UWSpace staff members will be away from May 5th to 9th, 2025. We will not be responding to emails during this time. If there are any urgent issues, please contact GSPA at gsrecord@uwaterloo.ca. If any login or authentication issues arise during this time, please wait until UWSpace Staff members return on May 12th for support.
 

Securing Cloud Computations with Oblivious Primitives from Intel SGX

Loading...
Thumbnail Image

Date

2017-12-12

Authors

Sasy, Sajin

Advisor

Gorbunov, Sergey

Journal Title

Journal ISSN

Volume Title

Publisher

University of Waterloo

Abstract

We are witnessing a confluence between applied cryptography and secure hardware systems in enabling secure cloud computing. On one hand, work in applied cryptography has enabled efficient, oblivious data-structures and memory primitives. On the other, secure hardware and the emergence of Intel SGX has enabled a low-overhead and mass market mechanism for isolated execution. By themselves these technologies have their disadvantages. Oblivious memory primitives carry high performance overheads, especially when run non-interactively. Intel SGX, while more efficient, suffers from numerous software-based side-channel attacks, high context switching costs, and bounded memory size. In this work we build a new library of oblivious memory primitives, which we call ZeroTrace. ZeroTrace is designed to carefully combine state-of-art oblivious RAM techniques and SGX, while mitigating individual disadvantages of these technologies. To the best of our knowledge, ZeroTrace represents the first oblivious memory primitives running on a real secure hardware platform. ZeroTrace simultaneously enables a dramatic speedup over pure cryptography and protection from software-based side-channel attacks. The core of our design is an efficient and flexible block-level memory controller that provides oblivious execution against any active software adversary, and across asynchronous SGX enclave terminations. Performance-wise, the memory controller can service requests for 4~Byte blocks in 1.2~ms and 1~KB blocks in 3.4~ms (given a 10~GB dataset). On top of our memory controller, we evaluate Set/Dictionary/List interfaces which can all perform basic operations (e.g., get/put/insert) in 1-5~ms for a 4-8~Byte block size. ZeroTrace enables secure remote computations at substantially lower overheads than other comparable state-of-the-art techniques.

Description

Keywords

Implementation, Cloud Security, Computing on Encrypted Data, Oblivious Primitives

LC Subject Headings

Citation