Oblivious RAM in Scalable SGX

dc.contributor.authorMarathe, Akhilesh Paragen
dc.contributor.committeechairXiong, Wenjieen
dc.contributor.committeememberHoang, Thangen
dc.contributor.committeememberWang, Hainingen
dc.contributor.departmentElectrical and Computer Engineeringen
dc.description.abstractThe prevalence of cloud storage has yielded significant benefits to consumers. Trusted Exe- cution Environments (TEEs) have been introduced to protect program execution and data in the cloud. However, an attacker targeting the cloud storage server through side-channel attacks can still learn some data in TEEs. This data retrieval is possible through the monitor- ing and analysis of the encrypted ciphertext as well as a program's memory access patterns. As the attacks grow in complexity and accuracy, innovative protection methods must be de- signed to secure data. This thesis proposes and implements an ORAM controller primitive in TEE and protects it from all potential side-channel attacks. This thesis presents two vari- ations, each with two different encryption methods designed to mitigate attacks targeting both memory access patterns and ciphertext analysis. The latency for enabling this protec- tion is calculated and proven to be 75.86% faster overall than the previous implementation on which this thesis is based.en
dc.description.abstractgeneralCloud storage and computing has become ubiquitous in recent times, with usage rising ex- ponentially over the past decade. Cloud Service Providers also offer Confidential Computing services for clients requiring data computation which is encrypted and protected from the service providers themselves. While these services are protected against attackers directly looking to access secure data, they are still vulnerable against attacks which only observe, but do not interfere. Such attacks monitor a client's memory access pattern or the encrypted data in the server and can obtain sensitive information including encryption keys. This work proposes and implements an Oblivious RAM design which safeguards against the aforemen- tioned attacks by using a mix of confidential computing in hardware and special algorithms designed to randomize the client's data access patterns. The evaluation of this work shows a significant increase in performance over previous works in this domain while using the latest technology in confidential computing.en
dc.description.degreeMaster of Scienceen
dc.publisherVirginia Techen
dc.rightsIn Copyrighten
dc.subjectIntel SGXen
dc.subjectSide Channel Attacksen
dc.titleOblivious RAM in Scalable SGXen
thesis.degree.disciplineComputer Engineeringen
thesis.degree.grantorVirginia Polytechnic Institute and State Universityen
thesis.degree.nameMaster of Scienceen


Original bundle
Now showing 1 - 1 of 1
11.24 MB
Adobe Portable Document Format