The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Adil Ahmad - Purdue University

Students: Spring 2024, unless noted otherwise, sessions will be virtual on Zoom.

OBLIVIATE: A Data Oblivious File System for Intel SGX

Feb 14, 2018

Download: Video Icon MP4 Video Size: 212.7MB  
Watch on Youtube Watch on YouTube

Abstract

Trusted computing is the key component in achieving confidentiality and integrity in modern cloud environments. Commodity trusted hardware such as Intel SGX and ARM Trustzone allow programs to execute and store sensitive data in secure memory regions. It is envisioned that these systems will enable important applications from trusted data analytics and Private Information Retrieval (PIR) in the cloud to content protection and secure financial services in mobile settings.

This talk deals with the security aspects of SGX programs in accessing a key system resource, files. Our focus would be on concrete attacks against existing SGX filesystem implementations through well-known side-channels, as well as the design and implementation of an oblivious filesystem to thwart aforementioned attacks.

Our solution, Obliviate, mitigates this threat using ORAM, a cryptographic primitive which enables secure data access even when the attacker can observe all memory interactions. We show that a naive implementation of ORAM within SGX opens vulnerability to other attacks and induces a degree of overhead. Therefore, Obliviate develops a secure implementation of ORAM using CMOV, an x86-based instruction, and employs other SGX-specific optimizations. We show that Obliviate can secure all filesystem interactions while providing a performance improvement of 6 − 8× over a baseline scheme. Potential use-cases of Obliviate include real-world cloud applications such as web servers, databases and personal cloud storage. This work will appear in NDSS 2018.

About the Speaker

Adil Ahmad is a PhD student with the Department of Computer Science at Purdue University, being advised by Prof. Byoungyoung Lee. His primary research interests are in the field of systems and security with a particular focus on hardware-assisted trusted computing.


Ways to Watch

YouTube

Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!