CN113302893B - Method and device for trust verification - Google Patents

Method and device for trust verification Download PDF

Info

Publication number
CN113302893B
CN113302893B CN201980088433.8A CN201980088433A CN113302893B CN 113302893 B CN113302893 B CN 113302893B CN 201980088433 A CN201980088433 A CN 201980088433A CN 113302893 B CN113302893 B CN 113302893B
Authority
CN
China
Prior art keywords
remote application
trust
identity
application
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201980088433.8A
Other languages
Chinese (zh)
Other versions
CN113302893A (en
Inventor
丹·图伊图
阿维盖尔·奥兰
阿亚尔·男爵
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Cloud Computing Technologies Co Ltd
Original Assignee
Huawei Cloud Computing Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Cloud Computing Technologies Co Ltd filed Critical Huawei Cloud Computing Technologies Co Ltd
Publication of CN113302893A publication Critical patent/CN113302893A/en
Application granted granted Critical
Publication of CN113302893B publication Critical patent/CN113302893B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention relates to an apparatus and a method for trust verification of a remote service, wherein an attestation request is sent to a service provider (300) attesting to an identity of a remote application (310) executed at least partly in a trusted execution environment (320) of the service provider (300); receiving an attestation response from the service provider (300) comprising the proof of request of the identity of the remote application (310); and wherein it is determined whether the identity of the remote application (310) is trusted based on the attestation response and at least one trust proof generated by at least one party other than the service provider (300).

Description

用于信任验证的方法及装置Method and device for trust verification

本发明涉及一种用于对分布式计算环境中的远程服务进行信任验证的方法和装置。The invention relates to a method and device for trust verification of remote services in a distributed computing environment.

背景技术Background technique

在分布式计算环境领域,云计算作为实现更灵活、可扩展性更高和更高效系统的一种方式变得越来越重要。但是,随着云计算服务的用户失去了对云提供商托管的数据和应用程序的直接控制,云服务的可信性成为阻碍云应用程序部署的主要问题。In the field of distributed computing environments, cloud computing is becoming increasingly important as a way to achieve more flexible, scalable, and efficient systems. However, as users of cloud computing services lose direct control over data and applications hosted by cloud providers, the trustworthiness of cloud services becomes a major issue hindering cloud application deployment.

为了吸引用户使用云服务,云/服务提供商提供可信服务,以向用户保证向服务提供的数据和应用程序保持安全并受到保护,并且服务将仅按照用户的预期使用这些数据和应用程序。To attract users to cloud services, cloud/service providers provide trusted services to assure users that data and applications provided to the service remain safe and protected, and that the service will only use such data and applications as intended by the user.

可信服务的一个示例是在线调查服务,其向调查参与者保证回答将保密,并且只会与调查的订购者共享汇总结果。此外,可向调查订购者保证调查问题和对应结果仍为其财产,不会与第三方共享。An example of a trusted service is an online survey service that assures survey participants that responses will be kept confidential and that aggregated results will only be shared with the survey's subscribers. Furthermore, survey subscribers are assured that the survey questions and corresponding results remain their property and will not be shared with third parties.

另一个示例是可信云服务,其向其客户保证他们的应用程序将在云中运行,不会被修改并且受到保护,即使将服务作为基础设施即服务(infrastructure as a service,IaaS)提供的云提供商也无法修改。Another example is a trusted cloud service, which assures its customers that their applications will run in the cloud, not be modified and protected, even if the service is provided as infrastructure as a service (IaaS). Cloud providers also cannot be modified.

可信服务可以使用可信执行环境(trusted execution environment,TEE)开发,如Intel SGX。TEE是处理器的一个安全区域,建立了一个隔离的执行环境,该隔离的执行环境提供了安全特征,如隔离执行、与TEE一起执行的应用程序的完整性以及其资产的机密性。Trusted services can be developed using a trusted execution environment (TEE), such as Intel SGX. The TEE is a secure area of the processor that establishes an isolated execution environment that provides security features such as isolated execution, integrity of applications executing with the TEE, and confidentiality of its assets.

Intel SGX等可信执行环境可确保在其中运行的应用程序具有以下属性:代码不可变性,即受保护的应用程序的逻辑无法更改;数据机密性,可确保未经授权无法访问应用程序;以及证明,即受保护的应用程序能够向第三方证明其身份,即它确实是在TEE中运行的特定程序。因此,使用TEE,服务提供商可以确保用户的资产受到保护,并确保所提供的服务能够向用户证明其身份。Trusted execution environments such as Intel SGX ensure that applications running within them have the following properties: code immutability, which means that the logic of the protected application cannot be changed; data confidentiality, which ensures that the application cannot be accessed without authorization; and attestation , that is, the protected application is able to prove its identity to third parties that it is indeed a specific program running in the TEE. Therefore, using TEE, service providers can ensure that users' assets are protected and that the services provided can prove their identity to users.

服务身份通常是较大的数字,例如256比特,可以是服务可执行文件(即应用程序的二进制代码)或包括服务和拓扑的单独组件的整个应用程序部署上的加密哈希的结果。The service identity is usually a large number, such as 256 bits, and can be the result of a cryptographic hash over the service executable (ie, the application's binary code) or the entire application deployment including the individual components of the service and topology.

已知的证明方案,如英特尔的SGX证明,使希望连接到特定服务的用户能够获得服务身份为X的证明。但是,用户对这类方案的使用有限,因为用户通常不知道是否应该信任具有身份X的服务以及为什么应信任具有身份X的服务。服务本身可能仍包括恶意软件或以其它方式损害用户的资产。因此,需要提供一种可以验证服务X是否可信的机制。该机制应对用户透明,以有利于检测欺诈行为。它还应该是通用的,易于在现有基础设施中实现。Known attestation schemes, such as Intel's SGX attestation, enable a user wishing to connect to a particular service to obtain attestation that the service's identity is X. However, users have limited use of such schemes because users generally do not know whether and why a service with identity X should be trusted. The Services themselves may still contain malware or otherwise damage users' assets. Therefore, it is necessary to provide a mechanism that can verify whether the service X is credible. The mechanism should be transparent to users to facilitate fraud detection. It should also be generic and easy to implement in existing infrastructure.

发明内容Contents of the invention

本发明提供了一种用于对远程服务进行信任验证的方法和装置,该方法和装置使用户或客户端可以确定具有特定身份的服务提供商的远程应用程序是否可以被信任。本发明提供了一种透明机制,将用户连接到远程服务,同时确保服务是可信的。The present invention provides a method and device for trust verification of remote services. The method and device enable users or clients to determine whether the remote application program of a service provider with a specific identity can be trusted. The present invention provides a transparent mechanism to connect users to remote services while ensuring that the services are trusted.

根据本发明的一个方面,提供了一种用于对远程服务进行信任验证的装置,其中,所述装置包括处理电路,所述处理电路用于:发送证明至少部分地在服务提供商的可信环境中执行的远程应用程序的身份的证明请求;从所述服务提供商接收包括所述远程应用程序的所述身份的所述请求证明的证明响应;根据所述证明响应和至少一个信任证据,确定所述远程应用程序的所述身份是否可信,其中,所述至少一个信任证据由不同于所述服务提供商的至少一方生成。所述可信环境优选是安全飞地。According to an aspect of the present invention, there is provided an apparatus for trust verification of a remote service, wherein the apparatus includes processing circuitry configured to: send a certificate at least in part in a service provider's trusted a request for attestation of the identity of a remote application executing in the environment; receiving an attestation response from said service provider including said requested attestation of said identity of said remote application; based on said attestation response and at least one evidence of trust, It is determined whether the identity of the remote application is trustworthy, wherein the at least one evidence of trust is generated by at least one party other than the service provider. The trusted environment is preferably a secure enclave.

所述处理电路还可以用于在确定所述远程应用程序的所述身份可信后连接到所述远程应用程序。所述处理电路还可以用于处理客户端与所述远程应用程序之间的所有网络流量。信任验证可以在装置的安全飞地中作为服务执行,并且处理电路还可以用于向客户端提供服务的证明。客户端与远程应用程序之间的网络流量优选通过安全通道。The processing circuitry is further operable to connect to the remote application after determining that the identity of the remote application is authentic. The processing circuitry can also be used to handle all network traffic between the client and the remote application. Trust verification can be performed as a service in the secure enclave of the device, and processing circuitry can also be used to provide proof of service to clients. Network traffic between the client and the remote application preferably travels over a secure channel.

根据另一方面,所述远程应用程序可以由所述服务提供商作为软件即服务(Software as a Service,SaaS)提供,其中,所述至少一个信任证据由不同于所述服务提供商和所述装置的第三方生成。According to another aspect, the remote application may be provided by the service provider as Software as a Service (SaaS), wherein the at least one evidence of trust is provided by a provider other than the service provider and the Third-party generation of the device.

所述至少一个信任证据可以包括所述第三方作出的证明,证明所述远程应用程序的所述身份是可信的,和/或可信应用程序身份列表,其中,确定所述远程应用程序的所述身份是否可信包括验证数字签名和/或将所述远程应用程序的所述身份与所述可信应用程序身份列表进行比较。所述证明优选是数字签名。The at least one evidence of trust may include a certification by the third party that the identity of the remote application is trusted, and/or a list of trusted application identities, wherein the identity of the remote application is determined to be Whether the identity is trusted includes verifying a digital signature and/or comparing the identity of the remote application to the list of trusted application identities. The proof is preferably a digital signature.

所述至少一个信任证据可以包括由所述第三方为所述远程应用程序生成的分析证明,其中,确定所述远程应用程序的所述身份是否可信包括将所述分析证明与至少一个需求设置进行比较,所述至少一个需求设置是预定义的和/或从客户端应用程序接收。所述第三方为所述远程应用程序生成的所述分析证明优选是所述远程应用程序关于恶意软件和/或后门的静态分析。The at least one evidence of trust may comprise a proof of analysis generated by the third party for the remote application, wherein determining whether the identity of the remote application is trusted comprises combining the proof of analysis with at least one requirement setting For comparison, the at least one requirement setting is predefined and/or received from a client application. The proof of analysis generated by the third party for the remote application is preferably a static analysis of the remote application with respect to malware and/or backdoors.

所述至少一个信任证据可以包括与所述远程应用程序的所述身份和/或所述服务提供商和/或所述远程应用程序的提供商相关的信任程度,其中,确定所述远程应用程序的所述身份是否可信包括将所述信任程度与阈值进行比较,所述阈值是预定义的和/或从客户端应用程序接收。Said at least one evidence of trust may comprise a degree of trust associated with said identity of said remote application and/or said service provider and/or a provider of said remote application, wherein determining said remote application Whether the identity is trusted includes comparing the degree of trust to a threshold, the threshold being predefined and/or received from a client application.

根据另一方面,所述远程应用程序可以是由所述客户端提供给所述服务提供商并由所述服务提供商作为基础设施即服务(Infrastructure as a Service,IaaS)执行的客户端/用户应用程序,其中,所述至少一个信任证据由所述客户端生成。所述至少一个信任证据可以基于所述远程应用程序的配置生成,其中,确定所述远程应用程序的所述身份是否可信包括所述处理电路在所述服务提供商的所述可信执行环境中使用所述配置计算所述远程应用程序的身份。According to another aspect, the remote application may be a client/user provided by the client to the service provider and executed by the service provider as Infrastructure as a Service (IaaS). An application, wherein the at least one trust evidence is generated by the client. The at least one evidence of trust may be generated based on a configuration of the remote application, wherein determining whether the identity of the remote application is trusted comprises the processing circuit performing an operation in the trusted execution environment of the service provider The identity of the remote application is computed using the configuration in .

根据本发明的另一方面,提供了一种用于对远程服务进行信任验证的方法,其中,所述方法包括:向服务提供商发送证明至少部分地在所述服务提供商的可信环境中执行的远程应用程序的身份的证明请求;从所述服务提供商接收包括所述远程应用程序的所述身份的所述请求证明的证明响应;根据所述证明响应和至少一个信任证据,确定所述远程应用程序的所述身份是否可信,其中,所述至少一个信任证据由不同于所述服务提供商的至少一方生成。所述可信环境优选是安全飞地。According to another aspect of the present invention, there is provided a method for trust verification of a remote service, wherein the method comprises: sending to a service provider an attestation that at least partly in the service provider's trusted environment requesting attestation of the identity of the executing remote application; receiving an attestation response from the service provider including the requested attestation of the identity of the remote application; based on the attestation response and at least one evidence of trust, determining the Whether the identity of the remote application is trusted, wherein the at least one evidence of trust is generated by at least one party different from the service provider. The trusted environment is preferably a secure enclave.

所述方法还可以包括在确定所述远程应用程序的所述身份可信后连接到所述远程应用程序。所述方法还可以包括处理客户端与所述远程应用程序之间的所有网络流量。所述信任验证本身可以作为服务在安全飞地中执行,此服务的证明可以提供给所述客户端。客户端与远程应用程序之间的网络流量优选通过安全通道。The method may also include connecting to the remote application after determining that the identity of the remote application is authentic. The method may also include handling all network traffic between the client and the remote application. The trust verification itself can be performed in the secure enclave as a service, proof of which can be provided to the client. Network traffic between the client and the remote application preferably travels over a secure channel.

根据另一方面,所述远程应用程序可以由所述服务提供商作为软件即服务(Software as a Service,SaaS)提供,其中,所述至少一个信任证据由不同于所述服务提供商和所述装置的第三方(即服务信任验证单元)生成。According to another aspect, the remote application may be provided by the service provider as Software as a Service (SaaS), wherein the at least one evidence of trust is provided by a provider other than the service provider and the Generated by a third party of the device (ie, the service trust verification unit).

所述至少一个信任证据可以包括所述第三方作出的证明,证明所述远程应用程序的所述身份是可信的,和/或可信应用程序身份列表,其中,确定所述远程应用程序的所述身份是否可信包括验证数字签名和/或将所述远程应用程序的所述身份与所述可信应用程序身份列表进行比较。所述证明优选是数字签名。The at least one evidence of trust may include a certification by the third party that the identity of the remote application is trusted, and/or a list of trusted application identities, wherein the identity of the remote application is determined to be Whether the identity is trusted includes verifying a digital signature and/or comparing the identity of the remote application to the list of trusted application identities. The proof is preferably a digital signature.

所述至少一个信任证据可以包括由所述第三方为所述远程应用程序生成的分析证明,其中,确定所述远程应用程序的所述身份是否可信包括将所述分析证明与至少一个需求设置进行比较,所述至少一个需求设置是预定义的和/或从客户端应用程序接收。所述分析证明优选是所述远程应用程序关于恶意软件和/或后门的静态分析。The at least one evidence of trust may comprise a proof of analysis generated by the third party for the remote application, wherein determining whether the identity of the remote application is trusted comprises combining the proof of analysis with at least one requirement setting For comparison, the at least one requirement setting is predefined and/or received from a client application. The proof of analysis is preferably a static analysis of the remote application with respect to malware and/or backdoors.

所述至少一个信任证据可以包括与所述远程应用程序的所述身份和/或所述服务提供商和/或所述远程应用程序的提供商相关的信任程度,其中,确定所述远程应用程序的所述身份是否可信包括将所述信任程度与阈值进行比较,所述阈值是预定义的和/或从客户端应用程序接收。Said at least one evidence of trust may comprise a degree of trust associated with said identity of said remote application and/or said service provider and/or a provider of said remote application, wherein determining said remote application Whether the identity is trusted includes comparing the degree of trust to a threshold, the threshold being predefined and/or received from a client application.

根据另一方面,所述远程应用程序可以是由所述客户端提供给所述服务提供商并由所述服务提供商作为基础设施即服务(Infrastructure as a Service,IaaS)执行的客户端/用户应用程序,其中,所述至少一个信任证据由所述客户端生成。所述至少一个信任证据可以基于所述远程应用程序的配置生成,其中,确定所述远程应用程序的所述身份是否可信包括所述客户端在所述服务提供商的所述可信执行环境中使用所述配置计算所述远程应用程序的身份。According to another aspect, the remote application may be a client/user provided by the client to the service provider and executed by the service provider as Infrastructure as a Service (IaaS). An application, wherein the at least one trust evidence is generated by the client. The at least one evidence of trust may be generated based on a configuration of the remote application, wherein determining whether the identity of the remote application is trusted includes the client being in the trusted execution environment of the service provider The identity of the remote application is computed using the configuration in .

此外,提供了一种存储指令的计算机可读介质,当所述指令在处理器中执行时,使所述处理器执行上述任一种方法。Furthermore, there is provided a computer-readable medium storing instructions, which, when executed in a processor, cause the processor to perform any one of the above-mentioned methods.

所述装置可以包括专用服务信任验证单元,用于执行上述任一种方法。所述服务信任验证单元或服务信任验证器可以实现为一个或多个软件模块或所述处理电路的单独单元。所述服务信任验证器可以实现为软件和硬件的组合。所描述的处理可以由通用处理器、CPU、GPU或现场可编程门阵列(field programmable gate array,FPGA)等芯片执行。但是,本发明不限于在可编程硬件上实现服务信任验证单元。所述单元还可以在专用集成电路(application-specific integrated circuit,ASIC)上实现,或者通过上述硬件组件的组合实现。The device may include a dedicated service trust verification unit, configured to perform any one of the above methods. The service trust verification unit or service trust verifier may be implemented as one or more software modules or as a separate unit of the processing circuit. The service trust verifier can be implemented as a combination of software and hardware. The described processing may be performed by chips such as a general-purpose processor, CPU, GPU, or field programmable gate array (field programmable gate array, FPGA). However, the invention is not limited to implementing a service trust verification unit on programmable hardware. The unit may also be implemented on an application-specific integrated circuit (ASIC), or through a combination of the above hardware components.

附图说明Description of drawings

下文结合附图对示例性实施例进行详细描述,其中:Exemplary embodiments are described in detail below with reference to the accompanying drawings, in which:

图1示意性地示出了远程服务(如远程计算)的通用客户端-服务器配置;Figure 1 schematically illustrates a generic client-server configuration for remote services such as remote computing;

图2示意性地示出了使用本领域已知的安全容器的可信计算配置;Figure 2 schematically illustrates a trusted computing configuration using secure containers known in the art;

图3示出了本发明提供的基于信任证据的信任验证的概念;Fig. 3 shows the concept of trust verification based on trust evidence provided by the present invention;

图4示出了本发明的第一实施例提供的用于远程服务的信任验证的配置;Fig. 4 shows the configuration for trust verification of remote services provided by the first embodiment of the present invention;

图5示出了本发明的第二实施例提供的用于远程服务的信任验证的配置。Fig. 5 shows the configuration for trust verification of remote services provided by the second embodiment of the present invention.

具体实施方式Detailed ways

本发明涉及如云计算、软件即服务(Software as a Service,SaaS)、基础设施即服务(Infrastructure as a Service,IaaS)和远程计算等远程服务的认证的一般技术领域。它为用户提供了一种透明机制,以确定具有经证明身份的远程应用程序是否可以被信任。The present invention relates to the general technical field of authentication of remote services such as cloud computing, software as a service (Software as a Service, SaaS), infrastructure as a service (Infrastructure as a Service, IaaS) and remote computing. It provides a transparent mechanism for users to determine whether a remote application with a proven identity can be trusted.

图1示意性地示出了远程服务的通用客户端-服务器架构。该配置包括与一个或多个服务器200通信的一个或多个客户端100。客户端可以通过用户设备或客户端设备实现,如下所述。服务器可以通过服务提供商和/或云提供商提供的服务器设备实现。但是,本发明不限于这些特定的实现方式,而是可以应用于本地客户端(设备)从远程服务器(设备)请求由服务器提供给客户端的服务的任何配置。可以理解,服务不仅可以由单个服务器或服务器设备提供,而且可以依赖于分布式系统架构。例如,服务器可以包括作为前端的Web服务器、应用服务器和数据库服务器。为简单起见,提供服务的远程实体,无论是单个服务器或服务器设备、分布式或基于微服务的系统等,在下文中都称为服务提供商。此外,客户端不限于单个客户端或客户端设备,而且可以包括分布式系统。客户端还可以在分布式环境中充当服务器本身,例如充当中间服务器。术语“客户端”在本文用于包括上述任一种架构,并且仅表示实体100(例如客户端设备)从远程实体200(例如服务器设备)接收服务。关于除了提供和接收远程服务之外的其它方面,客户端100和服务器200甚至可以切换角色。Figure 1 schematically shows a generic client-server architecture for remote services. The configuration includes one or more clients 100 in communication with one or more servers 200 . A client may be implemented by a user device or a client device, as described below. The server can be implemented by server equipment provided by the service provider and/or cloud provider. However, the invention is not limited to these particular implementations, but can be applied to any configuration where a local client (device) requests from a remote server (device) a service provided by the server to the client. It will be appreciated that services may not only be provided by a single server or server device, but may also rely on a distributed system architecture. For example, the server may include a Web server, an application server, and a database server as front ends. For simplicity, a remote entity providing a service, whether a single server or server device, a distributed or microservices-based system, etc., is hereinafter referred to as a service provider. Furthermore, a client is not limited to a single client or client device, but can include distributed systems. A client can also act as a server itself in a distributed environment, for example as an intermediary server. The term "client" is used herein to include any of the aforementioned architectures, and simply means that an entity 100 (eg, a client device) receives services from a remote entity 200 (eg, a server device). Regarding aspects other than providing and receiving remote services, the client 100 and the server 200 may even switch roles.

客户端100和服务提供商200可以可操作地连接到一个或多个相应的客户端数据存储器和服务器数据存储器(未示出),所述一个或多个相应的客户端数据存储器和服务器数据存储器可用于存储相应的客户端100和服务器200本地的信息,如应用代码、应用数据、输入数据、输出数据,身份验证数据等。Client 100 and service provider 200 may be operatively connected to one or more corresponding client data stores and server data stores (not shown) that It can be used to store the corresponding local information of the client 100 and the server 200, such as application code, application data, input data, output data, authentication data and so on.

客户端100和服务提供商200可以使用如箭头所示的通信框架在彼此之间通信信息。所述信息可以包括认证信息,如用于建立安全通信通道的密钥和/或签名、一个或多个应用程序,例如作为代码或二进制文件、用于执行远程应用程序的输入数据和/或配置数据、远程应用程序的输出数据,等等。The client 100 and the service provider 200 can communicate information between each other using a communication framework as indicated by arrows. Said information may include authentication information such as keys and/or signatures used to establish a secure communication channel, one or more applications, e.g. as code or binaries, input data and/or configuration used to execute remote applications data, output data from remote applications, and so on.

在IaaS架构中,远程应用程序可以由客户端100提供,并在由服务提供商执行之前通过通信通道传送给服务提供商200。在这种情况下,远程服务可以包括安装(例如编译)从客户端接收的应用代码,在服务提供商侧作为远程应用程序执行接收到的应用,并将执行结果传送回客户端100。在SaaS架构中,远程应用程序由服务提供商本身提供,并且远程服务包括可能对从客户端100接收的输入数据执行远程应用程序,并将结果传送到客户端。In an IaaS architecture, remote applications can be provided by the client 100 and delivered to the service provider 200 through a communication channel before being executed by the service provider. In this case, the remote service may include installing (eg, compiling) the application code received from the client, executing the received application as a remote application on the service provider side, and transmitting the execution result back to the client 100 . In a SaaS architecture, the remote application is provided by the service provider itself, and the remote service consists of possibly executing the remote application on input data received from the client 100 and delivering the result to the client.

用于客户端100与服务提供商200之间通信的通信框架可以实现任何熟知的通信技术和协议。通信框架可以实现为分组交换网络(例如,互联网等公共网络、企业内部网等专用网络等)、电路交换网络(例如,公共交换电话网络),或分组交换网络和电路交换网络的组合(具有合适的网关和转换器)。客户端-服务器架构可以包括各种公共通信元件,如发射器、接收器、收发器、无线电、网络接口、基带处理器、天线、放大器、滤波器、电源等。但是,实施例并不限于这些实现方式。The communication framework used for communication between the client 100 and the service provider 200 can implement any well-known communication technologies and protocols. The communication framework can be implemented as a packet-switched network (for example, a public network such as the Internet, a private network such as an intranet, etc.), a circuit-switched network (for example, a public switched telephone network), or a combination of a packet-switched network and a circuit-switched network (with suitable gateways and converters). A client-server architecture may include various common communication elements such as transmitters, receivers, transceivers, radios, network interfaces, baseband processors, antennas, amplifiers, filters, power supplies, etc. Embodiments, however, are not limited to these implementations.

通信框架可以实现布置成接收、通信和连接到通信网络的各种网络接口。网络接口可以视为输入/输出接口的专用形式。网络接口可以使用连接协议,包括但不限于直接连接、以太网(例如,厚、薄、双绞线10/100/1000Base T等)、令牌环、无线网络接口、蜂窝网络接口、IEEE 802.11a-x网络接口、IEEE 802.16网络接口、IEEE 802.20网络接口等。此外,可以使用多个网络接口与各种通信网络类型接合。例如,可以使用多个网络接口来通过广播、组播和单播网络进行通信。如果处理需求要求更高的速度和容量,分布式网络控制器架构可以类似地用于池化、负载均衡,以及以其它方式增加客户端100和服务器200所需的通信带宽。通信网络可以是有线和/或无线网络的任何一种和组合,包括但不限于直接互连、安全定制连接、私有网络(例如,企业内部网)、公共网络(例如,互联网)、个人区域网络(personal area network,PAN)、局域网(local area network,LAN)、城域网(metropolitan area network,MAN)、互联网上节点操作任务(operating missions asnodes on the Internet,OMNI)、广域网(wide area network,WAN)、无线网络、蜂窝网络,和其它通信网络。The communication framework may implement various network interfaces arranged to receive, communicate and connect to a communication network. A network interface can be thought of as a specialized form of an input/output interface. The network interface may use connection protocols including, but not limited to, direct connect, Ethernet (e.g., thick, thin, twisted pair 10/100/1000Base T, etc.), token ring, wireless network interface, cellular network interface, IEEE 802.11a-x Network interface, IEEE 802.16 network interface, IEEE 802.20 network interface, etc. Additionally, multiple network interfaces may be used to interface with various communication network types. For example, multiple network interfaces can be used to communicate over broadcast, multicast, and unicast networks. The distributed network controller architecture can similarly be used for pooling, load balancing, and otherwise increasing the communication bandwidth required by clients 100 and servers 200 if processing requirements demand higher speed and capacity. The communication network can be any type and combination of wired and/or wireless networks, including but not limited to direct interconnects, secure custom connections, private networks (e.g., corporate intranets), public networks (e.g., the Internet), personal area networks (personal area network, PAN), local area network (local area network, LAN), metropolitan area network (metropolitan area network, MAN), operating missions as nodes on the Internet (OMNI), wide area network (wide area network, WAN), wireless networks, cellular networks, and other communication networks.

如上所述,客户端100和服务器200可以各自包括设备,该设备可以是能够通过通信组件等接收、处理和发送信息的任何电子设备。电子设备的示例可以包括但不限于客户端设备、个人数字助理(personal digital assistant,PDA)、移动计算设备、智能手机、蜂窝电话、电子书阅读器、消息处理设备、计算机、个人计算机(personal computer,PC)、台式计算机、膝上型计算机、笔记本电脑、上网本计算机、手持计算机、平板计算机、服务器、服务器阵列或服务器农场、Web服务器、网络服务器、互联网服务器、工作站、网络设备、Web设备、分布式计算系统、多处理器系统、基于处理器的系统、消费电子设备、可编程消费电子设备、游戏设备、电视、机顶盒、无线接入点、基站、用户站、移动用户中心、无线网络控制器、路由器、集线器、网关、网桥、交换机、机器、或其组合。在此上下文中,实施例不受限制。As described above, the client 100 and the server 200 may each include a device, which may be any electronic device capable of receiving, processing, and transmitting information through a communication component or the like. Examples of electronic devices may include, but are not limited to, client devices, personal digital assistants (PDAs), mobile computing devices, smartphones, cellular phones, e-book readers, messaging devices, computers, personal computer , PC), desktop computer, laptop computer, notebook computer, netbook computer, handheld computer, tablet computer, server, server array or server farm, web server, web server, internet server, workstation, network device, web appliance, distribution Computing systems, multiprocessor systems, processor-based systems, consumer electronics devices, programmable consumer electronics devices, gaming devices, televisions, set-top boxes, wireless access points, base stations, subscriber stations, mobile subscriber centers, wireless network controllers , routers, hubs, gateways, bridges, switches, machines, or combinations thereof. In this context, the embodiments are not limited.

该设备可以为一个或多个应用程序(如示例性客户端应用程序110和远程应用程序210)、通信组件、操作系统,特别是操作系统的内核,以及使用一个或多个处理组件的其它软件元件执行处理操作或逻辑。处理组件可以包括各种硬件元件,如设备、逻辑设备、组件、处理器、微处理器、电路、处理器电路、电路元件(例如晶体管、电阻器、电容器、电感器等)、集成电路、专用集成电路(application specific integrated circuit,ASIC)、可编程逻辑设备(programmable logic device,PLD)、数字信号处理器(digital signalprocessor,DSP)、现场可编程门阵列(field programmable gate array,FPGA)、存储单元、逻辑门、寄存器、半导体设备、芯片、微芯片、芯片组等。软件元件的示例可以包括软件组件、程序、应用程序、计算机程序、应用程序、系统程序、软件开发程序、机器程序、操作系统软件、中间件、固件、软件模块、例程、子例程、函数、方法、过程、软件接口、应用程序接口(application program interface,API)、指令集、计算代码、计算机代码、代码段、计算机代码段、字、值、符号或其任何组合。根据给定实现方式的需要,确定以下描述的服务信任验证单元的实施例是否使用硬件元件和/或软件元件来实现可以根据任何数量的因素而变化,如期望的计算速率、功率电平、耐热性、处理周期预算、输入数据速率、输出数据速率、内存资源、数据总线速度和其它设计或性能限制。The device may be one or more applications (such as the exemplary client application 110 and remote application 210), communication components, operating systems, particularly kernels of operating systems, and other software using one or more processing components Elements perform processing operations or logic. Processing components may include various hardware elements such as devices, logic devices, components, processors, microprocessors, circuits, processor circuits, circuit elements (e.g., transistors, resistors, capacitors, inductors, etc.), integrated circuits, application-specific Integrated circuit (application specific integrated circuit, ASIC), programmable logic device (programmable logic device, PLD), digital signal processor (digital signal processor, DSP), field programmable gate array (field programmable gate array, FPGA), storage unit , logic gates, registers, semiconductor devices, chips, microchips, chipsets, etc. Examples of software elements may include software components, programs, application programs, computer programs, application programs, system programs, software development programs, machine programs, operating system software, middleware, firmware, software modules, routines, subroutines, functions , method, procedure, software interface, application program interface (application program interface, API), instruction set, computational code, computer code, code segment, computer code segment, word, value, symbol, or any combination thereof. Depending on the needs of a given implementation, determining whether an embodiment of the service trust verification unit described below is implemented using hardware elements and/or software elements can vary according to any number of factors, such as desired calculation rates, power levels, endurance thermality, processing cycle budget, input data rate, output data rate, memory resources, data bus speed, and other design or performance constraints.

设备可以使用一个或多个通信组件执行用于与其它设备通信的通信操作或逻辑。通信组件可以实现任何熟知的通信技术和协议,如适合用于分组交换网络(例如,互联网等公共网络、企业内部网等专用网络等)、电路交换网络(例如,公共交换电话网络),或分组交换网络和电路交换网络的组合(具有合适的网关和转换器)的技术。通信组件可以包括各种类型的标准通信元件,如一个或多个通信接口、网络接口、网络接口卡(network interfacecard,NIC)、无线电、无线发射器/接收器(收发器)、有线和/或无线通信介质、物理连接器,等等。作为示例而不是限制,通信介质包括有线通信介质和无线通信介质。有线通信介质的示例可以包括电线、电缆、金属引线、印刷电路板(printed circuit board,PCB)、背板、交换网、半导体材料、双绞线、同轴电缆、光纤、传播信号等。无线通信介质的示例可以包括声学、射频(radio-frequency,RF)频谱、红外和其它无线介质。A device may use one or more communication components to perform communication operations or logic for communicating with other devices. The communication components can implement any well-known communication technologies and protocols, such as those suitable for use in packet-switched networks (e.g., public networks such as the Internet, private networks such as intranets, etc.), circuit-switched networks (e.g., public switched telephone networks), or packet-switched networks. A combination (with appropriate gateways and switches) of switched and circuit-switched networks. The communication assembly may include various types of standard communication elements, such as one or more communication interfaces, network interfaces, network interface cards (NICs), radios, wireless transmitter/receivers (transceivers), wired and/or Wireless communication media, physical connectors, and more. By way of example, and not limitation, communication media includes wired communication media and wireless communication media. Examples of wired communications media may include a wire, cable, metal leads, printed circuit board (PCB), backplane, switched fabric, semiconductor material, twisted-pair wire, coaxial cable, fiber optics, propagated signal, and so on. Examples of wireless communication media may include acoustic, radio-frequency (radio-frequency (RF) spectrum, infrared, and other wireless media.

设备可以通过一个或多个通信组件使用图1所示的通信信号通过通信介质与其它设备通信。根据给定实现方式的需要,其它设备可以如图4所示在设备内部,也可以如图5所示在设备外部。A device may communicate with other devices over a communication medium through one or more communication components using the communication signals shown in FIG. 1 . According to the needs of a given implementation, other devices may be inside the device as shown in FIG. 4 , or outside the device as shown in FIG. 5 .

设备可以以分布式系统的形式实现,该分布式系统可以在多个计算实体上分布上述结构和/或操作的部分。分布式系统的示例可以包括但不限于客户端-服务器架构、3层架构、N层架构、紧耦合或集群架构、对等架构、主从架构、共享数据库架构,以及其它类型的分布式系统。在此上下文中,实施例不受限制。A device may be implemented in the form of a distributed system that distributes portions of the above structure and/or operation over multiple computing entities. Examples of distributed systems may include, but are not limited to, client-server architectures, 3-tier architectures, N-tier architectures, tightly coupled or clustered architectures, peer-to-peer architectures, master-slave architectures, shared database architectures, and other types of distributed systems. In this context, the embodiments are not limited.

客户端100和/或服务器200可以包括如下所述的计算架构。在一个实施例中,计算架构可以包括或实现为电子设备的一部分。电子设备的示例可以包括上述那些电子设备。在此上下文中,实施例不受限制。Client 100 and/or server 200 may include computing architecture as described below. In one embodiment, a computing architecture may include or be implemented as part of an electronic device. Examples of electronic devices may include those described above. In this context, the embodiments are not limited.

在本申请中使用的术语“装置”、“组件”、“客户端”、“服务器”、“服务提供商”、“软件提供商”和“服务信任验证器”旨在指计算机相关实体,为硬件、硬件和软件的组合、软件或执行中的软件,其示例由下文描述的示例性计算架构提供。例如,组件可以是但不限于在处理器上运行的进程、处理器、硬盘驱动器、(光学和/或磁性存储介质的)多个存储驱动器、对象、可执行文件、执行线程、程序,和/或计算机。例如,在服务器上运行的应用程序和服务器都可以是组件。一个或多个组件可以驻留在进程和/或执行线程内,组件可以位于一台计算机上和/或分布在两台或多台计算机之间。此外,组件可以通过各种类型的通信介质相互通信耦合,以协调操作。协调可能根据需要涉及单向或双向信息交换。例如,组件可以以通过通信介质传送的信号的形式传送信息。该信息可以实现为分配给各种信号线的信号。在这类分配中,每个消息都是一个信号。但是,其它实施例也可以采用数据消息。这类数据消息可以通过各种连接发送。示例性连接包括并行接口、串行接口和总线接口。As used in this application, the terms "apparatus", "component", "client", "server", "service provider", "software provider" and "service trust verifier" are intended to refer to computer-related entities that are Hardware, a combination of hardware and software, software, or software in execution, examples of which are provided by the exemplary computing architecture described below. For example, a component may be, but is not limited to, a process running on a processor, a processor, a hard drive, multiple storage drives (of optical and/or magnetic storage media), an object, an executable, a thread of execution, a program, and/or or computer. For example, an application running on a server and a server can both be components. One or more components can reside within a process and/or thread of execution and a component can be localized on one computer and/or distributed between two or more computers. In addition, components can be communicatively coupled to each other through various types of communication media to coordinate operations. Coordination may involve one-way or two-way exchange of information as required. For example, components may communicate information in the form of signals communicated over the communications media. This information can be implemented as signals assigned to various signal lines. In this type of allocation, each message is a signal. However, other embodiments may also employ data messages. Such data messages can be sent over various connections. Exemplary connections include parallel, serial, and bus interfaces.

计算架构可以包括各种公共计算元件,如一个或多个处理器、多核处理器、协处理器、存储单元、芯片组、控制器、外设、接口、振荡器、定时设备、显卡、声卡、多媒体输入/输出(I/O)组件、电源等。但是,这些实施例并不限于通过该计算架构实现。A computing architecture may include various common computing elements, such as one or more processors, multi-core processors, coprocessors, memory units, chipsets, controllers, peripherals, interfaces, oscillators, timing devices, graphics cards, sound cards, Multimedia input/output (I/O) components, power supplies, etc. However, the embodiments are not limited to implementation by this computing architecture.

计算架构可以包括处理单元、系统内存和系统总线。处理单元可以是各种商用处理器中的任何一种,包括但不限于

Figure BDA0003154653010000061
Figure BDA0003154653010000062
处理器;
Figure BDA0003154653010000063
应用程序、嵌入式和安全处理器;
Figure BDA0003154653010000064
Figure BDA0003154653010000065
Figure BDA0003154653010000066
处理器;IBM和
Figure BDA0003154653010000067
Cell处理器;
Figure BDA0003154653010000068
Core(2)
Figure BDA0003154653010000069
Figure BDA00031546530100000610
处理器;以及类似处理器。双微处理器、多核处理器和其它多处理器架构也可以用作处理单元。Computing architecture may include processing units, system memory, and system buses. The processing unit can be any of a variety of commercially available processors, including but not limited to
Figure BDA0003154653010000061
and
Figure BDA0003154653010000062
processor;
Figure BDA0003154653010000063
application, embedded and security processors;
Figure BDA0003154653010000064
and
Figure BDA0003154653010000065
and
Figure BDA0003154653010000066
Processor; IBM and
Figure BDA0003154653010000067
Cell processor;
Figure BDA0003154653010000068
Core(2)
Figure BDA0003154653010000069
and
Figure BDA00031546530100000610
processors; and similar processors. Dual microprocessors, multi-core processors, and other multi-processor architectures can also be used as processing units.

系统总线为系统组件提供接口,包括但不限于系统内存到处理单元的接口。系统总线可以是几种类型的总线结构中的任何一种,其可以使用各种商用总线架构中的任何一种进一步互连到存储器总线(具有或不具有内存控制器)、外围总线和本地总线。接口适配器可以通过插槽架构连接到系统总线。示例性插槽架构可以包括但不限于加速图形端口(accelerated graphics port,AGP)、卡总线、(扩展)行业标准架构((extended)industrystandard architecture,(E)ISA)、微通道架构(micro channel architecture,MCA)、NuBus、外围组件互连(扩展)(peripheral component interconnect(extended),PCI(X))、PCI Express、个人计算机内存卡国际协会(personal computer memory cardinternational association,PCMCIA)等。The system bus provides interfaces to system components, including but not limited to system memory to processing units. The system bus can be any of several types of bus structures, which can be further interconnected to a memory bus (with or without a memory controller), a peripheral bus, and a local bus using any of a variety of commercially available bus architectures . Interface adapters can be connected to the system bus through a socket architecture. Exemplary socket architectures may include, but are not limited to, accelerated graphics port (AGP), card bus, (extended) industry standard architecture ((E)ISA), micro channel architecture (micro channel architecture) , MCA), NuBus, peripheral component interconnect (extended), PCI (X)), PCI Express, personal computer memory card international association (personal computer memory card international association, PCMCIA), etc.

计算架构可以包括或实现计算机可读存储介质以存储逻辑。计算机可读存储介质的示例可以包括能够存储电子数据的任何有形介质,包括易失性存储器或非易失性存储器、可移动或不可移动存储器、可擦除或不可擦除存储器、可写或可重写存储器,等等。逻辑的示例可以包括使用任何合适类型的代码实现的可执行计算机程序指令,所述代码如源代码、编译代码、解释代码、可执行代码、静态代码、动态代码、面向对象代码、可视化代码等。实施例还可以至少部分地实现为包含在非瞬时性计算机可读介质中或在非瞬时性计算机可读介质上的指令,所述指令可以由一个或多个处理器读取和执行,以实现本文描述的操作性能。A computing architecture may include or implement a computer-readable storage medium to store logic. Examples of computer-readable storage media may include any tangible media capable of storing electronic data, including volatile or nonvolatile memory, removable or non-removable, erasable or non-erasable, writable or Rewrite memory, etc. Examples of logic may include executable computer program instructions implemented using any suitable type of code, such as source code, compiled code, interpreted code, executable code, static code, dynamic code, object-oriented code, visualization code, and the like. Embodiments can also be implemented at least in part as instructions embodied in or on a non-transitory computer-readable medium, which can be read and executed by one or more processors to implement Operational performance described herein.

系统存储器可以包括呈一个或多个高速存储单元的形式的各种类型的计算机可读存储介质,如只读存储器(read-only memory,ROM)、随机存取存储器(random-accessmemory,RAM)、动态RAM(dynamic RAM,DRAM)、双数据速率DRAM(double-data-rate DRAM,DDRAM)、同步DRAM(synchronous DRAM,SDRAM)、静态RAM(static RAM,SRAM)、可编程ROM(programmable ROM,PROM)、可擦除可编程ROM(erasable programmable ROM,EPROM)、电可擦除可编程ROM(electrically erasable programmable ROM,EEPROM)、闪存、聚合物存储器,如铁电聚合物存储器、奥氏存储器、相变或铁电存储器、硅-氧化物-氮化物-氧化物-硅(silicon-oxide-nitride-oxide-silicon,SONOS)存储器、磁卡或光卡、设备阵列,如独立冗余磁盘阵列(redundant array of independent disk,RAID)驱动器、固态存储设备(例如USB存储器、固态驱动器(solid state drive,SSD))和适合存储信息的任何其它类型的存储介质。系统存储器可以包括非易失性存储器和/或易失性存储器。基本输入/输出系统(basic input/output system,BIOS)可以存储在非易失性存储器中。The system memory may include various types of computer-readable storage media in the form of one or more high-speed storage units, such as read-only memory (ROM), random-access memory (RAM), Dynamic RAM (dynamic RAM, DRAM), double-data-rate DRAM (double-data-rate DRAM, DDRAM), synchronous DRAM (synchronous DRAM, SDRAM), static RAM (static RAM, SRAM), programmable ROM (programmable ROM, PROM ), erasable programmable ROM (erasable programmable ROM, EPROM), electrically erasable programmable ROM (electrically erasable programmable ROM, EEPROM), flash memory, polymer memory, such as ferroelectric polymer memory, Austenitic memory, phase variable or ferroelectric memory, silicon-oxide-nitride-oxide-silicon (silicon-oxide-nitride-oxide-silicon, SONOS) memory, magnetic card or optical card, device array, such as independent redundant disk array (redundant array) of independent disk (RAID) drives, solid-state storage devices (eg, USB memory, solid state drives (SSD)), and any other type of storage medium suitable for storing information. System memory may include non-volatile memory and/or volatile memory. A basic input/output system (BIOS) may be stored in non-volatile memory.

计算架构可以包括呈一个或多个低速存储单元的形式的各种类型的计算机可读存储介质,包括内置(或外置)硬盘驱动器(hard disk drive,HDD)、用于读取或写入可移动磁盘的磁性软盘驱动器(floppy disk drive,FDD),以及用于读取或写入可移动光盘的光盘驱动器(例如CD-ROM、DVD或蓝光)。HDD、FDD和光盘驱动器可以分别通过HDD接口、FDD接口和光盘驱动器接口连接到系统总线。用于外置驱动器实现的HDD接口可以包括通用串行总线(universal serial bus,USB)和IEEE 1394接口技术中的至少一种或两种。Computing architectures may include various types of computer-readable storage media in the form of one or more low-speed storage units, including internal (or external) hard disk drives (HDDs), A magnetic floppy disk drive (FDD) for removable disks, and an optical drive for reading or writing removable optical disks (such as CD-ROM, DVD, or Blu-ray). The HDD, FDD, and optical drive can be connected to the system bus through the HDD interface, the FDD interface, and the optical drive interface, respectively. The HDD interface implemented by the external drive may include at least one or two of universal serial bus (universal serial bus, USB) and IEEE 1394 interface technologies.

驱动器和相关的计算机可读介质提供数据、数据结构、计算机可执行指令等的易失性和/或非易失性存储器。例如,多个程序模块可以存储在驱动器和存储单元中,包括操作系统,特别是操作系统的内核、一个或多个应用程序(本文也称为应用程序),如示例性客户端应用程序110和示例性远程应用程序210、其它程序模块和程序数据。在一个实施例中,例如,一个或多个应用程序、其它程序模块和程序数据可以包括用于实现所公开实施例的各种应用程序和/或组件。The drives and associated computer-readable media provide volatile and/or nonvolatile storage of data, data structures, computer-executable instructions, and the like. For example, a plurality of program modules may be stored in the drives and storage unit, including an operating system, particularly the kernel of the operating system, one or more application programs (also referred to herein as application programs), such as exemplary client application 110 and Exemplary remote applications 210, other program modules and program data. In one embodiment, for example, one or more application programs, other program modules, and program data may include various applications and/or components for implementing the disclosed embodiments.

用户可以通过一个或多个有线/无线输入设备,例如键盘,以及鼠标等定点设备,将命令和信息输入计算设备中。其它输入设备可以包括麦克风、红外(infra-red,IR)遥控器、射频(radio-frequency,RF)遥控器、游戏垫、手写笔、读卡器、加密狗、指纹读取器、手套、绘图板、操纵杆、键盘、视网膜读取器、触摸屏(例如电容、电阻等)、轨迹球、触控板、传感器、触笔等。这些和其它输入设备通常通过耦合到系统总线的输入设备接口连接到处理单元,但可以通过其它接口连接,如并行端口、IEEE 1394串行端口、游戏端口、USB端口、IR接口,等等。A user can input commands and information into the computing device through one or more wired/wireless input devices, such as a keyboard and a pointing device such as a mouse. Other input devices may include microphones, infrared (infra-red (IR)) remotes, radio-frequency (radio-frequency (RF)) remotes, game pads, stylus, card readers, dongles, fingerprint readers, gloves, drawing Pads, joysticks, keyboards, retina readers, touch screens (e.g. capacitive, resistive, etc.), trackballs, trackpads, sensors, stylus, etc. These and other input devices are typically connected to the processing unit through input device interfaces coupled to the system bus, but may be connected through other interfaces such as parallel ports, IEEE 1394 serial ports, game ports, USB ports, IR interfaces, and the like.

显示器也可以通过接口(如视频适配器)连接到系统总线。显示器可以在计算设备内部或外部。除了显示器,计算设备通常包括其它外围设备输出设备,如扬声器、打印机等。A display can also be connected to the system bus through an interface such as a video adapter. The display can be internal or external to the computing device. In addition to displays, computing devices often include other peripheral output devices such as speakers, printers, and the like.

计算设备可以使用通过有线和/或无线通信到一个或多个远程计算机(如远程设备)的逻辑连接在网络环境中运行。远程设备可以是工作站、服务器计算机、路由器、个人计算机、便携式计算机、基于微处理器的娱乐设备、对端设备或其它公共网络节点,并且通常包括相对于计算架构描述的许多或所有元件。逻辑连接可以包括到局域网(local areanetwork,LAN)和/或更大网络(例如广域网(wide area network,WAN))的有线/无线连接。这类LAN和WAN网络环境在办公室和公司中很常见,并有助于实现企业范围的计算机网络,如内部网,所有这些网络都可以连接到全球通信网络,例如互联网。A computing device may operate in a networked environment using logical connections through wired and/or wireless communications to one or more remote computers (eg, remote devices). A remote device may be a workstation, server computer, router, personal computer, laptop computer, microprocessor-based entertainment device, peer device, or other public network node, and generally includes many or all of the elements described with respect to the computing architecture. Logical connections may include wired/wireless connections to a local area network (LAN) and/or a larger network (eg, a wide area network (WAN)). These types of LAN and WAN networking environments are commonplace in offices and corporations and facilitate enterprise-wide computer networks, such as intranets, all of which can connect to a global communications network, such as the Internet.

在LAN网络环境中使用时,设备通过有线和/或无线通信网络接口或适配器连接到LAN。适配器可以促进到LAN的有线和/或无线通信,所述LAN还可以包括设置在其上的无线接入点,用于与适配器的无线功能通信。When used in a LAN network environment, the device is connected to the LAN through a wired and/or wireless communication network interface or adapter. The adapter may facilitate wired and/or wireless communications to a LAN, which may also include a wireless access point disposed thereon for communicating with the adapter's wireless functionality.

当在WAN网络环境中使用时,设备可以包括调制解调器,或连接到WAN上的通信服务器,或具有其它通过WAN建立通信的手段,例如通过互联网。调制解调器可以是内部或外部有线和/或无线设备,通过输入设备接口连接到系统总线。在网络环境中,程序模块或其部分可以存储在远程存储器/存储设备中。应当理解,网络连接是示例性的,并且可以使用在设备之间建立通信链路的其它手段。When used in a WAN network environment, the device may include a modem, or a communications server connected to the WAN, or have other means of establishing communications over the WAN, such as through the Internet. A modem can be an internal or external wired and/or wireless device connected to the system bus through an input device interface. In a network environment, program modules, or portions thereof, may be stored in remote memory/storage devices. It will be appreciated that a network connection is exemplary and other means of establishing a communications link between the devices may be used.

客户端/服务器设备可用于使用IEEE 802系列标准与有线和无线设备或实体通信,例如可操作地布置在无线通信中的无线设备(例如,IEEE 802.11空中调制技术)。这至少包括Wi-Fi(或无线保真)、WiMax和蓝牙TM无线技术等。因此,通信可以是与传统网络一样的预定义结构,也可以是至少两个设备之间的临时通信。Wi-Fi网络使用称为IEEE 802.11x(a、b、g、n、ac等)的无线电技术来提供安全、可靠、快速的无线连接。Wi-Fi网络可用于将设备相互连接,将设备连接到互联网和有线网络(使用IEEE 802.3相关介质和功能)。Client/server devices may be used to communicate with wired and wireless devices or entities, such as wireless devices operatively arranged in wireless communications (eg, IEEE 802.11 over-the-air modulation techniques), using the IEEE 802 series of standards. This includes at least Wi-Fi (or Wireless Fidelity), WiMax, and Bluetooth wireless technologies, among others. Therefore, the communication can be a predefined structure like a traditional network, or it can be an ad-hoc communication between at least two devices. Wi-Fi networks use radio technologies known as IEEE 802.11x (a, b, g, n, ac, etc.) to provide secure, reliable, and fast wireless connections. Wi-Fi networks can be used to connect devices to each other, to the Internet and to wired networks (using IEEE 802.3 related media and functions).

图1所示的远程计算等远程服务本质上是不安全的,并且经常会受到安全漏洞的影响,这可能会危及用户的服务和/或资产,因为远程设备由通常不受信任的一方(服务提供商)拥有和维护。可信服务是一个相对较新的概念,因此解决方案的数量有限。Remote services such as remote computing shown in Figure 1 are inherently insecure and are often subject to security breaches that can compromise the user's services and/or assets because the remote device is managed by a usually untrusted party (service provider) owned and maintained. Trusted services are a relatively new concept, so the number of solutions is limited.

HTTPS协议可以与经过认证的服务器建立安全通道。服务器认证可以基于服务器提供的X.509证书,该X.509证书由先验可信证书颁发中心,特别是根证书颁发中心证明和签名。即使服务器可以通过这种方式进行认证,并可以建立提供机密性和通信完整性的安全通道,该过程仍可能受到服务提供商侧的恶意软件的破坏。权限级别高于远程应用程序的软件组件,特别是包括虚拟机管理程序(也称为虚拟机监视器(virtual machinemonitor,VMM))和操作系统内核的系统软件组件,对远程应用程序进行内存访问可能会损害远程应用程序,例如,当相应的软件组件包括恶意软件时。在这种情况下,即使例如通过传输层安全(transport layer security,TLS)客户端进行的安全通道的设置也可能受到损害,从而无法保证机密性和通信完整性。The HTTPS protocol can establish a secure channel with an authenticated server. Server authentication may be based on an X.509 certificate provided by the server, certified and signed by a priori trusted certificate authority, in particular a root certificate authority. Even if the server can be authenticated in this way and a secure channel can be established that provides confidentiality and communication integrity, the process can still be compromised by malware on the service provider's side. Software components with a higher authority level than remote applications, especially system software components including virtual machine hypervisor (also known as virtual machine monitor (VMM)) and operating system kernel, memory access to remote applications may Can compromise remote applications, for example, when the corresponding software components include malware. In this case, even the setting of a secure channel, eg, by a transport layer security (TLS) client, may be compromised, making it impossible to guarantee confidentiality and communication integrity.

为了解决权限级别更高的恶意软件的问题,引入了可信执行环境的概念。以最低权限级别运行的远程应用程序(如Web服务器或游戏客户端)的应用程序代码在隔离的执行环境(即安全容器或安全飞地)中执行。即使特权系统代码也禁止访问飞地的内容,飞地的代码和数据如此受到保护。而是提供了一组有限的受信任函数,这些函数可用于访问飞地的内容。To address the issue of malware with higher privilege levels, the concept of a Trusted Execution Environment was introduced. The application code of a remote application (such as a web server or game client) running at the least privilege level is executed in an isolated execution environment (i.e., a secure container or secure enclave). Even privileged system code is forbidden from accessing the contents of the enclave, and the code and data of the enclave are so protected. Instead, a limited set of trusted functions are provided that can be used to access the contents of the enclave.

可信执行环境的一个示例是英特尔的软件保护扩展(software guardextensions,SGX),如Victor Costan和Srinivas Devadas于2016年发表在IACR密码学电子资料库(IACR Cryptology ePrint Archive)中的综述论文‘Intel SGX Explained(英特尔SGX解释)’中详细描述的。SGX是英特尔架构的一组扩展,旨在为在所有特权软件(内核、虚拟机管理程序等)都可能是恶意软件的计算机上执行的安全敏感计算提供完整性和机密性保证。启用SGX的处理器通过将飞地的代码和数据与外部计算环境(包括操作系统和虚拟机管理程序以及连接到系统总线的硬件设备)隔离,保护飞地内计算的完整性和机密性。在SGX中,飞地(安全容器)仅包括计算中的私有数据和对其操作的代码。应用程序通常使用受信任和不受信任的部分构建,其中,仅受信任的部分在飞地内执行。飞地可以协同工作,以支持分布式架构。飞地代码和数据安全运行,并且写入磁盘的飞地数据将被加密并检查完整性。An example of a trusted execution environment is Intel's software guard extensions (SGX), as described in the review paper 'Intel SGX Explained (Intel SGX Interpretation)' described in detail. SGX is a set of extensions to Intel Architecture designed to provide integrity and confidentiality guarantees for security-sensitive computations performed on computers where all privileged software (kernel, hypervisor, etc.) could be malware. SGX-enabled processors protect the integrity and confidentiality of computing within an enclave by isolating the code and data of the enclave from the external computing environment, including the operating system and hypervisor, as well as hardware devices connected to the system bus. In SGX, an enclave (secure container) includes only the private data in the computation and the code to operate on it. Applications are often built using trusted and untrusted parts, where only the trusted part executes within the enclave. Enclaves can work together to support a distributed architecture. Enclave code and data run securely, and enclave data written to disk is encrypted and integrity checked.

图2示意性地示出了图1的客户端-服务器架构的修改配置,用于使用如上所述的安全容器进行可信计算。在这种配置中,服务提供商300提供可信执行环境320,在该可信执行环境320中,一个或多个安全飞地330被初始化以执行最终提供客户端100请求的远程服务的远程应用程序310。为简单起见,图中仅示出了远程应用程序的受信任部分。Figure 2 schematically shows a modified configuration of the client-server architecture of Figure 1 for trusted computing using secure containers as described above. In this configuration, the service provider 300 provides a trusted execution environment 320 in which one or more secure enclaves 330 are initialized to execute remote applications that ultimately provide the remote services requested by the client 100 Procedure 310. For simplicity, only the trusted portion of the remote application is shown in the figure.

典型的执行可以如下所示。首先,使用受信任和不受信任的部分构建远程应用程序。应用程序可以由服务提供商300本身提供(例如,作为SaaS提供),或者通过安全通道从客户端100接收。当应用程序运行时,创建位于处理器的受信任内存中的飞地。调用受信任函数,并将执行转换到飞地。飞地可以清楚观察到所有处理数据,同时拒绝外部访问飞地数据。受信任函数返回飞地数据,应用程序继续正常执行。A typical execution could look like this. First, build the remote application with trusted and untrusted parts. The application program may be provided by the service provider 300 itself (for example, provided as SaaS), or received from the client 100 through a secure channel. Creates an enclave that resides in the processor's trusted memory when the application runs. Calls a trusted function and transfers execution to the enclave. The enclave can clearly observe all processing data, while denying external access to the enclave data. The trusted function returns the enclave data, and the application continues to execute normally.

与其前身可信平台模型(trusted platform model,TPM)和可信执行技术(trusted execution technology,TXT)一样,SGX依靠软件证明向用户证明其正在与在可信硬件托管的安全容器中运行的特定软件进行通信。证据可以是加密哈希,如SHA-1、SHA-2、SHA-256、MD4或MD5,用于证明安全容器内容的哈希。服务提供商可以在安全容器中加载任何应用程序,但用户/客户端将拒绝将其数据加载到内容的哈希与预期值不匹配的安全容器中。处理器和飞地专用密封密钥可用于安全地存储和检索可能需要存储在磁盘上的敏感信息。Like its predecessors Trusted Platform Model (TPM) and Trusted Execution Technology (TXT), SGX relies on software attestation to prove to users that it is interacting with specific software running in secure containers hosted on trusted hardware. to communicate. Evidence can be a cryptographic hash, such as SHA-1, SHA-2, SHA-256, MD4, or MD5, used to attest to the hash of the contents of the secure container. A service provider can load any application in a secure container, but users/clients will refuse to load their data into a secure container whose content's hash does not match the expected value. Processor and enclave-specific sealed keys can be used to securely store and retrieve sensitive information that may need to be stored on disk.

SGX飞地330可以生成包括飞地数据的加密哈希的SGX报告,例如远程应用程序310。服务提供商还可以在SGX报告上生成可链接引用,该可链接引用可以由引用飞地(quoting enclave,QE)(未示出)签署,该引用飞地继而可以在包括报告和加密哈希的SGX报告上生成引用Q。引用飞地(quoting enclave,QE)可以作为服务提供商300侧的单独飞地提供。SGX飞地330可以请求第三方证明服务(例如英特尔的证明服务(Intel'sattestation service,IAS))证明引用Q,该第三方证明服务可以驻留在远程服务器上。来自证明服务的证明响应可以使用公钥签名,并可能包括引用的副本。然后,服务提供商300可以将引用、关于所述引用的IAS证明报告和数据作为证明响应发送到在对应的证明请求中请求证明的客户端100。在接收到证明响应之后,客户端100可以通过使用公钥检查IAS响应上的签名来验证引用的有效性。客户端可以进一步验证数据的加密哈希是否对应于引用中的哈希。以这种方式,可以信任数据直接来自发送飞地。SGX enclave 330 may generate an SGX report, such as remote application 310 , including a cryptographic hash of enclave data. The service provider can also generate a linkable quote on the SGX report, which can be signed by a quoting enclave (QE) (not shown), which in turn can be included in the report and cryptographic hash. SGX report generates reference Q. A quoting enclave (QE) may be provided as a separate enclave on the service provider 300 side. SGX enclave 330 may request a third-party attestation service (eg, Intel's attestation service (IAS)) to attest reference Q, which may reside on a remote server. Attestation responses from attestation services MAY be signed with a public key and may include a copy of the reference. The service provider 300 may then send the reference, the IAS certification report and data on the reference as a certification response to the client 100 requesting certification in the corresponding certification request. After receiving the attestation response, the client 100 can verify the validity of the reference by checking the signature on the IAS response using the public key. Clients can further verify that the cryptographic hash of the data corresponds to the hash in the reference. In this way, data can be trusted to come directly from the sending enclave.

加密哈希可以对远程应用程序310可能需要由服务提供商300的安全飞地330安全地处理的任何数据生成。例如,数据可以包括应用程序的二进制代码。A cryptographic hash may be generated for any data that the remote application 310 may need to be securely handled by the secure enclave 330 of the service provider 300 . For example, the data may include the binary code of an application.

如果应用程序生成用于在客户端100与安全飞地330之间建立安全通道的公钥,则客户端可以使用对应二进制代码的加密哈希来验证公钥由身份由哈希提供的SGX保护的应用程序生成。公钥可用于为客户端100与安全飞地330之间的安全通道生成共享秘密。If the application generates a public key for establishing a secure channel between the client 100 and the secure enclave 330, the client can use a cryptographic hash of the corresponding binary code to verify that the public key is protected by the SGX whose identity is provided by the hash Application generation. The public key can be used to generate a shared secret for the secure channel between the client 100 and the secure enclave 330 .

如果应用程序是待作为服务(包括SaaS和IaaS)执行的远程应用程序,则加密哈希可用作应用程序的身份。在这种情况下,客户端100能够根据证明响应验证应用程序的身份。If the application is a remote application to be executed as a service (including SaaS and IaaS), the cryptographic hash can be used as the identity of the application. In this case, the client 100 is able to verify the identity of the application based on the attestation response.

通过使用图2的可信执行环境和证明扩展图1的客户端-服务器架构,客户端100可以验证在服务提供商300的可信执行环境320中执行的远程应用程序310的身份。但是,问题仍然是确定是否可以信任具有验证身份的应用程序。例如,对于由服务提供商300作为SaaS提供的应用程序,其本身包括恶意代码或例如因在安全飞地之外包括不安全的函数调用而不安全,可能会出现安全漏洞。在这种情况下,仅仅验证应用程序ID无法检测到安全漏洞。By extending the client-server architecture of FIG. 1 with the trusted execution environment and attestation of FIG. 2 , the client 100 can verify the identity of the remote application 310 executing in the trusted execution environment 320 of the service provider 300 . However, the problem remains to determine whether an application with a verified identity can be trusted. For example, a security breach may arise for an application provided by the service provider 300 as SaaS that itself includes malicious code or is insecure, eg, by including unsafe function calls outside the secure enclave. In this case, verifying the App ID alone cannot detect the security breach.

本发明通过向图2的安全远程计算系统添加另一个实体来解决这个问题,该实体收集远程应用程序可以被信任的一个或多个证据。图3示出了本发明提供的基于信任证据的信任验证的概念。图4和图5示出了本发明的实施例提供的用于对远程服务进行信任验证的两种可选配置。The present invention solves this problem by adding another entity to the secure remote computing system of FIG. 2 that collects one or more evidences that the remote application can be trusted. Fig. 3 shows the concept of trust verification based on trust evidence provided by the present invention. FIG. 4 and FIG. 5 show two optional configurations for trust verification of remote services provided by the embodiments of the present invention.

根据本发明,提供了称为服务信任验证器的服务信任验证单元400,以管理客户端100与远程应用程序310之间的通信。服务信任验证器可以实现为装置或设备,特别是实现为图5所示的远程计算机600的一部分,作为应用程序或应用模块,特别是网页浏览器的插件模块,由客户端100或远程计算机600或其组合执行。According to the present invention, a service trust verification unit 400 called a service trust verifier is provided to manage the communication between the client 100 and the remote application 310 . The service trust verifier can be implemented as a device or device, especially as a part of the remote computer 600 shown in FIG. or a combination thereof.

服务信任验证器400是为了提供中间实体,当客户端希望与远程服务通信,或远程服务希望与客户端通信时,该中间实体确定特定远程服务或远程应用程序310是可信的。特别由服务信任验证器400在客户端请求通过远程应用程序提供的远程服务时确定远程应用程序是否可信。在服务信任验证器400确定特定远程服务可信之后,可以在客户端100与安全飞地330之间建立连接。该连接可以是直接连接,即在与特定远程服务相关的未来通信中绕过服务信任验证器400,或者可以通过服务信任验证器400建立。The service trust verifier 400 is to provide an intermediary entity that determines that a particular remote service or remote application 310 is trusted when a client wishes to communicate with a remote service, or when a remote service wishes to communicate with a client. In particular, it is determined by the service trust verifier 400 whether the remote application is trustworthy when a client requests a remote service provided by the remote application. After the service trust verifier 400 determines that a particular remote service is trustworthy, a connection can be established between the client 100 and the secure enclave 330 . This connection may be a direct connection, ie bypassing the service trust verifier 400 in future communications related to the particular remote service, or may be established through the service trust verifier 400 .

在后一种情况下,客户端100与远程应用程序310之间的所有网络流量,或更具体地说,与安全飞地330之间的所有网络流量都由服务信任验证器400处理。由于在这种情况下客户端100与远程应用程序310之间没有直接通信,因此与使用标准网络协议(如TLS上的HTTPS)相比,增加了额外的安全级别。但是,客户端100与服务信任验证器400之间以及服务信任验证器400与服务提供商300之间的通信可以使用标准网络协议,如TLS上的HTTPS。可以根据如上所述的公钥和证明在服务信任验证器400与安全飞地330之间建立安全通道。服务信任验证器400可以设计为可信实体,例如通过将其定位在用户的场所。如果服务信任验证器作为单独的实体提供,例如作为如图5所示的远程计算机600的一部分提供,则服务信任验证器本身必须引导为受信任的,例如下文关于图5所述的。In the latter case, all network traffic between client 100 and remote application 310 , or more specifically, secure enclave 330 , is handled by service trust verifier 400 . Since there is no direct communication between the client 100 and the remote application 310 in this case, an additional level of security is added compared to using standard network protocols such as HTTPS over TLS. However, communications between the client 100 and the service trust verifier 400 and between the service trust verifier 400 and the service provider 300 may use standard network protocols, such as HTTPS over TLS. A secure channel can be established between the service trust verifier 400 and the secure enclave 330 based on the public key and certificate as described above. The service trust verifier 400 may be designed as a trusted entity, for example by locating it at the user's premises. If the service trust verifier is provided as a separate entity, eg as part of the remote computer 600 as shown in Figure 5, the service trust verifier itself must be bootstrapped as trusted, eg as described below with respect to Figure 5 .

服务信任验证器可以作为用户场所的独立设备提供,也可以集成到客户端中,例如网页浏览器,如图4所示。或者,服务信任验证器可以作为服务本身位于用户的场所之外,如上所述,如图5所示。The service trust verifier can be provided as a stand-alone device at the user's premises, or it can be integrated into a client, such as a web browser, as shown in Figure 4. Alternatively, the service trust verifier can be located outside the user's premises as a service itself, as described above, as shown in Figure 5.

在下文中,参考图3大体描述本发明提供的远程服务的信任验证方法。该过程从客户端100,或更具体地说,客户端应用程序110开始,通过服务信任验证器400发出对远程应用程序310提供的特定服务的请求。如果必要,例如,如果服务信任验证器作为单独的设备,特别是远程设备提供,则在可以发出对远程服务的请求之前,在客户端100与服务信任验证器400之间建立安全通道。Hereinafter, the trust verification method of the remote service provided by the present invention is generally described with reference to FIG. 3 . The process begins with a client 100, or more specifically, a client application 110, issuing a request for a particular service provided by a remote application 310 through a service trust verifier 400. If necessary, eg if the service trust verifier is provided as a separate device, in particular a remote device, a secure channel is established between the client 100 and the service trust verifier 400 before a request for the remote service can be issued.

根据该请求,服务信任验证器400识别能够提供所请求服务的服务提供商300,并向服务提供商300发送证明对应远程应用程序的身份的证明请求。例如,证明请求可以包括在本领域已知的对远程服务的请求中。如本领域已知的,证明请求和对应的证明响应可以通过服务信任验证器400与服务提供商300之间的安全通道进行通信。如果对远程服务的请求是对SaaS服务的请求,则该请求可以包括呈应用程序代码或二进制文件形式在服务提供商300侧执行的用户应用程序或客户端应用程序。用户应用程序可以作为服务请求和/或证明请求的结果在服务提供商300的安全飞地330内传输和构建。因此,在将证明请求传送给服务提供商之前,服务信任验证器400可以将单独的服务请求传送给服务提供商300。或者,服务请求和证明请求可以一起传输,特别是作为单个请求传输。According to the request, the service trust verifier 400 identifies a service provider 300 capable of providing the requested service, and sends an attestation request to the service provider 300 certifying the identity of the corresponding remote application. For example, a request for certification may be included in a request for remote service as is known in the art. Attestation requests and corresponding attestation responses may be communicated over a secure channel between the service trust verifier 400 and the service provider 300 as is known in the art. If the request for a remote service is a request for a SaaS service, the request may include a user application or a client application executed at the service provider 300 side in the form of application code or binary files. User applications may be transferred and built within the secure enclave 330 of the service provider 300 as a result of service requests and/or certification requests. Accordingly, the service trust verifier 400 may transmit a separate service request to the service provider 300 before transmitting the attestation request to the service provider. Alternatively, the request for service and the request for attestation may be transmitted together, in particular as a single request.

在接收到服务请求和可选的证明请求后,服务提供商300在可信执行环境320中初始化安全飞地330,以执行远程应用程序310。初始化安全飞地可以特别包括构建远程应用程序,例如编译远程应用程序。术语“远程应用程序”在本发明中用于包括独立应用程序以及分布式应用程序。因此,软件证明可以针对独立应用程序或分布式应用程序执行。因此,可以针对单个服务器设备或分布式系统上的多个协作安全飞地执行分布式证明。After receiving the service request and optional attestation request, the service provider 300 initializes a secure enclave 330 in the trusted execution environment 320 to execute the remote application 310 . Initializing the secure enclave may specifically include building the remote application, eg compiling the remote application. The term "remote application" is used in this invention to include stand-alone applications as well as distributed applications. Therefore, software proofs can be performed for stand-alone applications or distributed applications. Thus, distributed attestation can be performed against a single server device or across multiple cooperating secure enclaves on a distributed system.

作为软件证明的一部分,可信执行环境可以签署一小块证明数据,从而产生证明签名,如本领域已知的。除了证明数据外,签名消息还包括唯一标识远程应用程序的测量。证明数据可以特别包括可用于在服务信任验证器400与安全飞地330之间建立安全通道的公钥。测量(在这里和下文中称为远程应用程序的身份)可以包括一个或多个安全飞地内容的加密哈希或由其组成。例如,可以对远程应用程序的二进制文件进行加密哈希以产生远程应用程序的唯一身份。可以对其它或替代数据进行加密哈希以产生身份。例如,当飞地经历构建和初始化过程的每个步骤时,飞地日志的加密哈希可以用作远程应用程序的身份。此外,远程应用程序的配置,特别是关于分布式应用程序的配置,可以包括在加密哈希中。最后,执行远程应用程序所需的附加数据,特别是输入数据,可以包括在加密哈希中。As part of software attestation, a trusted execution environment may sign a small piece of attestation data, resulting in attestation signatures, as is known in the art. In addition to attestation data, signed messages include measurements that uniquely identify the remote application. The attestation data may include, inter alia, a public key usable to establish a secure channel between the service trust verifier 400 and the secure enclave 330 . The measurement (here and hereinafter referred to as the identity of the remote application) may comprise or consist of one or more cryptographic hashes of the content of the secure enclave. For example, a binary file of a remote application can be cryptographically hashed to produce a unique identity for the remote application. Additional or alternative data may be cryptographically hashed to produce an identity. For example, a cryptographic hash of the enclave's logs can be used as the identity of the remote application as the enclave goes through each step of the build and initialization process. Furthermore, the configuration of remote applications, especially with respect to distributed applications, can be included in the cryptographic hash. Finally, additional data required to execute the remote application, especially input data, can be included in the cryptographic hash.

因此,远程应用程序的身份在所使用的加密哈希函数(如SHA-1、SHA-2、SHA-256、MD4或MD5)的限制内构成唯一身份。因此,远程应用程序的身份可用于使客户端或第三方相信特定软件正在受可信硬件托管的安全容器中运行。此外,证明签名可用于使客户或第三方相信证明数据是由特定软件(即远程应用程序)产生的。由于应用程序ID可以包括关于服务提供商300的系统架构的远程应用程序的配置,因此它还提供关于远程应用程序的配置的完整性。Thus, the identity of the remote application constitutes a unique identity within the constraints of the cryptographic hash function used (such as SHA-1, SHA-2, SHA-256, MD4 or MD5). Thus, the identity of a remote application can be used to convince a client or third party that a particular piece of software is running in a secure container hosted on trusted hardware. Additionally, attestation signatures can be used to convince a client or third party that attestation data was generated by specific software (ie, a remote application). Since the application ID may include the configuration of the remote application with respect to the system architecture of the service provider 300, it also provides integrity with respect to the configuration of the remote application.

在计算远程应用程序的身份之后,根据本发明的服务提供商300向服务信任验证器400发送包括远程应用程序的身份的请求证明的证明响应。如上所述,证明响应可以包括附加信息,如证明签名、用于执行远程应用程序的分布式执行环境的拓扑或配置等,作为元数据。After computing the identity of the remote application, the service provider 300 according to the invention sends to the service trust verifier 400 an attestation response comprising the requested attestation of the identity of the remote application. As mentioned above, the attestation response may include additional information, such as attestation signature, topology or configuration of the distributed execution environment used to execute the remote application, etc., as metadata.

在接收到证明响应后,服务信任验证器400根据证明响应和至少一个信任证据执行信任验证。根据本发明,服务信任验证器使用包括在证明响应中的信息,特别是远程应用程序的证明身份和/或元数据,结合由不同于服务提供商300的至少一方生成的一个或多个信任证据,以自动确定远程应用程序的身份是否可信。After receiving the attestation response, the service trust verifier 400 performs trust verification based on the attestation response and at least one trust evidence. According to the invention, the service trust verifier uses the information included in the attestation response, in particular the attestation identity and/or metadata of the remote application, in combination with one or more trust attestations generated by at least one party other than the service provider 300 , to automatically determine whether the identity of the remote application is trusted.

不同于服务提供商的至少一方可以是第三方,特别是可信第三方(trusted thirdparty,TTP),或客户端100,或服务信任验证器400本身。根据本发明,根据至少一方与服务提供商300的独立性来建立信任。此外,通过提供关于远程应用程序在远程应用程序的证明身份方面的可信性的附加、独立信息的方式,选择和生成下文详细描述的信任证据。根据请求服务的敏感性,特别是用户所涉及资产的敏感性,可能需要更多的信任证据来确定远程应用程序的可信性。例如,服务信任验证器可以使用作为服务信任验证器的存储单元中的配置文件提供的需求设置来确定需要哪些和多少信任证据项来确定特定远程服务可以被信任。敏感性可以作为参数包括在客户端100的服务请求中。The at least one party different from the service provider may be a third party, in particular a trusted third party (TTP), or the client 100, or the service trust verifier 400 itself. According to the invention, trust is established based on the independence of at least one party from the service provider 300 . Furthermore, the trust evidence described in detail below is selected and generated by providing additional, independent information about the trustworthiness of the remote application in the remote application's proven identity. Depending on the sensitivity of the requested service, particularly the assets involved by the user, more evidence of trust may be required to determine the trustworthiness of the remote application. For example, the service trust verifier may use the requirement settings provided as a configuration file in the service trust verifier's storage location to determine which and how many items of trust evidence are required to determine that a particular remote service can be trusted. Sensitivity may be included as a parameter in the client 100's service request.

如图3所示,一个或多个信任证据410和420可以由服务信任验证器400从可信第三方700和/或客户端100收集。信任证据可以独立于服务请求收集,并由服务信任验证器存储在对应的存储单元中,和/或可以在对特定远程服务执行信任验证时收集。可信第三方可以包括但不限于认证服务器、证书颁发中心、可信软件屋服务器、通信服务器等。服务信任验证器可以存储可信第三方700的列表,类似于证书颁发中心的列表,以及关于信任证据和/或可以从特定第三方提供信任证据的远程服务的类型的信息。服务信任验证器400与可信第三方700之间的通信可以通过本领域已知的安全通道执行。此外,可信第三方本身可以实现可信执行环境,用于生成信任证据并证明用于生成的软件。As shown in FIG. 3 , one or more trust evidences 410 and 420 may be collected by the service trust verifier 400 from the trusted third party 700 and/or the client 100 . The trust evidence can be collected independently of the service request and stored in a corresponding storage unit by the service trust verifier, and/or can be collected when trust verification is performed for a particular remote service. Trusted third parties may include, but are not limited to, authentication servers, certificate authorities, trusted software house servers, communication servers, and the like. A service trust verifier may store a list of trusted third parties 700, similar to a list of certificate authorities, and information about trust proofs and/or types of remote services that can provide trust proofs from a particular third party. Communications between the service trust verifier 400 and the trusted third party 700 may be performed through secure channels known in the art. Furthermore, the trusted third party itself can implement a trusted execution environment for generating evidence of trust and attesting to the software used to generate it.

例如,可信应用程序身份的列表可以预先由服务信任验证器400从一个或多个可信第三方700收集。在接收到证明响应后,服务信任验证器400可以将与证明响应一起接收的远程应用程序的身份与可信应用程序身份的列表进行比较,并可以确定信任远程应用程序的身份,进而在接收到的远程应用程序的身份包括在可信应用程序身份的列表中时信任远程应用程序和远程服务本身。下文描述可以由服务信任验证器400用于确定远程应用程序310可以被信任的信任证据的替代和附加实施例。For example, a list of trusted application identities may be collected in advance by the service trust verifier 400 from one or more trusted third parties 700 . Upon receipt of the attestation response, the service trust verifier 400 may compare the identity of the remote application received with the attestation response to a list of trusted application identities, and may determine the identity of the trusted remote application, and then upon receiving The remote application's identity is included in the list of trusted application identities when trusting the remote application and the remote service itself. Alternative and additional embodiments of trust evidence that may be used by service trust verifier 400 to determine that remote application 310 may be trusted are described below.

在确定远程应用程序的身份可信后,服务信任验证器400连接到远程应用程序310,更具体地说,连接到安全飞地330。如上所述,此连接可以通过安全通道建立,特别是使用包括在证明响应中的公钥建立。因此,由服务信任验证器建立的连接例如通过公钥绑定到特定的安全飞地330。如果安全飞地330停止存在,例如因为远程应用程序310的执行终止,则服务信任验证器400或客户端100与安全飞地330之间的通信通道也被终止。因此,每个服务请求都需要建立单独的通信通道,因此,单独验证所请求的远程服务是否可以被信任。这提供了额外的安全级别,以抵御攻击,如中间人攻击。此外,根据本发明的信任验证仅扩展到特定的远程应用程序,而不是整个服务提供商。After determining that the remote application's identity is trustworthy, service trust verifier 400 connects to remote application 310 , and more specifically, to secure enclave 330 . As mentioned above, this connection can be established over a secure channel, in particular using the public key included in the attestation response. Thus, a connection established by a service trust verifier is bound to a specific secure enclave 330, for example by a public key. If the secure enclave 330 ceases to exist, for example because execution of the remote application 310 terminates, the communication channel between the service trust verifier 400 or client 100 and the secure enclave 330 is also terminated. Therefore, each service request needs to establish a separate communication channel, and therefore, individually verify that the requested remote service can be trusted. This provides an additional level of security against attacks such as man-in-the-middle attacks. Furthermore, trust verification according to the present invention only extends to a specific remote application, not to the entire service provider.

根据一个特定实施例,服务信任验证器400可以处理客户端与远程应用程序之间的所有网络流量,即关于所请求的远程服务的所有网络流量。这提供了进一步的安全级别,因为客户端100与服务提供商300之间没有直接通信发生。According to a particular embodiment, the service trust verifier 400 may handle all network traffic between the client and the remote application, ie all network traffic regarding the requested remote service. This provides a further level of security since no direct communication between the client 100 and the service provider 300 takes place.

根据一个实施例,远程应用程序可以由服务提供商提供,例如作为软件即服务(Software as a Service,SaaS)的一部分提供。在这种情况下,服务请求可以是对特定用户数据执行远程应用程序的请求。在这里,用户可能希望获得保证,即用户数据由服务提供商保密处理,并且远程应用程序可以被信任。如上所述,用户可能希望在将其数据加载到安全飞地之前验证远程应用程序是否可以被信任。在这种情况下,服务信任验证器进行的信任验证可以基于由不同于服务提供商和服务信任验证器的第三方生成的至少一个信任证据。According to one embodiment, the remote application may be provided by a service provider, for example as part of Software as a Service (SaaS). In this case, the service request may be a request to execute a remote application on specific user data. Here, users may want assurance that user data is handled confidentially by the service provider and that remote applications can be trusted. As mentioned above, users may wish to verify that a remote application can be trusted before loading their data into a secure enclave. In this case, the trust verification by the service trust verifier may be based on at least one trust evidence generated by a third party other than the service provider and the service trust verifier.

例如,信任证据可以包括第三方作出的证明,证明远程应用程序的身份是可信的或由该证明组成。例如,该证明可以以远程应用程序的身份上的数字签名的形式提供。在从服务提供商300接收到证明响应后,服务信任验证器400可以向包括远程应用程序的身份的可信第三方700发送对这种证明的请求。第三方700可以验证远程应用程序的身份包括在可信应用程序身份的列表中,并在确定远程应用程序的身份包括在列表中后,将证明返回到服务信任验证器400,该证明即远程应用程序的身份是可信的。For example, evidence of trust may include or consist of attestation by a third party that the identity of the remote application is trusted. For example, the proof may be provided in the form of a digital signature on the identity of the remote application. Upon receiving an attestation response from the service provider 300, the service trust verifier 400 may send a request for such attestation to a trusted third party 700 including the identity of the remote application. The third party 700 may verify that the identity of the remote application is included in the list of trusted application identities, and upon determining that the identity of the remote application is included in the list, return a proof to the service trust verifier 400, the proof being that the remote application The identity of the program is trusted.

为了使可信第三方700包括服务提供商的远程应用程序的身份,服务提供商300可能需要向第三方700证明某些安全标准被维护,例如远程应用程序不含恶意软件和后门。这种证明可以涉及将远程应用程序的对应代码和数据发送到第三方700,第三方700可以在具有与服务提供商使用的配置相同的配置的安全飞地中构建远程应用程序和/或对远程应用程序进行分析,特别是静态程序分析,以确定远程应用程序是否包括安全漏洞,例如对未受保护内存的内存访问。In order for the trusted third party 700 to include the identity of the service provider's remote application, the service provider 300 may need to demonstrate to the third party 700 that certain security standards are maintained, such as that the remote application is free of malware and backdoors. Such attestation may involve sending the corresponding code and data of the remote application to the third party 700, who may build the remote application in a secure enclave with the same configuration as that used by the service provider and/or provide access to the remote application. Application analysis, specifically static program analysis, to determine whether remote applications include security vulnerabilities, such as memory accesses to unprotected memory.

如果第三方700在可信应用程序身份的列表中找不到远程应用程序的身份,则它可以向服务信任验证器400返回否定证明。根据否定证明,服务信任验证器400可以拒绝建立到安全飞地330的连接,并将此拒绝传送给客户端100和服务提供商300。If the third party 700 cannot find the identity of the remote application in the list of trusted application identities, it may return a negative proof to the service trust verifier 400 . Based on the negative proof, the service trust verifier 400 may refuse to establish a connection to the secure enclave 330 and communicate this rejection to the client 100 and the service provider 300 .

在接收到来自第三方700的证明后,服务信任验证器400可以验证数字签名以确定远程应用程序的身份是否可信。数字签名的验证可以使用具有可信第三方的证书的公钥进行。如果数字签名确认远程应用程序的身份,则服务信任验证器400可以确定远程应用程序可信。但是,在确定远程应用程序可信之前,服务信任验证器可能需要额外的信任证据,具体取决于所请求服务的敏感性和如上所述的需求设置。同样,如果收集和验证了至少一个合格的信任证据,则可能不需要对应用程序ID的数字签名的特定信任证据来确定远程应用程序可信。After receiving the attestation from the third party 700, the service trust verifier 400 may verify the digital signature to determine whether the remote application's identity is authentic. Verification of digital signatures can be performed using a public key with a certificate from a trusted third party. If the digital signature confirms the identity of the remote application, service trust verifier 400 may determine that the remote application is authentic. However, depending on the sensitivity of the requested service and the requirements set above, the service trust verifier may require additional trust evidence before determining that the remote application is trustworthy. Likewise, if at least one qualifying trust proof is collected and verified, a specific trust proof for the digital signature of the application ID may not be required to determine that the remote application is trustworthy.

至少一个信任证据可以包括由第三方为远程应用程序生成的分析证明,特别是关于恶意软件和/或后门的远程应用程序的静态分析。该分析证明可以在服务提供商300和/或向服务提供商300提供远程应用程序的软件提供商请求后由第三方执行。分析证明特别可以在每次远程应用程序的更新版本变得可用和/或安装在服务提供商侧时执行。如上所述,分析证明,特别是静态程序分析,可以由第三方700在与服务提供商300提供的执行环境相同的执行环境中执行,特别是关于安全飞地。The at least one proof of trust may comprise a proof of analysis generated by a third party for the remote application, in particular a static analysis of the remote application with regard to malware and/or backdoors. This proof of analysis may be performed by a third party upon request of the service provider 300 and/or the software provider providing the remote application to the service provider 300 . Proof of analysis can in particular be performed each time an updated version of the remote application becomes available and/or installed on the service provider side. As mentioned above, analysis proofs, in particular static program analysis, can be performed by the third party 700 in the same execution environment as that provided by the service provider 300, in particular with regard to the security enclave.

分析证明可以是消息,指定具有特定应用程序ID的远程应用程序不含恶意软件和/或后门。该消息可以特别包括对远程应用程序的身份的数字签名。分析证明可以另外或替代地包括一组参数,这些参数反映了第三方对远程应用程序执行的特定测试的潜在安全漏洞的结果。例如,参数可以量化与中断处理、分布式计算和飞地协作、地址转换和页面交换、缓存一致性、线程处理、飞地页面缓存(enclave page cache,EPC)页面驱逐、加密、鲁棒性或函数调用、可信函数调用等有关的安全风险。第三方可以处理这些参数,以确定反映远程应用程序抵御攻击的鲁棒性的单个值或值集合。然后,由服务信任验证器400进行的信任验证可以包括将单个值或值集合与至少一个需求设置进行比较,所述至少一个需求设置可以预定义或与服务请求一起从客户端100接收。接收至少一个需求设置以及服务请求使用户可以提高或降低与远程服务所涉及的资产的敏感性有关的安全需求。The proof of analysis may be a message specifying that a remote application with a specific application ID is free of malware and/or backdoors. The message may include, inter alia, a digital signature of the identity of the remote application. The Proof of Analysis may additionally or alternatively include a set of parameters that reflect the results of specific testing performed by a third party on the remote application for potential security vulnerabilities. For example, parameters can be quantified related to interrupt handling, distributed computing and enclave cooperation, address translation and paging, cache coherency, threading, enclave page cache (EPC) page eviction, encryption, robustness, or Security risks related to function calls, trusted function calls, etc. Third parties can process these parameters to determine a single value or collection of values that reflect the remote application's robustness against attacks. Trust verification by the service trust verifier 400 may then include comparing a single value or set of values with at least one requirement setting, which may be predefined or received from the client 100 with the service request. Receiving at least one requirement set along with the service request enables the user to increase or decrease security requirements related to the sensitivity of the asset involved in the remote service.

在一个特定实施例中,单个值或值集合可以作为元数据包括在来自服务提供商300的证明响应中,例如呈由可信第三方700签名的签名消息的形式。根据证书,服务信任验证器400可以验证对应元数据的完整性,并使用如上所述的值或值集合来确定远程应用程序的身份是否可信。In one particular embodiment, a single value or set of values may be included as metadata in the attestation response from the service provider 300 , for example in the form of a signed message signed by the trusted third party 700 . From the certificate, the service trust verifier 400 can verify the integrity of the corresponding metadata and use a value or set of values as described above to determine whether the identity of the remote application is trusted.

根据另一实施例,至少一个信任证据可以包括与远程应用程序的身份和/或与服务提供商和/或与远程应用程序的提供商(即软件提供商)相关的信任程度。关于服务提供商和/或远程应用程序的提供商的信息可以作为元数据包括在来自服务提供商300的证明响应中。但是,信任程度是从可信第三方700收集的,而不是从服务提供商300本身收集的。例如,信任程度可以反映由独立实体(如可信第三方)建立的信任特定远程应用程序和/或特定服务提供商和/或特定软件提供商的可能性。According to another embodiment, the at least one evidence of trust may comprise a degree of trust related to the identity of the remote application and/or to the service provider and/or to the provider of the remote application, ie the software provider. Information about the service provider and/or the provider of the remote application may be included as metadata in the attestation response from the service provider 300 . However, the degree of trust is collected from the trusted third party 700, not from the service provider 300 itself. For example, the degree of trust may reflect the likelihood established by an independent entity (eg, a trusted third party) to trust a particular remote application and/or a particular service provider and/or a particular software provider.

因此,信任程度可以由服务信任验证器从存储已知服务提供商、软件提供商和/或远程应用程序的不同信任程度的可信数据库中收集。或者或另外,信任程度可以从信任链收集,所述信任链例如包括软件开发人员、一个或多个软件分销商、服务提供商,以及可信第三方,其中,每个实体验证链中下一个实体的信任程度,直到根实体。或者,可以使用区块链来收集信任程度,其中,每个块包括含有信任程度的前一个块的加密哈希。这种区块链的原始创世区块可以由为服务提供商、软件提供商甚至特定应用程序担保的可信权威机构生成。或者,软件提供商可以对应用程序ID进行签名,并将签名包括在创世区块中。使用区块链可以在发现特定服务提供商或软件提供商受到损害的情况下,快速应对特定服务提供商或软件提供商的可信性的置信度损失。Thus, the degree of trust may be gathered by the service trust verifier from a trust database storing different degrees of trust for known service providers, software providers, and/or remote applications. Alternatively or additionally, the degree of trust may be gleaned from a chain of trust comprising, for example, a software developer, one or more software distributors, a service provider, and a trusted third party, where each entity verifies the next in the chain Entity's trust level up to the root entity. Alternatively, trust levels can be collected using a blockchain, where each block includes a cryptographic hash of the previous block containing the trust level. The original genesis block of such a blockchain could be generated by a trusted authority vouching for service providers, software providers, or even specific applications. Alternatively, the software provider could sign the application ID and include the signature in the genesis block. The use of blockchain enables rapid response to a loss of confidence in the credibility of a particular service provider or software provider in the event that it is found to be compromised.

根据信任程度,服务信任验证器400可以通过将信任程度与可以在服务信任验证器侧预定义或从客户端100接收的阈值进行比较等方式,确定远程应用程序的身份是否可信,和/或服务提供商是否总体上可信,和/或相应的软件提供商是否总体上可信。此外,客户端应用程序110可以根据所请求的服务和所涉及的资产的敏感性在服务请求中包括这种阈值。Depending on the degree of trust, the service trust verifier 400 may determine whether the identity of the remote application is trustworthy by comparing the degree of trust with thresholds which may be predefined at the side of the service trust verifier or received from the client 100, etc., and/or Whether the service provider is generally trustworthy, and/or whether the corresponding software provider is generally trustworthy. Furthermore, client application 110 may include such thresholds in service requests depending on the sensitivity of the service requested and the assets involved.

至少一个信任证据可以包括根据远程应用程序的配置生成的信任证据。这种配置可以包括远程应用程序的组件(例如模块)的列表,以及它们的特定关系和/或功能,例如Web服务器、应用程序服务器等、远程服务的拓扑,例如,各种组件相互连接的方式、各种组件的配置,等等。该配置可以作为元数据包括在证明响应中,并且如果远程应用程序在服务提供商的可信执行环境中使用所述配置执行,则该配置由服务信任验证器400用于计算远程应用程序的身份。The at least one trust proof may include a trust proof generated according to a configuration of the remote application. Such a configuration can include a list of components (e.g. modules) of the remote application, with their specific relationships and/or functions, such as web servers, application servers, etc., the topology of the remote service, e.g., the way the various components are connected to each other , the configuration of various components, and so on. This configuration may be included as metadata in the attestation response and used by the service trust verifier 400 to compute the identity of the remote application if the remote application executes in the service provider's trusted execution environment using said configuration .

或者,当远程应用程序是如上所述由客户端100提供给服务提供商300的用户应用程序或客户端应用程序时,其中,用户应用程序/客户端应用程序由服务提供商300作为基础设施即服务(Infrastructure as a Service,IaaS)执行,该配置可以包括在从客户端100到服务信任验证器400的服务请求中。在一个特定实施例中,如果用户应用程序/客户端应用程序在服务提供商的可信执行环境中作为具有特定配置的远程应用程序执行,则客户端100本身可以计算用户应用程序/客户端应用程序的身份。或者,服务信任验证器400可以使用从客户端100接收的配置来计算应用程序ID。Alternatively, when the remote application is a user application or a client application provided by the client 100 to the service provider 300 as described above, wherein the user application/client application is provided by the service provider 300 as an infrastructure, i.e. Service (Infrastructure as a Service, IaaS) execution, the configuration may be included in the service request from the client 100 to the service trust verifier 400 . In a particular embodiment, the client 100 itself can compute the user application/client application if it executes in the service provider's trusted execution environment as a remote application with a specific configuration. The identity of the program. Alternatively, the service trust verifier 400 may use the configuration received from the client 100 to calculate the application ID.

在任何情况下,服务提供商300的可信执行环境的任何细节,例如涉及几个安全飞地的分布式系统的拓扑,可以作为元数据的一部分包括在对服务信任验证器400的证明响应中。服务信任验证器可以使用这些细节来计算应用程序ID,或者在客户端计算应用程序ID的情况下将这些细节转发给客户端100。因此,对应的信任证据可以由客户端本身或服务信任验证器生成。如果信任证据由客户端100生成,则信任证据410由客户端100传送给服务信任验证器400,例如在传输可信执行环境的细节后。In any case, any details of the trusted execution environment of the service provider 300, such as the topology of a distributed system involving several secure enclaves, can be included in the attestation response to the service trust verifier 400 as part of the metadata . The service trust verifier can use these details to compute the application ID, or forward these details to the client 100 if the client computes the application ID. Accordingly, the corresponding trust evidence can be generated by the client itself or by the service trust verifier. If the trust proof is generated by the client 100, the trust proof 410 is transmitted by the client 100 to the service trust verifier 400, for example after transmitting details of the trusted execution environment.

然后,服务信任验证器400可以将计算的应用程序ID与连同证明响应一起接收的远程应用程序的身份进行比较,并且如果身份相同,则确定信任远程应用程序。The service trust verifier 400 may then compare the computed application ID to the identity of the remote application received with the attestation response, and if the identities are the same, determine to trust the remote application.

但是,本发明不限于上述信任证据的示例,而是可以包括其它信任证据,只要这些信任证据是由不同于服务提供商的实体生成的,以及上述信任证据的组合。可以使用预定义的加权因子评估各种信任证据,以确定是否应信任特定的远程应用程序,即使某些信任证据缺失或为否定的。However, the present invention is not limited to the above-mentioned examples of trust proofs, but may include other trust proofs as long as they are generated by entities other than service providers, and combinations of the above-mentioned trust proofs. Various trust proofs can be evaluated using predefined weighting factors to determine whether a particular remote application should be trusted, even if some trust proofs are missing or negative.

如上所述,服务信任验证器可以作为单独的实体提供,例如在如图5所示的远程计算机600上执行的应用程序;作为独立的装置,远程或在客户端的站点处提供,即在用户的控制范围内;或作为在客户端侧执行的客户端应用程序的应用程序、模块或插件,如图4所示。As mentioned above, the service trust verifier can be provided as a separate entity, such as an application program executed on a remote computer 600 as shown in FIG. within the scope of control; or as an application, module or plug-in of a client application executed on the client side, as shown in FIG. 4 .

图4示出了用于远程服务的信任验证的配置,其中,服务信任验证器540提供在客户端500侧,特别是作为示出为客户端应用程序510的网页浏览器的插件。或者,服务信任验证器540可以作为在客户端设备上执行的单独的应用程序提供。由于在该特定实施例中的服务信任验证器540完全在客户端500的控制下,服务信任验证器可以隐式地被客户端应用程序510信任。事实上,服务信任验证器540可用于处理如上所述的与所请求的远程服务相关的所有网络流量。FIG. 4 shows a configuration for trust verification of remote services, where a service trust verifier 540 is provided on the client side 500 , in particular as a plug-in to a web browser shown as client application 510 . Alternatively, the service trust verifier 540 may be provided as a separate application executing on the client device. Since the service trust verifier 540 in this particular embodiment is entirely under the control of the client 500 , the service trust verifier can be implicitly trusted by the client application 510 . In fact, the service trust verifier 540 can be used to handle all network traffic related to the requested remote service as described above.

如上详细描述,一个或多个信任证据420可以由服务信任验证器540从一个或多个可信第三方700收集。可信第三方700可以与服务提供商300和潜在的软件提供商800交互,该软件提供商800向服务提供商300提供远程应用程序310的代码、二进制文件等,以生成上述信任证据项中的一个或多个。As described in detail above, one or more trust evidences 420 may be collected by the service trust verifier 540 from one or more trusted third parties 700 . The trusted third party 700 can interact with the service provider 300 and the potential software provider 800, and the software provider 800 provides the service provider 300 with codes, binary files, etc. of the remote application program 310 to generate the above-mentioned trust evidence item one or more.

图5示出了本发明的替代实施例提供的用于远程服务的信任验证的配置。根据该实施例,服务信任验证器640作为关于客户端100的位置的远程实体提供。因此,客户端100无法控制服务信任验证器640。为了验证服务信任验证器本身可以被客户端100信任,服务信任验证器640可以在远程计算机600上的可信执行环境620中的安全飞地630中执行。上述证明,可能包括第三方证明服务,可用于向客户端100证明服务信任验证器640的身份。服务信任验证器640或远程计算机600可以是如上所述的信任链的一部分。事实上,服务信任验证器640在许多方面可以视为客户端100对服务提供商300的远程应用程序310进行的信任验证。但是,由于服务信任验证器640的功能有限,与远程应用程序310的信任验证相比,这种信任验证可以显著简化。可以理解,本发明还包括图4和图5的实施例的组合。Fig. 5 shows a configuration for trust verification of remote services provided by an alternative embodiment of the present invention. According to this embodiment, the service trust verifier 640 is provided as a remote entity with respect to the location of the client 100 . Therefore, the client 100 has no control over the service trust verifier 640 . To verify that the service trust verifier itself can be trusted by the client 100 , the service trust verifier 640 can execute in a secure enclave 630 in the trusted execution environment 620 on the remote computer 600 . The aforementioned attestation, possibly including a third-party attestation service, may be used to attest to the client 100 the identity of the service trust verifier 640 . Service trust verifier 640 or remote computer 600 may be part of a chain of trust as described above. In fact, the service trust verifier 640 can be regarded as the trust verification performed by the client 100 on the remote application 310 of the service provider 300 in many respects. However, due to the limited functionality of the service trust verifier 640 , such trust verification can be significantly simplified compared to that of the remote application 310 . It can be understood that the present invention also includes a combination of the embodiments shown in FIG. 4 and FIG. 5 .

根据本发明,对远程服务,特别是远程应用程序的信任验证除了可以证明远程应用程序的身份之外,还可以验证远程应用程序是否应该被信任。由于信任验证是基于单独生成的信任证据,特别是来自独立的可信第三方,因此可以显著降低远程服务和所涉及的用户资产受到损害的风险。因此,可以提高对远程服务以及整个云计算的完整性和机密性的置信度,从而提高对远程计算的接受度。According to the present invention, the trust verification of the remote service, especially the remote application program can not only prove the identity of the remote application program, but also verify whether the remote application program should be trusted. Since trust verification is based on individually generated trust evidence, especially from an independent trusted third party, the risk of compromise of remote services and involved user assets can be significantly reduced. As a result, confidence in the integrity and confidentiality of remote services and cloud computing as a whole can be increased, thereby increasing the acceptance of remote computing.

Claims (13)

1.一种用于对远程服务进行信任验证的装置(400、500、600),其特征在于,包括处理电路,所述处理电路用于:1. A device (400, 500, 600) for trust verification of remote services, characterized in that it includes a processing circuit, and the processing circuit is used for: 发送证明至少部分地在服务提供商(300)的可信执行环境(320)中执行的远程应用程序(310)的身份的证明请求;sending an attestation request attesting to the identity of the remote application (310) executing at least in part in the trusted execution environment (320) of the service provider (300); 从所述服务提供商(300)接收包括所述远程应用程序(310)的所述身份的所述证明请求的证明响应;receiving an attestation response to the attestation request including the identity of the remote application (310) from the service provider (300); 根据所述证明响应和至少一个信任证据(410、420),确定所述远程应用程序(310)的所述身份是否可信,其中,所述至少一个信任证据(410、420)由不同于所述服务提供商(300)的至少一方(100、500、700)生成;Based on the attestation response and at least one evidence of trust (410, 420), it is determined whether the identity of the remote application (310) is authentic, wherein the at least one evidence of trust (410, 420) is determined by a different generated by at least one (100, 500, 700) of the aforementioned service providers (300); 所述至少一个信任证据(420)包括由第三方(700)为所述远程应用程序(310)生成的分析证明,其中,所述分析证明在每次远程应用程序的更新版本变得可用和/或安装在服务提供商侧时执行,所述分析证明指定具有特定应用程序ID的远程应用程序不含恶意软件和/或后门;其中,确定所述远程应用程序(310)的所述身份是否可信包括将所述分析证明与至少一个需求设置进行比较,所述至少一个需求设置是预定义的和/或从客户端应用程序(110、510)接收。The at least one evidence of trust (420) includes a certificate of analysis generated by a third party (700) for the remote application (310), wherein the certificate of analysis becomes available each time an updated version of the remote application becomes available and/or or when installed at the service provider side, said analysis certifying that a remote application designated with a particular application ID is free of malware and/or backdoors; wherein determining whether said identity of said remote application (310) is available The communication includes comparing the proof of analysis with at least one requirement setting, the at least one requirement setting being predefined and/or received from a client application (110, 510). 2.根据权利要求1所述的装置(400、500、600),其特征在于,所述处理电路还用于在确定所述远程应用程序(310)的所述身份可信后连接到所述远程应用程序(310)。2. The apparatus (400, 500, 600) of claim 1, wherein the processing circuit is further configured to connect to the remote application (310) after determining that the identity of the remote application (310) is authentic. Remote Application (310). 3.根据权利要求2所述的装置(400、500、600),其特征在于,所述处理电路还用于处理客户端(100、500)与所述远程应用程序(310)之间的所有网络流量,具体地,所述网络流量是通过安全通道。3. The device (400, 500, 600) according to claim 2, characterized in that the processing circuit is further configured to process all Network traffic, specifically, the network traffic is through a secure channel. 4.根据权利要求2或3所述的装置(600),其特征在于,所述信任验证在所述装置(600)的安全飞地(630)中执行,并且所述处理电路还用于向所述客户端(100)提供证明。4. The device (600) according to claim 2 or 3, wherein the trust verification is performed in a secure enclave (630) of the device (600), and the processing circuit is further configured to provide The client (100) provides proof. 5.根据上述权利要求1至3中任一项所述的装置(400、500、600),其特征在于,所述远程应用程序(310)由所述服务提供商(300)作为软件即服务(Software as a Service,SaaS)提供,并且所述至少一个信任证据(420)由不同于所述服务提供商和所述装置的第三方(700)生成。5. The apparatus (400, 500, 600) according to any one of the preceding claims 1 to 3, characterized in that the remote application (310) is provided by the service provider (300) as a software-as-a-service (Software as a Service, SaaS), and said at least one trust evidence (420) is generated by a third party (700) different from said service provider and said device. 6.根据权利要求5所述的装置(400、500、600),其特征在于,所述至少一个信任证据(420)包括所述第三方(700)作出的证明,所述证明包括数字签名,所述证明用于证明所述远程应用程序(310)的所述身份是可信的;6. The apparatus (400, 500, 600) according to claim 5, characterized in that said at least one evidence of trust (420) comprises a certification by said third party (700), said certification comprising a digital signature, said attestation is used to prove that said identity of said remote application (310) is authentic; 其中,确定所述远程应用程序(310)的所述身份是否可信包括验证数字签名;Wherein, determining whether said identity of said remote application (310) is authentic includes verifying a digital signature; 和/或,所述至少一个信任证据(420)包括可信应用程序身份列表;And/or, the at least one trust evidence (420) includes a list of trusted application identities; 其中,确定所述远程应用程序(310)的所述身份是否可信包括将所述远程应用程序(310)的所述身份与所述可信应用程序身份列表进行比较。Wherein, determining whether the identity of the remote application (310) is trusted includes comparing the identity of the remote application (310) with the list of trusted application identities. 7.根据权利要求6所述的装置(400、500、600),其特征在于,所述至少一个信任证据(420)包括与所述远程应用程序(310)的所述身份、所述服务提供商(300)和所述远程应用程序的软件提供商中的至少一个相关的信任程度,7. The apparatus (400, 500, 600) of claim 6, wherein said at least one trust evidence (420) includes said identity, said service provider the degree of trust associated with at least one of the provider (300) and the software provider of the remote application, 其中,确定所述远程应用程序(310)的所述身份是否可信包括将所述信任程度与阈值进行比较,所述阈值是预定义的和/或从客户端应用程序(110、510)接收。Wherein, determining whether said identity of said remote application (310) is trusted comprises comparing said degree of trust to a threshold, said threshold being predefined and/or received from a client application (110, 510) . 8.根据权利要求1至3中任一项所述的装置(400、500、600),其特征在于,所述至少一个信任证据(410)是基于所述远程应用程序(310)的配置生成的,8. The device (400, 500, 600) according to any one of claims 1 to 3, characterized in that the at least one trust evidence (410) is generated based on the configuration of the remote application (310) of, 其中,确定所述远程应用程序(310)的所述身份是否可信包括在所述服务提供商(300)的所述可信执行环境(320)中使用所述配置计算所述远程应用程序(310)的身份。Wherein, determining whether the identity of the remote application (310) is trusted includes computing the remote application ( 310) identity. 9.根据权利要求8所述的装置(400、500、600),其特征在于,所述远程应用程序(310)是由所述服务提供商(300)作为基础设施即服务(Infrastructure as a Service,IaaS)执行的用户应用程序,其中,所述至少一个信任证据(410)由所述客户端(100、500)生成。9. The device (400, 500, 600) according to claim 8, characterized in that the remote application (310) is provided by the service provider (300) as an Infrastructure as a Service (Infrastructure as a Service) , IaaS), wherein the at least one trust evidence (410) is generated by the client (100, 500). 10.一种用于对远程服务进行信任验证的方法,其特征在于,所述方法包括:10. A method for trust verification of remote services, characterized in that the method comprises: 发送证明至少部分地在服务提供商(300)的可信执行环境(320)中执行的远程应用程序(310)的身份的证明请求;sending an attestation request attesting to the identity of the remote application (310) executing at least in part in the trusted execution environment (320) of the service provider (300); 从所述服务提供商(300)接收包括所述远程应用程序(310)的所述身份的所述证明请求的证明响应;receiving an attestation response to the attestation request including the identity of the remote application (310) from the service provider (300); 根据所述证明响应和至少一个信任证据(410、420),确定所述远程应用程序(310)的所述身份是否可信;determining whether said identity of said remote application (310) is authentic based on said attestation response and at least one trust evidence (410, 420); 在确定所述远程应用程序(310)的所述身份可信后,连接到所述远程应用程序(310),其中,所述至少一个信任证据(410、420)由不同于所述服务提供商(300)的至少一方(100、500、700)生成;After determining that said identity of said remote application (310) is trustworthy, connecting to said remote application (310), wherein said at least one evidence of trust (410, 420) is provided by a At least one of (300) (100, 500, 700) generated; 所述远程应用程序(310)由所述服务提供商(300)作为软件即服务(Software as aService,SaaS)提供;The remote application program (310) is provided by the service provider (300) as Software as a Service (Software as a Service, SaaS); 其中,所述至少一个信任证据(420)包括以下中的至少一个:Wherein, the at least one trust evidence (420) includes at least one of the following: 第三方(700)作出的证明,所述证明包括数字签名,所述证明用于证明所述远程应用程序(310)的所述身份是可信的;an attestation by a third party (700), said attestation including a digital signature, attesting that said identity of said remote application (310) is authentic; 可信应用程序身份列表;List of trusted application identities; 所述第三方(700)为所述远程应用程序(310)生成的分析证明;其中,所述分析证明在每次远程应用程序的更新版本变得可用和/或安装在服务提供商侧时执行,所述分析证明指定具有特定应用程序ID的远程应用程序不含恶意软件和/或后门;Proof of analysis generated by said third party (700) for said remote application (310); wherein said proof of analysis is performed each time an updated version of the remote application becomes available and/or installed at the service provider side , said analysis proving that the remote application specified with the particular application ID is free of malware and/or backdoors; 与所述远程应用程序(310)的所述身份、所述服务提供商和所述远程应用程序的软件提供商中的至少一个相关的信任程度;a level of trust associated with at least one of said identity of said remote application (310), said service provider, and a software provider of said remote application; 其中,确定所述远程应用程序(310)的所述身份是否可信包括以下中的相应一项或多项:Wherein, determining whether the identity of the remote application (310) is trusted includes corresponding one or more of the following: 验证所述数字签名;verify said digital signature; 将所述远程应用程序(310)的所述身份与所述可信应用程序身份列表进行比较;comparing said identity of said remote application (310) to said list of trusted application identities; 将所述分析证明与至少一个需求设置进行比较,所述至少一个需求设置是预定义的和/或从客户端应用程序(110、510)接收;comparing said proof of analysis with at least one requirement setting, said at least one requirement setting being predefined and/or received from a client application (110, 510); 将所述信任程度与阈值进行比较,所述阈值是预定义的或从所述客户端应用程序(110、510)接收。The trust level is compared to a threshold, either predefined or received from the client application (110, 510). 11.根据权利要求10所述的方法,其特征在于,还包括:11. The method of claim 10, further comprising: 处理客户端(100、500)与所述远程应用程序(310)之间的所有网络流量。All network traffic between the client (100, 500) and said remote application (310) is handled. 12.根据权利要求10或11所述的方法,其特征在于,12. The method according to claim 10 or 11, characterized in that, 所述远程应用程序(310)是由所述服务提供商(300)作为基础设施即服务(Infrastructure as a Service,IaaS)执行的用户应用程序;The remote application (310) is a user application executed by the service provider (300) as Infrastructure as a Service (IaaS); 其中,所述至少一个信任证据(410)由所述客户端(100、500)根据所述远程应用程序(310)的配置生成;Wherein, the at least one trust evidence (410) is generated by the client (100, 500) according to the configuration of the remote application (310); 其中,确定所述远程应用程序(310)的所述身份是否可信包括在所述服务提供商(300)的所述可信执行环境(320)中使用所述配置计算所述远程应用程序(310)的身份。Wherein, determining whether the identity of the remote application (310) is trusted includes computing the remote application ( 310) identity. 13.一种存储指令的计算机可读介质,其特征在于,当所述指令在处理器中执行时,使所述处理器执行根据权利要求10至12中任一项所述的方法。13. A computer-readable medium storing instructions, characterized in that, when the instructions are executed in a processor, the processor is caused to execute the method according to any one of claims 10-12.
CN201980088433.8A 2019-01-08 2019-01-08 Method and device for trust verification Active CN113302893B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2019/050312 WO2020143906A1 (en) 2019-01-08 2019-01-08 Method and apparatus for trust verification

Publications (2)

Publication Number Publication Date
CN113302893A CN113302893A (en) 2021-08-24
CN113302893B true CN113302893B (en) 2022-11-18

Family

ID=65012012

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201980088433.8A Active CN113302893B (en) 2019-01-08 2019-01-08 Method and device for trust verification

Country Status (2)

Country Link
CN (1) CN113302893B (en)
WO (1) WO2020143906A1 (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113508380B (en) * 2019-01-25 2025-03-25 华为技术有限公司 Methods used for end-entity authentication
US11698968B2 (en) 2021-03-05 2023-07-11 Red Hat, Inc. Management of building of software packages using a trusted execution environment
US12229267B2 (en) 2021-03-05 2025-02-18 Red Hat, Inc. Management of local signing of software packages using a trusted execution environment
US20240427898A1 (en) * 2021-10-07 2024-12-26 Telefonaktiebolaget Lm Ericsson (Publ) First node, second node, third node, computing system and methods performed thereby for handling information indicating one or more features supported by a processor
US12452209B2 (en) 2021-10-26 2025-10-21 Cisco Technology, Inc. Verifying data sources using attestation based methods
CN116456335A (en) * 2022-01-05 2023-07-18 华为技术有限公司 Communication method and device integrating trusted metrics
CN114996338B (en) * 2022-06-01 2025-08-22 阿里云计算有限公司 Remote attestation report processing method, database server and database client
CN115051810B (en) * 2022-06-20 2023-07-25 北京大学 Interface type digital object authenticity verification method and device based on remote proof
CN115865399A (en) * 2022-09-26 2023-03-28 鼎捷软件股份有限公司 System and method for invoking microservices
EP4478228A1 (en) * 2023-06-12 2024-12-18 Nuuday A/S Method for improving data security
CN116992428A (en) * 2023-07-31 2023-11-03 阿里巴巴达摩院(杭州)科技有限公司 Proof methods and computing systems for security of computing systems
CN116846682B (en) * 2023-08-29 2024-01-23 山东海量信息技术研究院 Communication channel establishment method, device, equipment and medium
US12381740B2 (en) * 2023-09-27 2025-08-05 Wells Fargo Bank, N.A. Web browser generation of unique identifiers
WO2025086129A1 (en) * 2023-10-25 2025-05-01 Huawei Cloud Computing Technologies Co., Ltd. Methods and mechanisms for unified remote attestation for confidential applications in the cloud

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108595950A (en) * 2018-04-18 2018-09-28 中南大学 A kind of safe Enhancement Methods of SGX of combination remote authentication

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8572692B2 (en) * 2008-06-30 2013-10-29 Intel Corporation Method and system for a platform-based trust verifying service for multi-party verification
EP2810403B1 (en) * 2012-01-30 2019-09-25 Intel Corporation Remote trust attestation and geo-location of of servers and clients in cloud computing environments
US9256742B2 (en) * 2012-01-30 2016-02-09 Intel Corporation Remote trust attestation and geo-location of servers and clients in cloud computing environments
US10305893B2 (en) * 2013-12-27 2019-05-28 Trapezoid, Inc. System and method for hardware-based trust control management
GB2550322B (en) * 2016-04-11 2019-02-27 100 Percent It Ltd Remote attestation of cloud infrastructure
DE102018101307A1 (en) * 2017-02-22 2018-08-23 Intel Corporation SGX enclave remote authentication techniques
CN107463838B (en) * 2017-08-14 2019-10-18 广州大学 SGX-based security monitoring method, device, system and storage medium

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108595950A (en) * 2018-04-18 2018-09-28 中南大学 A kind of safe Enhancement Methods of SGX of combination remote authentication

Also Published As

Publication number Publication date
WO2020143906A1 (en) 2020-07-16
CN113302893A (en) 2021-08-24

Similar Documents

Publication Publication Date Title
CN113302893B (en) Method and device for trust verification
US8966642B2 (en) Trust verification of a computing platform using a peripheral device
US8572692B2 (en) Method and system for a platform-based trust verifying service for multi-party verification
US9270467B1 (en) Systems and methods for trust propagation of signed files across devices
CN116566613A (en) Securing communications with a secure processor using platform keys
CN111917696B (en) TPM-based secure multi-party computing system using non-bypassable gateways
CN113906424B (en) Apparatus and method for disk authentication
WO2020219234A1 (en) Attestation service for enforcing payload security policies in a data center
CN107851167A (en) Techniques for Protecting Computing Data in a Computing Environment
CN108351944A (en) Chain type security system
CN112262546A (en) Method and system for key distribution and exchange for data processing accelerators
EP3061027A1 (en) Verifying the security of a remote server
CN112236972A (en) Method and system for deriving session keys to secure an information exchange channel between a host system and a data processing accelerator
US20210243030A1 (en) Systems And Methods To Cryptographically Verify An Identity Of An Information Handling System
WO2008027164A1 (en) Software authorization utilizing software reputation
CN105164633A (en) Configuration and verification by trusted provider
CN107077560A (en) A system for establishing ownership of a safe workspace
CN112334902A (en) Method for establishing a secure information exchange channel between a host system and a data processing accelerator
US20250061186A1 (en) Confidential computing techniques for data clean rooms
US12155642B2 (en) User attestation in distributed control plane
US20240311515A1 (en) Security auditing and remote attestation via kernel-signed metrics
US20240296235A1 (en) Systems and methods for collective attestation of spdm-enabled devices in an information handling system (ihs)
CN118312946A (en) Host authentication method, host authentication device and related equipment
US12153681B2 (en) Systems and methods for identifying firmware versions using SPDM alias certificates
US12405860B2 (en) System and method for secure backup and restore

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20220214

Address after: 550025 Huawei cloud data center, jiaoxinggong Road, Qianzhong Avenue, Gui'an New District, Guiyang City, Guizhou Province

Applicant after: Huawei Cloud Computing Technologies Co.,Ltd.

Address before: 518129 Huawei headquarters office building, Bantian, Longgang District, Shenzhen City, Guangdong Province

Applicant before: HUAWEI TECHNOLOGIES Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant