CN112395631B - Secure database system, method and medium based on SGX technology - Google Patents

Secure database system, method and medium based on SGX technology Download PDF

Info

Publication number
CN112395631B
CN112395631B CN202011367300.5A CN202011367300A CN112395631B CN 112395631 B CN112395631 B CN 112395631B CN 202011367300 A CN202011367300 A CN 202011367300A CN 112395631 B CN112395631 B CN 112395631B
Authority
CN
China
Prior art keywords
database
client
data
server
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011367300.5A
Other languages
Chinese (zh)
Other versions
CN112395631A (en
Inventor
赵皓东
刘功申
张凯旋
熊渊淳
梁力佳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Jiaotong University
Original Assignee
Shanghai Jiaotong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Jiaotong University filed Critical Shanghai Jiaotong University
Priority to CN202011367300.5A priority Critical patent/CN112395631B/en
Publication of CN112395631A publication Critical patent/CN112395631A/en
Application granted granted Critical
Publication of CN112395631B publication Critical patent/CN112395631B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a security database system, a method and a medium based on an SGX technology, comprising the following steps: step M1: based on the SGX technology, a server side verifies that a client side is a credible remote entity through a remote authentication server, an authenticated communication channel is established between the server side and the client side, and the client side can safely transmit data to the server side; step M2: when the server does not accept the connection request or needs to close maintenance, the data of the client is migrated in a sealed mode through the SGX technology, and the database file is stored in a ciphertext mode. The invention can ensure the confidentiality of data storage, and the content in the data storage cannot be decrypted even if the database is stolen by a third party.

Description

Secure database system, method and medium based on SGX technology
Technical Field
The invention relates to the technical field of security databases, in particular to a security database system, a method and a medium based on an SGX technology.
Background
When a request is sent to the database, the content in the database is decrypted and then is in a high-risk period of being attacked. One direction of research is therefore to seek to perform queries and the like without decrypting the contents of the database. Wherein the Cryptdb database is the product of the idea. The main difficulty in this concept is that the homomorphic encryption process consumes much resources, thus limiting the application of some complex operations. MONOMI divides the query into two parts, which are executed by the client and server, respectively. This idea can support 19 of 22 TPC-H queries, while CryptDB can only handle 4, pushing this direction one step further. Seabed proposes an additive symmetric homomorphic encryption scheme and a random encryption scheme to improve large-scale aggregation efficiency and prevent frequency attacks, and improves security.
Another direction of research is the process of retaining decrypted data, which resists attacks by exploiting the security of the hardware. TDB, GantDB, GhostDB, TrustedDB, Cipherbase and the like are databases generated based on the idea. TDBs guarantee security using a trusted processing environment. However, its requirements for a trusted environment are so high that satisfactory security is difficult to achieve. GantDB and GhostDB are formed by embedding a small database into a safe smart card, have very limited memory occupation and weak processing units, and have the defect of limited application range and can only be applied to embedded environments. Trustedbb and ciperbase use IBM security co-processor (SCPU) and trusted FPGA hardware, respectively, as trusted execution environments. The performance of trustedbb and ciperbase is limited by the capabilities of trusted hardware and the cost of communicating when communicating with each other when encrypted data is involved in a query.
SGX is a hardware level security technology developed by Intel corporation, and is essentially characterized in that a set of CPU instructions are designed, a trusted security zone is created by utilizing hardware, related data and instructions run in the security zone and are completely invisible to a user at the operating system level, and all codes placed in the security zone are enabled through special instructions and are constructed and loaded into a Windows Dynamic Link Library (DLL) file. The region is isolated from the operating system, the virtual machine, even the components of the lower layer such as bios and privileged system codes, thereby preventing a plurality of hidden dangers; as shown in fig. 1.
SGX is a set of x86-64ISA extensions that can set up a protected execution environment (called secure Enclave) without requiring trust in the processor and anything the user places in its Enclave, the secure Enclave being protected by the processor, i.e., access to the secure Enclave memory is controlled directly by the processor. Any instruction attempting to read from or write to the memory that is running the secure area will fail. The Enclave cache line is encrypted and integrity protected before being written to RAM. This effectively protects against a large number of hardware level attacks and limits the hardware TCB to processor-only mode. The software TCB is simply the code that the user decides to run in their secure zone, and the code in the secure zone can be called from the code in the untrusted zone by a mechanism similar to callgate, which transfers control to a custom entry point in the secure zone; as shown in fig. 2.
The Intel SGX may provide protection in the following respects:
(1) the memory in the safe area can not be read and written from the outside of the safe area, and the CPU is in any mode no matter what level the current authority is.
(2) Product security zone cannot be debugged by software or hardware debugger
(3) The secure area environment cannot be entered by conventional function calls, transfers, register operations or stack operations.
(4) The memory in the safe area is encrypted by adopting an industry standard encryption algorithm with a playback protection function. Accessing memory to connect a DRAM module to another system only generates encrypted data.
(5) The memory encryption key is randomly changed along with the power cycle. The key is stored in the CPU and is not accessible.
In terms of multi-security zone communications, SGX techniques may enable one security zone to prove locally to another that it has a particular digest and is running on the same processor as each other. This mechanism can be used to establish authenticated shared keys between local regions. Furthermore, SGX technology also supports authentication of the remote secure enclave, which enables remote systems to cryptographically verify whether certain software has been loaded within the secure enclave and to establish a shared key, allowing each other to use a secure enclave-directed end-to-end encrypted channel.
By means of an Intel SGX technology, a system puts partial resources into a trusted mode to execute through hardware mode switching of a CPU, only necessary hardware is used for forming a completely isolated privilege mode, an envelope area is constructed after identity authentication is completed, and the specific implementation scheme is as follows:
(1) and loading the virtual machine image needing to be operated into a disk.
(2) The SGX technology provides a relatively advanced key encryption method, and the key is a brand-new key generated by an SGX version key, a CPU machine key and a key which is officially distributed to a user by Intel under a key generation algorithm, and the key is used for encrypting the code and the data of the application program to be loaded.
(3) The code and data of the application program or the image to be loaded are firstly loaded into the SGX Loader and are prepared for loading into the Enclave.
(4) Dynamically applying for constructing an Enclave in an Intel SGX trusted mode.
(5) The program and data to be loaded are first decrypted by a key credential in the form of epc (envelope Page cache).
(6) And the SGX instruction proves that the decrypted program and data are authentic, loads the program and data into the Enclave, and copies each EPC content loaded into the Enclave.
(7) Due to the fact that hardware isolation is used, confidentiality and integrity of the Enclave are further guaranteed, and it is guaranteed that different enclaves cannot conflict with each other and cannot be mutually accessed.
(8) And starting an Enclave initialization program, forbidding continuous loading and verification of EPC, generating an Enclave identity certificate, encrypting the certificate, and storing the encrypted certificate as an Enclave mark in a TCS of the Enclave for recovering and verifying the identity of the Enclave.
(9) And completing the isolation of the SGX, starting to execute through a mirror program in the hardware isolated Enclave, and completing the hardware isolation based on the SGX technology.
Patent document CN109150517A (application number: 201811029803.4) discloses a key security management system and method based on SGX, which includes a client and a key management server, and performs bidirectional authentication between the client and the key management server based on SGX technology, so as to ensure that both parties perform storage and processing of keys under the conditions of operating environment and data security and credibility, and the processes of storage, management, encryption and decryption processing of keys are performed in an enclave memory area, so that memory attack can be effectively resisted, and the security of keys is ensured; furthermore, by configuring a key hierarchical management strategy and a key access control strategy, the flexibility and the effectiveness of key management on a plurality of clients are improved, and the protection strength of the key is enhanced.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide a security database method, a system and a medium based on an SGX technology.
The security database method based on the SGX technology provided by the invention comprises the following steps:
step M1: based on the SGX technology, a server side verifies that a client side is a credible remote entity through a remote authentication server, an authenticated communication channel is established between the server side and the client side, and the client side can safely transmit data to the server side;
step M2: when the server does not accept the connection request or needs to close maintenance, the data of the client is migrated in a sealed mode through the SGX technology, and the database file is stored in a ciphertext mode.
Preferably, the step M1 includes:
step M1.1: the client sends the SGX information abstract of the client and the generated unique asymmetric key to a remote authentication server;
step M1.2: the remote authentication server backups the received information, judges the safety and feeds back the safety to the client;
step M1.3: the client sends the hardware information of the client to the server to request for initiating connection;
step M1.4: the server transmits the received hardware information of the client to a remote authentication server to verify the identity of the client;
step M1.5: the remote authentication server compares the received information with the stored backup information, judges whether the information is credible or not and sends feedback to the server;
step M1.6: the server receives the request of the client after receiving the authentication of the remote authentication server, and establishes connection.
Preferably, the step M2 includes: encrypting data of a client database, and writing the data into an untrusted area for storage under the condition that the database data is not leaked; when the security zone is opened again, the data is read back and decrypted.
Preferably, the encrypting the data of the client database includes: the encryption key is derived from the software and hardware information from the inside of the secure area.
The invention provides a security database system based on SGX technology, which comprises:
module M1: based on the SGX technology, a server side verifies that a client side is a credible remote entity through a remote authentication server, an authenticated communication channel is established between the server side and the client side, and the client side can safely transmit data to the server side;
module M2: when the server does not accept the connection request or needs to close maintenance, the data of the client is hermetically migrated through the SGX technology, and the database file is stored in a ciphertext form.
Preferably, said module M1 comprises:
module M1.1: the client sends the SGX information abstract of the client and the generated unique asymmetric key to a remote authentication server;
module M1.2: the remote authentication server backups the received information, judges the safety and feeds back the safety to the client;
module M1.3: the client sends the hardware information of the client to the server to request for initiating connection;
module M1.4: the server transmits the received hardware information of the client to a remote authentication server to verify the identity of the client;
module M1.5: the remote authentication server compares the received information with the stored backup information, judges whether the information is credible or not and sends feedback to the server;
module M1.6: the server receives the request of the client after receiving the authentication of the remote authentication server, and establishes connection.
Preferably, said module M2 comprises: encrypting data of a client database, and writing the data into an untrusted area for storage under the condition that the database data is not leaked; when the security zone is opened again, the data is read back and decrypted.
Preferably, the encrypting the data of the client database includes: the encryption key is derived from the software and hardware information from the inside of the secure area.
According to the present invention, there is provided a computer readable storage medium having a computer program stored thereon, which, when being executed by a processor, carries out the steps of the method of any one of the above.
Compared with the prior art, the invention has the following beneficial effects:
1. communication security: the invention adopts a mode of simulating application software to send a request to a database server to acquire data. And monitoring the whole process by using a packet capturing tool in the process, and testing the confidentiality of the process in different links. From the packet capturing result, all the transmission processes are ciphertext, so that the safety of the communication process can be ensured, and the SSL establishing process during communication is accurately captured by a method for filtering an SSL protocol during the test, so that the work can be seen to use encrypted communication;
2. memory security: the process of querying the database by the common SQLite is dynamically debugged by using an EDB (inverse tool) under Linux, and information in the database, including query operation and query results, can be seen in a stack. For the SQLite database subjected to SGX security protection, only contents outside a security zone can be seen, and a key, an instruction and an inquiry result in the security zone are difficult to crack after being encrypted;
3. storage security: compared with a common database, the safe SQLite database can well prevent the most common database dragging attack. When the access of the database is finished and the Enclave area is to be recovered by the system, the system encrypts all database information by using a hardware key, hermetically stores the encrypted database information to a local disk, and simultaneously clears all data and records in the Enclave. The database encryption key stored locally is only valid locally, so that the remote attack can be effectively resisted. The sealed data can be decrypted and read only by opening the Enclave area again, and at the moment, the content in the database is placed under the protection of the Enclave again and cannot be seen to the outside. In this way, the confidentiality of data storage can be ensured, and the content in the database cannot be decrypted even if the database is stolen by a third party.
Drawings
Other features, objects and advantages of the invention will become more apparent upon reading of the detailed description of non-limiting embodiments with reference to the following drawings:
FIG. 1 is a level of attack whether the Intel SGX technique is used;
FIG. 2 illustrates a virtual memory space of a security zone;
FIG. 3 is a system overall framework;
FIG. 4is a schematic diagram of remote authentication;
fig. 5 is a schematic view of seal migration.
Detailed Description
The present invention will be described in detail with reference to specific examples. The following examples will aid those skilled in the art in further understanding the present invention, but are not intended to limit the invention in any manner. It should be noted that variations and modifications can be made by persons skilled in the art without departing from the concept of the invention. All falling within the scope of the present invention.
Example 1
The security database method based on the SGX technology provided by the invention comprises the following steps:
step M1: based on the SGX technology, a server side verifies that a client side is a credible remote entity through a remote authentication server, an authenticated communication channel is established between the server side and the client side, and the client side can safely transmit data to the server side;
step M2: when the server does not accept the connection request or needs to close maintenance, the data of the client is migrated in a sealed mode through the SGX technology, and the database file is stored in a ciphertext mode.
Specifically, the step M1 includes:
step M1.1: the client sends the SGX information abstract of the client and the generated unique asymmetric key to a remote authentication server;
step M1.2: the remote authentication server backups the received information, judges the safety and feeds back the safety to the client;
step M1.3: the client sends the hardware information of the client to the server to request for initiating connection;
step M1.4: the server transmits the received hardware information of the client to a remote authentication server to verify the identity of the client;
step M1.5: the remote authentication server compares the received information with the stored backup information, judges whether the information is credible or not and sends feedback to the server;
step M1.6: the server receives the request of the client after receiving the authentication of the remote authentication server, and establishes connection.
Specifically, the step M2 includes: encrypting data of a client database, and writing the data to an untrusted area for storage under the condition that the data of the database is not leaked; when the security zone is opened again, the data is read back and decrypted.
Specifically, the encrypting data of the client database includes: the encryption key is derived from the software and hardware information from the inside of the secure area.
A secure database system based on SGX technology according to the present invention, as shown in fig. 1 to 5, includes:
module M1: based on the SGX technology, a server side verifies that a client side is a credible remote entity through a remote authentication server, an authenticated communication channel is established between the server side and the client side, and the client side can safely transmit data to the server side;
module M2: when the server does not accept the connection request or needs to close maintenance, the data of the client is migrated in a sealed mode through the SGX technology, and the database file is stored in a ciphertext mode.
Specifically, the module M1 includes:
module M1.1: the client sends the SGX information abstract of the client and the generated unique asymmetric key to a remote authentication server;
module M1.2: the remote authentication server backups the received information, judges the safety and feeds back the safety to the client;
module M1.3: the client sends the hardware information of the client to the server to request for initiating connection;
module M1.4: the server transmits the received hardware information of the client to a remote authentication server to verify the identity of the client;
module M1.5: the remote authentication server compares the received information with the stored backup information, judges whether the information is credible or not and sends feedback to the server;
module M1.6: the server receives the request of the client after receiving the authentication of the remote authentication server, and establishes connection.
In particular, the module M2 comprises: encrypting data of a client database, and writing the data into an untrusted area for storage under the condition that the database data is not leaked; when the security zone is opened again, the data is read back and decrypted.
Specifically, the encrypting data of the client database includes: the encryption key is derived from the software and hardware information from the inside of the security zone.
According to the present invention, there is provided a computer readable storage medium having a computer program stored thereon, which, when being executed by a processor, carries out the steps of the method of any one of the above.
Example 2
Example 2 is a modification of example 1
The invention aims to solve the technical problem of safety of the traditional database in the query process.
The data processing system can decrypt the sensitive data in the memory during the query processing, so that the link becomes a short-circuit link for data protection. Based on this idea, databases face a number of unconventional threats: for example, when a database runs in an untrusted host, the memory space becomes untrusted; when an operating system or a management program is attacked, an attacker can bypass the protection of the database management system to sensitive data; when a malicious administrator is encountered, an attacker has the authority to operate the database, and can acquire and tamper data at will. The common point of the three methods is that the database data and operation are all performed in an unreliable environment, and once the system level is attacked, the security cannot be guaranteed. Because the operating system interacts with the DBMS and assists in controlling and managing the database in the database system, it is a valuable research direction to maintain the security of important data in the database in a malicious environment.
The SGX technology-based security database aims to utilize a hardware-based trusted computing technology, and essentially designs a set of CPU instructions, utilizes hardware to create a trusted security zone, relevant data and instructions run in the secure zone, and the security zone is completely invisible to users at the operating system level, so that security protection is provided for the running of the database in an untrusted environment.
As shown in fig. 3, SGX programming needs to re-partition the software architecture of the database server, and the whole software needs to be divided into 2 logical parts: a trusted part and an untrusted part. The trusted part is used for executing operations such as remote connection, database initialization, SQL statement execution, database closing, database sealed migration and the like; the untrusted portion is responsible for the rest of the portion not involved in the sensitive operation. The code and data segments of the trusted portion are located in the EPC, protected by the SGX, while the code and data segments of the untrusted portion are located in the regular unencrypted memory.
The basic idea of the system is to put key modules related to database operation (remote connection, database creation and insertion, query, etc.) into an Enclave in security isolation and bind privacy data such as related data encryption keys to Enclave related hardware. The operation based on Enclave is absolutely safe, even if the inside of the system is maliciously attacked or tampered, the operation safety isolation in the safety area can be ensured, and privacy information such as a secret key and the like is prevented from being stolen.
The specific implementation modules are as follows:
SGX-based remote authentication
Before the client establishes connection with the database of the server, the two communication parties should confirm that the platform of the other party is reliable. Although the communication channel between the client and the server may be encrypted, there is no guarantee that the client is not attacked by malware. Given these vulnerabilities, there is a potential risk of handing sensitive data over to the client for processing. Therefore, not only the confidentiality of the server side needs to be ensured, but also the trust level of the client side needs to be improved.
Using a remote authentication procedure, the client security domain may verify a trusted remote entity and establish an authenticated communication channel with the entity. As part of the authentication, the client's secure zone certifies: its identity; it has not been tampered with; it runs on a legal platform and has intel SGX enabled. At this time, the remote server can securely transmit data to the server side. The process is shown in fig. 4.
Data seal migration
As shown in fig. 5, sealed migration refers to encrypting database data so as to write the data to an untrusted area for storage without revealing the content of the database data. The data can be read back and decrypted when the secure area is opened again. In order to ensure the uniqueness of the key, the encryption key is derived from the inside of the security zone according to needs and is not exposed outside the security zone.
And the sealed migration is mainly provided for storing static data, and when the server has no connection request or needs to be closed for maintenance, the database file is migrated from the memory to the disk through the SGX data sealed migration and stored in a ciphertext mode. Because the secret key is generated by software and hardware together, an external attacker is difficult to obtain, and even if the stored hard disk information is stolen, the secret key cannot be decrypted, so that the library dragging risk is effectively prevented.
Those skilled in the art will appreciate that, in addition to implementing the systems, apparatus, and various modules thereof provided by the present invention in purely computer readable program code, the same procedures can be implemented entirely by logically programming method steps such that the systems, apparatus, and various modules thereof are provided in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Therefore, the system, the device and the modules thereof provided by the present invention can be considered as a hardware component, and the modules included in the system, the device and the modules thereof for implementing various programs can also be considered as structures in the hardware component; modules for performing various functions may also be considered to be both software programs for performing the methods and structures within hardware components.
The foregoing description of specific embodiments of the present invention has been presented. It is to be understood that the present invention is not limited to the specific embodiments described above, and that various changes or modifications may be made by one skilled in the art within the scope of the appended claims without departing from the spirit of the invention. The embodiments and features of the embodiments of the present application may be combined with each other arbitrarily without conflict.

Claims (5)

1. A security database method based on SGX technology is characterized by comprising the following steps: based on a CPU instruction, a trusted security zone is established by utilizing hardware, and related data and instructions run in the trusted security zone and are completely invisible to a user on the operating system level;
SGX programming requires the repartition of the software architecture of a database server, including a trusted part and an untrusted part; the trusted part is used for executing remote connection, database initialization, SQL statement execution, database closing and database sealed migration; the code section and the data section of the trusted part are located in an EPC and protected by an SGX;
step M1: based on the SGX technology, a server side verifies that a client side is a credible remote entity through a remote authentication server, an authenticated communication channel is established between the server side and the client side, and the client side can safely transmit data to the server side;
step M2: when the server does not accept the connection request or needs to close maintenance, the data of the client is hermetically migrated by the SGX technology, and the database file is stored in a ciphertext form;
the step M1 includes:
step M1.1: the client sends the SGX message digest of the client and the generated unique asymmetric key to a remote authentication server;
step M1.2: the remote authentication server backups the received information, judges the safety and feeds back the safety to the client;
step M1.3: the client sends the hardware information of the client to the server to request for initiating connection;
step M1.4: the server transmits the received hardware information of the client to a remote authentication server to verify the identity of the client;
step M1.5: the remote authentication server compares the received information with the stored backup information, judges whether the information is credible or not and sends feedback to the server;
step M1.6: the server receives the request of the client after receiving the authentication of the remote authentication server and establishes connection;
the step M2 includes: encrypting data of a client database, and writing the data to an untrusted area for storage under the condition that the data of the database is not leaked; reading back and decrypting the data after the security area is opened again;
monitoring the communication process by using a packet capturing tool in the communication process, and testing the confidentiality in different links; checking that all transmission processes are ciphertext from a packet capturing result, ensuring the safety of the communication process, and accurately capturing the SSL establishing process during communication by a method of filtering an SSL protocol during testing;
when the access of the database is finished and the Enclave area needs to be recovered by the system, the system encrypts all database information by using a hardware key, hermetically stores the encrypted database information to a local disk, and simultaneously clears all data and records in the Enclave area; the encryption key of the database stored in the local is only valid in the local, so that the remote attack can be effectively resisted; the sealed data can be decrypted and read only by opening the Enclave area again, and at the moment, the content in the database is protected by the Enclave again and cannot be seen to the outside.
2. The SGX technology-based secure database method of claim 1, wherein the encrypting the data of the client database comprises: the encryption key is derived from the software and hardware information from the inside of the secure area.
3. A secure database system based on SGX technology, comprising:
based on a CPU instruction, a trusted security zone is established by utilizing hardware, and related data and instructions run in the trusted security zone and are completely invisible to a user on the operating system level;
SGX programming requires the repartition of the software architecture of a database server, including a trusted part and an untrusted part; the trusted part is used for executing remote connection, database initialization, SQL statement execution, database closing and database sealed migration; the code segments and the data segments of the trusted part are located in an EPC and protected by an SGX;
module M1: based on the SGX technology, a server side verifies that a client side is a credible remote entity through a remote authentication server, an authenticated communication channel is established between the server side and the client side, and the client side can safely transmit data to the server side;
module M2: when the server does not accept the connection request or needs to close maintenance, the data of the client is hermetically migrated through an SGX technology, and the database file is stored in a ciphertext form;
the module M1 includes:
module M1.1: the client sends the SGX information abstract of the client and the generated unique asymmetric key to a remote authentication server;
module M1.2: the remote authentication server backups the received information, judges the safety and feeds back the safety to the client;
module M1.3: the client sends the hardware information of the client to the server to request for initiating connection;
module M1.4: the server transmits the received hardware information of the client to a remote authentication server to verify the identity of the client;
module M1.5: the remote authentication server compares the received information with the stored backup information, judges whether the information is credible or not and sends feedback to the server;
module M1.6: the server receives the request of the client after receiving the authentication of the remote authentication server and establishes connection;
the module M2 includes: encrypting data of a client database, and writing the data to an untrusted area for storage under the condition that the data of the database is not leaked; reading back and decrypting the data after the security area is opened again;
monitoring the communication process by using a packet capturing tool in the communication process, and testing the confidentiality in different links; checking that all transmission processes are ciphertext from a packet capturing result, ensuring the safety of the communication process, and accurately capturing the SSL establishing process during communication by a method of filtering an SSL protocol during testing;
when the access of the database is finished and the Enclave area needs to be recovered by the system, the system encrypts all database information by using a hardware key, hermetically stores the encrypted database information to a local disk, and simultaneously clears all data and records in the Enclave area; the encryption key of the database stored in the local is only valid in the local, so that the remote attack can be effectively resisted; the sealed data can be decrypted and read only by opening the Enclave area again, and at the moment, the content in the database is protected by the Enclave again and cannot be seen to the outside.
4. The SGX technology-based secure database system of claim 3, wherein the encrypting the data of the client database comprises: the encryption key is derived from the software and hardware information from the inside of the secure area.
5. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 2.
CN202011367300.5A 2020-11-27 2020-11-27 Secure database system, method and medium based on SGX technology Active CN112395631B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011367300.5A CN112395631B (en) 2020-11-27 2020-11-27 Secure database system, method and medium based on SGX technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011367300.5A CN112395631B (en) 2020-11-27 2020-11-27 Secure database system, method and medium based on SGX technology

Publications (2)

Publication Number Publication Date
CN112395631A CN112395631A (en) 2021-02-23
CN112395631B true CN112395631B (en) 2022-09-20

Family

ID=74605537

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011367300.5A Active CN112395631B (en) 2020-11-27 2020-11-27 Secure database system, method and medium based on SGX technology

Country Status (1)

Country Link
CN (1) CN112395631B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113672973B (en) * 2021-07-20 2024-04-16 深圳大学 Database system of embedded device based on RISC-V architecture of trusted execution environment
CN115270134B (en) * 2022-07-18 2023-04-18 京信数据科技有限公司 Computing method and system based on FPGA trusted execution environment
CN117997656B (en) * 2024-04-03 2024-06-21 浙江大学 Industrial control data full life cycle safety control system

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108306740A (en) * 2018-01-22 2018-07-20 华中科技大学 A kind of Intel SGX state consistencies guard method and system
CN108418691A (en) * 2018-03-08 2018-08-17 湖南大学 Dynamic network identity identifying method based on SGX
CN109361668A (en) * 2018-10-18 2019-02-19 国网浙江省电力有限公司 A kind of data trusted transmission method
CN109756492A (en) * 2018-12-28 2019-05-14 中国人民解放军战略支援部队信息工程大学 Cloud platform based on SGX is credible execution method, apparatus, equipment and medium
WO2019168557A1 (en) * 2018-02-27 2019-09-06 Visa International Service Association High-throughput data integrity via trusted computing
CN111368297A (en) * 2020-02-02 2020-07-03 西安电子科技大学 Privacy protection mobile malicious software detection method, system, storage medium and application
CN111475782A (en) * 2020-04-08 2020-07-31 浙江大学 API (application program interface) key protection method and system based on SGX (secure gateway) software extension instruction
CN111611620A (en) * 2020-05-26 2020-09-01 牛津(海南)区块链研究院有限公司 Access request processing method of access platform and related device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180241572A1 (en) * 2017-02-22 2018-08-23 Intel Corporation Techniques for remote sgx enclave authentication

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108306740A (en) * 2018-01-22 2018-07-20 华中科技大学 A kind of Intel SGX state consistencies guard method and system
WO2019168557A1 (en) * 2018-02-27 2019-09-06 Visa International Service Association High-throughput data integrity via trusted computing
CN108418691A (en) * 2018-03-08 2018-08-17 湖南大学 Dynamic network identity identifying method based on SGX
CN109361668A (en) * 2018-10-18 2019-02-19 国网浙江省电力有限公司 A kind of data trusted transmission method
CN109756492A (en) * 2018-12-28 2019-05-14 中国人民解放军战略支援部队信息工程大学 Cloud platform based on SGX is credible execution method, apparatus, equipment and medium
CN111368297A (en) * 2020-02-02 2020-07-03 西安电子科技大学 Privacy protection mobile malicious software detection method, system, storage medium and application
CN111475782A (en) * 2020-04-08 2020-07-31 浙江大学 API (application program interface) key protection method and system based on SGX (secure gateway) software extension instruction
CN111611620A (en) * 2020-05-26 2020-09-01 牛津(海南)区块链研究院有限公司 Access request processing method of access platform and related device

Also Published As

Publication number Publication date
CN112395631A (en) 2021-02-23

Similar Documents

Publication Publication Date Title
US10922441B2 (en) Device and method for data security with a trusted execution environment
CN112395631B (en) Secure database system, method and medium based on SGX technology
US8041947B2 (en) Computer architecture for an electronic device providing SLS access to MLS file system with trusted loading and protection of program execution memory
US11132468B2 (en) Security processing unit of PLC and bus arbitration method thereof
KR100996784B1 (en) Saving and retrieving data based on public key encryption
KR101067399B1 (en) Saving and retrieving data based on symmetric key encryption
EP1840786B1 (en) Computer architecture for an electronic device providing single-level secure access to multi-level secure file system
CN107908574B (en) Safety protection method for solid-state disk data storage
GB2464966A (en) Policy enforcement in trusted platforms using external policy engines
CN104573549A (en) Credible method and system for protecting confidentiality of database
CN105740725A (en) File protection method and system
CN105678173A (en) vTPM safety protection method based on hardware transactional memory
CN110837634B (en) Electronic signature method based on hardware encryption machine
CN104462899A (en) Trust access control method for comprehensive avionics system
CN109474431B (en) Client authentication method and computer readable storage medium
US20230409700A1 (en) Systems and methods for managing state
Balakrishnan et al. Non-repudiable disk I/O in untrusted kernels
US20210111870A1 (en) Authorizing and validating removable storage for use with critical infrastrcture computing systems
CN2526907Y (en) Information safety computer
CN111523129A (en) TPM-based data leakage protection method
Lv Analysis of Cloud Computing Security Based on SGX Enhanced National Secret Algorithm
Gehani et al. Augmenting storage with an intrusion response primitive to ensure the security of critical data
Fataniya A Survey of Database Security Challenges, Issues and Solution
Lei et al. TrustControl: Trusted Private Data Usage Control Based on Security Enhanced TrustZone
Wu et al. A Sensitive Data Protection Framework Based on TrustZone

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant