Jingchen Zhu,Guangyu Sun,Xian Zhang,Chao Zhang,Weiqi Zhang,Yun Liang,Tao Wang,Yiran Chen,Jia Di

DOI: https://doi.org/10.1109/TCAD.2019.2948914

IF: 2.9

2020-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Outsourcing data to a third-party cloud provider has become quite common with the increasing use of cloud computing. This brings convenience, as well as the concern for data security and privacy. It is believed that data encryption alone is often not enough to protect users’ privacy from the cloud provider. According to previous work, the sequence of storage locations accessed by the client can leak up to 90% of the sensitive information, even with data encrypted. In this context, Oblivious RAM (ORAM) is proposed. ORAM algorithms allow the client to hide its access pattern from the service provider while introducing a lot of extra operations. Among all the prototypes, Path ORAM is one of the most promising designs. However, there are still redundant memory accesses that can be removed without harming the security of traditional ORAM as we observed. We came up with three optimization techniques, including path merging, ORAM request scheduling, and merging aware caching. We also propose a prefetching technique to further decreasing the access overhead. Moreover, we also illustrate the compatibility of Fork Path and some state-of-the-art Path ORAM optimizations. Compared to traditional Path ORAM approaches, our Fork Path ORAM can reduce overall performance overhead and power consumption of memory system by 65% and 44%, while the design overhead is trivial.

Yuezhi Che,Dazhao Cheng,Xiao Wang,Rujia Wang

DOI: https://doi.org/10.1109/tpds.2024.3441623

IF: 5.3

2024-09-14

IEEE Transactions on Parallel and Distributed Systems

Abstract:The challenges of data privacy and security posed by data outsourcing are becoming increasingly prevalent. Oblivious RAM (ORAM)-based oblivious data storage guarantees data confidentiality through data encryption and access pattern obfuscation. However, it suffers from performance degradation and low throughput. To address these issues, the concurrency of ORAM in a multi-user scenario has been explored. We investigate several existing concurrent oblivious data storage solutions and discover that a trusted proxy is used to serve concurrent accesses between users and storage, with processing locks involved in the proxy to ensure correctness and prevent conflicts. The proxy-based system is inherently prone to pessimistic concurrency control, and as the number of users grows, a proxy might become a performance bottleneck, causing significant delays. In this study, we propose Opca, a novel oblivious data storage framework that enables optimistic concurrent access. Opca refines the proxy design by temporally storing multiple versions of modified data with labeled timestamps, committing only the latest version to the storage during a separate processing period. Opca is implemented and evaluated in different real-world storage backends with a scalable number of users, and its performance is compared to alternative schemes. Opca outperforms the state-of-the-art concurrent oblivious storage system TaoStore, which relies on a similar system setting. Our results show that Opca can improve 3.77x throughput and reduce 73.5% response time.

computer science, theory & methods,engineering, electrical & electronic

Xian Zhang,Guangyu Sun,Chao Zhang,Weiqi Zhang,Yun Liang,Tao Wang,Yiran Chen,Jia Di

DOI: https://doi.org/10.1145/2830772.2830787

2015-01-01

Micro

Abstract:Oblivious RAM (ORAM) is a cryptographic primitive that can prevent information leakage in the access trace to untrusted external memory. It has become an important component in modern secure processors. However, the major obstacle of adopting an ORAM design is the significantly induced overhead in memory accesses. Recently, Path ORAM has attracted attentions from researchers because of its simplicity in algorithms and efficiency in reducing memory access overhead. However, we observe that there exist a lot of redundant memory accesses during the process of ORAM requests. Moreover, we further argue that these redundant memory accesses can be removed without harming security of ORAM. Based on this observation, we propose a novel Fork Path ORAM scheme. By leveraging three optimization techniques, namely, path merging, ORAM request scheduling, and merging-aware caching, Fork Path ORAM can efficiently remove these redundant memory accesses. Based on this scheme, a detailed ORAM controller architecture is proposed and comprehensive experiments are performed. Compared to traditional Path ORAM approaches, our Fork Path ORAM can reduce overall performance overhead and power consumption of memory system by 58% and 38%, respectively, with negligible design overhead.

Jingsen Zhu,Mengming Li,Xingjian Zhang,Kai Bu,Miao Zhang,Tianqi Song

DOI: https://doi.org/10.1109/tc.2023.3248272

2023-01-01

Abstract:Oblivious RAM (ORAM) remains a bittersweet protection of memory access patterns because of its prohibitively high overhead. The root cause is that ORAM hides intended accesses among a sufficiently large number of dummy accesses. Most existing optimizations mitigate memory accesses using architectural enhancements (e.g., cache) yet few of them improve the efficiency of ORAM primitives per se. In this paper, we identify path-grained static scheduling as a fundamental ORAM performance bottleneck. We propose level-grained dynamic scheduling that directly optimizes ORAM primitives to boost efficiency. It enables ORAM to service more than one request per path and write paths batch wise. We can thus boost ORAM efficiency through handling queued requests as soon as possible and remove as many redundant accesses as possible. Since optimized memory accesses still target the same set of paths, dynamic scheduling preserves ORAM security. We implement dynamic scheduling through Hitchhiker ORAM. In comparison with the state-of-the-art primitive-optimized Fork Path ORAM, Hitchhiker ORAM yields 31.5% fewer memory accesses, 60.2% shorter latency, and 40.7% less energy consumption, being 2.5× faster. In comparison with the state-of-the-art architecture-optimized $\rho$ , Hitchhiker ORAM is 1.5× faster and the integrated version— $\rho$ -Hitchhiker ORAM is 2.0× faster.

Haojie Ye,Yuchen Xia,Yuhan Chen,Kuan-Yu Chen,Yichao Yuan,Shuwen Deng,Baris Kasikci,Trevor Mudge,Nishil Talati

2024-11-08

Abstract:Oblivious RAM (ORAM) hides the memory access patterns, enhancing data privacy by preventing attackers from discovering sensitive information based on the sequence of memory accesses. The performance of ORAM is often limited by its inherent trade-off between security and efficiency, as concealing memory access patterns imposes significant computational and memory overhead. While prior works focus on improving the ORAM performance by prefetching and eliminating ORAM requests, we find that their performance is very sensitive to workload locality behavior and incurs additional management overhead caused by the ORAM stash pressure. This paper presents Palermo: a protocol-hardware co-design to improve ORAM performance. The key observation in Palermo is that classical ORAM protocols enforce restrictive dependencies between memory operations that result in low memory bandwidth utilization. Palermo introduces a new protocol that overlaps large portions of memory operations, within a single and between multiple ORAM requests, without breaking correctness and security guarantees. Subsequently, we propose an ORAM controller architecture that executes the proposed protocol to service ORAM requests. The hardware is responsible for concurrently issuing memory requests as well as imposing the necessary dependencies to ensure a consistent view of the ORAM tree across requests. Using a rich workload mix, we demonstrate that Palermo outperforms the RingORAM baseline by 2.8x, on average, incurring a negligible area overhead of 5.78mm^2 (less than 2% in 12th generation Intel CPU after technology scaling) and 2.14W without sacrificing security. We further show that Palermo also outperforms the state-of-the-art works PageORAM, PrORAM, and IR-ORAM.

Cryptography and Security,Hardware Architecture

Jian Liu,Kefei Wang,Feng Chen

DOI: https://doi.org/10.1109/ICDCS.2019.00064

2019-01-01

Abstract:The fast-pace advancement of flash technology has enabled us to build a very large-capacity cache system at a low cost. However, the reliability of flash devices still remains a non-negligible concern, especially for flash-based cache. This is for two reasons. First, corruption of dirty data in cache would cause a permanent loss of user data. Second, warming up a huge-capacity cache would take an excessively long period of time. In this paper, we present a highly reliable, efficient, object-based flash cache, called Reo. Reo is designed to leverage the highly expressible object interface to exploit the rich semantic knowledge of the flash cache manager. Reo has two key mechanisms, differentiated data redundancy and differentiated data recovery, to make a flash cache highly reliable, and in the meantime, still remains space efficient for high cache hit ratio. We have prototyped Reo based on open-osd, an open-source implementation of T10 Object Storage Device (OSD) in Linux. Our experimental results show that compared to uniform data protection, Reo achieves graceful performance degradation and prioritized recovery upon device failures. Compared to full replication, Reo is more space efficient and delivers up to 3.1 times of the cache hit ratio and up to 3.6 times of the bandwidth.

Anrin Chakraborti,Radu Sion

DOI: https://doi.org/10.48550/arXiv.1707.01211

2019-08-18

Abstract:Oblivious RAM protocols (ORAMs) allow a client to access data from an untrusted storage device without revealing the access patterns. Typically, the ORAM adversary can observe both read and write accesses. Write-only ORAMs target a more practical, {\em multi-snapshot adversary} only monitoring client writes -- typical for plausible deniability and censorship-resilient systems. This allows write-only ORAMs to achieve significantly-better asymptotic performance. However, these apparent gains do not materialize in real deployments primarily due to the random data placement strategies used to break correlations between logical and physical namespaces, a required property for write access privacy. Random access performs poorly on both rotational disks and SSDs (often increasing wear significantly, and interfering with wear-leveling mechanisms). In this work, we introduce SqORAM, a new locality-preserving write-only ORAM that preserves write access privacy without requiring random data access. Data blocks close to each other in the logical domain land in close proximity on the physical media. Importantly, SqORAM maintains this data locality property over time, significantly increasing read throughput. A full Linux kernel-level implementation of SqORAM is 100x faster than non locality-preserving solutions for standard workloads and is 60-100% faster than the state-of-the-art for typical file system workloads.

Cryptography and Security

Thore Thießen,Jan Vahrenhold

DOI: https://doi.org/10.4230/LIPIcs.ISAAC.2024.36

2024-09-18

Abstract:Oblivious RAM (ORAM) is a well-researched primitive to hide the memory access pattern of a RAM computation; it has a variety of applications in trusted computing, outsourced storage, and multiparty computation. In this paper, we study the so-called offline ORAM in which the sequence of memory access locations to be hidden is known in advance. Apart from their theoretical significance, offline ORAMs can be used to construct efficient oblivious algorithms. We obtain the first optimal offline ORAM with perfect security from oblivious priority queues via time-forward processing. For this, we present a simple construction of an oblivious priority queue with perfect security. Our construction achieves an asymptotically optimal (amortized) runtime of $\Theta(\log N)$ per operation for a capacity of $N$ elements and is of independent interest. Building on our construction, we additionally present efficient external-memory instantiations of our oblivious, perfectly-secure construction: For the cache-aware setting, we match the optimal I/O complexity of $\Theta(\frac{1}{B} \log \frac{N}{M})$ per operation (amortized), and for the cache-oblivious setting we achieve a near-optimal I/O complexity of $O(\frac{1}{B} \log \frac{N}{M} \log\log_M N)$ per operation (amortized).

Data Structures and Algorithms,Cryptography and Security

Xian Zhang,Guangyu Sun,Peichen Xie,Chao Zhang,Yannan Liu,Lingxiao Wei,Qiang Xu,Chun Jason Xue

DOI: https://doi.org/10.1109/micro.2018.00082

2018-01-01

Abstract:Oblivious RAM (ORAM) is a cryptographic primitive designed to hide memory access patterns. To achieve this objective, the intended data block is loaded and evicted back together with other data blocks and dummy blocks in each ORAM access. To further protect the timing pattern, extra dummy ORAM accesses are triggered periodically. Such designs lead to huge memory access overheads. Many techniques have been proposed to mitigate this problem by reducing the total number of ORAM accesses and the number of blocks per access. However, the impact of the access order of intended data block in an ORAM access is not addressed yet. In this work, we argue that higher performance can be achieved by advancing the access to the intended data block in ORAM accesses. However, changing the access order of blocks directly compromises the ORAM security. To solve this problem, we propose a duplication method to advance the access to the intended data blocks without compromising the ORAM security. The method leverages dummy blocks to store extra copies of data blocks, to facilitate early access of intended data blocks. These dummy blocks with valid data duplications are called Shadow blocks in this work. We further introduce two data duplication techniques, called RD-Dup and HD-Dup, to reorder the data block access for different purposes. In addition, we propose ORAM space partitioning to make RD-Dup and HD-Dup cooperate with each other efficiently. Compared with state-of-the-art ORAMs, our design can achieve a 32% reduction in system execution time on average, with negligible hardware overheads.

Leqian Zheng,Zheng Zhang,Wentao Dong,Yao Zhang,Ye Wu,Cong Wang

2024-09-11

Abstract:The combination of Oblivious RAM (ORAM) with Trusted Execution Environments (TEE) has found numerous real-world applications due to their complementary nature. TEEs alleviate the performance bottlenecks of ORAM, such as network bandwidth and roundtrip latency, and ORAM provides general-purpose protection for TEE applications against attacks exploiting memory access patterns. The defining property of this combination, which sets it apart from traditional ORAM designs, is its ability to ensure that memory accesses, both inside and outside of TEEs, are made oblivious, thus termed doubly oblivious RAM (O$_2$RAM). Efforts to develop O$_2$RAM with enhanced performance are ongoing. In this work, we propose H$_2$O$_2$RAM, a high-performance doubly oblivious RAM construction. The distinguishing feature of our approach, compared to the existing tree-based doubly oblivious designs, is its first adoption of the hierarchical framework that enjoys inherently better data locality and parallelization. While the latest hierarchical solution, FutORAMa, achieves concrete efficiency in the classic client-server model by leveraging a relaxed assumption of sublinear-sized client-side private memory, adapting it to our scenario poses challenges due to the conflict between this relaxed assumption and our doubly oblivious requirement. To this end, we introduce several new efficient oblivious components to build a high-performance hierarchical O$_2$RAM (H$_2$O$_2$RAM). We implement our design and evaluate it on various scenarios. The results indicate that H$_2$O$_2$RAM reduces execution time by up to $\sim 10^3$ times and saves memory usage by $5\sim44$ times compared to state-of-the-art solutions.

Cryptography and Security

Yunping Gong,Fei Gao,Wenmin Li,Hua Zhang,Zhengping Jin,Qiaoyan Wen

DOI: https://doi.org/10.1002/int.22929

IF: 8.993

2022-05-26

International Journal of Intelligent Systems

Abstract:Oblivious Random Access Machine (ORAM) is a kind of cryptographic primitive that allows a client to access its private data from the server without disclosing the access pattern. To deal with consecutive requested blocks at a time efficiently, range ORAM (rORAM) is presented. In the previous rORAM scheme, the locality, namely, the number of discontinuous seeks to complete a request, is reduced to O(log2 N), nevertheless, the bandwidth cost is increased to the poly‐logarithmic level. Hence, there exists an open question, that is, whether rORAM can be constructed with the same bandwidth efficiency as a regular ORAM, that is, O(log N)‐block? In this paper, we propose a new rORAM scheme, called L2‐rORAM. In our scheme, a compatible superblock technique is proposed, and it is combined together with an eviction technique for range blocks, so that it avoids duplication of multiple copies and extra dummy access. As a result, it obtains O(log N)‐block bandwidth cost, which affirmatively answers the above open question. Meanwhile, the data locality is reduced to O(log N). In addition, the client storage is maintained at the small level of O(log N)‐block, and the server storage is maintained at the unexpanded level of O(N)‐block. Finally, experimental results show that the average response time of our L2‐rORAM is reduced by one order of magnitude over the state‐of‐the‐art rORAM scheme.

computer science, artificial intelligence

Kolesnikov, Vladimir,Peceny, Stanislav,Trieu, Ni,Wang, Xiao

DOI: https://doi.org/10.1007/s12095-024-00745-8

2024-09-25

Cryptography and Communications

Abstract:Data-dependent accesses to memory are necessary for many real-world applications, but their cost remains prohibitive in secure computation. Prior work either focused on minimizing the need for data-dependent access in these applications, or reduced its cost by improving oblivious RAM for secure computation (SC-ORAM). Despite extensive efforts to improve SC-ORAM, the most concretely efficient solutions still require s per access to arrays of entries. In this work, we take a pragmatic approach, exploring how concretely cheap MPC RAM access could be made if we are willing to allow one of the participants to learn the access pattern. We design a highly efficient Shared-Output Client-Server ORAM ( ) that has constant overhead, uses one round trip of interaction per access, and whose access cost is independent of array size. is useful in settings with hard performance constraints, where one party in the computation is more trust-worthy and is allowed to learn the RAM access pattern. Our is assisted by a third helper party that helps initialize (and reinitialize, as needed) the protocol and is designed for the honest-majority semi-honest corruption model. We implement our construction in C++ and report its performance. For an array of length with 4B entries, we communicate 13B per access and take essentially no overhead beyond network latency.

computer science, theory & methods,mathematics, applied

Xiang Li,Yunqian Luo,Mingyu Gao

DOI: https://doi.org/10.1109/sp54263.2024.00103

2024-01-01

Abstract:Oblivious RAM (ORAM) is an important cryptographic primitive that aims to protect against data access pattern leakage. With the recent theoretical improvements in ORAM protocols and the introduction of hardware-based trusted execution environments (TEEs), ORAM has become an increasingly practical design that starts to be adopted in real-world secure systems. In this paper, we study the bulk loading problem of ORAM, i.e., constructing an ORAM structure with a large amount of data, which can benefit many scenarios in secure cloud systems, such as data recovery, layout conversion, and query processing. We propose BULKOR, an extension of the state-of-the-art Path ORAM protocol. BULKOR supports the deployment with TEEs in untrusted servers, and satisfies the doubly-oblivious requirement to alleviate the side channel concerns in modern TEEs. BULKOR improves both the theoretical complexity from $\mathcal{O}\left( {N{{\log }^3}N} \right)$ to $\mathcal{O}\left( {N{{\log }^2}N} \right)$, and the practical performance of ORAM bulk loading, without sacrificing the security guarantees. It significantly outperforms the baseline designs Oblix and ZeroTrace by 8.7× to 54.6× and 5.8× to 533.1×, respectively, in various settings that implement ORAM on hard disks or in memory.

Zhihong Chen,Bo Zhao,Hai Lin,Lin Chen

DOI: https://doi.org/10.1109/ojcs.2020.3032020

2020-01-01

IEEE Open Journal of the Computer Society

Abstract:When scaling a distributed ORAM to a two-party secure computation, the overhead is dominated by the number of pseudo-random generator (PRG) calls in generation and evaluation of a distributed point function (DPF), which are O(logn) and O(n) respectively, where n is the number of data blocks. We propose a distributed ORAM scheme, in which the PRG calls are reduced to O(log(zn/λ)) for generation and O(2log(zn/λ)) for evaluation, where λ is the secure parameter and z is the length of outputs in DPF. Technically, we first extend the optimization of Function Secret Sharing (FSS), early termination for functions with small output groups, to the context of ORAM for secure computation. Then, we design a scheme named etoram to exploit the high efficiency achieved by early termination. In etoram, we introduce an access counter for each data block. Then, instead of {0,1}λ, the output of the point function becomes the maximum value of these counters, i.e.,{0,1}z. Data blocks are privately updated by masking random strings generated by their counters. In practice, according to different access rates, z ranges from 1 to logn in sequential mode and from 3 to logn in random mode if the total number of accesses is n.

Yi Zhou,Chao Zhang,Guangyu Sun,Kun Wang,Yu Zhang

DOI: https://doi.org/10.1145/2483028.2483079

2013-01-01

Abstract:ABSTRACTSTT-RAM (Spin Transfer Torque Random Access Memory) has been extensively researched as a potential replacement of SRAM (Static RAM) as on-chip caches. Prior work has shown that STT-RAM caches can improve performance and reduce power consumption because of its advantages of high density, fast read speed, low standby power, etc. However, under the impact of process variations, using worst-case design can induce significant performance and power overhead in STT-RAM caches. In order to overcome the problem of process variations, we propose to apply the variable-latency access method to STT-RAM caches by introducing a variation-aware LRU (Least Recently Used) policy. Moreover, we show that simply applying traditional variable-latency access method is inefficient due to the read/write asymmetry. First, we demonstrate that a write-oriented data migration is preferred. Second, a block remapping is necessary to prevent some cache sets from being significantly affected by process variations. After using our techniques, the experimental results show that the performance can be improved by 13.8% and power consumption can be reduced by 14.1% compared to a prior approach [3].

Daniel S. Roche,Adam J. Aviv,Seung Geol Choi

DOI: https://doi.org/10.48550/arXiv.1505.07391

2015-11-21

Abstract:We present a new oblivious RAM that supports variable-sized storage blocks (vORAM), which is the first ORAM to allow varying block sizes without trivial padding. We also present a new history-independent data structure (a HIRB tree) that can be stored within a vORAM. Together, this construction provides an efficient and practical oblivious data structure (ODS) for a key/value map, and goes further to provide an additional privacy guarantee as compared to prior ODS maps: even upon client compromise, deleted data and the history of old operations remain hidden to the attacker. We implement and measure the performance of our system using Amazon Web Services, and the single-operation time for a realistic database (up to $2^{18}$ entries) is less than 1 second. This represents a 100x speed-up compared to the current best oblivious map data structure (which provides neither secure deletion nor history independence) by Wang et al. (CCS 14).

Cryptography and Security,Data Structures and Algorithms

Yao Liu,Qingkai Zeng,Pinghai Yuan

DOI: https://doi.org/10.1109/trustcom/bigdatase/icess.2017.275

2017-01-01

Abstract:Obliviousness is crypto primitives which intent to hide access pattern. Although ORAM is strongest crypto model, it incurs significant overhead. Elaine Shi et. al. propose Obliviousness Data Structrue (ODS) that makes a great theriotical improvement comparing to general ORAM algorithm, in case of the data blocks exhibit some degree of access predictability. Take AVL tree as an example, when all data blocks are organized as one AVL tree, every nodes (data blocks) contain position information points to both of its child node. As such, the client can immediately obtain the next position to be accessed instead of issuing another ORAM access to the server for a PosMap lookup. Also, the algorithm need extra client space for updating the AVL tree.In this paper, we introduce oblivious AVL tree NodeLeaper, NodeLeaper for short, which enables position information of all child nodes to share part of bits. As such one can store multiple positions for is child and grandson node positions with same block size. In this way, the search can be processed in a leap manner. As a result, NodeLeaper theriotically needs less ORAM accessand client space for node updating than ODS.

Wenpeng He,Dan Feng,Fang Wang,Yue Li,Mengting Lu

DOI: https://doi.org/10.1016/j.sysarc.2022.102494

IF: 5.836

2022-06-01

Journal of Systems Architecture

Abstract:Memory security and reliability are two major design concerns in cloud computing systems. State-of-the-art memory security-reliability co-designs (e.g., Synergy) have achieved a good balance in performance, security, and reliability. However, these works merely rely on encryption to ensure data confidentiality, which cannot avoid information leakage from memory access patterns. Ring ORAM is an attractive confidentiality protection protocol to hide memory access patterns to the untrusted system. Unfortunately, it lacks memory integrity and reliability support, and it is incompatible with the security-reliability co-designs. A forced combination of Ring ORAM with the general integrity and reliability schemes would result in severe performance and storage overhead. In this paper, we propose IRO, an Integrity-Reliability enhanced Ring ORAM design. First, we analyze the inefficiency of general integrity protection methods and propose RIT, an integrity verification scheme for Ring ORAM that does not have extra integrity metadata access overhead. Then, we analyze the memory waste in Ring ORAM and propose Secure Replication, the reliability scheme that provides channel-level memory error resilience with very little storage overhead for replicas. We conduct cycle-accurate simulations to analyze the efficiency of our design. The results show that IRO increases 7.56% execution time of the baseline Ring ORAM in the case of limited MAC computation units. With enough computation resources, IRO can reduce the execution time of the baseline by 2.11%.

computer science, software engineering, hardware & architecture

Rachit Rajat,Yongqin Wang,Murali Annavaram

DOI: https://doi.org/10.48550/arXiv.2107.08094

2022-06-30

Abstract:Data confidentiality is becoming a significant concern, especially in the cloud computing era. Memory access patterns have been demonstrated to leak critical information such as security keys and a program's spatial and temporal information. This information leak poses an even more significant privacy challenge in machine learning models with embedding tables. Embedding tables are routinely used to learn categorical features from training data. Even knowing the locations of the embedding table entries accessed, not the data within the embedding table, will compromise categorical input data to the model. Embedding entries are privacy-sensitive since they disclose valuable properties about the user. Oblivious RAM (ORAM), and its enhanced variants such as PathORAM have emerged as viable solutions to hide leakage from memory access streams. In this work, we present LAORAM, an ORAM framework explicitly designed to protect user privacy during embedding table training. LAORAM exploits the unique property of training, the training samples used in the future are known beforehand. LAORAM preprocesses the training samples to identify the memory blocks which are accessed together in the near future. The system tries to assign these blocks to as few paths as possible within the PathORAM infrastructure. LAORAM does this operation by combining multiple blocks accessed together as superblocks. To further increase performance, LAORAM uses a fat-tree structure for PathORAM reducing the number of background evictions required, which improves the stash usage. We have evaluated LAORAM using both a recommendation model (DLRM) and a NLP model (XLM-R) embedding table configurations. LAORAM performs 5 times faster than PathORAM on a recommendation dataset (Kaggle) and 5.4x faster on a NLP dataset (XNLI), while guaranteeing the same security guarantees as the original PathORAM.

Cryptography and Security

Wenjing Cai,Ziyuan Zhu,Yuxin Liu,Yusha Zhang,Xu Cheng

DOI: https://doi.org/10.1109/cscwd61410.2024.10580198

2024-01-01

Abstract:Trusted execution environments based on RISC-V architecture like Keystone remain susceptible to leaking page access patterns of applications via simple demand paging, in which a malicious Operating System (OS) deduces sensitive information from it. To address this issue, Keystone requires protecting sensitive access patterns from being revealed to the malicious OS by implementing oblivious demand paging. In this paper, we use Oblivious RAM (ORAM) techniques that obfuscate access patterns while simultaneously making demand paging oblivious for Keystone. Furthermore, we present customized optimizations to Ring ORAM, aimed at minimizing the performance overhead incurred by applications during both secure and unsecure demand paging in Keystone. These optimizations encompass strategies such as encoding the position map within the page table, utilizing a resizable tree structure and selective eviction of only the root bucket. These improvements collectively contribute to minimizing performance slowdown. We implement and evaluate our optimized Ring ORAM for oblivious demand paging, which shows the average performance slowdown of 7.1x in comparison to the simple Ring ORAM slowdown of 26.2x.