OBLIVIATE redesigned ORAM for SGX filesystem operations for confuse access patterns to protect user privacy.

Why

All existing SGX filesystems are vulnerable to system call snooping, page fault, or cache based side-channel attacks.

How

  • Run isolated filesystem enclave in a separate process and using encrypted communication channels to communicate with applications.
  • Using message queues and shared memory for intra-process and inter-process communication.
  • ORAM implementation is exposed to side-channel attacks against the enclave. -> Use data oblivious algorithms in accessing key data structures of ORAM.
  • Maintain ORAM server storage efficiently -> Additional security memory region with non-encrypted memory regions of SGX (Avoid costly context switches).
  • Reduce ORAM latency -> Asynchronous ORAM server update (Returns the required data when available and performs path updates asynchronously, rather than waiting for expensive ORAM path updates).

What

Data oblivious filesystem for Intel SGX which adapting the ORAM protocol to read and write data from a file within an SGX enclave. It supports SGX programs without changes in application layer.

Some Detail

  • Introduce three current SGX Filesystem with their limitations.
  • Test current SGX filesystem with Syscall Snooping Attack, Page Fault based Attack, Cache Based Attacks to show their hidden dangers -> Lead to the design of OBLIVIATE.
  • Evaluation
    • Security test
    • Micro Benchmark -> Running Speed, Overhead, Optimization impact.
    • Macro Benchmark -> Compare OBLIVIATE and other filesystems on real world test: SQLite & Lighttpd.

Note: OBLIVIATE: A Data Oblivious File System for Intel SGX的更多相关文章

  1. Sharing The Application Tier File System in Oracle E-Business Suite Release 12.2

    The most current version of this document can be obtained in My Oracle Support Knowledge Document 13 ...

  2. 读Avoiding the Disk Bottleneck in the Data Domain Deduplication File System

    最近在思考和实践怎样应用重复数据删除技术到云存储服务中.找了些论文来读,其中<Avoiding the Disk Bottleneck in the Data Domain Deduplicat ...

  3. Invalid file system control data detected

    今天在做mkdir操作时报错:Invalid file system control data detected.检查用户和权限没问题,再检查磁盘空间也没问题.最后在网上找到如下信息: [proble ...

  4. HDFS relaxes a few POSIX requirements to enable streaming access to file system data

    https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/HdfsDesign.html Introduction [ ...

  5. Yandex Big Data Essentials Week1 Unix Command Line Interface File System exploration

    File System Function In computing, a file system or filesystem is used to control how data is stored ...

  6. Yandex Big Data Essentials Week1 Scaling Distributed File System

    GFS Key Components components failures are a norm even space utilisation write-once-read-many GFS an ...

  7. Linux File System

    目录 . Linux文件系统简介 . 通用文件模型 . VFS相关数据结构 . 处理VFS对象 . 标准函数 1. Linux文件系统简介 Linux系统由数以万计的文件组成,其数据存储在硬盘或者其他 ...

  8. Storage System and File System Courses

    I researched a lot about storage system classes given at good universities this year. This had two r ...

  9. Low-overhead enhancement of reliability of journaled file system using solid state storage and de-duplication

    A mechanism is provided in a data processing system for reliable asynchronous solid-state device bas ...

随机推荐

  1. Sobel导数

    Sobel 导数 目标 本文档尝试解答如下问题: 如何使用OpenCV函数 Sobel 对图像求导. 如何使用OpenCV函数 Scharr 更准确地计算  核的导数. 原理 Note 以下内容来自于 ...

  2. JS正则表达式,记录自己所学所用的内容

    还没接触正则表达式感觉确实有那么点难度,但接触到后自己琢磨了几天也没发现那么难. 现在教教刚学的或者还没接触正则表达式的同学们入入门,一起学习. 正则表达式基本语法 ***************** ...

  3. java:maven中webapp下的jsp不能访问web-inf下面的bean

    java:maven中webapp下的jsp不能访问web-inf下面的bean 当然 WEB-INF下面的文件是不能访问的,只能吧jsp文件放入到WEB-INF下面,然后通过配置WEB-INF下we ...

  4. django使用bootstrap前端框架

    一.下载bootstrap相关文件,放在项目目录中.在blog 应用中新建static目录,bootstrap文件放在此目录下. bootstrap下载网址:http://v3.bootcss.com ...

  5. 搭建JavaEE项目是遇到的几个问题

    问题描述:无法读取spring mvc的xsd文件 参考http://eric-yan.iteye.com/blog/1908470 schema_reference.4: Failed to rea ...

  6. Android中高效的显示图片之三——缓存图片

    加载一张图片到UI相对比较简单,如果一次要加载一组图片,就会变得麻烦很多.像ListView,GridView,ViewPager等控件,需要显示的图片和将要显示的图片数量可能会很大. 为了减少内存使 ...

  7. OpenAL播放pcm或wav数据流-windows/ios/android(一)

    OpenAL播放pcm或wav数据流-windows/iOS/Android(一)   最近在研究渲染问题,本文采用openal做pcm和wav数据流播放,并非本地文件,demo是windows的,i ...

  8. ACM学习历程—HDU 5536 Chip Factory(xor && 字典树)

    题目链接:http://acm.hdu.edu.cn/showproblem.php?pid=5536 题目大意是给了一个序列,求(si+sj)^sk的最大值. 首先n有1000,暴力理论上是不行的. ...

  9. [转]阮一峰:理解RESTful架构

    作者: 阮一峰 日期: 2011年9月12日 越来越多的人开始意识到,网站即软件,而且是一种新型的软件. 这种"互联网软件"采用客户端/服务器模式,建立在分布式体系上,通过互联网通 ...

  10. NSArray用法

    //类方法初始化一个数组对象 [array count] : 得到这个数组对象的长度. [array objectAtIndex index]: 传入数组的索引(index) 得到数据对象. [arr ...