A cloud platform audit log protection method based on sgx
A cloud platform and log technology, applied in the field of cloud computing, can solve the problems of multiple encryption and decryption, it is difficult to ensure the security of the audit log processing program, key management, etc., to achieve secure isolation execution, improve secure transmission efficiency, prevent Effect of Block Replacement Attack
Active Publication Date: 2021-06-04
BEIJING UNIV OF TECH
View PDF4 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
However, audit logs may be stolen and tampered with when they are transmitted between the cloud platform and third parties and stored in third parties, resulting in the loss of credibility of audit logs
In a complex cloud network topology, if the traditional encrypted transmission mechanism of two-two negotiation keys between the communication parties is still used to protect the transmission process of the audit log, multiple negotiation keys will be generated, resulting in key management and multiple times. The problem of encryption and decryption
At the same time, it is difficult to guarantee the security of the audit log processing program itself in the cloud platform and in the third party
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0041] The present invention will be further described below in conjunction with the accompanying drawings and specific embodiments.
[0042] The present invention proposes an SGX-based cloud platform audit log protection method, which mainly protects the remote certification stage, key negotiation stage, audit log secure transmission stage, and audit log secure storage stage between the cloud platform and a third party. The overall architecture diagram as attached figure 1 shown. Among them, cloud nodes and cloud management nodes mainly include remote certification module, key negotiation module and log encryption module. The third party includes a remote attestation module, a key agreement module, a log decryption module and a secure storage module. The secure storage module includes SGX-based audit log encryption functions, decryption and integrity verification functions, and log block replacement attack detection functions.
[0043] Step 1 Remote Proof Between Nodes
...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses an SGX-based cloud platform audit log protection method, which ensures that the cloud platform audit log used by a third party is authentic and effective on the basis of assuming that the original audit log generated by the cloud node is authentic. Before the audit log is transmitted from the cloud node, both the cloud node and the third party participating in the audit log transmission are authenticated and the state credibility certificate based on remote proof is carried out, so as to ensure that the identity and status of the audit log transmission node are reliable. Faithful. The invention realizes identity verification and state certification between all cloud nodes that generate logs and third parties that process logs, thereby ensuring that the identities of all nodes participating in cloud audit log processing cannot be impersonated, and the computing environment involved in log processing is credible. Based on the enclave, the invention realizes the safe isolation and execution of the key codes of the audit log processing program, and can prevent the attacks of privileged software such as operating system, VMM and BIOS.
Description
technical field [0001] The invention relates to a method for protecting a cloud platform audit log, in particular to a method for secure transmission and storage of a cloud platform audit log based on a trusted third party, and belongs to the field of cloud computing. Background technique [0002] With the continuous expansion of the network scale, people tend to use the network as a way of daily business processing. It is against this background that cloud computing technology emerges. Cloud computing technology has been widely used due to its versatility and low cost of use. More and more enterprises and individual users choose to deploy their business systems on the cloud platform. Cloud users can access cloud computing centers through cloud nodes to obtain different levels of services. However, the cloud computing platform is a large-scale distributed computing system with the characteristics of openness, and the security problems of the cloud platform are gradually ex...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/0435H04L63/123
Inventor 詹静夏晓晴赵勇韩瑾张茜
Owner BEIJING UNIV OF TECH