機密虛擬化：雲計算大模型時代的數據安全新範式

目錄
第 1 章 數據安全與隱私保護····························································.3
1.1 數字化發展帶來的機遇·································································.4
1.1.1 數字化的價值·····································································.4
1.1.2 國內數字化發展戰略····························································.5
1.1.3 全球各國數字化發展戰略······················································.6
1.2 數據安全面臨的挑戰····································································.7
1.2.1 數據隱私保護的重要性·························································.7
1.2.2 數據安全的影響··································································.8
1.2.3 數據生命周期的安全····························································.9
1.3 隱私保護技術············································································.11
1.3.1 隱私保護技術基本概念························································.11
1.3.2 隱私保護技術基本分類························································.12
1.3.3 各類技術比較····································································.17
第 2 章 雲計算中的機密計算···························································.19
2.1 雲計算及數據安全需求································································.20
2.1.1 雲部署下的數據安全···························································.20
2.1.2 數據全生命周期保護····························································21
2.2 機密計算技術演進 ·······································································22
2.2.1 機密計算的定義··································································22
2.2.2 發展歷程及現狀··································································23
第二篇 架構實現
第 3 章 機密計算技術·······································································29
3.1 可信執行環境技術產生 ·································································30
3.2 防護域和攻擊模型 ·······································································30
3.3 機密計算和可信執行環境技術縱覽 ··················································31
3.3.1 ARM 架構 ·········································································32
3.3.2 x86 架構············································································36
3.3.3 RISC-V 架構 ······································································42
3.3.4 特性差異···········································································46
3.4 機密虛擬化················································································47
第 4 章 機密虛擬化架構與實現 ························································48
4.1 微架構······················································································49
4.1.1 威脅模型···········································································50
4.1.2 架構設計···········································································51
4.1.3 TCB 構成 ··········································································53
4.1.4 內存保護機制·····································································54
4.2 指令體系 ···················································································54
4.2.1 指令體系···········································································55
4.2.2 元數據管理········································································57
4.2.3 內存管理···········································································60
4.2.4 處理器虛擬化·····································································62
4.2.5 服務型可信域·····································································66
4.2.6 度量與認證·······································································.66
4.3 虛擬化軟件···············································································.68
4.3.1 虛擬化原理·······································································.68
4.3.2 虛擬機軟件的實現······························································.69
4.3.3 虛擬機監控器實現······························································.72
4.4 I/O 設備虛擬化··········································································.77
4.4.1 傳統 I/O 設備 ····································································.77
4.4.2 TEE-I/O 設備 ····································································.79
4.4.3 TEE-I/O 安全模型 ······························································.81
4.4.4 TEE-I/O 設備認證 ······························································.84
第 5 章 高級特性探秘 ·····································································.89
5.1 遠程認證··················································································.90
5.1.1 可信域度量信息生成···························································.91
5.1.2 可信域引證生成·································································.93
5.1.3 度量報告及生成·································································.94
5.1.4 可信域引證數據結構···························································.98
5.1.5 可信域引證驗證·································································100
5.2 熱遷移·····················································································102
5.2.1 熱遷移流程·······································································103
5.2.2 狀態和數據遷移·································································107
5.3 嵌套虛擬化···············································································108
5.4 TCB 在線升級···········································································108
5.5 內存完整性···············································································109
第 6 章 機密虛擬化軟件形態···························································115
6.1 機密虛擬機···············································································116
6.1.1 虛擬化技術原理·································································116
6.1.2 機密虛擬機技術概念及發展··················································117
6.1.3 安全機制········································································.118
6.1.4 I/O 數據保護 ···································································.120
6.2 機密容器 ················································································.121
6.2.1 容器運行時安全·······························································.121
6.2.2 機密容器架構··································································.123
6.2.3 主要特性········································································.124
6.3 安全操作系統 ··········································································.129
6.3.1 操作系統安全··································································.129
6.3.2 星綻操作系統內核····························································.132
6.3.3 基於機密計算構建安全操作系統 ··········································.133
6.4 TDX 的系統軟件棧···································································.138
6.4.1 基本組件········································································.138
6.4.2 Linux 發行版的支持 ··························································.140
第三篇 實踐案例
第 7 章 聯邦學習···········································································.145
7.1 聯邦學習介紹 ··········································································.146
7.2 機密計算與聯邦學習的結合 ························································.148
7.3 橫向聯邦學習方案 ····································································.149
第 8 章 可信大模型·······································································.153
8.1 構建安全可信大模型 ·································································.154
8.1.1 大模型數據安全隱患·························································.154
8.1.2 機密計算助力構建可信大模型 ·············································.156
8.2 可信大模型應用場景 ·································································.157
8.3 大模型密態計算平臺案例 ···························································.159
8.3.1 TrustFlow ·······································································.160
8.3.2 螞蟻密算大模型服務···························································163
第 9 章 雲數據庫 ············································································167
9.1 雲數據庫與數據安全···································································168
9.2 全密態數據庫············································································169
9.3 典型案例··················································································173
9.3.1 瑤池全密態數據庫······························································173
9.3.2 EdgelessDB ·······································································174
9.3.3 高斯密態數據庫·································································175
第 10 章 區塊鏈··············································································177
10.1 區塊鏈技術·············································································178
10.2 區塊鏈應用的挑戰 ····································································179
10.3 典型案例················································································181
10.3.1 Azure 機密賬本 ································································181
10.3.2 螞蟻隱私保護合約鏈 ·························································182
10.3.3 機密計算在隱私公鏈中的應用 ·············································184
第 11 章 異構計算 ··········································································187
11.1 異構計算與安全性挑戰 ······························································188
11.1.1 異構計算 ········································································188
11.1.2 優勢分析 ········································································189
11.1.3 安全性挑戰 ·····································································189
11.2 異構機密計算··········································································191
11.2.1 發展歷程 ········································································192
11.2.2 商用機密計算 GPU····························································193
11.3 應用案例················································································195
11.3.1 異構計算中的遠程認證 ······················································195
11.3.2 構建機密 AI 訓練······························································197
第 12 章 遠程認證服務 ·································································.199
12.1 MAA ···················································································.200
12.1.1 MAA 概覽·····································································.200
12.1.2 MAA 應用案例·······························································.201
12.2 ITA ·····················································································.202
12.2.1 ITA 架構·······································································.202
12.2.2 ITA 應用案例·································································.205
第四篇 未來展望
第 13 章 安全防護的持續完善·······················································.213
13.1 側信道防禦能力提升 ·······························································.214
13.2 可信性的增強 ········································································.215
13.2.1 主要局限 ······································································.215
13.2.2 發展方向 ······································································.216
13.2.3 零知識證明應用 ·····························································.217
13.3 異構計算的協同保護 ·······························································.218
第 14 章 生態系統的協同發展·······················································.221
14.1 法規與監管體系 ·····································································.222
14.1.1 隱私保護立法 ································································.222
14.1.2 跨境數據流動體系建設 ····················································.223
14.2 多元技術融合 ········································································.224
14.2.1 隱私計算融合 ································································.224
14.2.2 軟件供應鏈安全 ·····························································.225
14.3 標準化生態 ···········································································.226
參考文獻 ·························································································.228