Privacy Protection Scheme Of Cloud Resource Auction With SGX

In recent years,cloud computing services provide more flexibility for the development of enterprises,promote the explosive development of cloud computing,and inevitably bring "idle waste" of cloud resources.Therefore,how to effectively allocate and reasonably price cloud resources has become a widely concerned topic in industry and academia.Amazon EC2 spot instance introduces the concept of cloud resource auction,which effectively solves the problem of waste of cloud resources and greatly reduces the cost of using cloud resources for enterprises.At present,the research mainly focuses on the efficiency,fairness and economic benefit maximization of cloud resource auction,and lacks the consideration of the privacy of bidding data of cloud resource auction.The leakage of bidding data will damage the authenticity and accuracy of cloud resource auction,and also affect the actual application of cloud resource auction.Therefore,the privacy protection of cloud resource auction has become a research hotspot in recent years.However,the existing privacy protection scheme of cloud resource auction is generally constructed by cryptography,which has high communication cost,and it is difficult to be applied to the actual scene.To solve the above problems,this thesis proposes a privacy protection scheme for cloud resource auction based on Intel SGX using trusted hardware technology.The concrete research content is as follows:Firstly,Aiming at the privacy protection of cloud resource auction,this thesis proposes a privacy protection scheme of cloud resource auction with SGX,which integrates Intel SGX trusted hardware technology and analyzes the process of cloud resource auction.Using the high security provided by SGX technology,the scheme divides the steps of cloud resource auction into trusted part and untrusted part,builds enclave for the trusted part of cloud resource auction,moves the steps of plaintext data operation for cloud resource auction to the enclave,and provides a trusted isolation environment for it.Thus forming a trusted framework and operational process for cloud resource auctions,effectively protecting the confidentiality and integrity of bidding data.Secondly,on the basis of the above scheme,this thesis designs the privacy protection framework of cloud resource auction with SGX,which combine with the application framework of SGX.According to the function division and the designed overall framework,the data encryption module in the local environment,the data decryption module in the SGX environment,and the cloud resource auction protocol module in the SGX environment are implemented.At the same time,In order to prevent data leakage caused by any side channel accessed from disk,network and memory,A data-oblivious execution method of cloud resource auction protocol is proposed to effectively resist multiple side-channel attacks.Finally,this thesis comprehensively evaluates the functionality,calculation overhead,communication overhead,and security of the solution through theoretical analysis and experimental verification.The experimental results show that the proposed scheme can not only guarantee the authenticity and correctness of cloud resource auctions,but also guarantee the privacy of bidding data,and it has good usability;we compare our schemes with existing crypto resource-based cloud resource auction schemes.The solution significantly reduces the communication overhead and computation overhead of cloud resource auctions.