NDSS 2018 - ZeroTrace : Oblivious Memory Primitives from Intel SGX
SESSION 2B: Crypto - 04 ZeroTrace : Oblivious Memory Primitives from Intel SGX
SUMMARY
We are witnessing a confluence between applied cryptography and secure hardware systems in enabling secure cloud computing. On one hand, work in applied cryptography has enabled efficient, oblivious data-structures and memory primitives. On the other, secure hardware and the emergence of Intel SGX has enabled a low-overhead and mass market mechanism for isolated execution. By themselves these technologies have their disadvantages. Oblivious memory primitives carry high performance overheads, especially when run non-interactively. Intel SGX, while more efficient, suffers from numerous softwarebased side-channel attacks, high context switching costs, and bounded memory size. In this work we build a new library of oblivious memory primitives, which we call ZeroTrace. ZeroTrace is designed to carefully combine state-of-the-art oblivious RAM techniques and SGX, while mitigating individual disadvantages of these technologies. To the best of our knowledge, ZeroTrace represents the first oblivious memory primitives running on a real secure hardware platform. ZeroTrace simultaneously enables a dramatic speed-up over pure cryptography and protection from softwarebased side-channel attacks. The core of our design is an efficient and flexible block-level memory controller that provides oblivious execution against any active software adversary, and across asynchronous SGX enclave terminations. Performance-wise, the memory controller can service requests for 4 B blocks in 1.2 ms and 1 KB blocks in 3.4 ms (given a 10 GB dataset). On top of our memory controller, we evaluate Set/Dictionary/List interfaces which can all perform basic operations (e.g., get/put/insert).
SLIDES
http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/03/NDSS2018_02B-4_Sasy_Slides.pdf
PAPER
https://www.ndss-symposium.org/wp-content/uploads/sites/25/2018/02/ndss2018_02B-4_Sasy_paper.pdf
AUTHORS
Sajin Sasy (University of Waterloo)
Sergey Gorbunov (University of Waterloo)
Christopher W. Fletcher (Nvidia/UIUC)
Network and Distributed System Security (NDSS) Symposium 2018, 18-21 February 2018, Catamaran Resort Hotel & Spa in San Diego, California.
https://www.ndss-symposium.org/ndss2018/programme/
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
https://www.ndss-symposium.org/
#NDSS #NDSS18 #NDSS2018 #InternetSecurity
Видео NDSS 2018 - ZeroTrace : Oblivious Memory Primitives from Intel SGX канала NDSS Symposium
SUMMARY
We are witnessing a confluence between applied cryptography and secure hardware systems in enabling secure cloud computing. On one hand, work in applied cryptography has enabled efficient, oblivious data-structures and memory primitives. On the other, secure hardware and the emergence of Intel SGX has enabled a low-overhead and mass market mechanism for isolated execution. By themselves these technologies have their disadvantages. Oblivious memory primitives carry high performance overheads, especially when run non-interactively. Intel SGX, while more efficient, suffers from numerous softwarebased side-channel attacks, high context switching costs, and bounded memory size. In this work we build a new library of oblivious memory primitives, which we call ZeroTrace. ZeroTrace is designed to carefully combine state-of-the-art oblivious RAM techniques and SGX, while mitigating individual disadvantages of these technologies. To the best of our knowledge, ZeroTrace represents the first oblivious memory primitives running on a real secure hardware platform. ZeroTrace simultaneously enables a dramatic speed-up over pure cryptography and protection from softwarebased side-channel attacks. The core of our design is an efficient and flexible block-level memory controller that provides oblivious execution against any active software adversary, and across asynchronous SGX enclave terminations. Performance-wise, the memory controller can service requests for 4 B blocks in 1.2 ms and 1 KB blocks in 3.4 ms (given a 10 GB dataset). On top of our memory controller, we evaluate Set/Dictionary/List interfaces which can all perform basic operations (e.g., get/put/insert).
SLIDES
http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/03/NDSS2018_02B-4_Sasy_Slides.pdf
PAPER
https://www.ndss-symposium.org/wp-content/uploads/sites/25/2018/02/ndss2018_02B-4_Sasy_paper.pdf
AUTHORS
Sajin Sasy (University of Waterloo)
Sergey Gorbunov (University of Waterloo)
Christopher W. Fletcher (Nvidia/UIUC)
Network and Distributed System Security (NDSS) Symposium 2018, 18-21 February 2018, Catamaran Resort Hotel & Spa in San Diego, California.
https://www.ndss-symposium.org/ndss2018/programme/
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
https://www.ndss-symposium.org/
#NDSS #NDSS18 #NDSS2018 #InternetSecurity
Видео NDSS 2018 - ZeroTrace : Oblivious Memory Primitives from Intel SGX канала NDSS Symposium
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
NDSS 2021 Practical Non-Interactive Searchable Encryption with Forward and Backward Privacy
NDSS 2020 SPEECHMINER Framework Investigating and Measuring Speculative Execution Vulnerabilities
NDSS 2020 Genotype Extraction and False Relative Attacks: Security Risks to Genealogy Services
NDSS 2020 Compliance Cautions: Security Issues Associated with U.S. Digital-Security Standards
NDSS 2020 Measuring the Deployment of Network Censorship Filters at Global Scale
NDSS 2021 SquirRL: Automating Attack Analysis on Blockchain Incentive Mechanisms with Deep Learning
NDSS 2021 WATSON: Abstracting Behaviors from Audit Logs via Aggregation of Contextual Semantics
NDSS 2021 All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers
NDSS 2021 As Strong As Its Weakest Link: How to Break Blockchain DApps at RPC Service
NDSS 2020 Et Tu Alexa? When Commodity WiFi Devices Turn into Adversarial Motion Sensors
NDSS 2022 AutoSec Demo #14: In-Vehicle Communication Using Named Data Networking
NDSS 2022 LASER - “Mind your own cryptocurrency!”
NDSS 2022 MADWeb - Chhoyhopper: A Moving Target Defense with IPv6
NDSS 2020 Closing Remarks
NDSS 2022 BAR - 30 Years into Scientific Binary Decompilation: What We Have Achieved and What We...
NDSS 2021 Screen Gleaning: Screen Reading TEMPEST Attack on Mobile Devices Exploiting a Side Channel
NDSS 2022 BAR - Beyond the C: Retargetable Decompilation using Neural Machine Translation
NDSS 2021 Processing Dangerous Paths – On Security and Privacy of the Portable Document Format
NDSS 2020 Decentralized Control: A Case Study of Russia
NDSS 2020 µRAI: Securing Embedded Systems with Return Address Integrity
NDSS 2020 ABSynthe: Automatic Blackbox Side-channel Synthesis on Commodity Microarchitectures