CN117493344A - Efficient data organization method based on confidential computing technology - Google Patents
Efficient data organization method based on confidential computing technology Download PDFInfo
- Publication number
- CN117493344A CN117493344A CN202311489434.8A CN202311489434A CN117493344A CN 117493344 A CN117493344 A CN 117493344A CN 202311489434 A CN202311489434 A CN 202311489434A CN 117493344 A CN117493344 A CN 117493344A
- Authority
- CN
- China
- Prior art keywords
- data
- key
- trusted
- value
- memory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000008520 organization Effects 0.000 title claims abstract description 40
- 238000000034 method Methods 0.000 title claims abstract description 32
- 238000005516 engineering process Methods 0.000 title claims abstract description 19
- 238000003860 storage Methods 0.000 claims abstract description 20
- 230000008569 process Effects 0.000 claims abstract description 13
- 238000012545 processing Methods 0.000 claims abstract description 11
- 238000000926 separation method Methods 0.000 claims description 11
- 238000004364 calculation method Methods 0.000 claims description 10
- 230000003993 interaction Effects 0.000 claims description 6
- 230000008707 rearrangement Effects 0.000 claims description 5
- 238000012163 sequencing technique Methods 0.000 claims description 5
- 238000004891 communication Methods 0.000 claims description 4
- 239000003999 initiator Substances 0.000 claims description 4
- 230000006870 function Effects 0.000 claims description 3
- 230000007704 transition Effects 0.000 claims description 2
- 238000010276 construction Methods 0.000 claims 1
- 238000013500 data storage Methods 0.000 abstract description 4
- 230000009286 beneficial effect Effects 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 10
- 238000013461 design Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000005538 encapsulation Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 238000007781 pre-processing Methods 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
- G06F16/2282—Tablespace storage structures; Management thereof
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/25—Integrating or interfacing systems involving database management systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a high-efficiency data organization method based on a confidential computing technology, which uses a data organization layer to take charge of organizing in and out TEE data, preprocesses sensitive data which a trusted application program needs to process, and avoids extra operation expenditure in the data processing process; and using the key value to separate the storage structure and the service data linked list structure so as to improve the retrieval efficiency. The beneficial effects of the invention are as follows: by adding a data organization layer, organizing data entering and exiting the TEE, the occupation of a trusted memory is greatly reduced, and the page changing cost is greatly reduced; at the same time, the data organization layer provides a series of data interfaces, so that a developer can assume that the data can be accessed at will, the data is not required to be focused on where the data resides or the storage characteristics of the data, and the trusted application code layer is not required to be modified for various types of data. In addition, two data storage structures are designed, and the method is suitable for the situation that the trusted memory is limited in the confidential computing technology.
Description
Technical Field
The invention relates to the field of confidential computation, in particular to a high-efficiency data organization method based on confidential computation and a data structure.
Background
The existing encryption technology is mature in the aspect of guaranteeing the safety of data in a storage and transmission state, however, decryption is needed first and then operation is needed when the data is operated, so that the possibility of stealing and falsifying sensitive data is provided for malicious software and malicious privileged users of an intranet. Confidential computing can protect sensitive or tightly-regulated data sets and application workloads in a secure public cloud platform, thereby eliminating the only greatest challenge of encryption-encryption of data in use. For existing confidential computing frameworks, to ensure that normal world (REE) programs are running properly, the system does not allocate a large amount of physical resources to a Trusted Execution Environment (TEE). Taking Intel SGX (Intel Software Guardiance eXtension) as an example, a TEE environment Enclave (Enclave) is created when processing sensitive data, essentially isolating a protected physical memory region (Enclave Page Cache, EPC) from memory space for processing sensitive data. However, intel series chips currently only support EPC size of maximum 128MB, and if the application code data size in enclase exceeds the page size, page-missing exception may occur. Due to SGX security considerations and design limitations (physical isolation), SGX technology limits the use of a part of standard libc libraries, so that application developers cannot use system calls in enclaspe, and frequent TEE-REEs switching can be caused by page-missing exceptions, resulting in serious performance overhead. In addition, the memory single encryption engine (Memory Encryption Engine, MEE) of the SGX performs encryption and decryption operations between the data and code to and from the processor cache and the enclaspe, and the data code generates data encryption and decryption overhead in the process of entering and exiting the processor. These limitations and overhead severely hamper the deep application of TEE in cloud computing application scenarios.
Disclosure of Invention
The invention mainly solves the problem of data processing overhead of a confidential computing technology in a cloud computing scene, and provides a high-efficiency data organization method based on the confidential computing technology aiming at the problems of weak I/O capability, limited system resources and the like of an Intel SGX trusted execution environment TEE.
The purpose of confidential computing is to provide a secure and isolated operating environment, also known as a trusted execution environment TEE, for cloud service applications, which is responsible for protecting code, data from malicious access by privileged software (e.g., operating systems, database management systems, etc.) due to the untrusted nature of the cloud environment, thereby preventing it from revealing sensitive data or manipulating control flows. The security of confidential computation depends on trusted hardware, and the CPU allocates system resources as trusted computing base (Trusted Computing Base, TCB) for the TEE to support trusted application execution, but in order to ensure normal world program normal operation, the system does not allocate a lot of system resources for the TEE, so that EPC is limited in size and cannot support large-scale data processing or large-scale application operation. In addition, because the TEE does not trust privileged software, trust cannot be extended to a storage medium, the TEE needs to be withdrawn first when the storage medium is accessed, and the TEE is switched back to continue to execute the trusted application program after the access is completed, so that the system call is expensive, and the usability of confidential computing technology is greatly reduced. In order to reduce REE-TEE switching overhead, a data organization layer is used for organizing and arranging the in-out TEE data, preprocessing sensitive data which is needed to be processed by a trusted application program is performed, and extra operation overhead in the data processing process is avoided.
The invention provides a high-efficiency data organization method based on confidential computing technology, which provides a data organization layer for organizing and arranging data and uses two data storage structures: the key value separates the storage structure and the service data linked list structure to improve the retrieval efficiency.
Further, the data organization layer specifically comprises the following steps:
the enclases in the TEE are divided into functions: enclave Data Enclave, simply DE, responsible for Data organization; enclave Process Enclave, PE for short, responsible for executing trusted applications.
1. Data organization layer initialization:
one enclaspe is set to reside in the TEE and is used as a DE to be responsible for organizing and arranging data entering and exiting the TEE. Because in Intel SGX hardware primitives, different enclasvs are strongly isolated and mutually untrusted, direct communication between enclaves is not supported. Therefore, whether the DE is trusted or not needs to be verified by adopting a local proving mode, and the security of data interaction between enclases is ensured. The certification process requires the certification of three things: the identity of the application, the integrity of the application (whether tampered with) and whether it is running securely within enclaspe on an Intel SGX enabled platform. The SM2 algorithm is adopted to generate the key pair, and the algorithm is an ECC algorithm with independent intellectual property rights in China, is equivalent to or slightly superior to an international similar ECC algorithm in terms of safety and implementation efficiency, and can replace RSA to meet the higher requirements of various applications on the safety and implementation efficiency of the public key cryptographic algorithm.
Further, a shared memory region is allocated as a communication channel between enclaves for interaction between enclaves. Generating a key pair for each enclave using SM2 algorithm<p s ,p k >The key pair includes a private key p s And the public key p corresponding to the same k The DE and PE realize key exchange through the shared memory area.
The service provider computes a DE program digest HDE and stores it in the TEE, computes a digest value using the SM3 hash algorithm, and allows the PE to access the digest value. In the actual running process, the PE is an authentication initiator, the DE is an authentication verifier, and whether the DE program content is tampered or not is necessary before the PE hosts the data read-write related operation to the DE because the DE cannot determine whether the DE program content is credible or not.
Furthermore, before data interaction occurs between the PE and the PE, the PE acquires the DE program digest value HDE from the TEE, meanwhile, the DE calculates the digest value of the PE by the same algorithm, and writes the digest value into the shared memory area after encryption by using the PE public key of the authentication initiator. So if the result of decryption is consistent with the HDE read from the TEE, it indicates that the DE program has not been tampered with and can be trusted.
Further, in order to ensure the security of data interaction between enclaves, the DE and the PE need to negotiate a symmetric encryption key for the subsequent encryption operation of data. DE generates a random number r as a symmetric key using PE public key p k Writing the encrypted data into a shared memory area, and using a private key p after PE reads the encrypted data s Decrypting to obtain r as symmetric encryptionSecret key p sk For encrypting data.
2. Data organization
The data may come from different storage media of different devices, and in order to facilitate trusted applications to be able to effectively access data from different data sources, a data organization layer is built to improve the accessibility of the data and the manageability of the data. When the data state changes, the data organization layer encapsulates the data, so that the trusted application program is convenient to calculate.
Further, the data organization layer specifically comprises the following steps:
all data read-write related operations of the trusted application are hosted to the DE, which is responsible for performing I/O operations. Data organization works when a data state transition occurs, for example, when a storage state is changed into an operation state (namely, when the storage state is changed into a memory from a database), data is organized by DE, and a specific data structure is used for data encapsulation, so that trusted application program calculation is facilitated.
If an I/O operation occurs during the running process of the PE, the operation is also managed to the DE, and the application program does not need to exit the PE and only needs to temporarily suspend to wait for the I/O operation to complete. The world switching times in the TEE can be greatly reduced, and the cost is reduced.
Further, the key value is specifically as follows:
and converting the data into key values and data types < key, value >, and reading all the data into the trusted memory in the traditional mode, wherein if the data processing amount is far greater than the trusted memory capacity, frequent memory pages are generated, and a large amount of world switching overhead is caused. Based on the above situation, splitting the data field, removing the data of the non-primary key field from the trusted memory, encrypting and storing in the untrusted memory; each piece of data in the trusted memory only stores three data fields, namely: key, external data hash value and pointer ptr pointing to external data address, and the key list is formed from the above three data fields.
Further, assuming that there are n pieces of data, the key occupies k, the value occupies v, the pointer occupies ptr, the hash value occupies h, and if all the data are stored in the trusted memory, the occupied memory space is as follows:
S=n*(k+v)
if a key value separation structure is adopted, the total memory space is occupied as follows:
S=n*(k+v)+n*(ptr+h)
the key word list occupies the following trusted memory space:
S=n*(k+ptr+h)
in addition, confidentiality and integrity protection of data stored in untrusted memory is required. The hash value in the trusted memory is used for guaranteeing the integrity of the value, and if the hash value obtained by calculation after reading the data in the untrusted memory is inconsistent with the hash value in the trusted memory, the data is considered to be damaged; key p negotiated using data organization layer initialization phase sk Encryption of data in the untrusted memory ensures confidentiality of the value. Taking a 64-bit machine and a 120-bit hash value as an example, if the key field occupies space k=8 bytes, when 1GB of data is processed, the page-changing overhead of the conventional manner is 18 times that of the key-value separation storage manner.
Further, the service data linked list structure specifically includes:
in the key value separation storage structure, only the primary key is recorded in the keyword list stored in the trusted memory, but in most practical application scenes, data needs to be operated according to non-primary key fields. Taking a lookup operation as an example, in some business scenarios, the time complexity is O (N) for unordered data based on traversing the entire data set over a particular field. Aiming at the situation, a service data linked list structure is provided by combining the locality principle, and the service data linked list structure is specifically as follows:
the DE sets a counter for each field of each piece of data, if the data is accessed through the field each time, the counter is self-increased once, and the DE counts and sorts the access times. And additionally adding field pointer fields on the trusted memory key list, wherein the field pointer fields are in one-to-one correspondence with the primary keys, and using pointers to link related data in the same field according to a counter value descending order, and constructing a service linked list for all data on each field to serve as an index structure so as to realize subsequent data quick access.
Further, assuming that there are m pieces of data, each piece of data has n attribute fields except the primary key, m×n access frequency counters are added to record the access frequency of each field on each piece of data, DE adds pointers to data in the same field according to the counter value, and the probability that pointers are added to data in field i is p i Then there is n p in common on each field i The structure occupies the following total space:
because the TEE frequently accesses and maintains the linked list index structure, the TEE is stored in a trusted memory area, and the world switching overhead is reduced.
Further, since more pointers are added as the program is executed, an eviction and rearrangement operation is required after each trusted application execution is completed. The specific modes are as follows: and driving out the data with the counter of 0 fields from the trusted memory, sequencing according to the service chain table length of each field, starting from the service chain table with the largest length, rearranging the data in the table, and finally resetting the access frequency counter value. After the above work is completed, the rearranged keyword list is written back to the trusted memory, and the subsequent data organization is performed on the new keyword list.
The beneficial effects of the invention are as follows: the TEE is optimized aiming at the data characteristics and the data access characteristics, the usability of confidential computing application is improved, and the data entering and exiting the TEE is organized by adding a data organization layer, so that the occupation of a trusted memory is greatly reduced, and the page-changing expenditure is reduced. The data organization layer provides a series of data interfaces, and developers do not need to modify the trusted application code layer for various types of data. In addition, two data storage structures are designed, and the method is suitable for the situation that the trusted memory is limited in the confidential computing technology.
Drawings
FIG. 1 is a schematic diagram of a confidential computing application in a cloud computing scenario;
FIG. 2 is a schematic diagram of an enclave authentication and key agreement process;
FIG. 3 is a diagram of the overall architecture of the present invention;
FIG. 4 is a schematic diagram of a key-value separation storage structure;
FIG. 5 is a schematic diagram of a service data linked list structure;
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be further described with reference to the accompanying drawings.
For convenience of explanation, before explaining the network model and the application scenario, please refer to fig. 1, fig. 1 is a schematic diagram of a confidential computing application in a cloud computing scenario; various terminal devices serve as clients to initiate service requests to the cloud server. In TEE, all I/O related operations are hosted to DE, which manages the reading/writing of data, responsible for the organization work of the data. By adopting the mode of separating data reading and writing from calculation, the accessibility of the data and the manageability of the data are improved.
Referring to fig. 2, fig. 2 is a schematic diagram of an enclave authentication and key agreement procedure, and a service provider calculates a DE digest value HDE using an SM3 hash algorithm:
HDE=hash(DE)
this value is stored in the TEE, allowing the PE to access the digest value.
Generating a key pair for each enclaspe<p s ,p k >The key pair includes a private key p s And the public key p corresponding to the same k Generating an integer d and G by using a random number generator as elliptic curve base points, and calculating P= [ d ]]G, the private key is d, and the public key is P. A shared memory region is allocated as a communication channel between enclaves for interaction between enclaves. The enclave implements key exchange through the shared memory area. When a PE initiates a validation request to a DE program, the DE calculates its own program digest value using the same algorithm:
HDE * =hash(DE)
and initiate using authenticationSquare PE public keyWriting the encrypted data into a shared memory, reading the PE, decrypting the encrypted data by using a private key, and judging the HDE * Whether HDE is true or not, if true, it indicates that the DE program is not tampered with and can be trusted.
Further, the DE generates a random number r as a symmetric key, using the PE public keyWriting the encrypted data into a shared memory, and reading and decrypting the encrypted data by PE to obtain r as p sk For data encryption.
Referring to fig. 3, fig. 3 is a schematic diagram of the method of the present invention; the invention provides a high-efficiency data organization method based on a confidential computing technology. And researching and analyzing business logic of each TA application in the TEE, carrying out model abstraction on the data access mode of the TA application, and screening main objects of the application of confidential calculation in a business scene. From the data perspective, the data access rule of the application program is random, but according to the locality principle, the application program can finally be realized on the access to specific data, and the DE dynamically maintains a service data linked list and optimizes an index structure by observing the access mode of PE to the data. Meanwhile, if necessary I/O operation occurs in the process of performing the calculation task by the PE, the PE is also hosted to the DE, so that the PE executing the calculation task is prevented from being switched as much as possible, and the calculation task is prevented from being interrupted. In addition, the evaluation is carried out according to the PE execution ending result, and the data organization method provided by the invention is measured.
Referring to fig. 4, fig. 4 is a schematic diagram of a key-value separation storage structure; and respectively storing the key field and the value field in a trusted memory and an untrusted memory. Three fields are respectively a key, a value hash value and a pointer pointing to an untrusted memory value; value is stored in an untrusted memory and encrypted to provide confidentiality protection, using a key p negotiated during the data organization layer initialization phase sk And encrypting the data in the unreliable memory, and adopting an SM4 symmetric encryption algorithm.
Furthermore, in order to improve the data processing efficiency aiming at the non-primary key field, the invention designs a service data linked list structure based on service logic. The DE monitors the PE's access operations to the data and builds a fast index if it is observed that indexing some data may bring about a speed boost.
Referring to fig. 5, fig. 5 is a schematic diagram of a service data linked list structure, and the specific embodiment is as follows:
on the basis of separating the storage structure by the original key value, a field pointer field is additionally added for part of data items in the TEE, and the field pointer field corresponds to a data main key and is used for linking related data.
The DE sets an access frequency counter for each field, takes account of the computing characteristics of confidential computing tasks and the current situation that the trusted memory is limited, adopts a short type variable with the bit length of 1byte to record counter values, counts the access frequency of data by the DE, and links related data by using pointers in the same field as distribution pointers according to the descending order of the counter values.
Further, as the number of accesses to part of data increases with the execution of the program, the phenomenon of overflow of the counter may occur, and as more and more data is accessed, not only the maintenance overhead of the linked list pointer may become large, but also the link index performance may be degraded to O (N), so that the eviction and rearrangement operations need to be performed after the execution of each trusted application is finished. The specific modes are as follows:
firstly, the data with the counter of 0 and more fields is driven out of a trusted memory, and then the following rearrangement work is carried out on the basis.
And then, sequencing the service chain table length of each field, sequencing according to the service chain table length of each field, starting from the service chain table with the largest length, rearranging the data in the table, and repeating the data neglect.
Finally, after the above work is completed, the rearranged keyword list is written back to the trusted memory, and the subsequent trusted application program execution is performed on the basis of the list.
Furthermore, the invention is developed based on secGear domestic confidential computing frameworks, and data organization is realized according to the mode. It is worth mentioning that the invention does not call interfaces provided by a trusted execution environment framework, such as an AES, RSA encryption algorithm interface or a Seal Data encapsulation interface, but independently writes a series of encryption algorithms such as SM2, SM3, SM4 and the like and basic operation operations such as exclusive or, bit-by-bit connection and rapid modular idempotent, encapsulates the basic operation operations through c++, thereby ensuring flexibility of codes, and enabling the development process to be more controllable and excellent in performance.
In terms of performance, in the current era of rapid and mass production of data, improving the throughput and availability of trusted computing services by optimizing a software layer has become an important way for meeting task performance requirements; in terms of functions, with the continuous increase of the requirements of some computing tasks on hardware devices, a single SGX device cannot support the execution of the tasks, and compared with an expansion mode for constructing a distributed trusted cluster, the optimization from a data layer is relatively low in design difficulty and easy to implement.
The beneficial effects of the invention are as follows: optimizing the TEE for data features and data access features improves the usability of confidential computing applications. By adding a data organization layer, organizing data entering and exiting the TEE, the occupation of a trusted memory is greatly reduced, and the page changing cost is greatly reduced; the data organization layer provides a series of data interfaces, so that a developer can assume that data can be accessed at will, the data is not required to be focused on where the data resides or how the storage characteristics of the data are, the trusted application code layer is not required to be modified for various types of data, and development emphasis is placed on a programming application. In addition, two data storage structures are designed, and the method is suitable for the situation that the trusted memory is limited in the confidential computing technology.
The foregoing description of the preferred embodiments of the invention is not intended to limit the invention to the precise form disclosed, and any such modifications, equivalents, and alternatives falling within the spirit and scope of the invention are intended to be included within the scope of the invention.
Claims (6)
1. A high-efficiency data organization method based on confidential computing technology is characterized in that: the system comprises a data organization layer, a key value separation storage structure and a service data linked list structure.
The data organization layer comprises: data read-write and data calculation processing separation architecture, enclave authentication and key negotiation links;
the key value separation storage structure comprises: key value separate storage and confidentiality and integrity protection of an untrusted memory area;
the service data linked list structure comprises: and constructing a service data linked list, and expelling and rearranging data.
2. The efficient data organization method based on confidential computing technology according to claim 1, wherein: the data read-write and data calculation separation architecture specifically comprises:
the enclases in the TEE are divided into functions: enclave Data Enclave, simply DE, responsible for Data organization; enclave Process Enclave, PE for short, responsible for executing trusted applications.
Trusted applications host all data read and write operations to the DE, which is responsible for performing I/O operations. When the data organization works in the data state transition, the DE organizes the data and uses a specific data structure to package the data so as to facilitate the calculation of the trusted application program.
3. The efficient data organization method based on confidential computing technology according to claim 2, wherein: the enclave authentication and key negotiation link specifically comprises the following steps:
the service provider calculates the DE program digest HDE and stores it in the TEE, allowing the PE to access the digest value. In the actual operation process, the PE is an authentication initiator, the DE is an authentication verifier, and before the PE hosts the data read-write related operation to the DE, whether the content of the DE program is tampered is verified.
A shared memory region is allocated as a communication channel between enclaves for interaction between enclaves. Generating a key pair for each enclave using SM2 algorithm<p s ,p k >The key pair includes a private key p s And a public key corresponding theretop k The DE and PE realize key exchange through the shared memory area.
The PE acquires the DE program digest value HDE from the TEE, meanwhile, the DE calculates the digest value of the DE program by the same algorithm, encrypts the DE program digest value by using the public key of the PE of the authentication initiator and writes the DE program digest value into the shared memory area, and if the decrypted result is consistent with the HDE read from the TEE, the DE program is not tampered and can be trusted.
The DE negotiates a symmetric encryption key with the PE for subsequent data encryption operations. DE generates a random number r as a symmetric key using PE public key p k Writing the encrypted data into a shared memory area, and using a private key p after PE reads the encrypted data s After decryption, r is obtained as a symmetric encryption key p sk For encrypting data.
4. The efficient data organization method based on confidential computing technology according to claim 1, wherein: the key value is separated from a storage structure, and specifically comprises the following steps:
and converting the data into key values and data types < key, value >, and reading all the data into the trusted memory in the traditional mode, wherein if the data processing amount is far greater than the trusted memory capacity, frequent memory pages are generated, and a large amount of world switching overhead is caused. Based on the above situation, splitting the data field, removing the data of the non-primary key field from the trusted memory, encrypting and storing in the untrusted memory; each piece of data in the trusted memory only stores three data fields, namely: key, external data hash value and pointer ptr pointing to external data address, and the key list is formed from the above three data fields.
Further, assuming that there are n pieces of data, the key occupies k, the value occupies v, the pointer occupies ptr, the hash value occupies h, and if all the data are stored in the trusted memory, the occupied memory space is as follows:
S=n*(k+v)
if a key value separation structure is adopted, the total memory space is occupied as follows:
S=n*(k+v)+n*(ptr+h)
the key word list occupies the following trusted memory space:
S=n*(k+ptr+h)
in addition, confidentiality and integrity protection of data stored in untrusted memory is required. The hash value in the trusted memory is used for guaranteeing the integrity of the value, and if the hash value obtained by calculation after reading the data in the untrusted memory is inconsistent with the hash value in the trusted memory, the data is considered to be damaged; and encrypting the data in the untrusted memory to ensure confidentiality of the value. Taking a 64-bit machine and a 120-bit hash value as an example, if the key field occupies k=8 bytes, when processing 1GB of data, the page-changing overhead of the conventional manner is 18 times that of the key-value separation storage manner.
5. The efficient data organization method based on confidential computing technology according to claim 1, wherein: the construction of the service data linked list specifically comprises the following steps:
the DE sets a counter for each field of each piece of data, if the data is accessed through the field each time, the counter is increased once, the DE counts and sorts the access times, and the counter value is recorded by adopting a short type variable with the bit length of 1byte in consideration of the computing characteristics of confidential computing tasks and the current situation that the trusted memory is limited. And additionally adding field pointer fields on the trusted memory key list, wherein the field pointer fields are in one-to-one correspondence with the primary keys, and using pointers to link related data in the same field according to a counter value descending order, and constructing a service linked list for all data on each field to serve as an index structure so as to realize subsequent data quick access.
If there are m pieces of data, each piece of data has n attribute fields except the primary key, and m×n access frequency counters are added to record the access frequency of each field on each piece of data, DE will add pointers for data in the same field according to the counter value, and if the probability of adding pointers for data in field i is p i Then there is n p in common on each field i The total space occupied by the structure is as follows:
because the TEE can frequently access and maintain the linked list index structure, the structure is stored in a trusted memory area, and the world switching overhead is reduced.
6. The efficient data organization method based on confidential computing technology according to claim 5, wherein: the data eviction and rearrangement is specifically as follows:
firstly, the data with the counter of 0 and more fields is driven out of a trusted memory, and then the following rearrangement work is carried out on the basis.
And then, sequencing the service chain list length of each field, sequencing according to the service chain list length of each field, starting from the service chain list with the largest length, and rearranging the data in the table. Repeated data is ignored.
Finally, after the above work is completed, the rearranged keyword list is written back to the trusted memory, and the subsequent trusted application program execution is performed on the basis of the list.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311489434.8A CN117493344A (en) | 2023-11-09 | 2023-11-09 | Efficient data organization method based on confidential computing technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311489434.8A CN117493344A (en) | 2023-11-09 | 2023-11-09 | Efficient data organization method based on confidential computing technology |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117493344A true CN117493344A (en) | 2024-02-02 |
Family
ID=89682493
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311489434.8A Pending CN117493344A (en) | 2023-11-09 | 2023-11-09 | Efficient data organization method based on confidential computing technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117493344A (en) |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106202548A (en) * | 2016-07-25 | 2016-12-07 | 网易(杭州)网络有限公司 | Date storage method, lookup method and device |
| US20170091434A1 (en) * | 2015-09-25 | 2017-03-30 | Mcafee, Inc. | Secure communication between a virtual smartcard enclave and a trusted i/o enclave |
| US20190384923A1 (en) * | 2018-06-13 | 2019-12-19 | International Business Machines Corporation | Mechanism to enable secure memory sharing between enclaves and i/o adapters |
| WO2020098377A1 (en) * | 2018-11-16 | 2020-05-22 | 阿里巴巴集团控股有限公司 | Remote attestation method and apparatus for trusted application program, and electronic device |
| CN112651018A (en) * | 2020-12-18 | 2021-04-13 | 卓尔智联(武汉)研究院有限公司 | SGX-based trusted input and output control method, device, equipment and storage medium |
| US20210374262A1 (en) * | 2018-03-27 | 2021-12-02 | Telefonaktiebolaget Lm Ericsson (Publ) | Instance handling of a trusted execution environment |
| CN113905351A (en) * | 2021-08-30 | 2022-01-07 | 兰州大学 | Internet of vehicles authentication method based on block chain and confidential calculation |
| CN114117522A (en) * | 2021-11-23 | 2022-03-01 | 上海交通大学 | Vehicle networking data sharing implementation method based on block chain and trusted execution environment |
| US20220138115A1 (en) * | 2020-11-04 | 2022-05-05 | NEC Laboratories Europe GmbH | Secure data stream processing using trusted execution environments |
| CN114647487A (en) * | 2022-03-21 | 2022-06-21 | 蚂蚁金服(杭州)网络技术有限公司 | Trusted execution environment architecture based on AMD SEV and trusted execution system |
| US20220335027A1 (en) * | 2021-04-20 | 2022-10-20 | Netapp Inc. | Key-value store and file system integration |
| CN115828249A (en) * | 2021-09-18 | 2023-03-21 | 华为云计算技术有限公司 | Computing node based on cloud technology and instance management method based on cloud technology |
| CN116113948A (en) * | 2020-07-24 | 2023-05-12 | 华为技术有限公司 | Apparatus and method for supporting input/output channel protection |
| CN116467733A (en) * | 2022-12-31 | 2023-07-21 | 南京理工大学 | SGX-based safe high-availability key value storage method and system |
| US20230273808A1 (en) * | 2022-02-28 | 2023-08-31 | Mellanox Technologies, Ltd. | Confidential offloading of persistent storage operations in confidential computing environments |
-
2023
- 2023-11-09 CN CN202311489434.8A patent/CN117493344A/en active Pending
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170091434A1 (en) * | 2015-09-25 | 2017-03-30 | Mcafee, Inc. | Secure communication between a virtual smartcard enclave and a trusted i/o enclave |
| CN106202548A (en) * | 2016-07-25 | 2016-12-07 | 网易(杭州)网络有限公司 | Date storage method, lookup method and device |
| US20210374262A1 (en) * | 2018-03-27 | 2021-12-02 | Telefonaktiebolaget Lm Ericsson (Publ) | Instance handling of a trusted execution environment |
| US20190384923A1 (en) * | 2018-06-13 | 2019-12-19 | International Business Machines Corporation | Mechanism to enable secure memory sharing between enclaves and i/o adapters |
| WO2020098377A1 (en) * | 2018-11-16 | 2020-05-22 | 阿里巴巴集团控股有限公司 | Remote attestation method and apparatus for trusted application program, and electronic device |
| CN116113948A (en) * | 2020-07-24 | 2023-05-12 | 华为技术有限公司 | Apparatus and method for supporting input/output channel protection |
| US20220138115A1 (en) * | 2020-11-04 | 2022-05-05 | NEC Laboratories Europe GmbH | Secure data stream processing using trusted execution environments |
| CN112651018A (en) * | 2020-12-18 | 2021-04-13 | 卓尔智联(武汉)研究院有限公司 | SGX-based trusted input and output control method, device, equipment and storage medium |
| US20220335027A1 (en) * | 2021-04-20 | 2022-10-20 | Netapp Inc. | Key-value store and file system integration |
| CN113905351A (en) * | 2021-08-30 | 2022-01-07 | 兰州大学 | Internet of vehicles authentication method based on block chain and confidential calculation |
| CN115828249A (en) * | 2021-09-18 | 2023-03-21 | 华为云计算技术有限公司 | Computing node based on cloud technology and instance management method based on cloud technology |
| CN114117522A (en) * | 2021-11-23 | 2022-03-01 | 上海交通大学 | Vehicle networking data sharing implementation method based on block chain and trusted execution environment |
| US20230273808A1 (en) * | 2022-02-28 | 2023-08-31 | Mellanox Technologies, Ltd. | Confidential offloading of persistent storage operations in confidential computing environments |
| CN114647487A (en) * | 2022-03-21 | 2022-06-21 | 蚂蚁金服(杭州)网络技术有限公司 | Trusted execution environment architecture based on AMD SEV and trusted execution system |
| CN116467733A (en) * | 2022-12-31 | 2023-07-21 | 南京理工大学 | SGX-based safe high-availability key value storage method and system |
Non-Patent Citations (6)
| Title |
|---|
| HONGLIANG LIANG; MINGYU LI; YIXIU CHEN; LIN JIANG; ZHUOSI XIE; TIANQI YANG: "Establishing Trusted I/O Paths for SGX Client Systems With Aurora", IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, vol. 15, 4 October 2019 (2019-10-04), pages 1589 - 1600, XP011766610, DOI: 10.1109/TIFS.2019.2945621 * |
| XIN LIU; ZHENBIN GUO; JUN MA; YUCHEN SONG: "A Secure Authentication Scheme for Wireless Sensor Networks Based on DAC and Intel SGX", IEEE INTERNET OF THINGS JOURNAL, vol. 9, no. 5, 1 March 2022 (2022-03-01), pages 3533 - 3547, XP011900961, DOI: 10.1109/JIOT.2021.3097996 * |
| 杨骁;于佳耕;武延军;: "基于Intel SGX的Ansible安全增强", 计算机系统应用, no. 10, 15 October 2017 (2017-10-15), pages 69 - 74 * |
| 王淼: "面向车联网的身份认证相关技术研究", CNKI硕士电子期刊, no. 01, 1 January 2023 (2023-01-01), pages 1 - 59 * |
| 王烁程: "面向新一代Intel可信执行环境的性能优化方案", 中国知网硕士电子期刊, no. 05, 1 May 2022 (2022-05-01), pages 1 - 50 * |
| 黄冬;李业旺;郑驰;: "基于可信计算及SGX的软件保护方法", 通信技术, no. 10, 10 October 2017 (2017-10-10), pages 210 - 214 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11088846B2 (en) | Key rotating trees with split counters for efficient hardware replay protection | |
| CN109936626B (en) | Method, node and storage medium for implementing privacy protection in block chain | |
| CN112005237B (en) | Secure collaboration between processors and processing accelerators in a secure zone | |
| WO2020233616A1 (en) | Receipt storage method and node employing code marking in combination with transaction type and user type | |
| CN110032885B (en) | Method, node and storage medium for implementing privacy protection in block chain | |
| WO2020233642A1 (en) | Conditional receipt storage method and node which combine code labelling and type dimension | |
| CN110020549B (en) | Method, node and storage medium for implementing privacy protection in block chain | |
| WO2020233638A1 (en) | Receipt storage method and node based on code labeling and transaction type | |
| WO2020233637A1 (en) | Receipt storage method combining code labelling with user type, and node | |
| WO2020233612A1 (en) | Receipt storage method and node combining code annotation with transaction and event types | |
| WO2020233609A1 (en) | Conditional receipt storage method and node combining code labeling with user type | |
| WO2020233640A1 (en) | Receipt storage method and node based on code labeling and determination condition | |
| CN110020856B (en) | Method, node and storage medium for realizing mixed transaction in block chain | |
| WO2020233635A1 (en) | Receipt storage method combining conditional restrictions of multiple types of dimensions and node | |
| CN111899017A (en) | Method, node and storage medium for realizing privacy protection in block chain | |
| WO2020233619A1 (en) | Receipt storage method and node in combination with user type and transaction type | |
| US12003617B2 (en) | Sealed distributed ledger system | |
| WO2020233629A1 (en) | Object-level receipt storage method and node based on code labeling | |
| WO2020233632A1 (en) | Receipt storage method and node based on event function type | |
| CN110033265B (en) | Method, node and storage medium for implementing privacy protection in block chain | |
| CN111639362B (en) | Method, node and storage medium for implementing privacy protection in blockchain | |
| CN110059497B (en) | Method, node and storage medium for implementing privacy protection in block chain | |
| KR20080029687A (en) | Apparatus and method for implementation of high performance data encryption system with secure memory | |
| US20230093105A1 (en) | Method of dynamically loading encryption engine | |
| Wu et al. | Differentially oblivious data analysis with Intel SGX: Design, optimization, and evaluation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |