Cryptology ePrint Archive: Report 2017/549

ZeroTrace : Oblivious Memory Primitives from Intel SGX

Sajin Sasy and Sergey Gorbunov and Christopher Fletcher

Abstract: We are witnessing a confluence between applied cryptography and secure hardware systems in enabling secure cloud computing. On one hand, work in applied cryptography has enabled efficient, oblivious data-structure and memory primitives. On the other, secure hardware and the emergence of Intel SGX has enabled a low-overhead and mass market mechanism for isolated execution. These works have disadvantages by themselves. Oblivious memory primitives carry high performance overheads, especially when run non-interactively. Intel SGX, while more efficient, suffers from numerous software-based side-channel attacks. We combine these two lines of work by designing a working prototype library of oblivious memory primitives, which we call ZeroTrace, on top of SGX. To the best of our knowledge, ZeroTrace represents the first oblivious memory primitives running on a real secure hardware platform. ZeroTrace simultaneously enables a dramatic speedup over pure cryptography and protection from software-based side-channel attacks. The core of our design is an efficient and flexible block-level memory controller that provides oblivious execution against any active software adversary, and across asynchronous SGX enclave terminations. Performance-wise, the memory controller can service requests for 4 Byte blocks in 1.2 ms and 1 KB blocks in 6 ms (given a 10 GB dataset). On top of our memory controller, we evaluate Set/Dictionary/List interfaces which can all perform basic operations (e.g., get/put/insert) in 1- 5 ms for a 4-8 Byte block size. Finally, we demonstrate how to re- parameterize our system for the remote oblivious storage setting, where we can service a 4 KB request in 267 ms, at less than an order of magnitude WAN bandwidth overhead.

Category / Keywords:

Date: received 6 Jun 2017

Contact author: sajin sasy at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20170608:194151 (All versions of this report)

Short URL: ia.cr/2017/549

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]