开放云端计算环境中的任务执行代码安全机制  被引量：2

作　　者：徐小龙[1,2] 耿卫建[1] 杨庚[3] 王汝传[1] 

机构地区：[1]南京邮电大学计算机学院,南京210003 [2]中国科学院软件研究所信息安全国家重点实验室,北京100190 [3]南京邮电大学计算机技术研究所,南京210003

出　　处：《计算机科学》2012年第7期7-10,共4页Computer Science

基　　金：国家自然科学基金项目(60873231);国家教育部高等学校博士学科点专项科研基金课题(20093223120001);中国博士后科学基金项目(2011M500095);江苏省科技支撑计划(BE2009158);江苏省自然科学基金(BK2011754;BK2009426);信息安全国家重点实验室开放课题(03-01-1);江苏省高校自然科学研究项目(09KJB520010);江苏高校优势学科建设工程项目(yx002001)资助

摘　　要：云端计算可以充分聚合Internet网络服务器端和边缘终端节点的计算资源来获得更大的效益。但将计算任务部署到用户终端上执行却带来了安全隐患。分属于不同用户的海量终端节点之行为显然不可靠,计算安全性也难以保障。特别是作为任务执行者的用户终端节点可能篡改任务中的程序代码或数据,返回的是虚假的结果,或是窥探有私密性要求的代码和数据。提出一种新的基于内嵌验证码的加密函数的代码保护机制,它可同时满足计算完整性和私密性,能够有效验证返回结果的正确性,并保障计算代码不被窥知。为了进一步提高任务执行的成功率和缩短作业周转时间,将任务代码优先分发给信誉良好且执行成功率高的节点来执行。还提出了一种评估任务执行节点可信性的方法。具体描述了任务执行代码保护机制的实现流程,并对机制的性能进行了详细的分析与验证。The cloud ＆ client computing can take full aggregation of network server-side and edge node computing re- sources of Internet to gain greater benefits. However, deploying tasks to terminal nodes would bring the corresponding security risks at the same time. The behaviors of terminal nodes belonging to different users are clearly not reliable, which means the computing security is difficult to guarantee. One of these security risks is that a terminal node working as the task executor may tamper with the program or data of the task, and return the fake result, or pry into the code and data with privacy requirement. This paper presented a new code protection mechanism based on encryption function with verification code meeting integrity and privacy both, which makes it possible to effectively verify the correctness of returned results and to guarantee the code not be spied. In order to improve the success rate of task implementation fur- ther and reduce job cycle time, tasks ought to be distributed to those nodes with good reputations and high success rate of task implementation to execute. This paper proposed the credibility evaluation of node, described the work procedure of the code protection mechanism and gave the analysis and verification of the security performance of the system in detail.

关 键 词：云计算 信息安全 代码保护 可信评估 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]