Oblivious RAM in Scalable SGX
dc.contributor.author | Marathe, Akhilesh Parag | en |
dc.contributor.committeechair | Xiong, Wenjie | en |
dc.contributor.committeemember | Hoang, Thang | en |
dc.contributor.committeemember | Wang, Haining | en |
dc.contributor.department | Electrical and Computer Engineering | en |
dc.date.accessioned | 2024-06-06T08:03:39Z | en |
dc.date.available | 2024-06-06T08:03:39Z | en |
dc.date.issued | 2024-06-05 | en |
dc.description.abstract | The prevalence of cloud storage has yielded significant benefits to consumers. Trusted Exe- cution Environments (TEEs) have been introduced to protect program execution and data in the cloud. However, an attacker targeting the cloud storage server through side-channel attacks can still learn some data in TEEs. This data retrieval is possible through the monitor- ing and analysis of the encrypted ciphertext as well as a program's memory access patterns. As the attacks grow in complexity and accuracy, innovative protection methods must be de- signed to secure data. This thesis proposes and implements an ORAM controller primitive in TEE and protects it from all potential side-channel attacks. This thesis presents two vari- ations, each with two different encryption methods designed to mitigate attacks targeting both memory access patterns and ciphertext analysis. The latency for enabling this protec- tion is calculated and proven to be 75.86% faster overall than the previous implementation on which this thesis is based. | en |
dc.description.abstractgeneral | Cloud storage and computing has become ubiquitous in recent times, with usage rising ex- ponentially over the past decade. Cloud Service Providers also offer Confidential Computing services for clients requiring data computation which is encrypted and protected from the service providers themselves. While these services are protected against attackers directly looking to access secure data, they are still vulnerable against attacks which only observe, but do not interfere. Such attacks monitor a client's memory access pattern or the encrypted data in the server and can obtain sensitive information including encryption keys. This work proposes and implements an Oblivious RAM design which safeguards against the aforemen- tioned attacks by using a mix of confidential computing in hardware and special algorithms designed to randomize the client's data access patterns. The evaluation of this work shows a significant increase in performance over previous works in this domain while using the latest technology in confidential computing. | en |
dc.description.degree | Master of Science | en |
dc.format.medium | ETD | en |
dc.identifier.other | vt_gsexam:41097 | en |
dc.identifier.uri | https://hdl.handle.net/10919/119324 | en |
dc.language.iso | en | en |
dc.publisher | Virginia Tech | en |
dc.rights | In Copyright | en |
dc.rights.uri | http://rightsstatements.org/vocab/InC/1.0/ | en |
dc.subject | Intel SGX | en |
dc.subject | ORAM | en |
dc.subject | Side Channel Attacks | en |
dc.subject | ZeroTrace | en |
dc.title | Oblivious RAM in Scalable SGX | en |
dc.type | Thesis | en |
thesis.degree.discipline | Computer Engineering | en |
thesis.degree.grantor | Virginia Polytechnic Institute and State University | en |
thesis.degree.level | masters | en |
thesis.degree.name | Master of Science | en |
Files
Original bundle
1 - 1 of 1