A lightweight outsourced data access control method and control system for SGX

Abstract

The invention belongs to the technical field of cloud computing, and discloses a lightweight SGX-oriented outsourcing data access control method. The method is divided into two parts: ξ algorithm and a credible proof scheme of SGX function call sequence. The ξ algorithm is a lightweight key management mechanism proposed by the present invention to realize data access control for multiple users. The invention utilizes the SGX technology to analyze the privacy-protected data to improve the data processing efficiency. However, SGX cannot guarantee the credibility of its trusted function call process. Unauthorized entities may disrupt the call sequence of trusted functions to obtain unauthorized data calculation results, which will still lead to data privacy disclosure. Aiming at this problem, the present invention proposes a method for constructing credible proofs to solve the data processing security problem caused by the SGX programming mechanism.

Description

technical field [0001] The invention belongs to the technical field of cloud computing, and in particular relates to an SGX-oriented lightweight outsourcing data access control method. Background technique [0002] At present, the closest existing technology: cloud computing technology is currently the most popular IT technology, which uses the huge resources and powerful computing power on the Internet to provide users with data storage and complex data analysis, these services greatly reduce the cost of enterprises and Personal computing overhead and storage burden. In addition, cloud computing also provides elastic services. Cloud users can purchase services according to their needs, which can greatly save IT costs and improve the overall utilization of resources. Due to the advantages of cloud computing flexibility, convenience, and low cost, a large number of application service programs are hosted on cloud servers to provide services for users. For example, in a sma...

AI Technical Summary

Problems solved by technology

[0008] (1) Existing application services are mostly deployed on cloud servers. Semi-trusted cloud servers and untrusted application service providers may leak users’ privacy data to other unauthorized entities. Users hope that privacy data can support strict Access control to ensure personal privacy data will not be leaked to unauthorized entities including cloud servers

[0009] (2) When the data is shared with authorized users, the data owner loses control over the data

Authorized users may hand over shared data to an untrusted application server for processing, which will cause data privacy disclosure

[0010] (3) Existing solutions mostly use encryption to achieve secure data analysis, which increases the complexity of data calculation and analysis and introduces higher computational overhead

[0011] (4) SGX technology can realize privacy-protected data analysis and reduce computing overhead, but SGX cannot guarantee the credibility of its trusted function call process, so SGX technology cannot ensure that data only serves user requests, and unauthorized entities may Use private data to do unauthorized operations, which may cause privacy leaks

However, SGX cannot guarantee the correctness of enclave function call sequence, so unauthorized entities (such as cloud servers) may execute enclave functions out of order to obtain some unauthorized data calculation results

Images