基于可信计算机制的云计算盲数据处理

针对云计算环境下数据处理时敏感数据易受非授权访问和非法篡改的问题,提出一种基于可信计算机制的盲数据处理方法。首先利用可信平台模块在云计算环境中建立可信根,确保敏感数据与云计算系统状态相绑定;然后构建盲数据处理环境,通过可信平台模块加密云间传输的信息,进行系统完整性度量和远程验证;最后采用椭圆曲线加密算法完成从源端到目标端的数据迁移。分析结果表明该方法可以为云计算数据处理提供安全的执行环境。

Blind data processing in cloud computing based on trusted computing mechanisms

Aimed at solving the problem that sensitive data was subjected to unauthorized access and illegal tampering during data processing in cloud computing environment, a new approach called blind data processing based on trusted computing mechanisms was proposed. First, the root of trust in cloud computing environment was established by using trusted platform module(TPM) to ensure that the sensitive data was bound to a particular state of a cloud computing system. Then, the blind data processing environment was constructed. The messages transmitted over the cloud were encrypted by using TPM. The system integrity was measured and the remote attestation was carried out. Data migration from the source to the target side was completed by using elliptic curve cryptographic algorithms. The analysis showed that the secure execution environment for data processing in cloud computing was provided by the proposed approach.