CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
CERIAS Logo
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

OBLIVIATE: A Data Oblivious File System for Intel SGX

Adil Ahmad - Purdue University

Feb 14, 2018

Size: 212.7MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube

Abstract

Trusted computing is the key component in achieving confidentiality and integrity in modern cloud environments. Commodity trusted hardware such as Intel SGX and ARM Trustzone allow programs to execute and store sensitive data in secure memory regions. It is envisioned that these systems will enable important applications from trusted data analytics and Private Information Retrieval (PIR) in the cloud to content protection and secure financial services in mobile settings.

This talk deals with the security aspects of SGX programs in accessing a key system resource, files. Our focus would be on concrete attacks against existing SGX filesystem implementations through well-known side-channels, as well as the design and implementation of an oblivious filesystem to thwart aforementioned attacks.

Our solution, Obliviate, mitigates this threat using ORAM, a cryptographic primitive which enables secure data access even when the attacker can observe all memory interactions. We show that a naive implementation of ORAM within SGX opens vulnerability to other attacks and induces a degree of overhead. Therefore, Obliviate develops a secure implementation of ORAM using CMOV, an x86-based instruction, and employs other SGX-specific optimizations. We show that Obliviate can secure all filesystem interactions while providing a performance improvement of 6 − 8× over a baseline scheme. Potential use-cases of Obliviate include real-world cloud applications such as web servers, databases and personal cloud storage. This work will appear in NDSS 2018.

About the Speaker

Adil Ahmad is a PhD student with the Department of Computer Science at Purdue University, being advised by Prof. Byoungyoung Lee. His primary research interests are in the field of systems and security with a particular focus on hardware-assisted trusted computing.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52, West Lafayette Campus. More information...

Disclaimer

The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.