| To process massive data requires huge computing resources,and it is difficult for small and medium-sized enterprises to have such computing resources.Therefore,cloud outsourcing computing is an inevitable choice for individuals and small and medium-sized enterprises to process massive data.However,due to the structural characteristics of the cloud computing environment itself,the cloud server is a "black box" for users,and its internal processing methods and operating mechanisms are invisible,making it difficult for users to trust the cloud computing environment.At present,there have been researches on the security of trusted cloud computing environment,but the following problems generally exist:(1)The existing trusted cloud solutions do not consider the confidentiality of data during transmission from the perspective of users.Encrypting data with a key generated by the provider itself,or transmitting it in clear text,is vulnerable to eavesdropping from within the cloud.(2)The existing solutions are that the cloud service provider performs remote certification by itself,and the given certification process and results are easily forged.(3)The existing solutions lack unified security standards and management,and cannot guarantee the credibility of cloud computing to users,making it difficult for users to trust cloud service providers.In view of the above problems,the main work of this thesis is as follows:First,in order to solve the problem of user trust and build a trusted cloud computing environment,a cloud outsourcing distributed computing security scheme based on SGX is designed.The solution uses the trusted execution environment provided by Intel SGX to ensure the credibility of cloud computing nodes.During the registration stage,the cloud environment is configured and remotely authenticated through the unified security standards formulated by a third-party trusted organization.The cluster certificate is generated together with the cluster information to ensure the security and reliability of the software and hardware environment in the cloud.In the working stage,users encrypt their private data through the public key in the cluster certificate and upload it to the cloud environment.The cloud computing node starts the Enclave to perform remote authentication to a third-party trusted organization,decrypts and reads user data,calculates and encrypts the output.Addresses vulnerability to insider attacks in cloud computing due to clear text transmission or encryption with keys generated by the cloud service provider itself.Through the introduction of a third-party trusted organization and the combination of SGX technology,the unified formulation of security standards,the construction of a trusted environment,the regular update of keys,and the safe and efficient data transmission can be achieved,and the computing resources provided by cloud services can be used without The purpose of disclosing code and data to the cloud.Secondly,the implementation of the security solution is carried out for the Map-Reduce distributed computing in the current mainstream Hadoop architecture.According to the data transmission form in Map-Reduce,the encryption and decryption scheme and transmission scheme are designed,and the security enhancement is carried out without modifying the Hadoop source code.At the same time,the application architecture design and implementation of trusted environment construction for cloud computing nodes,including remote authentication module,encryption and decryption module,Ecall module and other security modules,ensure the safe execution of cloud computing node programs.Finally,through the simulation experiments and experimental results to analyze the security and performance loss,the scheme proposed in this thesis can effectively improve the security problems of traditional trusted cloud,avoid sniffing attacks,spoofing attacks,man-in-the-middle attacks and other threats,and introduce Intel SGX The post-technical performance overhead is small. |
PDF Full Text Request