OBLIVIATE redesigned ORAM for SGX filesystem operations for confuse access patterns to protect user privacy.

Why

All existing SGX filesystems are vulnerable to system call snooping, page fault, or cache based side-channel attacks.

How

  • Run isolated filesystem enclave in a separate process and using encrypted communication channels to communicate with applications.
  • Using message queues and shared memory for intra-process and inter-process communication.
  • ORAM implementation is exposed to side-channel attacks against the enclave. -> Use data oblivious algorithms in accessing key data structures of ORAM.
  • Maintain ORAM server storage efficiently -> Additional security memory region with non-encrypted memory regions of SGX (Avoid costly context switches).
  • Reduce ORAM latency -> Asynchronous ORAM server update (Returns the required data when available and performs path updates asynchronously, rather than waiting for expensive ORAM path updates).

What

Data oblivious filesystem for Intel SGX which adapting the ORAM protocol to read and write data from a file within an SGX enclave. It supports SGX programs without changes in application layer.

Some Detail

  • Introduce three current SGX Filesystem with their limitations.
  • Test current SGX filesystem with Syscall Snooping Attack, Page Fault based Attack, Cache Based Attacks to show their hidden dangers -> Lead to the design of OBLIVIATE.
  • Evaluation
    • Security test
    • Micro Benchmark -> Running Speed, Overhead, Optimization impact.
    • Macro Benchmark -> Compare OBLIVIATE and other filesystems on real world test: SQLite & Lighttpd.

Note: OBLIVIATE: A Data Oblivious File System for Intel SGX的更多相关文章

  1. Sharing The Application Tier File System in Oracle E-Business Suite Release 12.2

    The most current version of this document can be obtained in My Oracle Support Knowledge Document 13 ...

  2. 读Avoiding the Disk Bottleneck in the Data Domain Deduplication File System

    最近在思考和实践怎样应用重复数据删除技术到云存储服务中.找了些论文来读,其中<Avoiding the Disk Bottleneck in the Data Domain Deduplicat ...

  3. Invalid file system control data detected

    今天在做mkdir操作时报错:Invalid file system control data detected.检查用户和权限没问题,再检查磁盘空间也没问题.最后在网上找到如下信息: [proble ...

  4. HDFS relaxes a few POSIX requirements to enable streaming access to file system data

    https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/HdfsDesign.html Introduction [ ...

  5. Yandex Big Data Essentials Week1 Unix Command Line Interface File System exploration

    File System Function In computing, a file system or filesystem is used to control how data is stored ...

  6. Yandex Big Data Essentials Week1 Scaling Distributed File System

    GFS Key Components components failures are a norm even space utilisation write-once-read-many GFS an ...

  7. Linux File System

    目录 . Linux文件系统简介 . 通用文件模型 . VFS相关数据结构 . 处理VFS对象 . 标准函数 1. Linux文件系统简介 Linux系统由数以万计的文件组成,其数据存储在硬盘或者其他 ...

  8. Storage System and File System Courses

    I researched a lot about storage system classes given at good universities this year. This had two r ...

  9. Low-overhead enhancement of reliability of journaled file system using solid state storage and de-duplication

    A mechanism is provided in a data processing system for reliable asynchronous solid-state device bas ...

随机推荐

  1. CDH- CDH大数据集群运维

    CDH前端CM监控不正常(未解决) Request to the Service Monitor failed. This may cause slow page responses. View th ...

  2. node向html模板发送数据

    node向html模板发送数据 给模板传递数据 router.get('/', function(req, res, next) { res.render('index', { title: '张三' ...

  3. js混合计算字符串字节长度

    js混合计算字符串字节长度 function getBt(str) { ) { var char = str.match(/[^\x00-\xff]/ig); : char.length); } el ...

  4. java中的Enumeration

    Enumeration en = pp.keys(); while(en.hasMoreElements()){ String key = (String)en.nextElement(); Syst ...

  5. unit Base64Unit;

    unit Base64Unit; unit Base64Unit; //Download by http://www.codefans.net interface uses Classes, SysU ...

  6. bzoj 2001: City 城市建设 cdq

    题目 PS国是一个拥有诸多城市的大国,国王Louis为城市的交通建设可谓绞尽脑汁.Louis可以在某些城市之间修建道路,在不同的城市之间修建道路需要不同的花费.Louis希望建造最少的道路使得国内所有 ...

  7. 【LeetCode】020. Valid Parentheses

    Given a string containing just the characters '(', ')', '{', '}', '[' and ']', determine if the inpu ...

  8. JavaScript RegExp 正则表达式基础详谈

    前言: 正则对于一个码农来说是最基础的了,而且在博客园中,发表关于讲解正则表达式的技术文章,更是数不胜数,各有各的优点,但是就是这种很基础的东西,如果我们不去真正仔细研究.学习.掌握,而是抱着需要的时 ...

  9. Maven: 自动远程部署

    1. 在settings.xml中的Servers节点中增加Server的登录信息: <server> <id>deploy_server_65</id> < ...

  10. office2016_windows永久激活查看方法

    YC7N8-G7WR6-9WR4H-6Y2W4-KBT6X 首先要保证你安装了 百云址:http://pan.baidu.com/share/home?uk=4011207371 如果你是win8,w ...