基于边缘计算的可信执行环境研究
A Study of Using TEE on Edge Computing
-
摘要: 边缘计算概念的提出引入了一个新兴的计算模型,它不仅可以缓解传统云计算模型中由于数据传输造成的高延迟问题,同时也有益于保持隐私数据及安全敏感数据的机密性.然而,边缘计算节点本身执行环境的安全性依然是一个不可忽略的问题,它时刻威胁着整个边缘计算模型的安全.得益于硬件厂商在各平台上推出可信执行环境,通过将这些可信执行环境集成至边缘计算节点中可以有效地保障这些节点上运算的安全性.此研究首先分析了一系列传统计算模型中的可信执行环境,并讨论了这些可信执行环境各自的优缺点.其后,在此基础上,深入研究了Intel软件防护扩展和ARM TrustZone这2个流行的可信执行环境,并分别在Intel雾计算节点参考设计样机和ARM Juno开发板上对这2个可信执行环境的安全性和性能进行了分析与测试.结果显示:这些硬件辅助的可信执行环境的引入能够在基本不影响整个系统性能的同时,增强边缘计算平台的安全性.为了帮助提高可信执行环境在边缘计算模型下的可靠性,最后总结了将可信执行环境使用在边缘计算模型中将要面对的安全挑战.Abstract: The concept of edge computing introduces a new emerging computing model that mitigates the high latency caused by the data transmission in the traditional cloud computing model and helps to keep the privacy-or security-sensitive data confidential. However, the security of the execution environment on the edge nodes is still a non-negligible concern that threatens the whole computing model. Recently, hardware vendors design dedicated trusted execution environments (TEEs) on different platforms, and integrating these TEEs to the edge nodes would be efficient to secure the computation on these nodes. In this paper, we investigate a variety of popular TEEs on the traditional computing model and discuss the pros and cons of each TEE based on recent research. Moreover, we further study two popular TEEs-Intel software guard extensions (SGX) and ARM TrustZone technology, and conduct comprehensive performance and security analysis on an Intel Fog Node Reference Architecture platform and an ARM Juno development board, respectively. The analysis results show that using these hardware-assisted TEEs on edge computing platforms produces low overhead while achieving higher security. The discussion on the security challenges of the TEEs is also presented to help improve the reliability of these TEEs and edge computing.