OBLIVIATE redesigned ORAM for SGX filesystem operations for confuse access patterns to protect user privacy.

Why

All existing SGX filesystems are vulnerable to system call snooping, page fault, or cache based side-channel attacks.

How

  • Run isolated filesystem enclave in a separate process and using encrypted communication channels to communicate with applications.
  • Using message queues and shared memory for intra-process and inter-process communication.
  • ORAM implementation is exposed to side-channel attacks against the enclave. -> Use data oblivious algorithms in accessing key data structures of ORAM.
  • Maintain ORAM server storage efficiently -> Additional security memory region with non-encrypted memory regions of SGX (Avoid costly context switches).
  • Reduce ORAM latency -> Asynchronous ORAM server update (Returns the required data when available and performs path updates asynchronously, rather than waiting for expensive ORAM path updates).

What

Data oblivious filesystem for Intel SGX which adapting the ORAM protocol to read and write data from a file within an SGX enclave. It supports SGX programs without changes in application layer.

Some Detail

  • Introduce three current SGX Filesystem with their limitations.
  • Test current SGX filesystem with Syscall Snooping Attack, Page Fault based Attack, Cache Based Attacks to show their hidden dangers -> Lead to the design of OBLIVIATE.
  • Evaluation
    • Security test
    • Micro Benchmark -> Running Speed, Overhead, Optimization impact.
    • Macro Benchmark -> Compare OBLIVIATE and other filesystems on real world test: SQLite & Lighttpd.

Note: OBLIVIATE: A Data Oblivious File System for Intel SGX的更多相关文章

  1. Sharing The Application Tier File System in Oracle E-Business Suite Release 12.2

    The most current version of this document can be obtained in My Oracle Support Knowledge Document 13 ...

  2. 读Avoiding the Disk Bottleneck in the Data Domain Deduplication File System

    最近在思考和实践怎样应用重复数据删除技术到云存储服务中.找了些论文来读,其中<Avoiding the Disk Bottleneck in the Data Domain Deduplicat ...

  3. Invalid file system control data detected

    今天在做mkdir操作时报错:Invalid file system control data detected.检查用户和权限没问题,再检查磁盘空间也没问题.最后在网上找到如下信息: [proble ...

  4. HDFS relaxes a few POSIX requirements to enable streaming access to file system data

    https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/HdfsDesign.html Introduction [ ...

  5. Yandex Big Data Essentials Week1 Unix Command Line Interface File System exploration

    File System Function In computing, a file system or filesystem is used to control how data is stored ...

  6. Yandex Big Data Essentials Week1 Scaling Distributed File System

    GFS Key Components components failures are a norm even space utilisation write-once-read-many GFS an ...

  7. Linux File System

    目录 . Linux文件系统简介 . 通用文件模型 . VFS相关数据结构 . 处理VFS对象 . 标准函数 1. Linux文件系统简介 Linux系统由数以万计的文件组成,其数据存储在硬盘或者其他 ...

  8. Storage System and File System Courses

    I researched a lot about storage system classes given at good universities this year. This had two r ...

  9. Low-overhead enhancement of reliability of journaled file system using solid state storage and de-duplication

    A mechanism is provided in a data processing system for reliable asynchronous solid-state device bas ...

随机推荐

  1. [SQL类] SQL优化大全(推荐)

    概要 优化的理由 1. 大小写对SQL语句的影响(ORACLE) 2. 尽量使用(NOT) EXISTS 替代( NOT)IN这样的操作 3. 在海量查询时尽量少用格式转换 4. 查询海量数据是,可以 ...

  2. Python基础-数据写入execl

    import xlwt book = xlwt.Workbook()#创建一个excel sheet = book.add_sheet('lanxia')#添加一个sheet页 title = ['姓 ...

  3. 通知消息与ON_NOTIFY

    1.通知消息一般是由子控件发出,由父窗口响应,因此响应函数的位置在父窗口内. 2.通知消息发送给父窗口的是通知码,即WM_NOTIFY消息(但为了区分方便不同的消息有不同的名称,但都是以WM_NOTI ...

  4. Hibernate - 配置c3p0

    <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE hibernate-configuratio ...

  5. VC用MCI播放mp3等音乐文件

    VC播放mp3等音乐文件,可以使用MCI.MCI ( Media Control Interface ) ,即媒体控制接口,向基于Windows操作系统的应用程序提供了高层次的控制媒体设备接口的能力. ...

  6. ACM学习历程—HDU 5451 Best Solver(Fibonacci数列 && 快速幂)(2015沈阳网赛1002题)

    Problem Description The so-called best problem solver can easily solve this problem, with his/her ch ...

  7. bzoj 2084: Antisymmetry 回文自动机

    题目: Description 对于一个01字符串,如果将这个字符串0和1取反后,再将整个串反过来和原串一样,就称作"反对称"字符串.比如00001111和010101就是反对称的 ...

  8. 【队列】最大值减去最小值小于等于num的子数组数量

    摘自<程序员代码面试指南> 题目: 给定数组 arr 和整数 num, 共返回有多少个⼦数组满⾜如下情况:max(arr[i...j]) - min(arr[i...j]) <= n ...

  9. [转]七个对我最好的职业建议(精简版)--Nicholas C. Zakas

    一.不要别人点什么,就做什么 我的第一份工作,只干了8个月,那家公司就倒闭了.我问经理,接下来我该怎么办,他说: "小伙子,千万不要当一个被人点菜的厨师,别人点什么,你就烧什么.不要接受那样 ...

  10. UOJ#164:【清华集训2015】V

    浅谈区间最值操作与历史最值问题:https://www.cnblogs.com/AKMer/p/10225100.html 题目传送门:http://uoj.ac/problem/164 论文题.论文 ...