A Design of Code Protection Scheme Based on the Combination of OPTEE and Encrypted File System

A Design of Code Protection Scheme Based on the Combination of OPTEE and Encrypted File System

연구 분야: Verification

학회: International Conference on Network Simulation and Evaluation

Despite the security of cloud servers remaining somewhat insufficient, privacy computing is broadly emerging, particularly in light of the fact that cloud computing is gaining in popularity. Typically, data proprietors are hesitant to entrust their private information to program owners. The “bring code to data” principle in federated learning involves the installation and deployment of model code in the data-side computing environment. By limiting data computation and analysis to the local environment, this method effectively eliminates a wide range of data security concerns. Nevertheless, in real-world scenarios, model developers who possess the model’s intellectual property rights are similarly apprehensive regarding unauthorized replication of their model code from the data-side computing environment. Hence, a collaborative framework is presented in this paper to tackle the concern of model protection within the “bring code to data” paradigm. The proposed framework intends the preservation of local data while the model code is encrypted and remotely disseminated to the data side for secure execution. Additionally, the framework employs the eCryptfs encrypted file system to facilitate the management of model code files, thereby enhancing data security. Furthermore, the model code is protected against unauthorized access by storing and administering the decryption keys in the trusted execution environment (OPTEE). We conduct a comprehensive assessment and evaluation of the framework’s security. The result suggests that the framework successfully implements bidirectional protection for both data security and model protection.