GhostRider: A Hardware-Software System for Memory Trace Oblivious Computation

This paper presents a new, co-designed compiler and architecture called GhostRider for supporting privacy preserving computation in the cloud. GhostRider ensures all programs satisfy a property called memory-trace obliviousness (MTO): Even an adversary that observes memory, bus traffic, and access times while the program executes can learn nothing about the program's sensitive inputs and outputs. One way to achieve MTO is to employ Oblivious RAM (ORAM), allocating all code and data in a single ORAM bank, and to also disable caches or fix the rate of memory traffic. This baseline approach can be inefficient, and so GhostRider's compiler uses a program analysis to do better, allocating data to non-oblivious, encrypted RAM (ERAM) and employing a scratchpad when doing so will not compromise MTO. The compiler can also allocate to multiple ORAM banks, which sometimes significantly reduces access times.We have formalized our approach and proved it enjoys MTO. Our FPGA-based hardware prototype and simulation results show that GhostRider significantly outperforms the baseline strategy.

[1]  Eduardo Bonelli,et al.  Information Flow Analysis for a Typed Assembly Language with Polymorphic Stacks , 2005, CASSIS.

[2]  Michael T. Goodrich,et al.  Privacy-Preserving Access of Outsourced Data via Oblivious RAM Simulation , 2010, ICALP.

[3]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[4]  Elaine Shi,et al.  Path ORAM: an extremely simple oblivious RAM protocol , 2012, CCS.

[5]  Jean-Didier Legat,et al.  Enhancing security in the memory management unit , 1999, Proceedings 25th EUROMICRO Conference. Informatics: Theory and Practice for the New Millennium.

[6]  Amir Pnueli,et al.  Translation Validation , 1998, TACAS.

[7]  Sergei Skorobogatov Low temperature data remanence in static RAM , 2002 .

[8]  Geoffrey Smith,et al.  Lenient array operations for practical secure information flow , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[9]  Gilles Barthe,et al.  Preventing Timing Leaks Through Transactional Branching Instructions , 2006, QAPL.

[10]  Oded Goldreich,et al.  Towards a theory of software protection and simulation by oblivious RAMs , 1987, STOC.

[11]  Srinivas Devadas,et al.  RAW Path ORAM: A Low-Latency, Low-Area Hardware ORAM Controller with Integrity Verification , 2014, IACR Cryptol. ePrint Arch..

[12]  Naoki Kobayashi,et al.  Type-based Information Flow Analysis for a Low-level Language , 2003 .

[13]  Koen De Bosschere,et al.  Practical Mitigations for Timing-Based Side-Channel Attacks on Modern x86 Processors , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[14]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[15]  Johan Agat,et al.  Transforming out timing leaks , 2000, POPL '00.

[16]  Elaine Shi,et al.  Memory Trace Oblivious Program Execution , 2013, 2013 IEEE 26th Computer Security Foundations Symposium.

[17]  Yunsup Lee,et al.  The RISC-V Instruction Set Manual , 2014 .

[18]  Andrew C. Myers,et al.  Programming Languages for Information Security , 2002 .

[19]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[20]  David Eppstein,et al.  Privacy-preserving data-oblivious geometric algorithms for geographic data , 2010, GIS '10.

[21]  Srinivas Devadas,et al.  Design space exploration and optimization of path oblivious RAM in secure processors , 2013, ISCA.

[22]  Gilles Barthe,et al.  Security of multithreaded programs by compilation , 2007, TSEC.

[23]  G. Edward Suh,et al.  AEGIS: architecture for tamper-evident and tamper-resistant processing , 2003, ICS.

[24]  Brian Rogers,et al.  Using Address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance-Friendly , 2007, 40th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO 2007).

[25]  Elaine Shi,et al.  PHANTOM: practical oblivious computation in a secure processor , 2013, CCS.

[26]  Srinivas Devadas,et al.  A secure processor architecture for encrypted computation on untrusted programs , 2012, STC '12.

[27]  Srinivas Devadas,et al.  A Low-Latency, Low-Area Hardware Oblivious RAM Controller , 2015, 2015 IEEE 23rd Annual International Symposium on Field-Programmable Custom Computing Machines.

[28]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[29]  Peter Williams,et al.  Building castles out of mud: practical access pattern privacy and correctness on untrusted storage , 2008, CCS.

[30]  Markus Jakobsson,et al.  Controlling data in the cloud: outsourcing computation without outsourcing control , 2009, CCSW '09.

[31]  Eduardo Bonelli,et al.  Type-based information flow analysis for bytecode languages with variable object field policies , 2008, SAC '08.

[32]  Tao Zhang,et al.  HIDE: an infrastructure for efficiently protecting information leakage on the address bus , 2004, ASPLOS XI.

[33]  G. Edward Suh,et al.  AEGIS: architecture for tamper-evident and tamper-resistant processing , 2003 .

[34]  Elaine Shi,et al.  Oblivious RAM with O((logN)3) Worst-Case Cost , 2011, ASIACRYPT.

[35]  Peter Williams,et al.  Single round access privacy on outsourced storage , 2012, CCS '12.

[36]  Michael T. Goodrich,et al.  Privacy-preserving group data access via stateless oblivious RAM simulation , 2011, SODA.

[37]  David Sands,et al.  Timing Aware Information Flow Security for a JavaCard-like Bytecode , 2005, Electron. Notes Theor. Comput. Sci..

[38]  Joshua Schiffman,et al.  Shroud: ensuring private access to large-scale data in the data center , 2013, FAST.

[39]  François Pottier,et al.  Information flow inference for ML , 2003, TOPL.

[40]  Srinivas Devadas,et al.  Suppressing the Oblivious RAM timing channel while making information leakage and program efficiency trade-offs , 2014, 2014 IEEE 20th International Symposium on High Performance Computer Architecture (HPCA).

[41]  Naoki Kobayashi,et al.  Type-Based Information Analysis for Low-Level Languages , 2002, Asian Symposium on Programming Languages and Systems.

[42]  Gilles Barthe,et al.  Non-interference for a JVM-like language , 2005, TLDI '05.

[43]  Mark Horowitz,et al.  Specifying and verifying hardware for tamper-resistant software , 2003, 2003 Symposium on Security and Privacy, 2003..

[44]  Michael T. Goodrich,et al.  Data-Oblivious Graph Drawing Model and Algorithms , 2012, ArXiv.

[45]  Scott A. Rotondo Trusted Computing Group , 2011, Encyclopedia of Cryptography and Security.

[46]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[47]  Pankaj Rohatgi,et al.  Introduction to differential power analysis , 2011, Journal of Cryptographic Engineering.

[48]  Eduardo Bonelli,et al.  A Typed Assembly Language for Non-interference , 2005, ICTCS.

[49]  Dan Boneh,et al.  Architectural support for copy and tamper resistant software , 2000, SIGP.

[50]  James Newsome,et al.  CARMA: a hardware tamper-resistant isolated execution environment on commodity x86 platforms , 2012, ASIACCS '12.

[51]  Rafail Ostrovsky,et al.  On the (in)security of hash-based oblivious RAM and a new balancing scheme , 2012, SODA.

[52]  Marina Blanton,et al.  Data-oblivious graph algorithms for secure computation and outsourcing , 2013, ASIA CCS '13.