OBLIVIATE: A Data Oblivious File System for Intel SGX
Adil Ahmad - Purdue University
Feb 14, 2018Size: 212.7MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractTrusted computing is the key component in achieving confidentiality and integrity in modern cloud environments. Commodity trusted hardware such as Intel SGX and ARM Trustzone allow programs to execute and store sensitive data in secure memory regions. It is envisioned that these systems will enable important applications from trusted data analytics and Private Information Retrieval (PIR) in the cloud to content protection and secure financial services in mobile settings.
This talk deals with the security aspects of SGX programs in accessing a key system resource, files. Our focus would be on concrete attacks against existing SGX filesystem implementations through well-known side-channels, as well as the design and implementation of an oblivious filesystem to thwart aforementioned attacks.
Our solution, Obliviate, mitigates this threat using ORAM, a cryptographic primitive which enables secure data access even when the attacker can observe all memory interactions. We show that a naive implementation of ORAM within SGX opens vulnerability to other attacks and induces a degree of overhead. Therefore, Obliviate develops a secure implementation of ORAM using CMOV, an x86-based instruction, and employs other SGX-specific optimizations. We show that Obliviate can secure all filesystem interactions while providing a performance improvement of 6 − 8× over a baseline scheme. Potential use-cases of Obliviate include real-world cloud applications such as web servers, databases and personal cloud storage. This work will appear in NDSS 2018.
About the SpeakerAdil Ahmad is a PhD student with the Department of Computer Science at Purdue University, being advised by Prof. Byoungyoung Lee. His primary research interests are in the field of systems and security with a particular focus on hardware-assisted trusted computing.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.