HTTPA, yarjejeniya don ayyukan gidan yanar gizo a cikin amintattun wurare

Darkcrizt

4 minti

HTTPS a halin yanzu ita ce babbar yarjejeniya don aikace-aikacen yanar gizo Yana ba da haɗi mai sauri da aminci tare da wani matakin sirri da amincin. Koyaya, HTTPS ba zai iya ba da garantin tsaro ba akan bayanan aikace-aikacen a cikin lissafi, don haka yanayin IT yana ba da haɗari da lahani.

Ganin wannan, ma'aikatan Intel guda biyu sun yi imanin cewa za a iya samar da sabis na yanar gizo mafi aminci ba kawai ta hanyar yin lissafi a cikin amintattun wuraren aiwatar da kisa ba, ko TEE, har ma ta hanyar tabbatar da abokan ciniki cewa an yi shi.

Gordon Sarki, injiniyan software da Hans Wang, Intel Labs mai bincike, sun ba da shawarar yarjejeniya don yin hakan. A cikin labarin mai taken: “Http: HTTPS Attestable Protocol ”, wanda aka buga kwanan nan akan ArXiv, ya bayyana ka’idar HTTP da ake kira HTTPS Attestable (HTTPA) don inganta tsaron kan layi ta hanyar takaddun shaida mai nisa.

Hanya don aikace-aikace don samun tabbacin cewa amintattun software za a sarrafa bayanai a cikin amintattun wuraren aiwatarwa. Ana iya amfani da Muhallin Amintaccen Kisa na tushen kayan masarufi (TEE), kamar Ƙwararren Kariyar Software na Intel (Intel SGX).

Tun da Intel Software Guard Extension (Intel SGX) yana ba da ɓoye ɓoyayyiyar ƙwaƙwalwar ajiya don taimakawa kare kwamfutoci masu aiki don rage haɗarin yatsa ko canza bayanan sirri ba bisa ka'ida ba. Babban ra'ayi na SGX yana ba da damar ƙididdigewa don yin aiki a cikin shinge, yanayin kariya wanda ke ɓoye lambobi da bayanai masu alaƙa da ƙididdige ƙididdiga na tsaro.

Har ila yau, SGX yana ba da garantin tsaro ta hanyar takaddun shaida mai nisa don abokin ciniki na gidan yanar gizo, gami da ainihin mai badawa da tabbatarwa.

"A nan muna ba da HTTPS Attestable HTTP Protocol (HTTPA), wanda ya haɗa da tsarin shaidar nesa akan ka'idar HTTPS don magance matsalolin sirri da tsaro," in ji Intel.

"Tare da HTTPA, za mu iya ba da garantin tsaro don tabbatar da amincin sabis na yanar gizo da kuma tabbatar da amincin sarrafa buƙatun ga masu amfani da yanar gizo," in ji King da Wang. Mun yi imanin cewa shaidar nesa za ta zama sabon yanayin. haɗarin tsaro na ayyukan gidan yanar gizo, kuma muna ba da ka'idar HTTPA don haɗa shaidar yanar gizo da samun damar yin amfani da sabis a daidaitaccen hanya mai inganci. "

Intel yana amfani da shaida mai nisa azaman babban keɓantawa ga masu amfani ko sabis na yanar gizo don kafa amana azaman amintacciyar tashar don sadar da sirri ko bayanan sirri. Don cimma wannan burin, muna ƙara sabon saitin hanyoyin HTTP, gami da buƙatun farko / amsa HTTP, buƙatun shaidar HTTP / amsawa, buƙatun zaman amintaccen HTTP / amsa, don cimma shaidar nesa wanda ke ba masu amfani da sabis na yanar gizo damar kafa haɗin kai kai tsaye. zuwa lambar gudu.

An tsara HTTPA don samar da takaddun shaida na nesa da kuma garantin kwamfuta na sirri tsakanin abokin ciniki da uwar garken lokacin amfani da yanar gizo ta Intanet. A cikin yanayin HTTPA, muna ɗauka cewa abokin ciniki amintacce ne kuma uwar garken ba. Mai amfani da abokin ciniki zai iya duba waɗannan garantin don yanke shawara ko za su iya amincewa da gudanar da ayyukan ƙididdiga akan sabar ko a'a. Koyaya, HTTPA baya bayar da kowane garantin cewa sabar ta kasance amintacce. HTTPA yana da sassa biyu: sadarwa da kwamfuta.

Dangane da tsaron sadarwa. HTTPA tana ɗaukar duk zato na HTTPS don tsaro na sadarwa, gami da amfani da TLS da amintaccen sadarwa, musamman amfani da TLS da kuma tabbatar da ainihin mutumin. Game da tsaro na lissafin lissafi, ka'idar HTTPA tana buƙatar samar da ƙarin yanayin tabbatarwa na nisa don ayyukan IT da zasu faru a cikin amintaccen shinge, ta yadda mai amfani da abokin ciniki zai iya gudanar da ayyukan aiki a cikin ɓoyayyen ƙwaƙwalwar ajiya.

King da Wang sun ce:

"Mun yi imanin cewa HTTPA na iya zama da amfani ga wasu masana'antu, misali FinTech da kiwon lafiya. Lokacin da aka tambaye shi ko ƙa'idar na iya tsoma baki tare da ayyukan da ke da tsattsauran ra'ayi ko buƙatun latency, sun amsa: “Za a buƙaci ƙarin bincike don tabbatar da duk wani tasirin aiki; duk da haka, ba ma tsammanin wani gagarumin canje-canjen aiki daga wasu ka'idojin HTTPS. Dangane da ko ko lokacin da za a iya karɓar HTTPA, ba a sani ba. Lokacin da aka tambaye shi ko akwai shirye-shiryen ƙaddamar da ƙayyadaddun ƙayyadaddun a matsayin RFC ko kuma aiwatar da wani nau'i na daidaitawa, sun amsa: "Muna da tattaunawa mai gudana da ke buƙatar ƙungiyar lauyoyi ta Intel ta sake duba su kafin mu iya ɗaukar HTTPA. "

A ƙarshe, idan kuna da sha'awar sanin ƙarin abubuwa game da shi, kuna iya tuntuɓar cikakkun bayanai A cikin mahaɗin mai zuwa.


Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.