Design space exploration and optimization of path oblivious RAM in secure processors
Keeping user data private is a huge problem both in cloud computing and computation outsourcing. One paradigm to achieve data privacy is to use tamper-resistant processors, inside which users' private data is decrypted and computed upon. These processors need to interact with untrusted external...
Main Authors: | , , , , |
---|---|
Other Authors: | |
Format: | Article |
Language: | en_US |
Published: |
Association for Computing Machinery (ACM)
2014
|
Online Access: | http://hdl.handle.net/1721.1/86164 https://orcid.org/0000-0001-8253-7714 https://orcid.org/0000-0003-4317-3457 https://orcid.org/0000-0003-3437-7570 https://orcid.org/0000-0002-1224-0314 https://orcid.org/0000-0003-1467-2150 |
_version_ | 1811093199977971712 |
---|---|
author | Ren, Ling Yu, Xiangyao Devadas, Srinivas Fletcher, Christopher Wardlaw Van Dijk, Marten |
author2 | Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory |
author_facet | Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory Ren, Ling Yu, Xiangyao Devadas, Srinivas Fletcher, Christopher Wardlaw Van Dijk, Marten |
author_sort | Ren, Ling |
collection | MIT |
description | Keeping user data private is a huge problem both in cloud computing and computation outsourcing. One paradigm to achieve data privacy is to use tamper-resistant processors, inside which users' private data is decrypted and computed upon. These processors need to interact with untrusted external memory. Even if we encrypt all data that leaves the trusted processor, however, the address sequence that goes off-chip may still leak information. To prevent this address leakage, the security community has proposed ORAM (Oblivious RAM). ORAM has mainly been explored in server/file settings which assume a vastly different computation model than secure processors. Not surprisingly, naïvely applying ORAM to a secure processor setting incurs large performance overheads.
In this paper, a recent proposal called Path ORAM is studied. We demonstrate techniques to make Path ORAM practical in a secure processor setting. We introduce background eviction schemes to prevent Path ORAM failure and allow for a performance-driven design space exploration. We propose a concept called super blocks to further improve Path ORAM's performance, and also show an efficient integrity verification scheme for Path ORAM. With our optimizations, Path ORAM overhead drops by 41.8%, and SPEC benchmark execution time improves by 52.4% in relation to a baseline configuration. Our work can be used to improve the security level of previous secure processors. |
first_indexed | 2024-09-23T15:41:15Z |
format | Article |
id | mit-1721.1/86164 |
institution | Massachusetts Institute of Technology |
language | en_US |
last_indexed | 2024-09-23T15:41:15Z |
publishDate | 2014 |
publisher | Association for Computing Machinery (ACM) |
record_format | dspace |
spelling | mit-1721.1/861642022-10-02T03:25:37Z Design space exploration and optimization of path oblivious RAM in secure processors Ren, Ling Yu, Xiangyao Devadas, Srinivas Fletcher, Christopher Wardlaw Van Dijk, Marten Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science Ren, Ling Yu, Xiangyao Fletcher, Christopher Wardlaw Van Dijk, Marten Devadas, Srinivas Keeping user data private is a huge problem both in cloud computing and computation outsourcing. One paradigm to achieve data privacy is to use tamper-resistant processors, inside which users' private data is decrypted and computed upon. These processors need to interact with untrusted external memory. Even if we encrypt all data that leaves the trusted processor, however, the address sequence that goes off-chip may still leak information. To prevent this address leakage, the security community has proposed ORAM (Oblivious RAM). ORAM has mainly been explored in server/file settings which assume a vastly different computation model than secure processors. Not surprisingly, naïvely applying ORAM to a secure processor setting incurs large performance overheads. In this paper, a recent proposal called Path ORAM is studied. We demonstrate techniques to make Path ORAM practical in a secure processor setting. We introduce background eviction schemes to prevent Path ORAM failure and allow for a performance-driven design space exploration. We propose a concept called super blocks to further improve Path ORAM's performance, and also show an efficient integrity verification scheme for Path ORAM. With our optimizations, Path ORAM overhead drops by 41.8%, and SPEC benchmark execution time improves by 52.4% in relation to a baseline configuration. Our work can be used to improve the security level of previous secure processors. National Science Foundation (U.S.). Graduate Research Fellowship Program (Grant 1122374) American Society for Engineering Education. National Defense Science and Engineering Graduate Fellowship United States. Defense Advanced Research Projects Agency (Clean-slate design of Resilient, Adaptive, Secure Hosts Contract N66001-10-2-4089) 2014-04-14T18:23:00Z 2014-04-14T18:23:00Z 2013-06 Article http://purl.org/eprint/type/ConferencePaper 9781450320795 http://hdl.handle.net/1721.1/86164 Ling Ren, Xiangyao Yu, Christopher W. Fletcher, Marten van Dijk, and Srinivas Devadas. 2013. Design space exploration and optimization of path oblivious RAM in secure processors. SIGARCH Comput. Archit. News 41, 3 (June 2013), 571-582. https://orcid.org/0000-0001-8253-7714 https://orcid.org/0000-0003-4317-3457 https://orcid.org/0000-0003-3437-7570 https://orcid.org/0000-0002-1224-0314 https://orcid.org/0000-0003-1467-2150 en_US http://dx.doi.org/10.1145/2485922.2485971 Proceedings of the 40th Annual International Symposium on Computer Architecture (ISCA '13) Creative Commons Attribution-Noncommercial-Share Alike http://creativecommons.org/licenses/by-nc-sa/4.0/ application/pdf Association for Computing Machinery (ACM) Other repository |
spellingShingle | Ren, Ling Yu, Xiangyao Devadas, Srinivas Fletcher, Christopher Wardlaw Van Dijk, Marten Design space exploration and optimization of path oblivious RAM in secure processors |
title | Design space exploration and optimization of path oblivious RAM in secure processors |
title_full | Design space exploration and optimization of path oblivious RAM in secure processors |
title_fullStr | Design space exploration and optimization of path oblivious RAM in secure processors |
title_full_unstemmed | Design space exploration and optimization of path oblivious RAM in secure processors |
title_short | Design space exploration and optimization of path oblivious RAM in secure processors |
title_sort | design space exploration and optimization of path oblivious ram in secure processors |
url | http://hdl.handle.net/1721.1/86164 https://orcid.org/0000-0001-8253-7714 https://orcid.org/0000-0003-4317-3457 https://orcid.org/0000-0003-3437-7570 https://orcid.org/0000-0002-1224-0314 https://orcid.org/0000-0003-1467-2150 |
work_keys_str_mv | AT renling designspaceexplorationandoptimizationofpathobliviousraminsecureprocessors AT yuxiangyao designspaceexplorationandoptimizationofpathobliviousraminsecureprocessors AT devadassrinivas designspaceexplorationandoptimizationofpathobliviousraminsecureprocessors AT fletcherchristopherwardlaw designspaceexplorationandoptimizationofpathobliviousraminsecureprocessors AT vandijkmarten designspaceexplorationandoptimizationofpathobliviousraminsecureprocessors |