OBLIVIATE redesigned ORAM for SGX filesystem operations for confuse access patterns to protect user privacy.

Why

All existing SGX filesystems are vulnerable to system call snooping, page fault, or cache based side-channel attacks.

How

  • Run isolated filesystem enclave in a separate process and using encrypted communication channels to communicate with applications.
  • Using message queues and shared memory for intra-process and inter-process communication.
  • ORAM implementation is exposed to side-channel attacks against the enclave. -> Use data oblivious algorithms in accessing key data structures of ORAM.
  • Maintain ORAM server storage efficiently -> Additional security memory region with non-encrypted memory regions of SGX (Avoid costly context switches).
  • Reduce ORAM latency -> Asynchronous ORAM server update (Returns the required data when available and performs path updates asynchronously, rather than waiting for expensive ORAM path updates).

What

Data oblivious filesystem for Intel SGX which adapting the ORAM protocol to read and write data from a file within an SGX enclave. It supports SGX programs without changes in application layer.

Some Detail

  • Introduce three current SGX Filesystem with their limitations.
  • Test current SGX filesystem with Syscall Snooping Attack, Page Fault based Attack, Cache Based Attacks to show their hidden dangers -> Lead to the design of OBLIVIATE.
  • Evaluation
    • Security test
    • Micro Benchmark -> Running Speed, Overhead, Optimization impact.
    • Macro Benchmark -> Compare OBLIVIATE and other filesystems on real world test: SQLite & Lighttpd.

Note: OBLIVIATE: A Data Oblivious File System for Intel SGX的更多相关文章

  1. Sharing The Application Tier File System in Oracle E-Business Suite Release 12.2

    The most current version of this document can be obtained in My Oracle Support Knowledge Document 13 ...

  2. 读Avoiding the Disk Bottleneck in the Data Domain Deduplication File System

    最近在思考和实践怎样应用重复数据删除技术到云存储服务中.找了些论文来读,其中<Avoiding the Disk Bottleneck in the Data Domain Deduplicat ...

  3. Invalid file system control data detected

    今天在做mkdir操作时报错:Invalid file system control data detected.检查用户和权限没问题,再检查磁盘空间也没问题.最后在网上找到如下信息: [proble ...

  4. HDFS relaxes a few POSIX requirements to enable streaming access to file system data

    https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/HdfsDesign.html Introduction [ ...

  5. Yandex Big Data Essentials Week1 Unix Command Line Interface File System exploration

    File System Function In computing, a file system or filesystem is used to control how data is stored ...

  6. Yandex Big Data Essentials Week1 Scaling Distributed File System

    GFS Key Components components failures are a norm even space utilisation write-once-read-many GFS an ...

  7. Linux File System

    目录 . Linux文件系统简介 . 通用文件模型 . VFS相关数据结构 . 处理VFS对象 . 标准函数 1. Linux文件系统简介 Linux系统由数以万计的文件组成,其数据存储在硬盘或者其他 ...

  8. Storage System and File System Courses

    I researched a lot about storage system classes given at good universities this year. This had two r ...

  9. Low-overhead enhancement of reliability of journaled file system using solid state storage and de-duplication

    A mechanism is provided in a data processing system for reliable asynchronous solid-state device bas ...

随机推荐

  1. Hadoop-HA配置详细步骤

    1. HA服务器配置 对hdfs做高可用 1.1服务器详情 服务器:centos7 Hadoop:2.6.5 Jdk:1.8 共四台服务器 192.168.1.111 node1 192.168.1. ...

  2. linux新增用户和删除用户

    新增用户 新增用户命令:useradd 参数: 参数 说明 -u 指定UID,也就是自定义UID -g 知道GID,也就是初始化用户组,/etc/passwd文件中的第四个字段. -G 后面接用户组的 ...

  3. iis常见问题解决

    iis7以上版本部署4.0框架项目常见问题解决 配置错误: 不能在此路径中使用此配置节.如果在父级别上锁定了该节,便会出现这种情况.锁定是默认设置的 (overrideModeDefault=&quo ...

  4. 分享知识-快乐自己:HBase编程

    HBase编程: 一):大数据(hadoop)初始化环境搭建 二):大数据(hadoop)环境搭建 三):运行wordcount案例 四):揭秘HDFS 五):揭秘MapReduce 六):揭秘HBa ...

  5. priority_queue用法(转载)

    关于priority_queue 1,关于STL中的priority_queue:确定用top()查看顶部元素时,该元素是具有最高优先级的一个元素. 调用pop()删除之后,将促使下一个元素进入该位置 ...

  6. Python中进度条如何实现

    print源码,参数end默认值为换行符,需要置成空,就会实现打印一行的效果 import time for i in range(100): time.sleep(1)#sleep一秒再输出 # 需 ...

  7. Mybatis_笔记_01_逆向工程

    通过Mybatis逆向工程,可以从数据库中的表自动生成pojo.mapper映射文件和mapper接口 此处暂存怎么使用逆向工程,原理以后再探讨 工程结构 要修改的地方:generatorConfig ...

  8. nodejs stream基础知识

    分类 nodejs 的 stream 有四种: Readable:可读流 Writable: 可写流 Duplex:双工流 Transform:转换流 Readable // _read方法是从底层系 ...

  9. 【原创】C++实现获取本机机器名及外网IP代码

    上代码: #include "stdafx.h" #include <WINSOCK2.H> #include <urlmon.h> #pragma com ...

  10. ACM学习历程—HDU 5451 Best Solver(Fibonacci数列 && 快速幂)(2015沈阳网赛1002题)

    Problem Description The so-called best problem solver can easily solve this problem, with his/her ch ...