开放云端计算环境中的任务执行代码安全机制

云端计算可以充分聚合Internet网络服务器端和边缘终端节点的计算资源来获得更大的效益。但将计算任务部署到用户终端上执行却带来了安全隐患。分属于不同用户的海量终端节点之行为显然不可靠,计算安全性也难以保障。特别是作为任务执行者的用户终端节点可能篡改任务中的程序代码或数据,返回的是虚假的结果,或是窥探有私密性要求的代码和数据。提出一种新的基于内嵌验证码的加密函数的代码保护机制,它可同时满足计算完整性和私密性,能够有效验证返回结果的正确性,并保障计算代码不被窥知。为了进一步提高任务执行的成功率和缩短作业周转时间,将任务代码优先分发给信誉良好且执行成功率高的节点来执行。还提出了一种评估任务执行节点可信性的方法。具体描述了任务执行代码保护机制的实现流程,并对机制的性能进行了详细的分析与验证。

Code Execution Security Mechanism for Open Cloud&Client Computing

The cloud & client computing can take full aggregation of network server-side and edge node computing resources of Internet to gain greater benefits. However, deploying tasks to terminal nodes would bring the corresponding security risks at the same time. The behaviors of terminal nodes belonging to different users are clearly not reliable,which means the computing security is difficult to guarantee. One of these security risks is that a terminal node working as the task executor may tamper with the program or data of the task, and return the fake result, or pry into the code and data with privacy requirement. hhis paper presented a new code protection mechanism based on encryption function with verification code meeting integrity and privacy both,which makes it possible to effectively verify the correctness of returned results and to guarantee the code not be spied. In order to improve the success rate of task implementation further and reduce job cycle time, tasks ought to be distributed to those nodes with good reputations and high success rate of task implementation to execute. This paper proposed the credibility evaluation of node,described the work procedure of the code protection mechanism and gave the analysis and verification of the security performance of the system in detail.