OBLIVIATE redesigned ORAM for SGX filesystem operations for confuse access patterns to protect user privacy.

Why

All existing SGX filesystems are vulnerable to system call snooping, page fault, or cache based side-channel attacks.

How

  • Run isolated filesystem enclave in a separate process and using encrypted communication channels to communicate with applications.
  • Using message queues and shared memory for intra-process and inter-process communication.
  • ORAM implementation is exposed to side-channel attacks against the enclave. -> Use data oblivious algorithms in accessing key data structures of ORAM.
  • Maintain ORAM server storage efficiently -> Additional security memory region with non-encrypted memory regions of SGX (Avoid costly context switches).
  • Reduce ORAM latency -> Asynchronous ORAM server update (Returns the required data when available and performs path updates asynchronously, rather than waiting for expensive ORAM path updates).

What

Data oblivious filesystem for Intel SGX which adapting the ORAM protocol to read and write data from a file within an SGX enclave. It supports SGX programs without changes in application layer.

Some Detail

  • Introduce three current SGX Filesystem with their limitations.
  • Test current SGX filesystem with Syscall Snooping Attack, Page Fault based Attack, Cache Based Attacks to show their hidden dangers -> Lead to the design of OBLIVIATE.
  • Evaluation
    • Security test
    • Micro Benchmark -> Running Speed, Overhead, Optimization impact.
    • Macro Benchmark -> Compare OBLIVIATE and other filesystems on real world test: SQLite & Lighttpd.

Note: OBLIVIATE: A Data Oblivious File System for Intel SGX的更多相关文章

  1. Sharing The Application Tier File System in Oracle E-Business Suite Release 12.2

    The most current version of this document can be obtained in My Oracle Support Knowledge Document 13 ...

  2. 读Avoiding the Disk Bottleneck in the Data Domain Deduplication File System

    最近在思考和实践怎样应用重复数据删除技术到云存储服务中.找了些论文来读,其中<Avoiding the Disk Bottleneck in the Data Domain Deduplicat ...

  3. Invalid file system control data detected

    今天在做mkdir操作时报错:Invalid file system control data detected.检查用户和权限没问题,再检查磁盘空间也没问题.最后在网上找到如下信息: [proble ...

  4. HDFS relaxes a few POSIX requirements to enable streaming access to file system data

    https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/HdfsDesign.html Introduction [ ...

  5. Yandex Big Data Essentials Week1 Unix Command Line Interface File System exploration

    File System Function In computing, a file system or filesystem is used to control how data is stored ...

  6. Yandex Big Data Essentials Week1 Scaling Distributed File System

    GFS Key Components components failures are a norm even space utilisation write-once-read-many GFS an ...

  7. Linux File System

    目录 . Linux文件系统简介 . 通用文件模型 . VFS相关数据结构 . 处理VFS对象 . 标准函数 1. Linux文件系统简介 Linux系统由数以万计的文件组成,其数据存储在硬盘或者其他 ...

  8. Storage System and File System Courses

    I researched a lot about storage system classes given at good universities this year. This had two r ...

  9. Low-overhead enhancement of reliability of journaled file system using solid state storage and de-duplication

    A mechanism is provided in a data processing system for reliable asynchronous solid-state device bas ...

随机推荐

  1. 解决微信浏览器video全屏的问题

    解决微信浏览器video全屏的问题 在微信浏览器里面使用video标签,会自动变成全屏,改成下面就好了,起码可以在video标签之上加入其他元素. <video id="videoID ...

  2. Centos7搭建Mysql-5.6.38,及主从复制。

    Server1:192.168.1.189  (主) Server2:192.168.1.190  (从) 1.关闭默认的firewalld防火墙,安装iptables. systemctl disa ...

  3. Python中深拷贝与浅拷贝区别

    浅拷贝, list值是可变的,str值不可变,只能重新赋值 a=b=c='wjx'print(a,b,c)c= 'jmy'#重新赋值了,所以内存分配了新的地址print(a,b,c)print(id( ...

  4. MYSQL中获取得最后一条记录的语句

    方法1:select max(id) from tablename 方法2:select last_insert_id(); 在MySQL中,使用auto_increment类型的id字段作为表的主键 ...

  5. javaScript-基础篇(一)

    1.如何插入JS 使用<script>标签在HTML网页中插入JavaScript代码.注意, <script>标签要成对出现,并把JavaScript代码写在<scri ...

  6. Linux-tcpdump command

    简介 用简单的话来定义tcpdump,就是:dump the traffic on a network,根据使用者的定义对网络上的数据包进行截获的包分析工具. tcpdump可以将网络中传送的数据包的 ...

  7. 201621123014《JAVA程序设计》第1周学习总结

    1. 本章学习总结 关键字:JAVA特点.JDK.JVM.JRE.class.编译工具.JDK是JAVA的开发工具包,拥有JAVA需要的环境和各类JAVA工具,是JAVA的核心:JVM是JAVA虚拟机 ...

  8. performance.timing检测页面加载速度

    with(performance){ readyStart = timing.fetchStart - timing.navigationStart; redirectTime = timing.re ...

  9. Arc066_E Addition and Subtraction Hard

    传送门 题目大意 给定一个加减法的表达式,让你任意的添加合法的括号对,使的表达式最大. 题解 考虑到任意左括号一定加在减号右边,那么对于第一个左括号,与该左括号相邻的只含有加号的子序列的贡献一定为负, ...

  10. bzoj4010

    知名美食家小 A被邀请至ATM 大酒店,为其品评菜肴. ATM 酒店为小 A 准备了 N 道菜肴,酒店按照为菜肴预估的质量从高到低给予1到N的顺序编号,预估质量最高的菜肴编号为1. 由于菜肴之间口味搭 ...