Unlock instant, AI-driven research and patent intelligence for your innovation.

SGX based cloud platform audit log protection method

A cloud platform and log technology, applied in the field of cloud computing, can solve the problems of stealing and tampering, it is difficult to ensure the security of audit log handlers, and key management.

Active Publication Date: 2019-04-02
BEIJING UNIV OF TECH
View PDF4 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, audit logs may be stolen and tampered with when they are transmitted between the cloud platform and third parties and stored in third parties, resulting in the loss of credibility of audit logs
In a complex cloud network topology, if the traditional encrypted transmission mechanism of two-two negotiation keys between the communication parties is still used to protect the transmission process of the audit log, multiple negotiation keys will be generated, resulting in key management and multiple times. The problem of encryption and decryption
At the same time, it is difficult to guarantee the security of the audit log processing program itself in the cloud platform and in the third party

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SGX based cloud platform audit log protection method
  • SGX based cloud platform audit log protection method
  • SGX based cloud platform audit log protection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0041] The present invention will be further described below in conjunction with the accompanying drawings and specific embodiments.

[0042] The present invention proposes an SGX-based cloud platform audit log protection method, which mainly protects the remote certification stage, key negotiation stage, audit log secure transmission stage, and audit log secure storage stage between the cloud platform and a third party. The overall architecture diagram as attached figure 1 shown. Among them, cloud nodes and cloud management nodes mainly include remote certification module, key negotiation module and log encryption module. The third party includes a remote attestation module, a key agreement module, a log decryption module and a secure storage module. The secure storage module includes SGX-based audit log encryption functions, decryption and integrity verification functions, and log block replacement attack detection functions.

[0043] Step 1 Remote Proof Between Nodes

...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an SGX based cloud platform audit log protection method, which ensures the authenticity and effectiveness of a cloud platform audit log used by a third party on the basis of assuming that the original audit log generated by cloud nodes is authentic. Before the audit log is transmitted from the cloud nodes, identity verification and remote certificate based state credibilityattestation are performed on the cloud node participating in the audit log transmission and the third party so as to ensure that the identity and state of the nodes participating in the audit log transmission are credible. According to the invention, the identity verification and state attestation between all cloud nodes generating logs and the third party which carries out log processing are realized, thereby ensuring that all nodes participating in cloud audit log processing cannot be impersonated in identity, and being credible in computing environment involved in log processing. The method realizes safe and isolated execution of key codes of an audit log processing program based on enclave, and can prevent attacks of privileged software such as an operating system, VMM and BIOS.

Description

technical field [0001] The invention relates to a method for protecting a cloud platform audit log, in particular to a method for secure transmission and storage of a cloud platform audit log based on a trusted third party, and belongs to the field of cloud computing. Background technique [0002] With the continuous expansion of the network scale, people tend to use the network as a way of daily business processing. It is against this background that cloud computing technology emerges. Cloud computing technology has been widely used due to its versatility and low cost of use. More and more enterprises and individual users choose to deploy their business systems on the cloud platform. Cloud users can access cloud computing centers through cloud nodes to obtain different levels of services. However, the cloud computing platform is a large-scale distributed computing system with the characteristics of openness, and the security problems of the cloud platform are gradually ex...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/0435H04L63/123
Inventor 詹静夏晓晴赵勇韩瑾张茜
Owner BEIJING UNIV OF TECH