CN111382131B

CN111382131B - Data processing method, device and storage medium

Info

Publication number: CN111382131B
Application number: CN201811610521.3A
Authority: CN
Inventors: 李嘉奇; 周亚金; 于昇; 张帆; 任奎
Original assignee: Zhejiang University ZJU
Current assignee: Zhejiang University ZJU
Priority date: 2018-12-27
Filing date: 2018-12-27
Publication date: 2023-05-09
Anticipated expiration: 2038-12-27
Also published as: CN111382131A

Abstract

The present disclosure relates to a data processing method, apparatus, and storage medium. The method comprises the following steps: acquiring a compiling result of data processing logic, data to be processed and a task configuration file, wherein the compiling result comprises a first isolated memory space file and a second isolated memory space file; encrypting the data to be processed to obtain encrypted data to be processed; uploading the encrypted data to be processed to a control node; submitting a data processing task to the control node according to the task configuration file, wherein the data processing task carries the compiling result; receiving an encrypted data processing result returned by at least one computing node; and decrypting the encrypted data processing result to obtain a decrypted data processing result. The scheme for providing safety protection for data processing by using the isolated memory space in the distributed operation scene is provided, so that the safety of data processing on the cloud can be improved.

Description

Data processing method, device and storage medium

Technical Field

The disclosure relates to the field of computer technology, and in particular, to a data processing method, a data processing device and a storage medium.

Background

Because there is a risk of leakage or tampering of data on the cloud, users cannot fully trust the cloud service environment. These risks come from cloud service providers, or attackers that successfully invade and control cloud service nodes, etc. Under the Hadoop framework, even if the data encryption function of the HDFS (Hadoop Distributed File System ) is enabled, it is only guaranteed that the confidential data cannot be accessed by the low-authority application. In the case that the cloud service environment is not trusted, simple encryption cannot guarantee the security of confidential data. And under the distributed operation scene, the attacker's plane of attack is further enlarged. An attacker can destroy the integrity of the data by destroying the data transmission between the nodes, and destroy the calculation result. How to improve the security of data processing on the cloud is a problem to be solved.

Disclosure of Invention

In view of this, the present disclosure proposes a data processing method, apparatus and storage medium.

According to a first aspect of the present disclosure, there is provided a data processing method, where the method is applied to a user terminal, the method includes:

acquiring a compiling result of data processing logic, data to be processed and a task configuration file, wherein the compiling result comprises a first isolated memory space file and a second isolated memory space file;

Encrypting the data to be processed to obtain encrypted data to be processed;

uploading the encrypted data to be processed to a control node;

submitting a data processing task to the control node according to the task configuration file, wherein the data processing task carries the compiling result;

receiving an encrypted data processing result returned by at least one computing node;

and decrypting the encrypted data processing result to obtain a decrypted data processing result.

In one possible implementation, the compiling result further includes a framework program, and the framework program is an executable file.

In one possible implementation, encrypting the data to be processed includes:

encrypting the data to be processed by adopting the associated data of the data to be processed.

In one possible implementation, decrypting the encrypted data processing result includes:

and decrypting the encrypted data processing result under the condition that the encrypted data processing result passes verification.

In one possible implementation, the data processing task is used as a basis for the control node to issue a data processing subtask to at least one computing node, where the data processing subtask carries the compiling result and the encrypted data to be processed.

According to a second aspect of the present disclosure, there is provided a data processing method for use in a control node, the method comprising:

receiving encrypted data to be processed uploaded by a user side;

receiving a data processing task submitted by the user side according to a task configuration file, wherein the data processing task carries a compiling result, the compiling result is compiled by the user side according to data processing logic, and the compiling result comprises a first isolated memory space file and a second isolated memory space file;

and issuing a data processing subtask to at least one computing node according to the data processing task, wherein the data processing subtask carries a compiling result and the encrypted data to be processed.

In one possible implementation manner, the encrypted data to be processed is obtained by encrypting associated data of the data to be processed.

According to a third aspect of the present disclosure, there is provided a data processing method for use in a computing node, the method comprising:

Receiving a data processing subtask issued by a control node, wherein the data processing subtask carries a compiling result and encrypted data to be processed, the compiling result is compiled by a user side according to data processing logic, and the compiling result comprises a first isolated memory space file and a second isolated memory space file;

loading the second isolated memory space file through a framework program, and creating a second isolated memory space;

initiating remote verification to the user terminal through the second isolated memory space, and acquiring a key set from the user terminal after the remote verification is passed;

decrypting a first isolated memory space file based on a decryption key of the first isolated memory space file in the key set, loading the first isolated memory space file, and creating a first isolated memory space;

initiating a local verification to the second isolated memory space through the first isolated memory space, and after the verification is passed, obtaining at least one key in the key set from the second isolated memory space, wherein the at least one key comprises a data decryption key;

And decrypting the encrypted data to be processed by the first isolated memory space by adopting the data decryption key, and executing a data processing program in the first isolated memory space to obtain a data processing result.

In one possible implementation, decrypting a first isolated memory space file in the set of keys based on a decryption key of the first isolated memory space file includes:

the decryption key of the first isolated memory space file in the key set is packaged outside the isolated memory space through the second isolated memory space, and a packaged key is obtained;

and decrypting the first isolated memory space file by the framework program by adopting the encapsulation key.

In one possible implementation, after retrieving at least one key of the set of keys from the second isolated memory space, the method further includes:

destroying the second isolated memory space by the framework program.

In one possible implementation, the data processing program is a binary program compiled by the data processing logic.

In one possible implementation manner, the data processing program reads data to be processed through a read interface provided by the first isolated memory space, and the data processing program writes data processing results through a write interface provided by the first isolated memory space.

In one possible implementation, after the data processing is completed, the method further includes:

destroying the first isolated memory space by the framework program.

In one possible implementation manner, executing the data processing program in the first isolated memory space to obtain a data processing result includes:

executing a data processing program in the first isolated memory space to obtain a data processing intermediate result;

encrypting the data processing intermediate result to obtain an encrypted data processing intermediate result;

and sending the encrypted data processing intermediate result to a reduction node, and obtaining a data processing result by the reduction node according to the encrypted data processing intermediate result.

In one possible implementation, the at least one key further comprises a key for encrypting the intermediate data;

encrypting the data processing intermediate result, comprising:

and encrypting the data processing intermediate result by adopting the key for encrypting the intermediate data and the identification information of the computing node to obtain an encrypted data processing intermediate result.

According to a fourth aspect of the present disclosure, there is provided a data processing apparatus comprising:

The system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring a compiling result of data processing logic, data to be processed and a task configuration file, and the compiling result comprises a first isolated memory space file and a second isolated memory space file;

the first encryption module is used for encrypting the data to be processed to obtain encrypted data to be processed;

the uploading module is used for uploading the encrypted data to be processed to a control node;

the submitting module is used for submitting a data processing task to the control node according to the task configuration file, wherein the data processing task carries the compiling result;

the first receiving module is used for receiving the encrypted data processing result returned by the at least one computing node;

and the first decryption module is used for decrypting the encrypted data processing result to obtain a decrypted data processing result.

In one possible implementation manner, the first encryption module is configured to: encrypting the data to be processed by adopting the associated data of the data to be processed.

In one possible implementation manner, the first decryption module is configured to: and decrypting the encrypted data processing result under the condition that the encrypted data processing result passes verification.

According to a fifth aspect of the present disclosure, there is provided a data processing apparatus comprising:

the second receiving module is used for receiving the encrypted data to be processed uploaded by the user side;

the third receiving module is used for receiving a data processing task submitted by the user side according to a task configuration file, wherein the data processing task carries a compiling result, the compiling result is compiled by the user side according to data processing logic, and the compiling result comprises a first isolated memory space file and a second isolated memory space file;

and the issuing module is used for issuing a data processing subtask to at least one computing node according to the data processing task, wherein the data processing subtask carries a compiling result and the encrypted data to be processed.

According to a sixth aspect of the present disclosure, there is provided a data processing apparatus comprising:

a fourth receiving module, configured to receive a data processing subtask issued by a control node, where the data processing subtask carries a compiling result and encrypted data to be processed, where the compiling result is compiled by a user side according to data processing logic, and the compiling result includes a first isolated memory space file and a second isolated memory space file;

the first loading module is used for loading the second isolated memory space file through the framework program and creating a second isolated memory space;

the remote verification module is used for initiating remote verification to the user terminal through the second isolated memory space, and acquiring a key set from the user terminal after the remote verification is passed;

the second loading module is used for decrypting the first isolated memory space file based on a decryption key of the first isolated memory space file in the key set, loading the first isolated memory space file and creating a first isolated memory space;

The local verification module is used for initiating local verification to the second isolated memory space through the first isolated memory space, and acquiring at least one key in the key set from the second isolated memory space after the verification is passed, wherein the at least one key comprises a data decryption key;

and the data processing module is used for decrypting the encrypted data to be processed by adopting the data decryption key through the first isolated memory space and executing a data processing program in the first isolated memory space to obtain a data processing result.

In one possible implementation manner, the second loading module includes:

the packaging submodule is used for packaging the decryption key of the first isolated memory space file in the key set outside the isolated memory space through the second isolated memory space to obtain a packaging key;

and the decryption sub-module is used for decrypting the first isolated memory space file by adopting the encapsulation key through the framework program.

In one possible implementation, the apparatus further includes:

the first destroying module is used for destroying the second isolated memory space through the framework program.

In one possible implementation, the apparatus further includes:

the second destroying module is used for destroying the first isolated memory space through the framework program.

In one possible implementation, the data processing module is configured to:

The data processing module is used for:

According to a seventh aspect of the present disclosure, there is provided a data processing apparatus comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor is configured to perform the data processing method of the first aspect.

According to an eighth aspect of the present disclosure, there is provided a data processing apparatus comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor is configured to perform the data processing method of the second aspect described above.

According to a ninth aspect of the present disclosure, there is provided a data processing apparatus comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor is configured to perform the data processing method according to the third aspect.

According to a tenth aspect of the present disclosure, there is provided a computer readable storage medium having stored thereon computer program instructions, characterized in that the computer program instructions, when executed by a processor, implement the data processing method according to the first aspect described above.

According to an eleventh aspect of the present disclosure, there is provided a computer readable storage medium having stored thereon computer program instructions, characterized in that the computer program instructions, when executed by a processor, implement the data processing method according to the second aspect described above.

According to a twelfth aspect of the present disclosure, there is provided a computer-readable storage medium having stored thereon computer program instructions, characterized in that the computer program instructions, when executed by a processor, implement the data processing method according to the third aspect described above.

In the embodiment of the disclosure, a user side obtains a compiling result of a data processing logic, data to be processed and a task configuration file, wherein the compiling result comprises a first isolated memory space file and a second isolated memory space file, the user side encrypts the data to be processed to obtain encrypted data to be processed, the encrypted data to be processed is uploaded to a control node, and a data processing task is submitted to the control node according to the task configuration file, wherein the data processing task carries the compiling result, the user side receives the encrypted data processing result returned by at least one computing node and decrypts the encrypted data processing result to obtain a decrypted data processing result, and therefore a scheme for providing security protection for data processing by using the isolated memory space under a distributed operation scene is provided, and therefore security of data processing on cloud can be improved.

Other features and aspects of the present disclosure will become apparent from the following detailed description of exemplary embodiments, which proceeds with reference to the accompanying drawings.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate exemplary embodiments, features and aspects of the present disclosure and together with the description, serve to explain the principles of the disclosure.

Fig. 1 shows a flow chart of a data processing method according to an embodiment of the present disclosure.

Fig. 2 illustrates another flow chart of a data processing method according to an embodiment of the present disclosure.

Fig. 3 illustrates another flow chart of a data processing method according to an embodiment of the present disclosure.

Fig. 4 shows a flow diagram of a data processing method according to an embodiment of the present disclosure.

Fig. 5 shows another flow diagram of a data processing method according to an embodiment of the present disclosure.

Fig. 6 shows a block diagram of a data processing apparatus according to an embodiment of the present disclosure.

Fig. 7 illustrates another block diagram of a data processing apparatus according to an embodiment of the present disclosure.

Fig. 8 illustrates another block diagram of a data processing apparatus according to an embodiment of the present disclosure.

FIG. 9 illustrates an architecture diagram of a data processing system according to an embodiment of the present disclosure.

Fig. 10 is a block diagram illustrating an apparatus 800 for data processing according to an example embodiment.

FIG. 11 is a block diagram illustrating an apparatus 1900 for data processing according to an example embodiment.

Detailed Description

Various exemplary embodiments, features and aspects of the disclosure will be described in detail below with reference to the drawings. In the drawings, like reference numbers indicate identical or functionally similar elements. Although various aspects of the embodiments are illustrated in the accompanying drawings, the drawings are not necessarily drawn to scale unless specifically indicated.

The word "exemplary" is used herein to mean "serving as an example, embodiment, or illustration. Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments.

In addition, numerous specific details are set forth in the following detailed description in order to provide a better understanding of the present disclosure. It will be understood by those skilled in the art that the present disclosure may be practiced without some of these specific details. In some instances, methods, means, elements, and circuits well known to those skilled in the art have not been described in detail in order not to obscure the present disclosure.

Fig. 1 shows a flow chart of a data processing method according to an embodiment of the present disclosure. The data processing method is applied to the user side. In some possible implementations, the data processing method may be implemented by way of a processor invoking computer readable instructions stored in a memory. As shown in fig. 1, the data processing method includes steps S11 to S16.

In step S11, a compiling result of the data processing logic, the data to be processed, and the task configuration file are obtained, where the compiling result includes a first isolated memory space file and a second isolated memory space file.

In the disclosed embodiments, data processing logic may refer to code for data processing. For example, the data processing logic may write code for a user to process data to be processed.

In the disclosed embodiment, the isolated memory space may refer to Enclave in SGX (Software Guard Extensions, software guard extension). The isolated memory space file may be referred to as an Enclave file. The isolated memory space file may be a so file, where the so file refers to a file with a suffix of. For example, the first isolated memory space file and the second isolated memory space file may both be dynamic library files with a suffix of. So.

In one possible implementation manner, the user side may compile the data processing logic through the first component to obtain a compiling result. For example, the first component may be a DataCapsule SDK (Software Development Kit ).

In the disclosed embodiments, the first component may provide other functions in addition to data processing logic. For example, the first component may provide a framework program, implement a security protocol, control the input-output streams, and so forth. In addition, since many function libraries in enclaspe of SGX cannot be used normally, the first component may also provide some necessary function libraries.

In one possible implementation, the compiling result further includes a framework program, which is an executable file. In this implementation, the compilation results include a first isolated memory space file, a second isolated memory space file, and a framework program. For example, the framework program may be framework F. In the embodiment of the disclosure, the framework program is a main process.

In another possible implementation, the compilation result may include a first isolated memory space file and a second isolated memory space file, excluding the framework program. Because the framework programs are the same for different data processing logics, the framework programs can be kept in an operation state on the computing nodes, and when a user side needs to submit a data processing task, only the first isolated memory space file and the second isolated memory space file need to be uploaded, and the framework programs do not need to be uploaded. And loading the first isolated memory space file and the second isolated memory space file by a framework program running in the computing node, and entering a data processing flow.

In step S12, the data to be processed is encrypted, resulting in encrypted data to be processed.

In one possible implementation, the user side may encrypt the data to be processed through the second component. For example, the second component may be a Client Library. In the embodiment of the disclosure, the second component may serve as an intermediate layer for the interaction between the user side and the server side (the control node or the computing node), so that the security protocol can be transparent to the user. In the disclosed embodiment, the second component may provide an API (Application Programming Interface ) for other programs to use, and may also be an executable program like a client program.

In the embodiment of the disclosure, the second component may further perform blocking on the data to be processed before encrypting the data to be processed.

In one possible implementation, the key used to encrypt the data to be processed may be provided by the user.

In another possible implementation, the key used to encrypt the data to be processed may be generated by the second component.

To facilitate the understanding below, the following notations are defined herein:

m|n denotes a direct splice of m and n, e.g. m is hellow and n is world, then m|n is hellowworld;

Enc _k (text, ad) means that AES-GCM (Advanced Encryption Standard-Galois/Counter Mode, advanced encryption standard-Galois field/Counter Mode) encrypts data text using symmetric key k, the encrypted associated data is ad;

Enc _k [ad]{ text } represents ad|Enc _k (text,ad)；

PRF _k (text) represents a function that generates a pseudo-random value based on the key k and the data text.

In one possible implementation, encrypting the data to be processed includes: and encrypting the data to be processed by adopting the associated data of the data to be processed. In this implementation, the associated data of the data to be processed may be identification information of the data to be processed. The identification information of the data to be processed may be a summary of the data to be processed. For example, the identification information l of the data block Input of each data to be processed may be determined _in The identification information l _in Associated data of the data block Input as the data to be processed, obtaining the encrypted data block of the data to be processed

Wherein k is _in Representing a key used to encrypt the data to be processed. Since the data to be processed is input data of a Map node among the computing nodes, k is _in It is also understood as a key for encrypting the input data of the mapping node.

In step S13, the encrypted data to be processed is uploaded to the control node.

In the embodiment of the disclosure, the control node may represent a node for task allocation in the server.

In one possible implementation, the encrypted pending data may be uploaded to the control node by the second component.

In one possible implementation, the encrypted pending data may be uploaded into the HDFS of the control node.

In one possible implementation, the encrypted data to be processed may be uploaded to the control node in the form of data chunks of the encrypted data to be processed.

In step S14, a data processing task is submitted to the control node according to the task configuration file, wherein the data processing task carries the compiling result.

In one possible implementation, the data processing tasks may be submitted to the control node by the second component according to the task profile.

In one possible implementation, data processing tasks may be submitted to a YARN (Yet Another Resource Negotiator, another Resource coordinator) Resource Manager (Resource Manager) in the control node.

In the embodiment of the disclosure, if the compiling result includes a first isolated memory space file, a second isolated memory space file and a frame program, the data processing task carries the first isolated memory space file, the second isolated memory space file and the frame program; if the compiling result includes the first isolated memory space file and the second isolated memory space file and does not include the framework program, the data processing task carries the first isolated memory space file and the second isolated memory space file and does not carry the framework program.

In the embodiment of the disclosure, the data processing task may be used as a basis for the control node to issue a data processing subtask to at least one computing node, where the data processing subtask carries a compiling result and encrypted data to be processed. In other words, the control node may issue data processing subtasks to at least one computing node in accordance with the data processing tasks. In the embodiment of the present disclosure, if the compiling result includes a first isolated memory space file, a second isolated memory space file, and a framework program, the data processing subtask carries the first isolated memory space file, the second isolated memory space file, and the framework program; if the compiling result includes the first isolated memory space file and the second isolated memory space file and does not include the framework program, the data processing subtask carries the first isolated memory space file and the second isolated memory space file and does not carry the framework program.

In step S15, the encrypted data processing result returned by the at least one computing node is received.

In embodiments of the present disclosure, the computing nodes of the server may include a map node and a Reduce node. The mapping nodes can perform data processing on the data to be processed to obtain data processing intermediate results, the reduction nodes can reduce the data processing intermediate results according to the data processing intermediate results from at least one mapping node to obtain data processing results, encrypt the data processing results to obtain encrypted data processing results, and return the encrypted data processing results to the user side.

In step S16, the encrypted data processing result is decrypted, and the decrypted data processing result is obtained.

In one possible implementation, the encrypted data processing results may be decrypted by the second component.

In one possible implementation, decrypting the encrypted data processing results includes: and decrypting the encrypted data processing result when the encrypted data processing result passes the verification. In this implementation, the encrypted data processing results may be verified prior to decrypting the encrypted data processing results. If the encrypted data processing result passes the verification, the encrypted data processing result can be decrypted; if the verification of the encrypted data processing result is not passed, the existence of the attack can be judged.

In this implementation, the encrypted data processing result may be verified by the second component.

In one possible implementation, the second component may verify the encrypted data processing result through a verification (verifier) module. In this implementation, the second component, upon submitting a data processing task, may save the following information for verification: task identification j of data processing task and secret key k corresponding to verification information _job Reduction of the number of nodesNumber R and identification information l of all data to be processed _in Set B of (2) _in 。

In this implementation, the verification module in the second component may perform one or more of the following verifications:

verifying whether the task identifier in the received verification information FR and the received verification information FM is consistent with the task identifier j stored by the verification module;

verifying whether the serial number r of the reduction node in the received verification information FR belongs to [0, R-1];

verifying P in received verification information FR _r Is set P of (2) _v And/collected in verification information FM _m Is set P of (2) _verifier Whether or not to meet P _v ＝P _verifier ；

Verifying all B in the received verification information FM _in,m Whether there is no intersection, and all B _in,m The union of just B _in ；

Verifying all B in the received verification information FR _out,r Whether there is no intersection, and all B's thereof _out,r The union of the two is exactly equal to KV' _out All of (1) _out Is a union of (a) and (b).

As an example of this implementation, the encrypted data processing result may be determined to verify when one or more of the following conditions are met: the task identifiers in the received verification information FR and the received verification information FM are consistent with the task identifier j stored by the verification module; the sequence number r of the reduction node in the received verification information FR belongs to [0, r-1 ]]The method comprises the steps of carrying out a first treatment on the surface of the P in received verification information FR _r Is set P of (2) _v And/collected in verification information FM _m Is set P of (2) _verifier Satisfy P _v ＝P _verifier The method comprises the steps of carrying out a first treatment on the surface of the All B in the received check information FM _in,m There is no intersection, and all B _in,m The union of just B _in The method comprises the steps of carrying out a first treatment on the surface of the All B in the received verification information FR _out,r There is no intersection, and all B's thereof _out,r The union of the two is exactly equal to KV' _out All of (1) _out Is a union of (a) and (b).

Fig. 2 illustrates another flow chart of a data processing method according to an embodiment of the present disclosure. The data processing method is applied to the control node. In some possible implementations, the data processing method may be implemented by way of a processor invoking computer readable instructions stored in a memory. As shown in fig. 2, the data processing method includes steps S21 to S23.

In step S21, the encrypted pending data uploaded by the user terminal is received.

In one possible implementation, the encrypted data to be processed is obtained by encrypting associated data of the data to be processed.

In step S22, a data processing task submitted by the user terminal according to the task configuration file is received, where the data processing task carries a compiling result, and the compiling result is compiled by the user terminal according to the data processing logic, and the compiling result includes a first isolated memory space file and a second isolated memory space file.

In one possible implementation, the compiling result further includes a framework program, which is an executable file.

In step S23, a data processing subtask is issued to at least one computing node according to the data processing task, where the data processing subtask carries the compiling result and encrypted data to be processed.

In one possible implementation, the control node may issue data processing subtasks to each computing node through a Hadoop resource management process. For example, the control node may issue data processing subtasks to the various computing nodes through the YARN resource manager.

In the embodiment of the disclosure, a control node receives a data processing task submitted by a user terminal according to a task configuration file by receiving encrypted data to be processed uploaded by the user terminal, wherein the data processing task carries a compiling result, the compiling result is compiled by the user terminal according to data processing logic, the compiling result comprises a first isolated memory space file and a second isolated memory space file, and a data processing subtask is issued to at least one computing node according to the data processing task, wherein the data processing subtask carries the compiling result and the encrypted data to be processed, so that a scheme for providing safety protection for data processing by using the isolated memory space in a distributed operation scene is provided, and the safety of data processing on cloud can be improved.

Fig. 3 illustrates another flow chart of a data processing method according to an embodiment of the present disclosure. The data processing method is applied to the computing nodes. In some possible implementations, the data processing method may be implemented by way of a processor invoking computer readable instructions stored in a memory. As shown in fig. 3, the data processing method includes steps S31 to S36.

In step S31, a data processing subtask issued by the control node is received, where the data processing subtask carries a compiling result and encrypted data to be processed, where the compiling result is compiled by the user side according to the data processing logic, and the compiling result includes a first isolated memory space file and a second isolated memory space file.

In one possible implementation, the compiling result further includes a framework program, which is an executable file. In this implementation, the compilation results include a first isolated memory space file, a second isolated memory space file, and a framework program.

In step S32, the second isolated memory space file is loaded by the framework program to create a second isolated memory space.

In the embodiment of the disclosure, the second isolated memory space file may be loaded by the framework program in the form of a so file.

In step S33, remote authentication is initiated to the user terminal through the second isolated memory space, and after the remote authentication is passed, the key set is obtained from the user terminal.

In one possible implementation, remote authentication may be initiated to a second component of the client through a second isolated memory space. In other words, the user side may use the second component as a verifier for remote verification, and perform remote verification. After the verification is passed, the second component provides the set of keys to the computing node.

In the embodiment of the disclosure, the key set may include a decryption key of the first isolated memory space file, a data decryption key, a key for encrypting the intermediate data, and the like.

In step S34, the first isolated memory space file is decrypted based on the decryption key of the first isolated memory space file in the key set, and the first isolated memory space file is loaded to create a first isolated memory space.

In the embodiment of the disclosure, the first isolated memory space file may be loaded by the framework program in the form of a so file.

In one possible implementation, decrypting a first isolated memory space file in a set of keys based on a decryption key of the first isolated memory space file includes: encapsulating a decryption key of a first isolated memory space file in the key set outside the isolated memory space through a second isolated memory space to obtain an encapsulation key; the first isolated memory space file is decrypted by the framework program using the package key. For example, the encapsulation key may be a sealed_key.

In this implementation, although the encapsulation key is kept outside the isolated memory space, the security of the encapsulation key may be ensured by an encryption mechanism.

In step S35, local authentication is initiated to the second isolated memory space through the first isolated memory space, and after the authentication is passed, at least one key of the set of keys is obtained from the second isolated memory space, wherein the at least one key comprises a data decryption key.

In one possible implementation, after retrieving at least one key of the set of keys from the second isolated memory space, the method further comprises: destroying the second isolated memory space by the framework program. In this implementation, resources can be freed by destroying the second isolated memory space.

In step S36, the encrypted data to be processed is decrypted by the first isolated memory space using the data decryption key, and the data processing procedure in the first isolated memory space is executed to obtain the data processing result.

In one possible implementation, the mapping node may verify the data to be processed prior to executing the data processing program. In this implementation, the identification information is l _m Can record the identification information l of all the data to be processed input into the mapping node _in Stored as set B _in,m . Before processing the new data to be processed, at B _in,m Find the identification information l of the new data to be processed _in Whether or not there is, if there is, then determineIf the repeated input attack exists, the new data to be processed is confirmed to pass verification.

In one possible implementation, executing the data processing program in the first isolated memory space to obtain the data processing result includes: executing a data processing program in the first isolated memory space to obtain a data processing intermediate result; encrypting the data processing intermediate result to obtain an encrypted data processing intermediate result; and sending the encrypted data processing intermediate result to a reduction node, and obtaining the data processing result by the reduction node according to the encrypted data processing intermediate result.

In one possible implementation, the at least one key further comprises a key for encrypting the intermediate data; an intermediate result of encrypting data, comprising: and encrypting the data processing intermediate result by adopting a key for encrypting the intermediate data and the identification information of the computing node to obtain the encrypted data processing intermediate result.

In this implementation, the data processing intermediate result is the output of the map node, i.e., the input of the reduce node. For example, the plaintext of the intermediate result of the data processing output by the mapping node is<K _inter :V _inter >The intermediate result of the encrypted data processing is<K′ _inter :V′ _inter >. Wherein, the liquid crystal display device comprises a liquid crystal display device,

wherein R is the number of reduction nodes, and R is the processed data processing intermediate result K _inter The number of the corresponding reduction node, namely the number of the reduction node to which the intermediate result of the data processing needs to be sent, and the value range of r is [0, R-1]The method comprises the steps of carrying out a first treatment on the surface of the j is a task identification, namely a unique identification of the task; l (L) _m To map the identification information of the node, i _m,r Sequence numbers of data blocks sent from the mapping node m to the reduction node r; k (k) _inter A key for encrypting the intermediate result of the data processing; k (k) _prf Intermediate results for computing data processingThe pseudo-random function sent to which reduction node uses the key.

In this implementation, in addition to outputting data processing intermediate results, the mapping node may also output KV for security verification _close And FM. Wherein, the liquid crystal display device comprises a liquid crystal display device,

wherein B is _in,m For the identification information of l _m The mapping node receives the identification information l of the data to be processed _in Is set of (k) _job And the key corresponding to the verification information.

In one possible implementation, the data processing program reads the data to be processed through a read interface provided by the first isolated memory space, and the data processing program writes out the data processing result through a write interface provided by the first isolated memory space. For example, the read interface provided by the first isolated memory space is a KVread () interface, and the write interface provided by the first isolated memory space is a kvrite () interface. The read interface provided by the first isolated memory space may be secure checked and decrypted before returning the data to the data processing program. The write interface provided by the first isolated memory space may encrypt data before passing the data outside the first isolated memory space and may append some fields for security verification.

In one possible implementation, after obtaining the data processing result according to the encrypted data processing intermediate result, the reduction node encrypts the data processing result to obtain an encrypted data processing result, and returns the encrypted data processing result to the user side. For example, the plaintext output block of the data processing result is KV _out The result of the encrypted data processing is

Wherein l _out Identification information for the data processing result, for example, the identification information for the data processing result may be the data processing resultAbstracts; k (k) _out Is a key used to encrypt the data processing results.

In one possible implementation, the reduction node may output, in addition to the data processing result, the verification information FR,

wherein B is _out,r Identification information l of data processing result output for reduction node with sequence number r _out Is set of P _r KV received by reduction node with sequence number r _close Corresponding l in (a) _m Is a set of (3).

In one possible implementation, the reduction node, upon receiving the data processing intermediate result, verifies whether the task identity j is correct and confirms whether r is the serial number of the own reduction node. When the data processing is finished, the reduction node is used for reducing the data according to KV _close Confirmation i _m,r Whether the data blocks of the data to be processed with all serial numbers are received or not is confirmed, and whether the data blocks of the data to be processed with all serial numbers are received once or not is confirmed.

In one possible implementation, before executing the data processing program in the first isolated memory space, the method further includes: the first isolated memory space is initialized.

In one possible implementation, after the data processing is completed, the method further includes: destroying the first isolated memory space by the framework program. In this implementation, resources can be freed by destroying the first isolated memory space after the data processing is completed.

In the embodiment of the disclosure, a computing node loads a second isolated memory space file through a framework program by receiving a data processing subtask issued by a control node, creates a second isolated memory space, initiates remote verification to a user terminal through the second isolated memory space, and obtains a key set from the user terminal after the remote verification is passed, decrypts the first isolated memory space file based on a decryption key of a first isolated memory space file in the key set, loads the first isolated memory space file, creates a first isolated memory space, initiates local verification to the second isolated memory space through the first isolated memory space, obtains at least one key in the key set from the second isolated memory space after the verification is passed, decrypts encrypted data to be processed through the first isolated memory space, and executes a data processing program in the first isolated memory space, thereby obtaining a data processing result.

Fig. 4 shows a flow diagram of a data processing method according to an embodiment of the present disclosure. As shown in fig. 4, the method may include: in step S401, the user side compiles the data processing logic through the first component (DataCapsule SDK) to obtain a compiling result of the data processing logic, where the compiling result includes a first isolated memory space file (ip_enclaspe), a second isolated memory space file (sealed_enclaspe), and a framework program (framework F); in step S402, the user side receives, through a second component (Client Library), data to be processed uploaded by the user, a key for encrypting the data to be processed, and a compiling result; in step S403, the user side performs blocking and encryption on the data to be processed through the second component to obtain encrypted data to be processed; in step S404, the user side uploads the encrypted data to be processed to the HDFS of the control node through the second component; in step S405, the user side submits a data processing task to the yan resource manager in the control node according to the task configuration file through the second component; in step S406, the control node issues a data processing subtask to the computing node through the YARN resource manager; in step S407, the computing node initiates remote authentication to the second component of the user terminal, and after the remote authentication is passed, acquires the key set from the second component; in step S408, the computing node decrypts the encrypted data to be processed by using the data decryption key, and executes the data processing program in the first isolated memory space to obtain a data processing result; in step S409, the computing node returns the encrypted data processing result to the second component of the user terminal; in step S410, the user side verifies and decrypts the encrypted data processing result through the second component, to obtain a decrypted data processing result.

Fig. 5 shows another flow diagram of a data processing method according to an embodiment of the present disclosure. In fig. 5, the first isolated memory space (ip_enclave) and the second isolated memory space (sealed_enclave) are trusted execution areas, and the rest are not trusted, and encryption can be used to ensure data security. In fig. 5, the first isolated memory space may use encryption tools to achieve code protection. The first isolated memory space may be divided into a data processing module (E-) and a non-user-implemented module (E+). Wherein the data processing module comprises a data processing program. The non-user-implemented module is provided by the SDK, and the non-user-implemented module may be used to implement a security protocol, control the input-output stream, and perform local authentication as an authenticatee. The second isolated memory space may act as a remotely authenticated verifier and a locally authenticated verifier. The second isolated memory space may further encapsulate the decryption key of the first isolated memory space file to obtain a sealed_key. It should be noted that, for convenience of understanding, the data processing module (E-) and the non-user implementation module (e+) are separately illustrated in fig. 5. In practical applications, the data processing module (E-) and the non-user-implemented module (E+) may be compiled together.

The embodiment of the disclosure can be applied to the Hadoop MapReduce distributed computing framework, so that a scheme for providing safety protection for data processing by using SGX technology under the Hadoop MapReduce distributed computing framework is provided.

The data processing method provided by the embodiment of the disclosure provides a complete security protocol for distributed operation, and can prevent an attacker from attacking distributed operation data which is not protected in the transmission process between nodes. When the scheme provided by the embodiment of the disclosure processes data in an unreliable distributed cloud environment, the data to be processed, the data processing logic, the data processing intermediate result and the data processing result can still be ensured not to be leaked or tampered. The method and the device solve the problem that the distributed cloud environment is not credible, enhance the safety of data processing on the cloud, and are beneficial to promoting the development of cloud services.

Fig. 6 shows a block diagram of a data processing apparatus according to an embodiment of the present disclosure. The data processing device may be a device at the user side. As shown in fig. 6, the data processing apparatus includes: an obtaining module 61, configured to obtain a compiling result of the data processing logic, the data to be processed, and the task configuration file, where the compiling result includes a first isolated memory space file and a second isolated memory space file; a first encryption module 62, configured to encrypt data to be processed, to obtain encrypted data to be processed; an uploading module 63, configured to upload the encrypted data to be processed to a control node; a submitting module 64, configured to submit a data processing task to the control node according to the task configuration file, where the data processing task carries a compiling result; a first receiving module 65, configured to receive an encrypted data processing result returned by at least one computing node; the first decryption module 66 is configured to decrypt the encrypted data processing result to obtain a decrypted data processing result.

In one possible implementation, the first encryption module 62 is configured to: and encrypting the data to be processed by adopting the associated data of the data to be processed.

In one possible implementation, the first decryption module 66 is configured to: and decrypting the encrypted data processing result when the encrypted data processing result passes the verification.

In one possible implementation, the data processing task is used as a basis for the control node to issue a data processing subtask to at least one computing node, wherein the data processing subtask carries the compiling result and the encrypted data to be processed.

Fig. 7 illustrates another block diagram of a data processing apparatus according to an embodiment of the present disclosure. The data processing apparatus may be a control node. As shown in fig. 7, the data processing apparatus includes: a second receiving module 71, configured to receive encrypted data to be processed uploaded by the user side; a third receiving module 72, configured to receive a data processing task submitted by the user terminal according to the task configuration file, where the data processing task carries a compiling result, where the compiling result is compiled by the user terminal according to the data processing logic, and the compiling result includes a first isolated memory space file and a second isolated memory space file; and the issuing module 73 is configured to issue a data processing subtask to at least one computing node according to the data processing task, where the data processing subtask carries the compiling result and encrypted data to be processed.

Fig. 8 illustrates another block diagram of a data processing apparatus according to an embodiment of the present disclosure. The data processing apparatus may be a computing node. As shown in fig. 8, the data processing apparatus includes: a fourth receiving module 81, configured to receive a data processing subtask issued by a control node, where the data processing subtask carries a compiling result and encrypted data to be processed, where the compiling result is compiled by a user side according to data processing logic, and the compiling result includes a first isolated memory space file and a second isolated memory space file; a first loading module 82, configured to load the second isolated memory space file through the framework program, and create a second isolated memory space; the remote verification module 83 is configured to initiate remote verification to the user terminal through the second isolated memory space, and obtain the key set from the user terminal after the remote verification is passed; a second loading module 84, configured to decrypt the first isolated memory space file based on the decryption key of the first isolated memory space file in the key set, and load the first isolated memory space file to create a first isolated memory space; a local verification module 85, configured to initiate local verification to the second isolated memory space through the first isolated memory space, and obtain at least one key in the key set from the second isolated memory space after the verification is passed, where the at least one key includes a data decryption key; the data processing module 86 is configured to decrypt the encrypted data to be processed by using the data decryption key in the first isolated memory space, and execute a data processing program in the first isolated memory space to obtain a data processing result.

In one possible implementation, the second loading module 84 includes: the packaging submodule is used for packaging the decryption key of the first isolated memory space file in the key set outside the isolated memory space through the second isolated memory space to obtain a packaging key; and the decryption sub-module is used for decrypting the first isolated memory space file by adopting the encapsulation key through the framework program.

In one possible implementation, the apparatus further includes: the first destroying module is used for destroying the second isolated memory space through the framework program.

In one possible implementation, the data processing program reads the data to be processed through a read interface provided by the first isolated memory space, and the data processing program writes out the data processing result through a write interface provided by the first isolated memory space.

In one possible implementation, the apparatus further includes: the second destroying module is used for destroying the first isolated memory space through the framework program.

In one possible implementation, the data processing module 86 is configured to: executing a data processing program in the first isolated memory space to obtain a data processing intermediate result; encrypting the data processing intermediate result to obtain an encrypted data processing intermediate result; and sending the encrypted data processing intermediate result to a reduction node, and obtaining the data processing result by the reduction node according to the encrypted data processing intermediate result.

In one possible implementation, the at least one key further comprises a key for encrypting the intermediate data; the data processing module 86 is configured to: and encrypting the data processing intermediate result by adopting a key for encrypting the intermediate data and the identification information of the computing node to obtain the encrypted data processing intermediate result.

FIG. 9 illustrates an architecture diagram of a data processing system according to an embodiment of the present disclosure. As shown in fig. 9, the data processing system may include a user side 91, a control node 92, and at least one computing node 93. The user side 91 may be a data processing device shown in fig. 6, and the user side 91 may be configured to execute a data processing method corresponding to fig. 1; the control node 92 may be a data processing apparatus shown in fig. 7, and the control node 92 may be configured to perform the data processing method corresponding to fig. 2; the computing node 93 may be a data processing apparatus as shown in fig. 8, and the computing node 93 may be configured to perform the data processing method corresponding to fig. 3.

Fig. 10 is a block diagram illustrating an apparatus 800 for data processing according to an example embodiment. The apparatus 800 for data processing may be a device at a user side. For example, apparatus 800 may be a mobile phone, computer, digital broadcast terminal, messaging device, game console, tablet device, medical device, exercise device, personal digital assistant, or the like.

Referring to fig. 10, apparatus 800 may include one or more of the following components: a processing component 802, a memory 804, a power component 806, a multimedia component 808, an audio component 810, an input/output (I/O) interface 812, a sensor component 814, and a communication component 816.

The processing component 802 generally controls overall operation of the apparatus 800, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing component 802 may include one or more processors 820 to execute instructions to perform all or part of the steps of the methods described above. Further, the processing component 802 can include one or more modules that facilitate interactions between the processing component 802 and other components. For example, the processing component 802 can include a multimedia module to facilitate interaction between the multimedia component 808 and the processing component 802.

The memory 804 is configured to store various types of data to support operations at the apparatus 800. Examples of such data include instructions for any application or method operating on the device 800, contact data, phonebook data, messages, pictures, videos, and the like. The memory 804 may be implemented by any type or combination of volatile or nonvolatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disk.

The power supply component 806 provides power to the various components of the device 800. The power components 806 may include a power management system, one or more power sources, and other components associated with generating, managing, and distributing power for the device 800.

The multimedia component 808 includes a screen between the device 800 and the user that provides an output interface. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive input signals from a user. The touch panel includes one or more touch sensors to sense touches, swipes, and gestures on the touch panel. The touch sensor may sense not only the boundary of a touch or slide action, but also the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 808 includes a front camera and/or a rear camera. The front camera and/or the rear camera may receive external multimedia data when the apparatus 800 is in an operational mode, such as a photographing mode or a video mode. Each front camera and rear camera may be a fixed optical lens system or have focal length and optical zoom capabilities.

The audio component 810 is configured to output and/or input audio signals. For example, the audio component 810 includes a Microphone (MIC) configured to receive external audio signals when the device 800 is in an operational mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signals may be further stored in the memory 804 or transmitted via the communication component 816. In some embodiments, audio component 810 further includes a speaker for outputting audio signals.

The I/O interface 812 provides an interface between the processing component 802 and peripheral interface modules, which may be a keyboard, click wheel, buttons, etc. These buttons may include, but are not limited to: homepage button, volume button, start button, and lock button.

The sensor assembly 814 includes one or more sensors for providing status assessment of various aspects of the apparatus 800. For example, the sensor assembly 814 may detect an on/off state of the device 800, a relative positioning of the components, such as a display and keypad of the device 800, the sensor assembly 814 may also detect a change in position of the device 800 or a component of the device 800, the presence or absence of user contact with the device 800, an orientation or acceleration/deceleration of the device 800, and a change in temperature of the device 800. The sensor assembly 814 may include a proximity sensor configured to detect the presence of nearby objects without any physical contact. The sensor assembly 814 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 814 may also include an acceleration sensor, a gyroscopic sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.

The communication component 816 is configured to facilitate communication between the apparatus 800 and other devices, either in a wired or wireless manner. The device 800 may access a wireless network based on a communication standard, such as WiFi,2G or 3G, or a combination thereof. In one exemplary embodiment, the communication component 816 receives broadcast signals or broadcast related information from an external broadcast management system via a broadcast channel. In one exemplary embodiment, the communication component 816 further includes a Near Field Communication (NFC) module to facilitate short range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, ultra Wideband (UWB) technology, bluetooth (BT) technology, and other technologies.

In an exemplary embodiment, the apparatus 800 may be implemented by one or more Application Specific Integrated Circuits (ASICs), digital Signal Processors (DSPs), digital Signal Processing Devices (DSPDs), programmable Logic Devices (PLDs), field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic elements for executing the methods described above.

In an exemplary embodiment, a non-transitory computer readable storage medium is also provided, such as memory 804 including computer program instructions executable by processor 820 of apparatus 800 to perform the above-described methods.

FIG. 11 is a block diagram illustrating an apparatus 1900 for data processing according to an example embodiment. The apparatus 1900 for data processing may be a server apparatus. For example, the apparatus 1900 for data processing may be a control node or a computing node of a server. For example, the apparatus 1900 may be provided as a server. Referring to FIG. 11, the apparatus 1900 includes a processing component 1922 that further includes one or more processors and memory resources represented by memory 1932 for storing instructions, such as application programs, that can be executed by the processing component 1922. The application programs stored in memory 1932 may include one or more modules each corresponding to a set of instructions. Further, processing component 1922 is configured to execute instructions to perform the methods described above.

The apparatus 1900 may further include a power component 1926 configured to perform power management of the apparatus 1900, a wired or wireless network interface 1950 configured to connect the apparatus 1900 to a network, and an input/output (I/O) interface 1958. The device 1900 may operate based on an operating system stored in memory 1932, such as Windows Server, mac OS XTM, unixTM, linuxTM, freeBSDTM, or the like.

In an exemplary embodiment, a non-transitory computer readable storage medium is also provided, such as memory 1932, including computer program instructions executable by processing component 1922 of apparatus 1900 to perform the above-described methods.

The present disclosure may be a system, method, and/or computer program product. The computer program product may include a computer readable storage medium having computer readable program instructions embodied thereon for causing a processor to implement aspects of the present disclosure.

The computer readable storage medium may be a tangible device that can hold and store instructions for use by an instruction execution device. The computer readable storage medium may be, for example, but not limited to, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: portable computer disks, hard disks, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), static Random Access Memory (SRAM), portable compact disk read-only memory (CD-ROM), digital Versatile Disks (DVD), memory sticks, floppy disks, mechanical coding devices, punch cards or in-groove structures such as punch cards or grooves having instructions stored thereon, and any suitable combination of the foregoing. Computer-readable storage media, as used herein, are not to be construed as transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through waveguides or other transmission media (e.g., optical pulses through fiber optic cables), or electrical signals transmitted through wires.

The computer readable program instructions described herein may be downloaded from a computer readable storage medium to a respective computing/processing device or to an external computer or external storage device over a network, such as the internet, a local area network, a wide area network, and/or a wireless network. The network may include copper transmission cables, fiber optic transmissions, wireless transmissions, routers, firewalls, switches, gateway computers and/or edge servers. The network interface card or network interface in each computing/processing device receives computer readable program instructions from the network and forwards the computer readable program instructions for storage in a computer readable storage medium in the respective computing/processing device.

Computer program instructions for performing the operations of the present disclosure can be assembly instructions, instruction Set Architecture (ISA) instructions, machine-related instructions, microcode, firmware instructions, state setting data, or source or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, c++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The computer readable program instructions may be executed entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider). In some embodiments, aspects of the present disclosure are implemented by personalizing electronic circuitry, such as programmable logic circuitry, field Programmable Gate Arrays (FPGAs), or Programmable Logic Arrays (PLAs), with state information of computer readable program instructions, which can execute the computer readable program instructions.

Various aspects of the present disclosure are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-readable program instructions.

These computer readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer readable program instructions may also be stored in a computer readable storage medium that can direct a computer, programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer readable medium having the instructions stored therein includes an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.

The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer, other programmable apparatus or other devices implement the functions/acts specified in the flowchart and/or block diagram block or blocks.

The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

The foregoing description of the embodiments of the present disclosure has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the various embodiments described. The terminology used herein was chosen in order to best explain the principles of the embodiments, the practical application, or the technical improvement of the technology in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.

Claims

1. A data processing method, wherein the method is applied to a user terminal, and the method comprises:

encrypting the data to be processed to obtain encrypted data to be processed;

uploading the encrypted data to be processed to a control node;

Receiving an encrypted data processing result returned by at least one computing node, wherein the data processing result is obtained by decrypting the encrypted data to be processed by a first isolated memory space by adopting a data decryption key and executing a data processing program in the first isolated memory space; the data decryption key is acquired from a second isolated memory space after verification initiated to the second isolated memory space by the first isolated memory space is passed;

2. The method of claim 1, wherein the compilation result further comprises a framework program, the framework program being an executable file.

3. The method of claim 1, wherein encrypting the data to be processed comprises:

4. The method of claim 1, wherein decrypting the encrypted data processing results comprises:

5. The method according to claim 1, wherein the data processing task is used as a basis for the control node to issue a data processing sub-task to at least one computing node, wherein the data processing sub-task carries the compiling result and the encrypted data to be processed.

6. A data processing method, wherein the method is applied to a control node, the method comprising:

receiving encrypted data to be processed uploaded by a user side;

issuing a data processing subtask to at least one computing node according to the data processing task, wherein the data processing subtask carries a compiling result and the encrypted data to be processed, the encrypted data to be processed is processed by the at least one computing node to generate an encrypted data processing result, and the data processing result is obtained by decrypting the encrypted data to be processed through a first isolated memory space by adopting a data decryption key and executing a data processing program in the first isolated memory space; and the data decryption key is acquired from the second isolated memory space after verification initiated to the second isolated memory space through the first isolated memory space is passed.

7. The method of claim 6, wherein the compilation result further comprises a framework program, the framework program being an executable file.

8. A method according to claim 6 or 7, wherein the encrypted data to be processed is encrypted based on associated data of the data to be processed.

9. A method of data processing, the method being applied in a computing node, the method comprising:

10. The method of claim 9, wherein decrypting the first isolated memory space file based on the decryption key of the first isolated memory space file in the set of keys comprises:

11. The method of claim 9, wherein after retrieving at least one key of the set of keys from the second isolated memory space, the method further comprises:

Destroying the second isolated memory space by the framework program.

12. The method of claim 9, wherein the data processing program is a binary program compiled from the data processing logic.

13. The method according to claim 9 or 12, wherein the data processing program reads data to be processed through a read interface provided by the first isolated memory space, and the data processing program writes data processing results through a write interface provided by the first isolated memory space.

14. The method of claim 9, wherein after the data processing is completed, the method further comprises:

destroying the first isolated memory space by the framework program.

15. The method of claim 9, wherein executing the data processing program in the first isolated memory space to obtain the data processing result comprises:

16. The method of claim 15, wherein the at least one key further comprises a key for encrypting intermediate data;

encrypting the data processing intermediate result, comprising:

17. A data processing apparatus, comprising:

the first receiving module is used for receiving an encrypted data processing result returned by at least one computing node, wherein the data processing result is obtained by decrypting the encrypted data to be processed through a first isolated memory space by adopting a data decryption key and executing a data processing program in the first isolated memory space; the data decryption key is acquired from a second isolated memory space after verification initiated to the second isolated memory space by the first isolated memory space is passed;

18. A data processing apparatus, comprising:

the issuing module is used for issuing a data processing subtask to at least one computing node according to the data processing task, wherein the data processing subtask carries a compiling result and the encrypted data to be processed, the encrypted data to be processed is processed by the at least one computing node to generate an encrypted data processing result, and the data processing result is obtained by decrypting the encrypted data to be processed through a first isolated memory space by adopting a data decryption key and executing a data processing program in the first isolated memory space; and the data decryption key is acquired from the second isolated memory space after verification initiated to the second isolated memory space through the first isolated memory space is passed.

19. A data processing apparatus, comprising:

20. A data processing apparatus, comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor is configured to perform the method of any one of claims 1 to 5.

21. A data processing apparatus, comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor is configured to perform the method of any of claims 6 to 8.

22. A data processing apparatus, comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor is configured to perform the method of any one of claims 9 to 16.

23. A computer readable storage medium having stored thereon computer program instructions, which when executed by a processor, implement the method of any of claims 1 to 5.

24. A computer readable storage medium having stored thereon computer program instructions, which when executed by a processor, implement the method of any of claims 6 to 8.

25. A computer readable storage medium having stored thereon computer program instructions, which when executed by a processor, implement the method of any of claims 9 to 16.