隐私计算之TEE技术和应用实践分析
Analysis of TE-Technology and Applied Practice for Privacy Calculating 大数据时代,数据流通、安全等问题接踵而至。 In the age of big data, problems of data flow, security, etc., have followed. 据IDC预测,全球数据总量预计2020年达到44ZB,我国数据量将达到8060EB,占全球数据总量的18%。2025年全球大数据规模将增长至163ZB,但据统计98%的企业数据都存在数据孤岛问题,各自存储难以流通,使得数据价值无法得到充分利用。随着数据量量级迅速增长,以及数据自身的特殊性质,数据流通安全问题显得尤为重要。除企业和个人对数据隐私愈发重视外,国家在数据流通安全方面的法律法规也逐渐完善,并且推出了一系列法律法规。 According to IDC, global data aggregates are expected to reach 44 ZB by 2020, and our data volume will reach 8060 EB, or 18% of the global total. In 2025, the size of global big data will increase to 163 ZB, but 98% of corporate data will be isolated, making it difficult for them to be stored and their value to be fully exploited. With the rapid increase in the volume of data and the specific nature of the data itself, the issue of data flow security is particularly important. (内容来源于网上公开资料) 在数据安全问题频出的时代,隐私计算中的TEE技术作为一种可以在保证数据“可用而不可见”的前提下进行数据运算的技术,逐渐被大家所关注。 In an era of high data security problems, TEE technology in privacy calculations is gaining interest as a technology that allows data to be calculated in a way that ensures that they are “available and not visible”. 一、隐私计算TEE技术介绍 i. Introduction to privacy computing TEE Technology TEE全名为可信执行环境(Trusted Execution Environment)是计算平台上由软硬件方法构建的一个安全区域,可保证在安全区域内部加载的代码和数据在机密性和完整性方面得到保护。其目标是确保一个任务按照预期执行,保证初始状态的机密性、完整性,以及运行时状态的机密性、完整性。 The full name of TEE is " Trusted Implementation Environment ", which is a secure area built by hardware and software on the computing platform, guaranteeing the confidentiality and integrity of codes and data loaded within a secure area. The objective is to ensure that a task is carried out as expected, ensuring confidentiality, integrity of initial status, and confidentiality and integrity of operational status. 1.1 发展历史 TEE相关标准组织的成立:1999年,康柏、HP、IBM、Intel、微软等企业发起成立了可信计算平台联盟TCPA(Trusted Computing Platform Alliance)该组织于2003年改组为可信计算组织TCG,并制定了关于可信计算平台、可信存储和可信网络链接等一些列技术规范。 Establishment of TEE-related standards: In 1999, Comp, HP, IBM, Intel, Microsoft, among others, initiated the establishment of a coalition of credible computing platforms, TCPA, which was restructured in 2003 as a credible computing organization, TCG, and has developed a number of technical specifications on credible computing platforms, credible storage and credible web links. TEE的实现:2009年OMTP (Open Mobile Terminal Platform,开放移动终端平台)率先提出了一种双系统解决方案:即在同一个智能终端下,除了多媒体操作系统外再提供一个隔离的安全操作系统,这一运行在隔离的硬件之上的隔离安全操作系统用来专门处理敏感信息以保证信息的安全。 The realization of TEE: The 2009 OMTP (Open Mobile Teleport Platform, Open Mobile Terminal) pioneered a two-system solution: under the same smart terminal, provide an isolated and secure operating system, in addition to the multimedia operating system, which operates over isolated hardware and is dedicated to handling sensitive information to ensure its security. TEE相关标准的规范:2011年GlobalPlatform(全球最主要的智能卡多应用管理规范的组织,简称为GP)从2011年起开始起草制定相关的TEE规范标准,并联合一些公司共同开发基于GP TEE标准的可信操作系统。因此,如今大多数基于TEE技术的Trust OS都遵循了GP的标准规范。 Regulation of TEE-related standards: The 2011 GlobalPlatform (the world’s leading organization of smart cardto-applying management codes, known as GP) started drafting relevant TEE-standards starting in 2011 and working with companies to develop credible operating systems based on GP TEE standards. Thus, most Trust OS based on TEE technologies now follow the GP-standards. TEE相关的芯片厂商:在国外 ARM公司、Intel和AMD公司分别于2006、2015和2016年各自提出了硬件虚拟化技术TrustZone、 Intel SGX和AMD SEV技术及其相关实现方案,在国内由中关村可信计算产业联盟2016年发布TPCM可信平台控制模块,为国产化可信执行环境TEE技术的发展起到了指导作用,国内芯片厂商兆芯、海光分别在2017年和2020年推出了支持可信执行环境技术ZX-TCT、海光CSV(China Security Virtualization)。 TEE-related chip manufacturers: overseas ARM, Intel and AMD each proposed hardware virtualization technology TrustZone, Intel SGX and AMD SEV technologies in 2006, 2015 and 2016, respectively, and their associated realization programmes; domestically released by the China-Change Alliance of Credible Computing Industries in 2016, the TPCM Credible Platform Control Module has guided the development of credible national production of environmentally TEE technology; and domestic chip factory magnifying machines, sealights, supported credible implementation of environmental technology ZX-TCT in 2017 and sealight in 2020, respectively. (内容来源于网上公开资料) 二、TEE分类和系统架构 TEE技术是隐私计算的核心技术之一,目前较为成熟的技术主要有:Intel SGX、ARM TrustZone、AMD SEV和Intel TXT。 TEE technology is one of the core technologies for privacy calculations, and the more mature technologies are currently: Intel SGX, ARM TrustZone, AMD SEV and Intel TXT. 2.1 Intel SGX Intel? Software Guard Extensions(英特尔? SGX)是一组用于增强应用程序代码和数据安全性的指令,开发者使用SGX技术可以把应用程序的安全操作封装在一个被称之为Enclave的容器内,保障用户关键代码和数据的机密性和完整性。 Intel? Software Guard Extensions (Intel?SGX) is a set of instructions to enhance application code and data security, and developers use SGX technology to encapsulate the safe operation of applications in a container known as Enclave to safeguard the confidentiality and integrity of user key codes and data. (图片来自:Intel Sgx Product Brief 2019 ) Intel SGX最关键的优势在于将应用程序以外的软件栈如OS和BIOS都排除在了Trusted Computing Base(简称TCB)以外,一旦软件和数据位于Encalve中,即便是操作系统和VMM(Hypervisor)也无法影响Enclave里面的代码和数据,Enclave的安全边界只包含CPU和它本身。 The most critical advantage of Intel SGX is the exclusion of software stores other than applications, such as OS and BIOS, from the Trusted Contracting Base (TCB), and once the software and data are located in Encalve, even the operating system and VMM (Hypervisor) cannot affect the code and data in Enclave, where Enclave's secure boundary contains only the CPU and itself. (图片来自:Intel Sgx Product Brief 2019 ) SGX Enclave运行时主要由三个部分组成,分别是运行在Ring0的系统模块即SGX驱动,和运行在Ring3中的非可信运行时系统即uRTS,以及运行在EPC内存区的可信运行时系统(tRTS),其中Enclave代码和数据放置在被称为Enclave Page Cache。 SGX Enclave operates with three main components: the system module SGX, which operates in Ring0, and the uRTS, which operates in Ring3, which is not credible, and the tRTS, which operates in the EPC storage area, where Enclave code and data are placed in what is known as Enclave Page Cache. (图片来自:Caslab官网) SGX驱动主要完成如下工作: SGX drives mainly the following: Enclave加载。 Enclave loaded. 内存空间分配与销毁。 Memory space allocation and destruction. 换页和缺页中断处理。 Breaks in the processing of page changes and missing pages. uRTS主要完成如下工作: The main tasks of URTS are as follows: Enclave加载和卸载。 Enclave loads and unmounts. 调用管理,处理所有ECall和OCall请求。其中ECall指调用Enclave内的请求,OCall指从Enclave内调用外部的请求。 Call management to process all ECall and OCall requests. 异常处理,判断具体异常反向调用Enclave。 Anomalous treatment, judging by specific anomalies, calls Enclave in reverse. tRTS主要完成如下工作: The main tasks of tRTS are as follows: Enclave加载。 Enclave loaded. 调用管理,处理ECall和OCall。 Call management, handle ECall and OCall. Enclave代码和数据放置在被称为Enclave Page Cache(EPC)的特殊内存区域中,该内存区域使用内存加密引擎(MEE)进行加密,下图展示的是SGX对Enclave内存的保护过程: Enclave code and data are placed in a special memory area known as Enclave Page Cache (EPC), which is encrypted using the memory encryption engine (MEE). The figure below shows the SGX protection process for Enclave memory: (图片来自:Overview of Intel SGX - Part 1, SGX Internals) 值得关注的是,Intel SGX已经先后发布了SGX1与SGX2两代次。其中在服务端芯片中SGX2已在2021正式开始大规模商用。 It is interesting to note that Intel SGX has published SGX1 and SGX2 in two generations. SGX2 in the service-end chip has officially started a large commercial operation in 2021. (图片来自:Caslab官网) (图片来自:Caslab官网) SGX2相较于SGX1增加了Enclave动态内存管理(Enclave Dynamic Memory Management,简称为EDMM)能力。在SGX1的指令集中,创建Enclave时需要提前确认Enclave需要用到的内存大小。并且在运行过程中代码模块不能动态加载到Enclave中。这种设计一是增加了Enclave的启动时间,因为需要确认所有内存地址。二是限制了EPC的空间大小,因为需要预分配,考虑到合理性,SGX1 EPC内存上限被设置为256M。这就导致了在运行过程中超过256M的堆栈,会被以换页的形式加密换出到系统内存中,类似换页就会带来较大的性能开销。 SGX2 adds the Enclave Dynamic Memory Management (EDMM) capability to SGX1 as opposed to SGX1. The SGX1 command concentration requires early confirmation of the memory size that Enclave needs to use when creating Enclave. The code module cannot be manually loaded into Enclave during the operation. This design increases Enclave's start-up time, as all memory addresses need to be identified. The EPC space size is limited by the need to pre-distribute, taking into account the reasonableness, and the SGX1 EPC memory cap is set at 256M. This results in a stack of more than 256M in operation, which will be encrypted out of the system in the form of a new page, and similar page changes will result in greater value for performance. SGX2设计引入了EDMM机制,提供了在保证安全性的同时可动态扩缩Enclave内存的能力。EDMM方案中EPC中内存的分配主要有基于OCall事件触发的分配以及基于缺页终端触发的分配两种模式。其核心都是由SGX Driver分配内存页,再由Enclave确认分配生效,分配机制对应用层透明。 The SGX2 design introduces the EDMM mechanism, which provides the capability to dynamically expand Enclave memory while ensuring security. The EDMM program has two models for the distribution of memory based mainly on the OCall event trigger and the default terminal trigger. At its core, the SGX Driver allocates memory pages, then Enclave confirms that the allocation is effective and the distribution mechanism is transparent to the application layer. SGX2在引入EDMM后,安全性没有降低。SGX2依旧确保Enclave内存页的一致性,一致性可以被度量。由于内存分配依赖OS,为了防止OS提供错误的内存页,每一次内存调整Enclave都需要二次检查内存页(包括权限)的正确性。 SGX2 did not decrease security after the introduction of EDDM. SGX2 still ensures the consistency of Enclave memory pages, which can be measured. Since memory distribution depends on OS, to prevent OS from providing an erroneous memory page, each memory adjustment of Enclave requires a second check of the validity of the memory page (including permissions). SGX支持通过安全认证技术来向挑战者证明Enclave中运行的用户程序的完整性和真实性。SGX的安全认证分为本地认证和远程认证,下图展示的是SGX的远程认证流程: SGX supports the use of security authentication technology to prove to challengers the integrity and authenticity of user programs running in Enclave. SGX security authentication is divided into local authentication and remote authentication, with the remote authentication process for SGX shown below: (图片来自:Intel Software Guard Extensions EPID Provisioning and Attestation Services) (photograph by Intel Software Guard Extensions EPID Production and Agency Services) 2.2 ARM TrustZone ARM TrustZone是ARM公司推出的TEE解决方案,它通过对原有硬件架构进行修改,在处理器层次引入了两个不同权限的保护域 --安全世界和普通世界,任何时刻处理器仅在其中的一个环境内运行。 ARM TrustZone is the TEE solution introduced by ARM, which, by modifying the original hardware structure, introduces two protected areas with different competencies at the handler level -- the safe and the ordinary world -- in which the processor operates at any time only in one of the environments. 同时这两个世界完全是硬件隔离的,并具有不同的权限,正常世界中运行的应用程序或操作系统访问安全世界的资源受到严格的限制,反过来安全世界中运行的程序可以正常访问正常世界中的资源。 At the same time, the two worlds are completely hardware-segregated and have different competencies, and the resources of applications or operating systems operating in the normal world to access the safe world are strictly limited, and in turn, the procedures operating in the safe world allow regular access to the resources of the normal world. (图片来自:ARM官网) 各芯片产商会根据ARM公司对于TrustZone的硬件设计在具体的芯片上进行设计和实现,基于TrustZone技术,可以搭建一个可信执行环境TEE,在TEE内可以有基于TrustZone的操作系统,如高通的QSEE、开源的OPTEE等,下图即为高通的QSEE的整体架构。 The chip chambers design and implement specific chips based on ARM's hardware design for TrustZone, and, based on TrustZone technology, can build a credible implementation environment, TEE, with operational systems based on TrustZone, such as high-quality QSEE, open-source OPTEE, etc., which is the overall structure of the high-quality QSEE. (图片来自:Blogspot: Exploring Qualcomms Secure Execution) 在国产化方面,飞腾、华为等都推出了基于ARM架构CPU的TrustZone方案,如下图所示是支持TrustZone技术的飞腾FT-2000CPU的系统软件架构。 In terms of nationalization, the TrustZone programme, based on the ARM architecture CPU, has been launched by the Flying FT-2000CPU system, as shown in the figure below. (图片来自:天津飞腾信息技术有限公司 FT-2000+/64 系统软件开发指南) (photograph from Tianjin Flying Information Technology Ltd. FT-2000+/64 System Software Development Guide) 2.3 AMD SEV SEV是由AMD提出的安全虚拟化Secure Encrypted Virtualization技术。主要有三个核心技术: SEV is a secure virtualization technology introduced by AMD. There are three main core technologies: SVM,虚拟化技术。 SVM, virtualization technology. SME,内存加密技术。 SME, memory encryption technology. SEV,虚机内存保护技术。 SEV, vacuum memory protection technology. SVM即AMD Secure Virtual Machine的缩写。这是由AMD提供的虚拟化技术,用来X86上支持基于硬件的虚拟化技术,通过硬件提供的辅助加速功能,可以有效提高虚拟化性能。为了支持虚拟化技术,AMD虚拟机框架做了以下设计: SVM, or AMD Security Virtual Machine. This is the virtualization technology provided by AMD to support hardware-based virtualization technology on X86, which can be effectively enhanced by the auxiliary acceleration function provided by hardware. To support virtualization technology, the AMD virtual machine framework has been designed as follows: 提供VMM(即Hypervisor)和Guest(即虚拟机)之间的快速切换机制。 Provide a fast switch mechanism between VMM (i.e. Hypervisor) and Guest (i.e. virtual machines). 拦截虚拟机中特定指令和事件的能力。 The ability to intercept specific instructions and events in a virtual aircraft. 对内存提供外部(DMA)访保护。 External (DMA) access protection for memory. 辅助中断处理和虚拟中断(Virtual Interrupt)支持。 Auxiliary Disruption and Virtual Interrupt (Virtual Interrupt) support. 对属于Guest和Host(宿主机)的TLB使用标签来减少虚拟化的开销。 TLBs belonging to Guest and Host (host) are labelled to reduce the costs of virtualization. SME是Secure Memory Encryption的缩写。AMD在DRAM的控制器中添加了加解密模块,用来控制内内存数据的加密和解密。 SME is an acronym for Secure Memory Enterprise. AMD adds a decryption module to the DRAM controller to control encryption and declassification of memory data. (图片来自:AMD Memory Encryption white paper) SEV(Secure Encrypted Virtualization)是在SVM、SME的基础上对虚拟机进行保护提供的安全增加功能,主要完成对虚拟机内存数据的保护。 SEV ( 将主内存加密功能与现有的AMD-V虚拟化体系结构来支持加密的虚拟机。 加密虚拟机不仅可以让虚拟机免受物理威胁,还可以免受其他虚拟机甚至是hypervisor本身。 因此,SEV代表了一种新的虚拟化安全范例,特别适用于虚拟机不需要完全信任其主机的hypervisor和管理员的云计算系统。 与SME一样,不需要修改应用程序软件即可支持SEV。 The encryption virtual machine not only protects virtual machines from physical threats, but also from other virtual machines, even Hypervisor itself. Thus, SEV represents a new virtual security paradigm, especially for the cloud computing systems of virtual machines that do not need full trust in their hosts. (图片来自:AMD x86 Memory Encryption Technology) 在国产化方面,海光推出过相关的解决方案。 In terms of nationalization, sealight has introduced relevant solutions. 2.4 Intel TXT Intel TXT(Trusted Execution Technology)的主要目标是通过使用特定的Intel CPU、专用硬件以及相关固件,建立一个从开机就可信的环境,从而为系统上运行的用户程序提供更好的安全保护。 The main objective of Intel TXT (Trusted Exchange Technology) is to create an environment that is credible from start-up by using specific Intel CPUs, specialized hardware and related solids, thereby providing better security for user programs operating on the system. (图片来自:英特尔官网) Intel TXT依赖于可信平台模块(Trusted Platform Module,TPM)来保存软件的指纹信息,每次软件启动时都会Intel TXT都会检测并对比这些指纹信息是否一致,从而判断是否存在风险。 Intel TXT relies on a credible platform module (Trusted Platform Module, TPM) to preserve the software's fingerprint information, and each time the software is activated, Intel TXT will detect and match these fingerprint information to determine whether there is a risk. Intel TXT引入了两个TCG概念:静态信任链(Static Chain of Trust)和动态信任链(Dynamic Chain of Trust),如下图所示。静态信任链度量平台配置,动态信任链度量系统软件、软件配置及策略。对于Intel TXT而言,信任根(Root of Trust)就是支持TXT技术的Intel CPU。 Intel TXT has introduced two TPG concepts: Static Train of Trust and Dynamic Trust, as shown in the figure below. The static trust chain measurement platform configuration, dynamic trust chain measurement system software, software configuration and strategy. For Intel TXT, the root of trust is the Intel CPU that supports TXT technology. (图片来自:英特尔官网) 在国产化方面,兆芯推出过基于其自主设计的开先系列CPU的ZX-TCT解决方案,来应用于可信计算领域。 In terms of nationalization, the mega-chip has introduced a ZX-TCT solution based on its own design for an initial CPU series to be applied in a credible computing area. 三、TEE的优势和劣势 3.1 TEE的技术特点 3.1 TET's technical characteristics 2009年OMTP(Open Mobile Terminal Platform)组织在《OMTP Advanced Trusted Environment OMTP TR1 V11》中明确定义TEE的相关概念和规范,定义TEE为“一组软硬件组件,可以为应用程序提供必要的设施”,相关实现需要支持两种安全级别中的一种: OMTP 2009 in OMTP Advanced Trust Environment OMTP TR1 V11 clearly defines the relevant concepts and norms of TEE as “a set of hardware and software components that can provide the necessary facilities for applications”, and the related realization needs to support one of the two security levels: (1)安全界别(Profile 1)目标要求可以抵御软件级别的攻击。 (1) The objective of the security community (Profile 1) requires resistance to an attack of a software level. (2)安全界别(Profile 2)目标要求可以同时抵御软件和硬件攻击。 (2) The objective of the security sector 2 requires protection against both software and hardware attacks. 针对TEE的相关概念及规范定义,各家软、硬件厂商结合自己的基础架构形态具体实现各不相同。虽然在技术实现上存在差异性,但是仍可抽象出TEE的共同技术特点。具体而言,TEE存在以下技术特点: For TEE-related concepts and normative definitions, software and hardware manufacturers vary according to the form of their basic structure. While there are differences in technology realization, the common technical characteristics of TEE can be abstracted. Specifically, TEE has the following technical characteristics: 隔离性:X86架构的隔离机制从Intel 80286处理器开始,Intel提出了CPU的两种运行模式,并且逐步衍生出后来的不同的特权界别,再后来提出了安全区域更小的SGX机制实现可信执行环境TEE。同样的,ARM架构通过TrustZone技术实现了相关软硬件的隔离性,实现安全世界与非安全世界的隔离。TEE通过隔离的执行环境,提供一个执行空间,该空间有更强的安全性,比安全芯片功能更丰富,提供其代码和数据的机密性和完整性保护。 Segregation: The separation mechanism of the X86 structure begins with the Intel 80286 processor, where Intel proposes two modes of operation of the CPU, gradually deriving from the later privileged sectors, and then proposes a smaller SGX mechanism for the credible implementation of the TEE environment. Similarly, the ARM architecture, through the TrustZone technology, separates the relevant hardware and software from the non-safe world. The TEE provides an enforcement space that is more secure than the security chip function and provides confidentiality and integrity protection of its code and data. 软硬协同性:虽然标准定义可以通过软件方式或硬件方式实现TEE,但实际生产场景下,行业内更多通过软硬结合的方式进行安全性的保障与支持。 Soft and hard synergies: While a standard definition can be used to achieve TEE either in software or hardware, in actual production settings there is more safety assurance and support in the industry through soft and hard combinations. 富表达性:TEE与单纯的安全芯片或纯软件的密码学隐私保护方案相比支持的上层业务表达性更强,由于只需要定义好业务层面隐私区域和非隐私区域的逻辑划分,而不会对定义隐私区域内的算法逻辑的语言有可计算性方面的限制(图灵完备的)。同时由于TEE已经提供了”安全黑盒“,安全区域内数据无需进行密态运算,从而支持更多的算子及复杂算法。 Expression: TEE is more supportive of top-level business expressions than a simple security chip or a purely software cryptographic privacy protection program, since only the logical division of privacy and non-privileged areas at the operational level is required to be defined, and there are no limits on the numeracy of language defining the algorithmic logic within a privacy area (Tullin is perfect). And since TEE already provides a "safe black box", data within a secure area need not be kept secret, thus supporting more algorithms and complex algorithms. 3.2 TEE的优势 根据TEE的技术特定可以总结其优势: The advantages can be summarized according to TEE-specific technologies: (1)可信区域内可支持多层次、高复杂度的算法逻辑实现。 (1) A credible region can support multilayered and highly complex algorithmic logic. (2)运算效率高,相较于明文计算仅有3-4倍损耗,相比MPC及联邦学习100+倍的运算损耗具有一定的优势。 (2) The efficiency of the calculation is only three to four times higher than the stated calculation, and has a certain advantage over the 100-plus-fold loss of MPC and federal studies. (3)能够应对恶意攻击模型下的攻击手段,通过可信度量的方式保证TEE的运行逻辑的可信及可度量性。 (3) is capable of responding to the means of attack under the malicious attack model, guaranteeing the credibility and measurability of the operational logic of TEE in a credible manner. 3.3 TEE的劣势 相对的TEE的劣势如下: The relative disadvantage of TEE is as follows: (1)方案实现依赖底层硬件架构。 (1) The programme achieves reliance on bottom hardware structures. (2)更新升级需要同步进行软硬件升级。 (2) Update upgrades require simultaneous hardware and software upgrades. (3)不同厂商的TEE技术互联互通方面有待加强形成更统一的生产级行业标准与事实标准。 (3) There is a need to strengthen the development of more uniform industry-level and factual standards for TEE technology connectivity among different manufacturers. 四、业界布局 可信执行环境TEE技术因可支持多层次、高复杂度的算法逻辑实现、 运算效率高和可信度量的方式保证TEE的运行逻辑的可信及可度量性的特性,受到业界一致认可,越来越多可信执行环境TEE的开源框架和产品踊跃而出。 Credible implementation of environmental TEE technologies has been endorsed by industry as a result of the credibility and measurability of the operational logic of the ETE in a way that supports multilayered, highly complex algorithmic logic realization, efficient operation and credibility, and has resulted in a growing number of credible implementation of the ETE open source frameworks and products. 4.1 开源框架 4.1 Open Source Framework (内容来源于网上公开资料) 4.2 Teaclave Teaclave是由百度公司开源的基于TEE的安全计算平台,目前是Apache孵化项目之一,在贡献给Apache之前项目名为MesaTEE。Teaclave设计思路是构建一个类FaaS(Function as a Service)的计算平台服务。平台在提供TEE机密计算、远程验证、安全存储等功能基础上,再通过一套任务管理框架实现了多任务的管理和并发操作。同时按照FaaS的设计逻辑实现计算函数的可插拔。 Teaclave is a 100-degree open-sourced TEE-based safe computing platform and is currently one of the Apache hatching projects called MesaTEE before contributing to Apache. Teaclave is designed to construct a type of Faas (Function as a Service) computing platform service. The platform enables multitask management and distribution of functions through a mission management framework that provides TEE secret computing, remote validation, secure storage, etc. Teaclave后端核心模块包括管理服务、调度服务、鉴权服务和机密存储服务,这些服务全部在Enclave运行。各模块之间通过统一形式的RPC接口通信,并且端到端双向验证。具体的函数执行通过调度服务分派到不同的TEE工作节点上完成。 Teaclave backend core modules include management services, dispatch services, forensic services and confidential storage services, all of which are run in Enclave. Each module communicates through a unified version of the RPC interface and is verified in both directions at end-to-end. The specific function is performed by assigning the dispatch service to different TEE working nodes. 当前Teaclave支持两类计算实现,一类由Rust实现,通过实现预定义的run方法,并将类注册到执行器类中即可发起对应方法的任务。另一类由python实现,python实现的代码会在具体执行时被TEE内的解释器翻译执行。底层使用的是MesaPy for SGX解释器,目前已经支持Marshal、Math、Binascii、Itertools、Micronumpy等工具库。 The current Teaclave supports two types of calculations, one by Rust, which, by achieving the predefined run method and by registering the category to the implementer category, initiates the task of the corresponding method. The other category is implemented by python, and the code achieved by python is translated by the interpreter in the TEE at the time of the specific execution. The bottom level uses the MessaPy for SGX interpreter, which currently supports the Marshall, Math, Binascii, Itertools, Micronumpy, etc. 4.3 Graphene Graphene是一个SGX LibOS项目,Graphene本身直接与SGX AESM Gateway服务进行交互,所以在实现上不依赖SGX SDK。目前已经封装了47个Host ABI接口,其中36个需要OCall。支持包括fork、exec在内大部分System V IPC。Graphene目前包含接近5万行LibOS代码和2万行SGX PAL代码。编译后接近1MB,可以说非常轻量。 Graphene is a SGX Libos project, and Graphene itself interacts directly with SGX AESM Gateway services, so it does not rely on SGX SDK for realization. Forty-seven Host ABI interfaces have been sealed, 36 of which require OCall. Most System VIPC support, includingfork, exec. Graham currently contains nearly 50,000 LiBOS codes and 20,000 SGX PAL codes. Graphene用户态多进程模型是由LibOS隔离的,即通过创建新的Enclave来启动新的OS进程。LibOS之间使用RPC模拟进程间通信。 The Graham user-state multi-process model is separated by LibOS, which is to start the new OS process by creating a new Enclave. 在Graphene上已经进行过充分验证的应用包括Tensorflow、Pytorch、OpenVINO等机器学习框架,Memchached、Redis、Nginx、Apache HTTP Server等企业级服务。 Applications that have been fully validated on Graham include machine learning frameworks such as Tensorflow, Pytoch and OpenVINO, enterprise-level services such as Memchached, Redis, Nginx and Apache HTTP Server. 4.4 Occlum Occlum是蚂蚁金服公司开源的面向内存安全和多任务的SGX LibOS项目。和其他LibOS一样,Occlum目标是降低遗留应用迁移到SGX中的编码成本。对应用代码不做更改或者只做少量调整,就可以迁移到SGX中运行,获得机密性和完整性保护。 Occlum is the SGX LibOS project for RAM security and multitask. Like other Libos, Occlum aims to reduce the encoding costs of migrating legacy applications to SGX. Without changes to the application code, or with minor adjustments, it can be moved to SGX, where confidentiality and integrity are protected. Occlum相比其他同类LibOS项目主要有以下优势: Occlum has the following main advantages over other similar LibOS projects: Enclave内多进程管理:目前其他的LibOS都是单进程模型,实现多进程需要启动多个LibOS实例。Occlum提供了一个轻量的LibOS进程实现,从而可以在一个Enclave内运行多个独立进程。Occlum在实验室环境下有3倍的进程间通信速度提升。 Multiple process management in Enclave: The other Libos are currently single process models, and multiple Libos examples are needed to achieve multiple processes. Occlum provides a light Libos process that allows multiple independent processes to run in an Enclave. Occlum has three times the speed of inter-process communication in a laboratory environment. 全类型的文件系统支持:Occlum支持多类型的文件系统,可以方便的在Enclave不同进程之间或是在Enclave与外部操作系统之间共享文件。此外Occlum也基于SGX封存技术实现了加密文件系统,可保证Enclave内部数据的加密落盘。 Full-type document system support: Occlum supports multi-type document systems that can easily be shared between different Enclave processes or between Enclave and the external operating system. Occlum also achieves an encrypted file system based on SGX storage technology that ensures the encryption of internal Enclave data. 内存安全:这个主要得益于Occlum使用内存安全的Rust语言实现。 Memory security: This is mainly achieved by Occlum using a secure RAM language, Rust. 容器化设计:实现了命令行工具,可以类似Docker那样管理Enclave实例容器。 Containerization design: The command line tool is achieved and the Enclave example container can be managed in the same way as Docker. 4.5 OpenEnclave Microsoft Open Enclave希望兼容不同的TEE技术,并且提供统一的编程API。Open Enclave是一套C/C++的SDK。Open Enclave目前主要支持Intel SGX,对ARM TrustZone的OP TEE OS支持还停留在预览阶段。 Microsoft Open Enclave wants to be compatible with different TEE technologies and to provide a uniform programming API. Open Enclave is a set of C/C++ SDKs. Open Enclave is currently mainly supporting Intel SGX, and OPTE OS support for ARM TrustZone is still in the preview phase. Open Enclave SDK主要封装了Enclave生命周期管理、Enclave度量、Enclave内外互调用、系统调用、数据封装、远程验证以及一些密码学库。 Open Enclave SDK mainly covers Enclave life cycle management, Enclave metrics, internal and external Enclave calls, system calls, data encapsulation, remote validation and some cryptographic libraries. Open Enclave移植了MUSL库(跨平台的C标准库),也适配了一些第三方库,包括Openssl、Mbedtls、LLVM LibC++等。 Open Enclave has transplanted the MUSL library (cross-platform C standard library) and is also equipped with a number of third-party libraries, including Openssl, Mbedtls, LLVM LibC++, etc. 4.6 Asylo Google Asylo也提供了C/C++的SDK,但不同的是Asylo更进一步定义了基于SGX的应用实现规范,也就是所谓的编程框架。基于Asylo实现的应用也是分为非可信区和可信区,但互相的通信被约束为C/S模式。非可信部分实现客户端和Enclave管理器,可信部分实现计算服务端。 Google Asylo also provides C/C++ SDK, but the difference is that Asylo further defines the SGX-based application compliance norm, the so-called programming framework. The application based on Asylo is also divided into non-trusted and credible areas, but each other’s communications are bound to C/S mode. The untrustworthy part achieves the client and the Enclave manager, and the credible part achieves the computing service. 在远程验证方面,Asylo提供了基于Intel ECDSA Quoting Enclave和Assertion Generator Enclave(简称AGE)两种TCB模式,两种模式都是在SGX ECDSA远程验证模式基础上开发的,所以都需要CPU支持FLC。两者的区别是前者直接基于Intel QE提供了函数接口。而AGE采用了C/S模式,基于Asylo框架,成为了一个常驻GRPC服务,方便外部用户实时调用验证。虽然提升了远程验证的易用性。但显然,AGE的TCB会比单纯使用Intel QE更大。 In terms of remote validation, Asylo provided two TCB models based on Intel ECDSA Quoting Enclave and Assertion General Enclave (AGE), both of which were developed on the basis of the SGX ECDSA remote authentication model, and therefore required CPU support for FLC. The difference was that the former provided a function interface based directly on Intel QE. The AGE adopted the C/S model, based on the Asylo framework, as a permanent GRPC service, to facilitate real-time access by external users. While remote validation was enhanced, it was clear that AGE's TCB would be larger than the simple use of Intel QE. 另外,Asylo还集成了秘密封装、密钥协商以及TEE服务代理等功能。总体而言Asylo是一套把SGX做成服务化的编程框架。 In addition, Asylo combines secret envelopes, key consultations, and TEE service agents. In general, Asylo is a programming framework that uses SGX as a service. 4.7 OP-TEE 在ARM TrustZone生态中,Trusted OS是工程化相对密集的领域。OP-TEE是Trusted OS的一个开源实现。Trusted OS位于安全世界(Secure World)不是一个位于非安全世界(Normal World)的普通操作系统(Normal OS)。Trusted OS属于整个TrustZone应用的可信计算根,必须保证安全,所以相对而言代码量较少,通常而言代码量会比TA少一个量级。在Trusted OS中没有POSIX API,也没有动态链接库,所以其上运行的TA默认使用了静态编译。Trusted OS也需要依赖普通操作系统的帮助,比如对文件系统的访问、对外部设备的访问,都需要通过普通操作系统的系统调用完成。 In the ARM TrustZone ecology, Trusted OS is a relatively dense field of engineering. OP-TEE is an open source of Trusted OS. Trusted OS is located in Safe World and is not a normal operating system (Nomal OS) located in a non-safe world. Trusted OS is a credible computing base for the entire TrustZone application and must be secure. OP-TEE包括安全世界操作系统(OPTEE_OS),普通世界客户端(OPTEE_Client),测试套件(OPTEE_Test / XTest)和Linux驱动程序。 操作系统和客户端符合Global Platform规范。 项目由Linaro维护,已经适配支持28多个平台/处理器。开发用户负责开发在Linux上运行的客户端应用程序(CA)和在OP-TEE上运行的可信应用程序(TA)。 CA使用TEE客户端API与TA对话并从中获取安全服务。 CA和TA使用共享内存在彼此之间传递数据。 OP-TEE includes the Secure World Operating System (OPTEE_OS), the General World Client (OPTEE_Cliet), which tests the package (OPTEE_Test/XTest) and Linux drivers. The operating system and client meet the Global Platform specifications. The project, maintained by Linaro, is well equipped to support more than 28 platforms/processors. The development user is responsible for developing the customer application (CA) that operates on Linux and the trusted application (TA) that operates on OP-TEE. CA uses the TEE client API dialogue with TA and obtains security services from it. CA and TA use shared in-house to transmit data between each other. 类似OP-TEE,开源的Trusted OS还包括OPEN-TEE、Trusty、SierraTEE、SafeG等,并且还有很多企业自用闭源的Trusted OS,比如苹果的Secure Enclave、高通的QTEE、三星的Knox、Teegris、Trustonic的Kinibi OS、华为的TrustedCore等。 Like OP-TEE, open-source Trusted OS also includes OPEN-TEE, Trusty, SierraTEE, SafeG, etc., and there are many enterprises with closed-source Trusted OS, such as Apple Secure Enclave, High Access QTEE, Three Stars Knox, Teegrís, Trusconic Kinibi OS, Hua TrustedCore, etc. 4.8 产品服务 4.8 Product services 中国信息通信研究院联合行业领军企业共同制修订了《基于可信执行环境的数据计算平台 技术要求与测试方法》。测试标准致力于为可信执行环境TEE在数据流通中的应用提供在任务处理能力、算法拓展性、环境验证、通信安全、计算机密性、一致性、数据存储、审计和运维这九个角度对产品能力提出规范要求,为可信执行环境技术在数据流通行业的落地提供可行性证明。 China Institute of Information and Communications (CICC) joint industry-led enterprises have revised the Technical Requirements and Test Methods of the Data Computation Platform based on a Credible Implementation Environment. The test criteria are aimed at providing credible implementation of environmental TEE applications in data flows with a capacity for task processing, arithmetic outreach, environmental validation, communications security, computational confidentiality, consistency, data storage, auditing, and transport support. (内容来源于:2020年12月首批通过中国信息通信研究院可信执行环境的数据计算平台评测的企业名单) (Source: List of first enterprises assessed through the China Institute of Information and Communication Technology's Credible Implementation of the Environment data platform in December 2020) 五、基于TEE技术的应用场景和实践 V. TET-based applications and practices 5.1 应用场景: 5.1 Application scene: 可信执行环境技术(后简称TEE)因其较强的算法通用性和较小的性能损失,在许多涉及到隐私数据计算的场景中都得到了广泛应用,并且尤其适用于具备以下特征的应用场景: Credible enforcement environmental techniques (later TEE) have been widely applied in many scenarios involving the calculation of privacy data because of their greater arithmetic generality and smaller loss of performance, and are particularly applicable to applications with the following characteristics: 计算逻辑相对复杂,算法难以通过同态加密等技术进行改造,或者改造过后效率下降过多 The computational logic is relatively complex, and algorithms are difficult to adapt through techniques such as same-state encryption, or with too much reduced efficiency after conversion 数据量大,数据传输和加解密的成本较高。 The volume of data is high and the costs of data transmission and decryption are high. 性能要求较高,要求在较短时间内完成运算并返回结果。 Performance requirements are high and require that calculations be completed and results returned within a relatively short period of time. 需要可信第三方参与的隐私计算场景,且数据(部分或间接)可被可信第三方获取或反推。 A private computing scene that requires the participation of a credible third party and where data (partially or indirectly) can be obtained or countered by a credible third party. 数据的传输与使用环境与互联网直接接触,需要防范来自外部的攻击。 The transmission of data and the use of the environment are in direct contact with the Internet and require protection against attacks from outside sources. 数据协作的各方不完全互信,存在参与各方恶意攻击的可能。 The parties to the data collaboration do not fully trust each other, and there is a risk of malicious attacks by the parties involved. 其中最常见的具体应用场景包括:隐私身份信息的认证比对、大规模数据的跨机构联合建模分析、数据资产所有权保护、链上数据机密计算、智能合约的隐私保护等。 The most common of these specific applications include authentication comparisons of privacy identity information, analysis of multi-agency joint modelling of large-scale data, protection of ownership of data assets, computation of confidential data on the chain, privacy protection of smart contracts, etc. 隐私身份信息的认证比对 Authentication of Private Identity Information 身份信息的认证比对是许多数字化应用需要具备的基础功能之一,通过对使用者的指纹、脸部图像、声音等数据进行比对,验证使用者的真实身份以确保安全性。在一些场景中,监管部门还会要求应用对使用者的实名信息进行匹配,以便满足社会安全管理的相关需求。 The authentication of identity information is one of the basic functions required for many digital applications, by matching users’ fingerprints, facial images, sound, etc., to verify the true identity of users to ensure security. In some settings, the regulatory authorities also require that the user’s real-name information be matched to meet the needs associated with social security management. 在身份信息认证比对的过程中,用户的个人信息需要被设备采集上传,并存储在服务端的数据库当中。无论是网络传输、持久化存储还是验证过程中的数据调用,都有可能因外部攻击或应用本身的恶意行为而导致的用户隐私泄露,从而危害到用户的财产甚至人身安全。 In the process of matching identification information, the user’s personal information needs to be uploaded by equipment and stored in a service-end database. Whether data are transmitted online, stored over time, or used during validation, there is a risk that the user’s privacy may be compromised by an external attack or by the application of his or her own malicious acts, thereby endangering the user’s property or even the safety of the person. 为了降低身份信息认证比对过程中的隐私泄露风险,TEE技术被应用于包括移动端、PC端和各类终端设备中。由摄像头、指纹识别器等IO设备采集到的个人身份数据,经过加密后传输到基于TEE技术生成的隐私计算环境中,数据在TEE内进行解密、特征提取、相似性比对等一系列操作,并将最终结果和再次加密的数据,通过安全的传输通道上传至服务器端。 In order to reduce the risk of privacy leaks during identification matching, TEE technology is applied to include mobile end, PC end and various types of terminal equipment. Personal identification data collected by IO devices such as cameras, fingerprint identifiers, etc., are encrypted and transmitted to a privacy computing environment based on TEE technology, where data are decrypted, feature extraction, similarity matching, and the final results and reencrypted data are uploaded through secure transmission channels to the server end. 在整个过程中服务器仅能获得最终的比对结果和加密的原始数据,明文数据的计算完全在由用户掌握的终端设备的TEE中完成,既能够保障用户隐私信息的安全性,又可以防止终端设备上其它应用通过对校验过程进行干扰而发生作弊行为。 During the entire process, only the final matching results and encrypted raw data are available to the server, and the calculation of the explicit data is done exclusively in the user-controlled TEE of the terminal equipment, both to ensure the security of the user's privacy information and to prevent other applications on the terminal from cheating by interfering with the verification process. 大规模数据的跨机构联合建模分析 Joint inter-agency modelling analysis of large-scale data 在数字化社会的发展过程中,基于大数据技术和数据智能衍生出的各类产品和服务已经广泛地影响到商业和生活,包括但不限于基于大数据制定商业策略、预测市场趋势、评估用户购买意愿、控制金融和社会风险等。随着这些场景中各类算法的迭代发展,对于数据维度和数据量的要求也在日益增加,单个机构仅仅使用自身业务产生的数据已经不足以支撑这些场景的需求,因此联合多方数据进行联合分析建模已经成为一个重要趋势。 In the course of the development of a digital society, a wide range of products and services derived from big data technologies and data intelligence have had a wide impact on business and life, including, but not limited to, the development of business strategies based on big data, the forecasting of market trends, the assessment of user purchasing preferences, and the control of financial and social risks. As these scenarios evolve over time, demands for data dimensions and measurements are also increasing, and data generated by individual agencies using their own business alone are no longer sufficient to support these scenarios, so joint multi-data modelling has become an important trend. 由于大数据分析难以避免会涉及到企业的用户数据和经营数据,在多方数据联合和协作的过程中,各方都希望输入的原始数据中的这些隐私信息能够得到充分保护,而最终输出的结果仅包括通过算法计算得到的不包含具体数据的分析结果或模型,即实现数据的可用而不可见。 Since large data analysis is difficult to avoid involving enterprise user and business data, in the process of multi-data integration and collaboration, it is hoped that the privacy information in the raw data entered will be adequately protected and that the final output results will only be derived through algorithms of results or models that do not contain specific data, i.e., the availability of data is not visible. 在这类型的场景中,可以通过分布式部署在多个机构间的TEE节点网络,实现数据的隐私求交和计算。各方通过部署在本地的TEE节点从数据库中获取数据,并通过一个基于TEE可信根生成的加密密钥对数据进行加密,该密钥通过多个TEE节点协商产生,仅在各节点的TEE安全区域内部可见。加密后的数据在TEE节点网络间传输,并最终在一个同样由TEE节点组成的计算资源池中,然后在TEE中进行数据的解密、求交和运算。在运算完成后,TEE节点仅对外部输出结算结果,而原始数据和计算过程数据均在TEE内部就地销毁。 In this type of scenario, data privacy can be exchanged and calculated through a distributed network of TEE nodes across multiple agencies. Each party obtains data from a database by deploying to a local TEE node and encrypts the data through an encryption key based on the credible roots of TEE, which is negotiated through multiple TEE nodes and is visible only within the TEE secure area of each node. The encrypted data is transmitted between TEE node networks and eventually in a computing resource pool of the same TE node, and then decrypts, crosses and calculates the data in TEE. When the calculation is completed, the TE node is only about the result of the external output settlement, the original data and the computing process data are destroyed within TEE. 通过TEE技术实现的多方数据联合建模,既能够满足多方数据协作的业务需求,也能够充分保护各方之间原始数据可用不可见。并且相比其它的分布式计算或纯密态计算的方案,基于TEE的方案具备更强大的性能和算法通用性,能够在涉及到大规模数据或对性能有一定要求的场景中达到更好地效果。 Multi-data joint modelling through TEE technologies can meet both the operational needs of multi-data collaboration and adequately protect the non-visibility of raw data between parties. And, compared to other distributed or pure-secret scenarios, the TEE-based programmes have more robust performance and arithmetic generality that can be better effective in scenarios involving large-scale data or with certain requirements for performance. 数据资产所有权保护 随着国家宏观数据政策对于数据生产要素市场化的要求越来越明确,数据作为一种资产在企业间共享、交易和流通已经是大势所趋。然而数据作为一种数字化资产,具备可复制、易传播的特性,如何在数据资产共享和交易过程中保护数据资产的所有权,成为了推动数据生产要素市场化需要解决的首要问题之一。 As national macro-data policies become more explicit about the need for data to be marketed, there is a tendency for data to be shared, traded and circulated among firms as an asset. However, data as a digital asset, with replicable and easily disseminated characteristics, and how to protect ownership of data assets in data-asset-sharing and transactions, is one of the first issues to be addressed in order to promote the marketization of data-producing factors. 通过TEE技术与区块链技术的有机结合,可以在企业间进行数据共享和交易时有效确保数据所有权和数据使用权的分离和保护。所有数据资产通过数据指纹在区块链中存证,通过区块链的交易记录来追溯和监管数据所有权的变更。当数据使用权和所有权发生分离时,所有数据的使用过程必须在TEE内部发生,通过对运行在TEE中的程序可信度量值的存证,数据的所有者可以确定数据使用者仅在双方约定的范围和方式内使用数据,当计算过程完成后,原始数据将在TEE内部销毁,保障数据所有权不会因使用者对原始数据的沉淀而丢失。 Through the organic integration of TEE technology with block chain technology, data-sharing and transactions between enterprises can effectively ensure the separation and protection of data ownership and access rights. All data assets are recorded in the block-chain through the fingerprinting of data, retroactive and regulatory changes in ownership of data through the transaction records of the block-chain. When data access and ownership are separated, all data use must take place within TEE, and by documenting the value of the programme credibility that operates in TEE, the data owner can determine that data users use data only within the scope and manner agreed between the two parties, and when the computation process is completed, the original data will be destroyed within TEE, guaranteeing that ownership of the data will not be lost due to the sedimentation of the original data by the user. 在TEE和区块链技术的结合下,数据交易过程的安全、可信和公平可以得到更好的保障,数据权属的划分可以更加明确,从而让数据生产要素成为一种真正可流通的资产,促进数字化社会对于数据生产要素潜能的充分激活。 In combination with TEE and block chain technology, the security, credibility and fairness of the data transaction process can be better guaranteed, and the division of data tenure can be made clearer so that the data production factor becomes a truly negotiable asset that promotes the full activation of the digital society to the potential of the data production factor. 链上数据机密存储和计算 面对日益增长的电子数据存证需求,传统的存证方式因成本高、效率低、采信困难等不足,而逐步被区块链电子存证取代,利用区块链的可追溯、不可篡改和安全透明的特性去保证数据“存储、提取、出示、比对”等环节都在链上公示,如何保证链上公示数据的安全性,成为推动区块链电子存证发展的需要首要解决的问题之一。 In the face of the growing demand for electronic data storage, traditional methods of record-keeping have been gradually replaced by electronic record-keeping in block chains due to deficiencies such as cost, efficiency and difficulty in accessing them, ensuring that data “repository, extraction, presentation, comparison” and other elements of the block chain, such as their traceability, indeterminability and security transparency, are disclosed on the chain, and ensuring the security of data in the chain is one of the first issues to be addressed in order to facilitate the development of electronic record-keeping in the block chain. 在这类场景中,可以通过TEE节点,实现链上数据的机密存储和计算。链上的各方通过一个加密密钥对数据进行加密存储,该密钥通过链上的TEE节点协商产生,仅在各节点的TEE安全区域内部可见。当需要对链上数据进行验证时,加密后的数据在TEE节点网络间传输,然后在TEE中进行数据的解密,并与链上存储的经过区块链全网共识的数据指纹进行对比,确认数据未被恶意篡改后,再进行后续的运算。在运算完成后,TEE节点仅对外部输出运算结果,而原始数据和计算过程数据均在TEE内部就地销毁,从而实现链上数据的机密存储和计算。 In such scenarios, the confidential storage and computation of data on the chain can be achieved through TEE nodes. The parties on the chain store the data encrypted through an encrypted key, which is generated through a TEE node consultation on the chain and is visible only within the TEE secure area of each node. When authentication of data on the chain is required, the encrypted data is transmitted between TEE nodes, then decrypts the data in the TEE, and then compares the data with the data fingerprints stored on the chain, which are agreed on the whole network of blocks, confirming that the data have not been tampered with maliciously. After the calculation is completed, the TE node merely destroys the results of the external output, while the original data and computing process data are destroyed within TEE, thus enabling the confidential storage and computation of data on the chain. 在TEE技术的加成下,链上数据以及使用流程的隐私性也可以得到更好的保证,从而让区块链具备安全、可信和公平的存证的能力,让区块链存证也可以更好的落地并服务于各行各业的用户,做到真正的为民所用。 With the addition of TEE technologies, the privacy of the data on the chain and of the processes used can also be better guaranteed, thus providing a secure, credible and fair record-keeping capability for the block chain, which can also be better located and served by users in all walks of life and is genuinely accessible to the population. 5.2 实践案例: 5.2 Practice cases: 基于可信执行环境TEE的数据隐私计算服务通过TEE技术实现的多方数据协作运算,既能够满足数据协作的业务需求,也能够充分保护各方之间原始数据可用不可见。并且相比其它的分布式计算或纯密态计算的方案,基于TEE的方案具备更强大的性能和算法通用性,目前已在运营商、政务、金融、互联网和医疗行业不断落地,以下根据网上公开信息收集整理。 Data privacy computing services based on credible implementation of the environment TEE, which are implemented through multiple data collaboration techniques, can meet the operational needs of data collaboration and adequately protect the non-availability of raw data between parties. And programmes based on TEE, which are more robust in performance and algorithms than other distributed or pure-secret calculations, are now located in operators, government, finance, the Internet, and the medical industry, and are organized on the basis of open online information. 冲量在线和中国电信围绕电信集团内部和政企客户之间的数据流通场景展开,基于中国电信自主研发的区块链底层技术,和冲量在线在隐私计算方向的技术融合解决数据流通的可信、隐私、安全、公平、可追溯等问题,提供链上数据智能合约化定价与流通的新范式。 Surgeon Online and China Telecom are organized around data flow scenes within telecommunications groups and between government and business clients. The bottom-of-the-chain technologies developed autonomously by Chinese telecommunications, and the integration of rush technologies in the direction of privacy computing online, address issues such as credibility, privacy, security, equity, traceability of data flows, and provide a new paradigm for data intelligence contracting pricing and circulation on the chain. 百度区块链和浦发银行的合作中通过可信计算+区块链的能力,构建一个多方联合数据隐私计算的平台,让各参与方在不暴露原数据的情况下,在隐私安全、公平可追溯的前提条件下进行一些数据的联合计算,有助于打破数据孤岛,发挥出数据的价值。 Through the capacity of credible computing + block chains, the 100-degree block chain and the cooperation of PWB build a platform for multi-partite data privacy calculations, allowing participants to combine some data without exposing the original data, without compromising privacy security and fair traceability, and helping to break down the data silo and make the data valuable. 蚂蚁推出的可信计算服务产品可信计算服务,打通了链上数据与链下数据源,支持多方数据融合和治理,为用户提供了通用的、可验证的隐私数据计算服务,当前该服务已在某数据物理平台落地,通过网络货运平台运单上链,将物流运输关键信息进行交叉核验,以真实运输背景为出发点,连接金融机构,为物流平台提供普惠金融服务,同时拥抱监管,确保各项业务真实合规。 A credible computing service for a credible computing service product launched by ants, which connects data from the chain with data sources under the chain, supports multi-data integration and governance, and provides a common and verifiable privacy data computing service for users, which is currently located on a data physics platform that links key information on logistics transport through a web-based freight platform, cross-checks key information from the real transport context, connects financial institutions, provides inclusive financial services to the logistics platform and embraces regulation to ensure real compliance. 国外的Fortanix是一家专注可信计算的公司,为企业提供数据隐私保护服务,该服务支持多家企业数据在可信环境中汇聚并进行数据分析任务,并在PayPal、Standard Chartered Bank等多家金融机构合作的项目中,完成了落地,通过多家金融机构的数据协作,极大的提升了金融机构反洗钱风控的准确性。 Fortanix, a foreign firm dedicated to credible computing, provides a data privacy protection service for businesses that supports the pooling of enterprise data and data analysis missions in a credible environment, and that has completed a project in cooperation with a number of financial institutions, such as PayPal, Standard Chartered Bank, which has greatly improved the accuracy of financial institutions'anti-money-laundering control through data collaboration with multiple financial institutions. 六、未来发展预判 vi. Prejudice for future development 6.1 端到端的可信任 6.1end-to-end trusted 可信执行环境TEE技术已经成为隐私计算领域的多种技术路线之一,并且具备通用性好、性能高,跨网通信量小、支持人工智能算法、算力可无限扩展等核心优势,但仍需进一步提升TEE技术的普及度和可信度。 Credible implementation of environmental TEE technologies has become one of the many technical routes in the area of privacy computing and has the core advantages of being universal, high performance, low traffic over the web, support for artificial intelligence algorithms and unlimited expansion of arithmetic, but further improvements in the diffusion and credibility of TEE technologies are needed. 首先需要提供的是“可信第三方”的能力,TEE技术本质上源于芯片的安全与加密能力,所以对于芯片提供商的技术能力、可持续发展性、安全可控性有很高要求。在国内的自主可控与自主创新的大背景下,国产芯片、TEE中间件、操作系统和隐私计算软件等多厂商联合起来共同提高国产芯片TEE的可用性、性能、安全性和通用性才能够真正地提供端到端的隐私计算与数据流通方案能力。截止2021年第二季度,已看到很多国产芯片结合隐私计算的相关解决方案落地,相信不久的将来将会出现更多可信任的国产化TEE实践案例。 The first thing that needs to be provided is the ability of “trusted third parties” where TEE technology is essentially derived from chip security and encryption capabilities, so there is a high demand for the technical capabilities, sustainability, and security controlability of chip providers. In the broader context of autonomous domestic control and autonomous innovation, a number of manufacturers, such as home-grown chips, TEE intermediates, operating systems and privacy computing software, have joined forces to improve the availability, performance, safety and interoperability of national chip TEEs in order to truly provide end-to-end privacy computing and data flow programme capabilities. As of the second quarter of 2021, many home-grown chips have been seen to be found where solutions related to privacy calculations have been found, and it is believed that there will be more trusted examples of national production TEE practice in the near future. 其次需要提供的是“去中心化和大规模组网”的能力,从芯片开始TEE技术本质提供的是单台服务器的加密计算内存空间,在实际落地中仅使用一台TEE无法解决多参与方和大规模数据量并行计算的问题,需要通过软件与中间件的手段建设分布式组网的大规模TEE算力集群,真正地做到任何参与方都掌控TEE算力,任何计算任务都能灵活地并行调度至合适的TEE节点中,才能够实现去中心化和灵活组网的数据流通新范式,符合国家对于跨域跨网跨地区的数据流通和共享的新要求。 Second is the ability to “decentralize and large-scale network”, which the technical essence of TEE from the chip provides an encrypted memory space for a single server, which cannot solve the problem of multi-participating and large-scale data volume in a physical location using only one TEE, which requires the construction of a large TEE cluster of distributed network by means of software and intermediates, with real ownership by any participant of the TE-calculation, and the ability of any computing task to move flexibly in parallel to the appropriate TE-node, in order to achieve a new paradigm of data flow for decentralizing and flexible network, in line with the new national requirements for data flow and sharing across the trans-area network. 6.2 工业标准 TEE技术已经成为硬件行业和软件行业争相布局的安全领域。硬件行业包括全球最领先的计算芯片设计制造商Intel、AMD、ARM都提出了各自的TEE实现方案;软件行业,虚拟化方向包括VMware、Xen、KVM都在跟进TEE虚拟化方案,云服务行业包括AWS、Azure、Google Cloud、Alibaba Cloud、IBM Cloud、Oracle Cloud都在推出基于TEE的安全计算服务。可以确信,在不久的将来,可信执行环境TEE一定会成为安全计算的基础技术。 TEE technology has become a security area for the hardware industry and the software industry. The hardware industry, including the world’s leading producers of computing chips, Intel, AMD, and ARM, have proposed their own TEE realization programmes; the software industry, with virtualization orientations including VMware, Xen, and KVM, are following up on the TEE virtualization programme, and the cloud services industry, including AWS, Azure, Google Cloud, Alibaba Cloud, IBM Cloud, oracle Cloud, are all introducing TEE-based safe computing services. 6.3 开发者友好度 6.3 Developer Friendly 对于目前TEE LibOS技术路线来说,较小的TCB和较完备的POSIX兼容性看起来是一对矛盾的工程化目标。较小的TCB意味着更简单更透明的基础依赖层以及更低的信任成本,较完备的POSIX兼容性意味着遗留系统迁移到TEE中运行的改造工作更少。目前看来工程界还没有找到两全其美的解决方案。不过有越来越多的LibOS项目在压缩自己的设计复杂度和代码量,同时也在兼容覆盖更多的系统调用。 For the current TEE LibOS technical route, the smaller TCB and the more complete POSIX compatibility appear to be conflicting engineering objectives. The smaller TCB means a simpler and more transparent base dependency layer and lower trust costs, and the more complete POSIX compatibility means that the legacy system moves to the TEE with fewer modifications. It appears that the engineering community has not yet found a two-size-fits-all solution. But an increasing number of LibOS projects are compressing their design complexity and code sizes, while also covering more systems. 对于坚持使用SDK的开发者阵营而言,如何去支持更多的语言成为了工程上最大的问题。目前已经兼容的SDK,包括C/C++、Rust、Python、Golang等。但除了C/C++、Rust外,其他SDK从API覆盖度、语言单一度都有所欠缺,还无法直接支持生产环境下的工程开发。不过我们可以看到有越来越多的研发资源投入到SDK本身的开发上,并且越来越多的项目依赖这些SDK来开发。另一个思路是找到通用语言适配的方法,目前尝试最多的是针对WASM的TEE实现,可以将任何高级语言的代码转译成WASM码然后再执行。通过上述两个研发方向的促进,TEE的SDK生态发展规模势必会越发蓬勃。 But with the exception of C/C++, Rust, Python, Golang, etc., other SDKs are not covered from API, with a single language, and cannot directly support engineering in the production environment. But we can see that more and more research and development resources are invested in the development of the SDK itself, and more and more projects rely on the SDK for development. Another idea is to find a way to match the common language, which is being tried most often with the TEE for WASM, which can translate any advanced language code into the WASM code and then implement it. 6.4 TEE实例化 6.4 TEE exemplify TEE实例化是解决TEE运行时统一性的问题。可以看到不管是哪种TEE技术,各个厂家的原生方案都在追求同一个TEE芯片内部的实例化隔离特性。TEE提供资源管理,具体内部的运行逻辑以及运行并发数则由具体的程序逻辑而定。从而把资源和运行时区分开来。运行时的隔离往往更方便资源的切割,这是云计算服务商最希望使用的技术。因为TEE实例化后可以对底层资源进行更好的度量、分配和调度。 Empiricalization of TEE is the solution to the problem of uniformity in the operation of TEE. Regardless of which TEE technology is used, it can be seen that each manufacturer’s original program is pursuing exemplifying segregation within the same TEE chip. TEE provides resource management, with the internal operating logic and the number of running and running, depending on the specific process logic. 这个方向后续可以关注TEE与云原生的结合,云计算服务厂商目前都在推出单个的安全容器服务,后续会逐步过渡到支持安全容器在云原生系统中调度。同时也可以关注异构TEE硬件的通用实例化技术,包括SGX Enclave、TrustZone TA以及AMD SEV,可能可以找到一致的实例化通用描述,从而方便未来在跨硬件跨云的灵活调度。 Follow-up to this direction could focus on the combination of TEE and cloud-borns, where cloud computing service providers are now introducing individual safety container services, which will gradually transition to supporting the deployment of safety containers in cloud-based systems. Attention could also be given to generic exemplifying techniques for asymmetric TEE hardware, including SGX Enclave, TrustZone TA, and AMD SEV, which may find consistent generic descriptions that will facilitate future flexible movement across hardware over clouds. 6.5 自主可控性 6.5 Autonomous control 随着国内的政府、金融等关系到国计民生的重要领域在计算机软硬件领域的自主可控要求逐步提高,如何将依赖软硬件结合的数据流通和隐私计算技术——TEE,发展成为完全自主可控的技术,并落地在实际业务场景中,成为业界关注的话题,当前国内的多个芯片厂商也在研发和推出TEE解决方案,并在信任链扩展性、集成密码学算法等方面,相比国外TEE方案国产化TEE技术都做了创新。随着国产化CPU需求的快速增长、软硬结合的隐私计算技术的快速突破以及跨机构跨行业的数据协作意识越来越强,多重因素的刺激下,满足自主可控性要求的国产化TEE技术势必会成为未来TEE技术的主流。 As domestic governments, finance, and other important areas of relevance to the livelihood of the nation have gradually increased their autonomous regulatory requirements in the area of computer hardware and software, the development of data flow and privacy computing techniques that rely on a combination of hardware and software – TEE – into fully autonomous technologies and become a topic of concern to the industry in the real business landscape, the development and roll-out of TE-based solutions by multiple chip manufacturers in the country is also taking place, and innovations have been made in the production of TE-based technologies in the context of the expansion of trust chains, integrated cryptography algorithms, and so on in the other countries. With the rapid growth of domestic production of CPUs, rapid breakthroughs in soft and hard combination privacy computing techniques, and growing awareness of inter-agency collaboration on data across industries, national production of TE-based technologies that meet the requirements of autonomous control are bound to become the mainstream of future TE-based technologies. 6.6 多技术融合 6.6 Multi-Technology Integration 满足商业生产环境的复杂应用需求,保障数据安全可信流通的技术解决方案只靠TEE是远远不够的。可以从安全、可信、可运维和数据智能化四个层面来分析需要融合的技术。 Technical solutions to meet the complex application needs of a commercial production environment that secures a credible flow of data are far from sufficient. Technologies that need to be integrated can be analysed at four levels: secure, credible, transportable and intelligent peacekeeping data. 从系统安全角度来看,系统安全是数据隐私保护的前提,若某一方的系统如果被敌手攻破,之上构建的所有隐私策略效果都会归零。安全主要要保证系统的各个域内以及跨域之间的通信是可靠的,抗攻击的。所以需要TEE、可信计算、加密通信等技术对已有底层系统进行安全加固。 From the point of view of system security, system security is a prerequisite for data privacy protection, and if a system on one side is breached by an enemy, all privacy strategies built on it are zero. Security primarily ensures that communications within and across areas of the system are reliable and resistant to attack. So technologies such as TEE, credibly calculated, encrypted communications are needed to secure and strengthen existing bottom systems. 从系统可信角度来看,系统本身要保证各个切面的行为都是可以被跟踪、审计的。所以需要保证各方之间流通的要素都是可度量的。各方之间有计算任务的流通、算法需求的流通、算力的共享等,这些要素都可以直接或间接地通过密码学算法、TEE等进行量化度量,再通过区块链做到抗抵赖的存在性证明。 From the point of view of system credibility, the system itself ensures that all aspects of behaviour are tracked and audited. So it is necessary to ensure that the elements that flow between the parties are measurable. There is a flow of computing tasks between the parties, a flow of algorithmic needs, and a sharing of arithmetic power, all of which can be quantified, either directly or indirectly, through cryptographic algorithms, TEE, etc., and then through the chain of blocks, to prove the existence of resistance. 从系统可运维性来看,因为是一套跨多方的分布式系统,系统要具备可灵活部署、标准化交付的能力。在系统设计上,基于云原生标准构建,可以方便地进行跨云部署,并且兼容底层不同的硬件体系。此外容器化构建的好处也在于可以将交付物统一。 In terms of the transportability of the system, because it is a multi-dimensional distributed system with flexible deployment and standardized delivery capabilities. In the design of the system, it is built on cloud-based standards that allow easy cross-coated deployment and compatibility with different hardware systems at the bottom. 从数据智能化来看,因为数据的价值取决于数据挖掘的计算能力。构建数据协作的系统的目的是为了挖掘出数据的价值,所以必然需要集成已有大数据系统和已在生产环境中反复验证过效果的数据挖掘算法。 In terms of data intelligence, because the value of data depends on the computing power of data mining. The purpose of a system of data collaboration is to extract the value of data, which necessarily requires the integration of large existing data systems and data mining algorithms that have been repeatedly validated in the production environment. 结合上面的分析,安全可信的数据流通系统需要多技术融合,不仅仅是TEE,区块链、云原生、数据挖掘等都将是这个领域的技术基石。 In conjunction with the above analysis, a secure and credible data flow system requires multi-technology integration, not only TEE, but also block chains, cloud logs, data mining, etc., will be the cornerstone of technology in this area. 作者简介:中国电信研究院刘岩、梁伟、杨明川、高伟勃、夏晓晴、赵君,中国电信股份有限公司吉林分公司崔文博,浦发银行信息科技部郭林海、高扬,北京冲量在线科技有限公司陈浩栋、宋雨筱、毛宏斌、张亚申、周岳骞,中国信息通信研究院云计算与大数据研究所闫树、袁博。 The author's profile is Liu Xuan, Liang Wei, Yang Mingchuan, Gao Weibo, Xiaoqing Xiaoqing, Zhao Gun, Choi Wenbo, Jilin Branch, China Telecommunications Company Ltd., Guo Linhai, Gaoyang, Ministry of Information Technology and Technology, Poifan Bank, Chen Ho-dong, Song Yumong, Mau Hongbin, Zhang Yashin, Zhou Yue-chung, and Yue-chun, China Institute of Information and Communications Research, Jiaki and Yuan Bo.
注册有任何问题请添加 微信:MVIP619 拉你进入群
打开微信扫一扫
添加客服
进入交流群
发表评论