Memory Trace Oblivious Program Execution

Cloud computing allows users to delegate data and computation to cloud service providers, at the cost of giving up physical control of their computing infrastructure. An attacker (e.g., insider) with physical access to the computing platform can perform various physical attacks, including probing memory buses and cold-boot style attacks. Previous work on secure (co-)processors provides hardware support for memory encryption and prevents direct leakage of sensitive data over the memory bus. However, an adversary snooping on the bus can still infer sensitive information from the memory access traces. Existing work on Oblivious RAM (ORAM) provides a solution for users to put all data in an ORAM; and accesses to an ORAM are obfuscated such that no information leaks through memory access traces. This method, however, incurs significant memory access overhead. This work is the first to leverage programming language techniques to offer efficient memory-trace oblivious program execution, while providing formal security guarantees. We formally define the notion of memory-trace obliviousness, and provide a type system for verifying that a program satisfies this property. We also describe a compiler that transforms a program into a structurally similar one that satisfies memory trace obliviousness. To achieve optimal efficiency, our compiler partitions variables into several small ORAM banks rather than one large one, without risking security. We use several example programs to demonstrate the efficiency gains our compiler achieves in comparison with the naive method of placing all variables in the same ORAM.

[1]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[2]  David Sands,et al.  Termination-Insensitive Noninterference Leaks More Than Just a Bit , 2008, ESORICS.

[3]  Hsien-Hsin S. Lee,et al.  Authentication Control Point and Its Implications For Secure Processor Design , 2006, 2006 39th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO'06).

[4]  Ronald L. Rivest,et al.  Introduction to Algorithms , 1990 .

[5]  Andrew C. Myers,et al.  Jif: java information flow , 1999 .

[6]  Adrian Perrig,et al.  TrustVisor: Efficient TCB Reduction and Attestation , 2010, 2010 IEEE Symposium on Security and Privacy.

[7]  Rafail Ostrovsky,et al.  On the (in)security of hash-based oblivious RAM and a new balancing scheme , 2012, SODA.

[8]  Koen De Bosschere,et al.  Practical Mitigations for Timing-Based Side-Channel Attacks on Modern x86 Processors , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[9]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[10]  G. Edward Suh,et al.  AEGIS: architecture for tamper-evident and tamper-resistant processing , 2003, ICS.

[11]  Brian Rogers,et al.  Using Address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance-Friendly , 2007, 40th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO 2007).

[12]  Johan Agat,et al.  Transforming out timing leaks , 2000, POPL '00.

[13]  Dominique Devriese,et al.  Noninterference through Secure Multi-execution , 2010, 2010 IEEE Symposium on Security and Privacy.

[14]  Ben Hardekopf,et al.  Timing- and Termination-Sensitive Secure Information Flow: Exploring a New Approach , 2011, 2011 IEEE Symposium on Security and Privacy.

[15]  Adrian Perrig,et al.  CLAMP: Practical Prevention of Large-Scale Data Leaks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[16]  David Eppstein,et al.  Privacy-preserving data-oblivious geometric algorithms for geographic data , 2010, GIS '10.

[17]  Elaine Shi,et al.  BIND: a fine-grained attestation service for secure distributed systems , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[18]  Peter Williams,et al.  Building castles out of mud: practical access pattern privacy and correctness on untrusted storage , 2008, CCS.

[19]  Michael T. Goodrich,et al.  Data-Oblivious Graph Drawing Model and Algorithms , 2012, ArXiv.

[20]  Srinivas Devadas,et al.  A secure processor architecture for encrypted computation on untrusted programs , 2012, STC '12.

[21]  Danfeng Zhang,et al.  Language-based control and mitigation of timing channels , 2012, PLDI.

[22]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[23]  Michael T. Goodrich,et al.  Privacy-Preserving Access of Outsourced Data via Oblivious RAM Simulation , 2010, ICALP.

[24]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[25]  Sergei Skorobogatov Low temperature data remanence in static RAM , 2002 .

[26]  Peter Williams,et al.  Single round access privacy on outsourced storage , 2012, CCS '12.

[27]  Jeffrey S. Foster,et al.  Flow-insensitive type qualifiers , 2006, TOPL.

[28]  Ronald L. Rivest,et al.  Introduction to Algorithms, third edition , 2009 .

[29]  Peter Williams,et al.  PrivateFS: a parallel oblivious file system , 2012, CCS.

[30]  Michael T. Goodrich,et al.  Privacy-preserving group data access via stateless oblivious RAM simulation , 2011, SODA.

[31]  Oded Goldreich,et al.  Towards a theory of software protection and simulation by oblivious RAMs , 1987, STOC.

[32]  Michael R. Clarkson,et al.  Civitas: Toward a Secure Voting System , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[33]  Danfeng Zhang,et al.  Predictive black-box mitigation of timing channels , 2010, CCS '10.

[34]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[35]  François Pottier,et al.  Information flow inference for ML , 2003, TOPL.

[36]  Hsien-Hsin S. Lee,et al.  High efficiency counter mode security architecture via prediction and precomputation , 2005, 32nd International Symposium on Computer Architecture (ISCA'05).

[37]  Gilles Barthe,et al.  Preventing Timing Leaks Through Transactional Branching Instructions , 2006, QAPL.

[38]  David Sands,et al.  Timing Aware Information Flow Security for a JavaCard-like Bytecode , 2005, Electron. Notes Theor. Comput. Sci..

[39]  Elaine Shi,et al.  Oblivious RAM with O((logN)3) Worst-Case Cost , 2011, ASIACRYPT.

[40]  Eddie Kohler,et al.  Making information flow explicit in HiStar , 2006, OSDI '06.

[41]  Geoffrey Smith,et al.  Lenient array operations for practical secure information flow , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[42]  H.-H.S. Lee,et al.  Architectural support for high speed protection of memory integrity and confidentiality in multiprocessor systems , 2004, Proceedings. 13th International Conference on Parallel Architecture and Compilation Techniques, 2004. PACT 2004..

[43]  Dan Boneh,et al.  Architectural support for copy and tamper resistant software , 2000, SIGP.

[44]  Tao Zhang,et al.  HIDE: an infrastructure for efficiently protecting information leakage on the address bus , 2004, ASPLOS XI.

[45]  Elaine Shi,et al.  Towards Practical Oblivious RAM , 2011, NDSS.