for encrypting intermediate results of the data processing; k is a radical of_prfA key used by a pseudo-random function for calculating to which reduction node the intermediate result of the data processing is sent.

In this implementation, in addition to outputting the data processing intermediate results, the mapping node may also output KV for security verification_closeAnd FM. Wherein the content of the first and second substances,

wherein, B_in,mIs marked with information of l_mThe mapping node receives the identification information l of the data to be processed_inSet of (a), k_jobThe key corresponding to the verification information.

In one possible implementation manner, the data processing program reads the data to be processed through a read interface provided by the first isolated memory space, and the data processing program writes the data processing result through a write interface provided by the first isolated memory space. For example, the read interface provided by the first isolated memory space is a KVread () interface, and the write interface provided by the first isolated memory space is a KVwrite () interface. The read interface provided by the first isolated memory space may be security checked and decrypted before returning the data to the data handler. The write interface provided by the first isolated memory space may encrypt the data and may append fields for security checking before passing the data outside the first isolated memory space.

In a possible implementation manner, after obtaining the data processing result according to the encrypted data processing intermediate result, the reduction node encrypts the data processing result to obtain an encrypted data processing result, and returns the encrypted data processing result to the user side. For example, the plaintext output block of the data processing result is KV_outThe result of the encrypted data processing is

Wherein l_outIdentification information of the data processing result, for example, the identification information of the data processing result may be a summary of the data processing result; k is a radical of_outIs a key used to encrypt the data processing results.

In addition to the data processing result, in one possible implementation, the reduction node may also output check information FR,

wherein, B_out,rIdentification information l of data processing result output for reduction node with sequence number r_outSet of (2), P_rKV received by reduction node with serial number r_closeIn (1) to_mA collection of (a).

In a possible implementation manner, when receiving the intermediate result of data processing, the reduction node verifies whether the task identifier j is correct, and determines whether r is the serial number of the reduction node. The reduction node finishes data processing according to KV_closeConfirmation i_m,rAnd whether the data blocks of the data to be processed of all the sequence numbers are correct or not is confirmed, and whether the data blocks of the data to be processed of all the sequence numbers are received and received only once is confirmed.

In one possible implementation, before executing the data processing program in the first isolated memory space, the method further includes: a first isolated memory space is initialized.

In one possible implementation, after the data processing is completed, the method further includes: destroying the first isolated memory space through the framework program. In this implementation, resources can be released by destroying the first isolated memory space after data processing is completed.

In the embodiment of the disclosure, the computing node loads a second isolated memory space file through a framework program by receiving a data processing subtask issued by the control node, creates a second isolated memory space, initiates remote authentication to the user terminal through the second isolated memory space, acquires a key set from the user terminal after the remote authentication passes, decrypts the first isolated memory space file based on a decryption key of the first isolated memory space file in the key set, loads the first isolated memory space file, creates a first isolated memory space, initiates local authentication to the second isolated memory space through the first isolated memory space, acquires at least one key in the key set from the second isolated memory space after the authentication passes, decrypts the encrypted data to be processed by using the data decryption key through the first isolated memory space, and executing the data processing program in the first isolated memory space to obtain a data processing result, thereby providing a scheme for providing safety protection for data processing by using the isolated memory space in a distributed operation scene, and improving the safety of data processing on the cloud.

Fig. 4 shows a flow diagram of a data processing method according to an embodiment of the present disclosure. As shown in fig. 4, the method may include: in step S401, the user side compiles the data processing logic through the first component (DataCapsule SDK) to obtain a compilation result of the data processing logic, where the compilation result includes a first isolated memory space file (IP _ Enclave), a second isolated memory space file (Sealed _ Enclave), and a framework program (framework F); in step S402, the user side receives the to-be-processed data uploaded by the user, the key for encrypting the to-be-processed data, and the compiling result through the second component (Client Library); in step S403, the user performs blocking and encryption on the to-be-processed data through the second component to obtain encrypted to-be-processed data; in step S404, the user side uploads the encrypted data to be processed to the HDFS of the control node through the second component; in step S405, the user side submits a data processing task to the YARN resource manager in the control node through the second component according to the task configuration file; in step S406, the control node issues a data processing sub-task to the compute node through the YARN resource manager; in step S407, the computing node initiates remote authentication to a second component at the user side, and acquires a key set from the second component after the remote authentication is passed; in step S408, the computing node decrypts the encrypted to-be-processed data by using the data decryption key, and executes the data processing program in the first isolated memory space to obtain a data processing result; in step S409, the compute node returns the encrypted data processing result to the second component at the user side; in step S410, the user side verifies and decrypts the encrypted data processing result through the second component to obtain a decrypted data processing result.

Fig. 5 shows another flow diagram of a data processing method according to an embodiment of the present disclosure. In fig. 5, the first isolated memory space (IP _ enclosure) and the second isolated memory space (Sealed _ enclosure) are trusted execution areas, and the rest is not trusted, so that data security can be ensured by using encryption. In fig. 5, a first isolated memory space may use encryption tools to implement code protection. The first isolated memory space may be divided into a data processing module (E-) and a non-user implementation module (E +). Wherein, the data processing module comprises a data processing program. The non-user-implemented module is provided by the SDK and may be used to implement security protocols, control input and output streams, and perform local authentication as the authenticatee. The second isolated memory space may serve as both a remotely verified authenticatee and a locally verified authenticator. The second isolated memory space may further encapsulate the decryption key of the first isolated memory space file to obtain the Sealed _ key. It should be noted that, for convenience of understanding, the data processing module (E-) and the non-user implementation module (E +) are separately expressed in fig. 5. In practical applications, the data processing module (E-) and the non-user-implemented module (E +) may be compiled together.

The embodiment of the disclosure can be applied to a Hadoop MapReduce distributed computing framework, and therefore a scheme for providing safety protection for data processing by using an SGX technology under the Hadoop MapReduce distributed computing framework is provided.

The data processing method provided by the embodiment of the disclosure provides a complete security protocol for distributed operation, and can prevent an attacker from attacking unprotected distributed operation data in the transmission process between nodes. According to the scheme provided by the embodiment of the disclosure, when data processing is performed in an untrusted distributed cloud environment, the data to be processed, the data processing logic, the data processing intermediate result and the data processing result can still be ensured not to be leaked or tampered. The embodiment of the disclosure solves the problem of incredibility of the distributed cloud environment, enhances the security of data processing on the cloud, and is beneficial to promoting the development of cloud services.

Fig. 6 shows a block diagram of a data processing apparatus according to an embodiment of the present disclosure. The data processing device may be a device at a user end. As shown in fig. 6, the data processing apparatus includes: an obtaining module 61, configured to obtain a compiling result of the data processing logic, data to be processed, and a task configuration file, where the compiling result includes a first isolated memory space file and a second isolated memory space file; the first encryption module 62 is configured to encrypt the data to be processed to obtain encrypted data to be processed; the uploading module 63 is configured to upload the encrypted data to be processed to the control node; a submitting module 64, configured to submit a data processing task to the control node according to the task configuration file, where the data processing task carries a compiling result; a first receiving module 65, configured to receive an encrypted data processing result returned by at least one computing node; and the first decryption module 66 is configured to decrypt the encrypted data processing result to obtain a decrypted data processing result.

In one possible implementation, the first encryption module 62 is configured to: and encrypting the data to be processed by adopting the associated data of the data to be processed.

In one possible implementation, the first decryption module 66 is configured to: and decrypting the encrypted data processing result under the condition that the encrypted data processing result passes the verification.

In one possible implementation manner, the data processing task is used as a basis for the control node to issue a data processing subtask to at least one computing node, where the data processing subtask carries the compilation result and the encrypted data to be processed.

Fig. 7 illustrates another block diagram of a data processing apparatus according to an embodiment of the present disclosure. The data processing apparatus may be a control node. As shown in fig. 7, the data processing apparatus includes: a second receiving module 71, configured to receive the encrypted to-be-processed data uploaded by the user side; a third receiving module 72, configured to receive a data processing task submitted by a user end according to a task configuration file, where the data processing task carries a compilation result, and the compilation result is obtained by the user end according to data processing logic compilation, where the compilation result includes a first isolated memory space file and a second isolated memory space file; and the issuing module 73 is configured to issue a data processing sub-task to at least one computing node according to the data processing task, where the data processing sub-task carries the compilation result and the encrypted to-be-processed data.

Fig. 8 shows another block diagram of a data processing apparatus according to an embodiment of the present disclosure. The data processing apparatus may be a compute node. As shown in fig. 8, the data processing apparatus includes: a fourth receiving module 81, configured to receive a data processing subtask issued by the control node, where the data processing subtask carries a compilation result and encrypted data to be processed, where the compilation result is obtained by the user side through compilation according to a data processing logic, and the compilation result includes a first isolated memory space file and a second isolated memory space file; a first loading module 82, configured to load a second isolated memory space file through a framework program, and create a second isolated memory space; the remote authentication module 83 is configured to initiate remote authentication to the user side through the second isolated memory space, and obtain the key set from the user side after the remote authentication is passed; a second loading module 84, configured to decrypt the first isolated memory space file based on the decryption key of the first isolated memory space file in the key set, and load the first isolated memory space file to create a first isolated memory space; a local verification module 85, configured to initiate local verification to the second isolated memory space through the first isolated memory space, and obtain at least one key in the key set from the second isolated memory space after the local verification passes, where the at least one key includes a data decryption key; the data processing module 86 is configured to decrypt the encrypted to-be-processed data by using the data decryption key through the first isolated memory space, and execute a data processing program in the first isolated memory space to obtain a data processing result.

In one possible implementation, the second loading module 84 includes: the encapsulation submodule is used for encapsulating the decryption key of the first isolated memory space file in the key set outside the isolated memory space through the second isolated memory space to obtain an encapsulation key; and the decryption submodule is used for decrypting the first isolated memory space file by adopting the packaging key through the framework program.

In one possible implementation, the apparatus further includes: and the first destroying module is used for destroying the second isolated memory space through the frame program.

In one possible implementation manner, the data processing program reads the data to be processed through a read interface provided by the first isolated memory space, and the data processing program writes the data processing result through a write interface provided by the first isolated memory space.

In one possible implementation, the apparatus further includes: and the second destroying module is used for destroying the first isolated memory space through the frame program.

In one possible implementation, the data processing module 86 is configured to: executing a data processing program in the first isolated memory space to obtain a data processing intermediate result; encrypting the intermediate result of data processing to obtain an encrypted intermediate result of data processing; and sending the encrypted data processing intermediate result to the reduction node, and obtaining a data processing result by the reduction node according to the encrypted data processing intermediate result.

In one possible implementation, the at least one key further comprises a key for encrypting intermediate data; the data processing module 86 is configured to: and encrypting the data processing intermediate result by using the key for encrypting the intermediate data and the identification information of the computing node to obtain the encrypted data processing intermediate result.

FIG. 9 shows an architecture diagram of a data processing system according to an embodiment of the present disclosure. As shown in fig. 9, a data processing system may include a user terminal 91, a control node 92, and at least one compute node 93. The client 91 may be the data processing apparatus shown in fig. 6, and the client 91 may be configured to execute the data processing method corresponding to fig. 1; the control node 92 may be the data processing apparatus shown in fig. 7, and the control node 92 may be configured to execute the data processing method corresponding to fig. 2; the computing node 93 may be the data processing apparatus shown in fig. 8, and the computing node 93 may be configured to execute the data processing method corresponding to fig. 3.

Fig. 10 is a block diagram illustrating an apparatus 800 for data processing in accordance with an example embodiment. The device 800 for data processing may be a device at the user end. For example, the apparatus 800 may be a mobile phone, a computer, a digital broadcast terminal, a messaging device, a game console, a tablet device, a medical device, an exercise device, a personal digital assistant, and the like.

Referring to fig. 10, the apparatus 800 may include one or more of the following components: processing component 802, memory 804, power component 806, multimedia component 808, audio component 810, input/output (I/O) interface 812, sensor component 814, and communication component 816.

The processing component 802 generally controls overall operation of the device 800, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing components 802 may include one or more processors 820 to execute instructions to perform all or a portion of the steps of the methods described above. Further, the processing component 802 can include one or more modules that facilitate interaction between the processing component 802 and other components. For example, the processing component 802 can include a multimedia module to facilitate interaction between the multimedia component 808 and the processing component 802.

The memory 804 is configured to store various types of data to support operations at the apparatus 800. Examples of such data include instructions for any application or method operating on device 800, contact data, phonebook data, messages, pictures, videos, and so forth. The memory 804 may be implemented by any type or combination of volatile or non-volatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.

Power components 806 provide power to the various components of device 800. The power components 806 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the apparatus 800.

The multimedia component 808 includes a screen that provides an output interface between the device 800 and a user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 808 includes a front facing camera and/or a rear facing camera. The front camera and/or the rear camera may receive external multimedia data when the device 800 is in an operating mode, such as a shooting mode or a video mode. Each front camera and rear camera may be a fixed optical lens system or have a focal length and optical zoom capability.

The audio component 810 is configured to output and/or input audio signals. For example, the audio component 810 includes a Microphone (MIC) configured to receive external audio signals when the apparatus 800 is in an operational mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signals may further be stored in the memory 804 or transmitted via the communication component 816. In some embodiments, audio component 810 also includes a speaker for outputting audio signals.

The I/O interface 812 provides an interface between the processing component 802 and peripheral interface modules, which may be keyboards, click wheels, buttons, etc. These buttons may include, but are not limited to: a home button, a volume button, a start button, and a lock button.

The sensor assembly 814 includes one or more sensors for providing various aspects of state assessment for the device 800. For example, the sensor assembly 814 may detect the open/closed status of the device 800, the relative positioning of components, such as a display and keypad of the device 800, the sensor assembly 814 may also detect a change in the position of the device 800 or a component of the device 800, the presence or absence of user contact with the device 800, the orientation or acceleration/deceleration of the device 800, and a change in the temperature of the device 800. Sensor assembly 814 may include a proximity sensor configured to detect the presence of a nearby object without any physical contact. The sensor assembly 814 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 814 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.

The communication component 816 is configured to facilitate communications between the apparatus 800 and other devices in a wired or wireless manner. The device 800 may access a wireless network based on a communication standard, such as WiFi, 2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 816 receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 816 further includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.

In an exemplary embodiment, the apparatus 800 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, micro-controllers, microprocessors or other electronic components for performing the above-described methods.

In an exemplary embodiment, a non-transitory computer-readable storage medium, such as the memory 804, is also provided that includes computer program instructions executable by the processor 820 of the device 800 to perform the above-described methods.

Fig. 11 is a block diagram illustrating an apparatus 1900 for data processing according to an example embodiment. The apparatus 1900 for data processing may be a server-side apparatus. For example, the apparatus 1900 for data processing may be a control node or a computing node of a server. For example, the apparatus 1900 may be provided as a server. Referring to FIG. 11, the device 1900 includes a processing component 1922 further including one or more processors and memory resources, represented by memory 1932, for storing instructions, e.g., applications, executable by the processing component 1922. The application programs stored in memory 1932 may include one or more modules that each correspond to a set of instructions. Further, the processing component 1922 is configured to execute instructions to perform the above-described method.

The device 1900 may also include a power component 1926 configured to perform power management of the device 1900, a wired or wireless network interface 1950 configured to connect the device 1900 to a network, and an input/output (I/O) interface 1958. The device 1900 may operate based on an operating system stored in memory 1932, such as Windows Server, MacOS XTM, UnixTM, LinuxTM, FreeBSDTM, or the like.

In an exemplary embodiment, a non-transitory computer readable storage medium, such as the memory 1932, is also provided that includes computer program instructions executable by the processing component 1922 of the apparatus 1900 to perform the above-described methods.

The present disclosure may be systems, methods, and/or computer program products. The computer program product may include a computer-readable storage medium having computer-readable program instructions embodied thereon for causing a processor to implement various aspects of the present disclosure.

The computer readable storage medium may be a tangible device that can hold and store the instructions for use by the instruction execution device. The computer readable storage medium may be, for example, but not limited to, an electronic memory device, a magnetic memory device, an optical memory device, an electromagnetic memory device, a semiconductor memory device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a Static Random Access Memory (SRAM), a portable compact disc read-only memory (CD-ROM), a Digital Versatile Disc (DVD), a memory stick, a floppy disk, a mechanical coding device, such as punch cards or in-groove projection structures having instructions stored thereon, and any suitable combination of the foregoing. Computer-readable storage media as used herein is not to be construed as transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission medium (e.g., optical pulses through a fiber optic cable), or electrical signals transmitted through electrical wires.

The computer-readable program instructions described herein may be downloaded from a computer-readable storage medium to a respective computing/processing device, or to an external computer or external storage device via a network, such as the internet, a local area network, a wide area network, and/or a wireless network. The network may include copper transmission cables, fiber optic transmission, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers. The network adapter card or network interface in each computing/processing device receives computer-readable program instructions from the network and forwards the computer-readable program instructions for storage in a computer-readable storage medium in the respective computing/processing device.

The computer program instructions for carrying out operations of the present disclosure may be assembler instructions, Instruction Set Architecture (ISA) instructions, machine-related instructions, microcode, firmware instructions, state setting data, or source or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The computer-readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider). In some embodiments, the electronic circuitry that can execute the computer-readable program instructions implements aspects of the present disclosure by utilizing the state information of the computer-readable program instructions to personalize the electronic circuitry, such as a programmable logic circuit, a Field Programmable Gate Array (FPGA), or a Programmable Logic Array (PLA).

Various aspects of the present disclosure are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-readable program instructions.

These computer-readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer-readable program instructions may also be stored in a computer-readable storage medium that can direct a computer, programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer-readable medium storing the instructions comprises an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.

The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer, other programmable apparatus or other devices implement the functions/acts specified in the flowchart and/or block diagram block or blocks.

The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

Having described embodiments of the present disclosure, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the disclosed embodiments. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terms used herein were chosen in order to best explain the principles of the embodiments, the practical application, or technical improvements to the techniques in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.

Claims

1. A data processing method is applied to a user side, and the method comprises the following steps:

encrypting the data to be processed to obtain encrypted data to be processed;

uploading the encrypted data to be processed to a control node;

2. The method of claim 1, wherein the compilation result further comprises a framework program, and wherein the framework program is an executable file.

3. The method of claim 1, wherein encrypting the data to be processed comprises:

4. The method of claim 1, wherein decrypting the encrypted data processing result comprises:

5. The method according to claim 1, wherein the data processing task is used as a basis for the control node to issue a data processing sub-task to at least one computing node, wherein the data processing sub-task carries the compilation result and the encrypted data to be processed.

6. A data processing method is applied to a control node, and comprises the following steps:

receiving encrypted data to be processed uploaded by a user side;

7. The method of claim 6, wherein the compiled result further comprises a framework program, and wherein the framework program is an executable file.

8. The method according to claim 6 or 7, wherein the encrypted data to be processed is obtained by encrypting the data to be processed according to the associated data of the data to be processed.

9. A data processing method is applied to a computing node, and comprises the following steps:

10. The method of claim 9, wherein decrypting the first isolated memory space file based on the decryption key for the first isolated memory space file in the key set comprises:

11. The method of claim 9, wherein after obtaining at least one key of the set of keys from the second isolated memory space, the method further comprises:

destroying the second isolated memory space through the framework program.

12. The method of claim 9, wherein the data processing program is a binary program compiled by the data processing logic.

13. The method according to claim 9 or 12, wherein the data processing program reads the data to be processed through a read interface provided by the first isolated memory space, and the data processing program writes the data processing result through a write interface provided by the first isolated memory space.

14. The method of claim 9, wherein after the data processing is complete, the method further comprises:

destroying the first isolated memory space through the framework program.

15. The method of claim 9, wherein executing the data processing program in the first isolated memory space to obtain the data processing result comprises:

16. The method of claim 15, wherein the at least one key further comprises a key for encrypting intermediate data;

encrypting the data processing intermediate result, comprising:

17. A data processing apparatus, comprising:

18. A data processing apparatus, comprising:

19. A data processing apparatus, comprising:

20. A data processing apparatus, comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor is configured to perform the method of any one of claims 1 to 5.

21. A data processing apparatus, comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor is configured to perform the method of any one of claims 6 to 8.

22. A data processing apparatus, comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor is configured to perform the method of any one of claims 9 to 16.

23. A computer readable storage medium having computer program instructions stored thereon, which when executed by a processor implement the method of any one of claims 1 to 5.

24. A computer readable storage medium having computer program instructions stored thereon, which when executed by a processor implement the method of any one of claims 6 to 8.

25. A computer readable storage medium having computer program instructions stored thereon, which when executed by a processor implement the method of any one of claims 9 to 16.