Paper 2017/549

ZeroTrace : Oblivious Memory Primitives from Intel SGX

Sajin Sasy, Sergey Gorbunov, and Christopher W. Fletcher


We are witnessing a confluence between applied cryptography and secure hardware systems in enabling secure cloud computing. On one hand, work in applied cryptography has enabled efficient, oblivious data-structures and memory primitives. On the other, secure hardware and the emergence of Intel SGX has enabled a low-overhead and mass market mechanism for isolated execution. By themselves these technologies have their disadvantages. Oblivious memory primitives carry high performance overheads, especially when run non-interactively. Intel SGX, while more efficient, suffers from numerous software-based side-channel attacks, high context switching costs, and bounded memory size. In this work we build a new library of oblivious memory primitives, which we call ZeroTrace. ZeroTrace is designed to carefully combine state-of-the-art oblivious RAM techniques and SGX, while mitigating individual disadvantages of these technologies. To the best of our knowledge, ZeroTrace represents the first oblivious memory primitives running on a real secure hardware platform. ZeroTrace simultaneously enables a dramatic speed-up over pure cryptography and protection from software-based side-channel attacks. The core of our design is an efficient and flexible block-level memory controller that provides oblivious execution against any active software adversary, and across asynchronous SGX enclave terminations. Performance-wise, the memory controller can service requests for 4~B blocks in 1.2~ms and 1~KB blocks in 3.4~ms (given a 10~GB dataset). On top of our memory controller, we evaluate Set/Dictionary/List interfaces which can all perform basic operations (e.g., get/put/insert).

Note: Abstract fix

Available format(s)
Publication info
Published elsewhere. MINOR revision.NDSS 2018
implementationcloud securityoblivious memory access
Contact author(s)
sajin sasy @ gmail com
2017-12-05: last of 4 revisions
2017-06-08: received
See all versions
Short URL
Creative Commons Attribution


      author = {Sajin Sasy and Sergey Gorbunov and Christopher W.  Fletcher},
      title = {ZeroTrace : Oblivious Memory Primitives from Intel SGX},
      howpublished = {Cryptology ePrint Archive, Paper 2017/549},
      year = {2017},
      doi = {10.14722/ndss.2018.23239},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.