Adil Ahmad - Purdue University
Students: Fall 2021, unless noted otherwise, sessions will be virtual on Zoom.
OBLIVIATE: A Data Oblivious File System for Intel SGX
Feb 14, 2018Download: MP4 Video Size: 212.7MB
Watch on YouTube
AbstractTrusted computing is the key component in achieving confidentiality and integrity in modern cloud environments. Commodity trusted hardware such as Intel SGX and ARM Trustzone allow programs to execute and store sensitive data in secure memory regions. It is envisioned that these systems will enable important applications from trusted data analytics and Private Information Retrieval (PIR) in the cloud to content protection and secure financial services in mobile settings.
This talk deals with the security aspects of SGX programs in accessing a key system resource, files. Our focus would be on concrete attacks against existing SGX filesystem implementations through well-known side-channels, as well as the design and implementation of an oblivious filesystem to thwart aforementioned attacks.
Our solution, Obliviate, mitigates this threat using ORAM, a cryptographic primitive which enables secure data access even when the attacker can observe all memory interactions. We show that a naive implementation of ORAM within SGX opens vulnerability to other attacks and induces a degree of overhead. Therefore, Obliviate develops a secure implementation of ORAM using CMOV, an x86-based instruction, and employs other SGX-specific optimizations. We show that Obliviate can secure all filesystem interactions while providing a performance improvement of 6 − 8× over a baseline scheme. Potential use-cases of Obliviate include real-world cloud applications such as web servers, databases and personal cloud storage. This work will appear in NDSS 2018.
About the Speaker
Adil Ahmad is a PhD student with the Department of Computer Science at Purdue University, being advised by Prof. Byoungyoung Lee. His primary research interests are in the field of systems and security with a particular focus on hardware-assisted trusted computing.