计算机科学

计算机科学 ›› 2024, Vol. 51 ›› Issue (6A): 230700030-5.doi: 10.11896/jsjkx.230700030

• 计算机软件&体系架构 • 上一篇    下一篇

基于跳表的secGear性能优化方法

唐鑫1, 狄农雨1, 杨浩2, 刘忻1   

  1. 1 兰州大学信息科学与工程学院 兰州 730000
    2 国网甘肃省电力公司数字化事业部 兰州 730000
  • 发布日期:2024-06-06
  • 通讯作者: 刘忻(xinl@lzu.edu.cn)
  • 作者简介:(tangx1230@163.com)
  • 基金资助:
    基于零信任的工业互联网数据安全的研究(lzujbky-2022-04);基于电力物联网边缘计算的轻量化模型关键技术研究((22)0834)

Optimum Proposal to secGear Based on Skiplist

TANG Xin1, DI Nongyu1, YANG Hao2, LIU Xin1   

  1. 1 School of Information Science & Engineering,Lanzhou University,Lanzhou 730000,China
    2 State Grid Gansu Electric Power Company Digital Division,Lanzhou 730000,China
  • Published:2024-06-06
  • About author:TANG Xin,born in 2001,undergra-duate.Her main research interests include zero trust,confidential computing and artificial intelligence.
    LIU Xin,born in 1988,Ph.D,associate professor.His main research interests include confidential computing,zero trust and identity authentication.
  • Supported by:
    Research to Industrial Internet Data Security Based on Zero Trust(lzujbky-2022-04) and Research to Lightweight Model Key Technology Based on Power Internet of Things Edge Computing((22)0834).

PDF (PC)

239

摘要: 机密计算自提出以来,已成为云计算安全问题的重要解决方案。其凭借为云用户提供一个隔离的可信执行环境(TEE),来保证代码和数据的机密性和完整性。但目前主流的机密计算技术存在I/O较慢等性能瓶颈,因此,如何提高机密计算的性能成为了研究热点。现有研究未从数据本身出发进行优化,并不适用于大数据的真实环境。在TEE中设计并实现了一种能够高效组织管理数据的跳表数据结构,以优化机密计算的运行效率,降低TEE中数据处理的开销。最后,通过在国产机密计算框架secGear中进行了对比实验,证明所提方法相比红黑树在数据顺序插入、删除、查找的时间开销方面分别获得了13.5%,10.5%以及1.9%的提升,相比链表在随机插入时性能也得到了明显的提升,能有效提高机密计算的运行效率,具有更好的实际应用意义。

关键词: 机密计算, 跳表, secGear, 云安全

Abstract: Confidential computing has been an important method to protect the cloud computing security since it is proposed.It can provide an isolated trusted execution environment(TEE) for user space on computing platform to ensure the confidentiality and integrity of critical user code and data.However,the current mainstream confidential computing technology has performance bottlenecks such as slow I/O.Therefore,how to improve the performance of confidential computing has become a research hotspot.Existing researches haven’t thought of data itself,thus can’t work well in complex practical scenes.A skiplist data structure that can organize and manage data efficiently in TEE is proposed to optimize the operational efficiency of confidential computing and reduce overhead of processing data in TEE.Finally,comparison experiments are conducted using secGear to prove that comparing with red-black tree,the skiplist can improve the efficiency of confidential computing for 13.5%,10.5% and 1.9% when conducting insertion,deleting and searching respectively,and shows obvious improvement for random insertion when comparing with list.It shows that this proposal can improve the operational efficiency of confidential computing and has practicability.

Key words: Confidential computing, Skiplist, secGear, Cloud computing

中图分类号: 

  • TP309
[1]ZENG E,TIAN U,JI K.Market Guide for Cloud Infrastructure and Platform Service,China[OL].(2021-03-24)[2023-06-12].https://www.gartner.com/en/documents/3999770.
[2]Confidential Computing Consortium.A Technical Analysis of Confidential Computing v1.2[OL].(2021-09-28)[2023-06-12].https://confidentialcomputing.io/wp-content/uploads/sites/10/2023/04/CCC-A-Technical-Analysis-of-Confidential-Computing-v1.2_updated_2022-11-02.pdf.
[3]ArmLtd.Trustzone technology for the armv8-m architectureversion2.0[OL].(2017).[2023-06-12].https://developer.arm.com/documentation/100690/0200/ARM-TrustZone-techno-logy?lang=en,2017.
[4]LI M Y,XIA Y B,CHEN H B.Memory optimi-zation systemfor SGXv2 trusted execution environ-ment[J].Journal of Software,2022,33(6):20122029.
[5]WANG J W,JIANG Y,LI Q,et al.Survey of research on SGX technology application[J].Network New Media Techonolgy,2017,6(5):3-9.
[6]KIM S.An Optimization Methodology forAdapting LegacySGX Applications to Use Switchless Calls[J].Applied Sciences,2021,11(18):8379.
[7]AUBLIN P L,KELBERT F,O’KEEFFE D,et al.Talos:Secure and Transparent TLS Termination inside SGX Enclaves[OL].http://www.doc.ic.ac.uk/research/technicalreports/2017/DT-RS17-5.pdf.
[8]PIETZUCH P R,ARNAUTOV S,TRACH B,et al.SCONE:secure Linux containers with Intel SGX[C]//USENIX.2016.
[9]ORENBACH M,LIFSHITS P,MINKIN M,et al.Eleos:ExitLess OS Services for SGX Enclaves[C]//EuroSys.2017:238-253.
[10]TAASSORI M,SHAFIEE A,BALASUBRAM-ONIAN R.Vault:Reducing pag-ing overheads in sgx with effcient integrity verification structures[C]//Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems.2018:665-678.
[11]YU J Z,SHINDE S,CARLSON T E,et al.Elasticlave:An efficient memory model for enclaves[C]//31st USENIX Security Symposium(USENIX Security 22).2022:4111-4128.
[12]Huawei.secGear[EB/OL].https://gitee.com/src-openeuler/secGear#introduction,2021-05-11.
[13]WANG X Y.Secure Isolation Based on ARM TrustZone Re-search and Application[D].Chengdu:University of Electronic Science and Technology of China,2013.
[14]LIU X,WANG J Y,YANG H R,et al.An Internet of vehicles authentication protocol based on blockchain and secGear framework[J].Netinfo Security,2022,22(1):27-36.
[15]PUGH W.Skip Lists: a Probabilistic Alternative to Balanced Trees[J].Commun. ACM,1990,33(6):668-676.
[16]YANG Z.Cloud storage of key-value data using trusted execution environments[D].Chengdu:University of Science and Technology of China,2021.
[17]LI L,WU G,WANG G R.In-memory skiplist optimization technologies based on data feature[J].Journal of Software,2020,31(3):663-679.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发