摘要
多接入边缘计算(multi-access edge computing,MEC)在用户终端与数据中心之间架起了桥梁,使终端数据在边缘侧就能得到高效的处理.针对MEC存在的安全问题,通过分析MEC面临的安全风险,阐述了一种基于可信执行环境(trusted execution environment,TEE)的MEC安全方案,该方案通过在不同架构下(ARM/x86)的TEE安全模块的结合,实现了MEC各组成部分的完整性检测以及可信度量,保障了MEC从启动到运行中各个部件的安全.同时介绍了一种MEC节点与边缘计算编排器之间的远程证明方法,实现了一套保障MEC基础设施、平台、应用、编排管理安全的整体方案.
MEC has built a bridge between the equipment edge and the data center,so that the original data can be processed efficiently at the mobile edge.Aiming at the security problems of MEC,by analyzing the security risks faced by MEC,this paper expounds on a MEC security scheme based on a trusted execution environment(TEE).Through the combination of tee security modules under different architectures(ARM/x86),this scheme realizes the integrity detection and trusted measurement of each component of MEC,and ensures the security of each component of MEC from Startup to operation,At the same time,a remote proof method between MEC node and MEO is introduced,and a set of overall scheme to ensure the security of MEC infrastructure,platform,application and choreography management is realized.
作者
鲍聪颖
吴昊
陆凯
曹松钱
卢秋呈
Bao Congying;Wu Hao;Lu Kai;Cao Songqian;Lu Qiucheng(Ningbo Yongyao Power Investment Group Co.,Ltd.,Ningbo,Zhejiang 315099;State Grid Zhejiang Electric Power Co.,Ltd.,Ningbo Power Supply Company,Ningbo,Zhejiang 315016;Ningbo Artificial Intelligence Institute of Shanghai Jiao Tong University,Ningbo,Zhejiang 315000;School of Electronic Information and Electrical Engineering,Shanghai Jiao Tong University,Shanghai 200240)
出处
《信息安全研究》
CSCD
2023年第1期38-47,共10页
Journal of Information Security Research
基金
国家重点研发计划项目(2019YFB1705703)
宁波市重大科技任务攻关项目(2021Z022)
宁波市永耀电力投资集团有限公司资助项目(NBGC21P05A-0926-41)。
关键词
5G
边缘计算安全
可信计算
可信执行环境
可信度量
5G
edge computing security
trusted computing
trusted execution environment
trust measurement
