Cache-Oblivious and Data-Oblivious Sorting and Applications

Although external-memory sorting has been a classical algorithms abstraction and has been heavily studied in the literature, perhaps somewhat surprisingly, when data-obliviousness is a requirement, even very rudimentary questions remain open. Prior to our work, it is not even known how to construct a comparison-based, external-memory oblivious sorting algorithm that is optimal in IO-cost. We make a significant step forward in our understanding of external-memory, oblivious sorting algorithms. Not only do we construct a comparison-based, external-memory oblivious sorting algorithm that is optimal in IO-cost, our algorithm is also cache-agnostic in that the algorithm need not know the storage hierarchy's internal parameters such as the cache and cache-line sizes. Our result immediately implies a cache-agnostic ORAM construction whose asymptotic IO-cost matches the best known cache-aware scheme. Last but not the least, we propose and adopt a new and stronger security notion for external-memory, oblivious algorithms and argue that this new notion is desirable for resisting possible cache-timing attacks. Thus our work also lays a foundation for the study of oblivious algorithms in the cache-agnostic model.

[1]  Kenneth E. Batcher,et al.  Sorting networks and their applications , 1968, AFIPS Spring Joint Computing Conference.

[2]  Robert W. Floyd,et al.  Permuting Information in Idealized Two-Level Storage , 1972, Complexity of Computer Computations.

[3]  E. Szemerédi,et al.  O(n LOG n) SORTING NETWORK. , 1983 .

[4]  Oded Goldreich,et al.  Towards a theory of software protection and simulation by oblivious RAMs , 1987, STOC.

[5]  Alok Aggarwal,et al.  The input/output complexity of sorting and related problems , 1988, CACM.

[6]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[7]  Donald E. Knuth,et al.  The art of computer programming, volume 3: (2nd ed.) sorting and searching , 1998 .

[8]  Rajeev Motwani,et al.  The PageRank Citation Ranking : Bringing Order to the Web , 1999, WWW 1999.

[9]  Michael A. Bender,et al.  Cache-oblivious B-trees , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[10]  Jeffrey Scott Vitter,et al.  External memory algorithms and data structures: dealing with massive data , 2001, CSUR.

[11]  Kurt Mehlhorn,et al.  External-Memory Breadth-First Search with Sublinear I/O , 2002, ESA.

[12]  G. Brodal,et al.  Cache Oblivious Distribution Sweeping , 2002 .

[13]  Gerth Stølting Brodal,et al.  Lower bounds for external memory dictionaries , 2003, SODA '03.

[14]  Gerth Stølting Brodal,et al.  Cache-Oblivious Algorithms and Data Structures , 2004, SWAT.

[15]  Sanjay Ghemawat,et al.  MapReduce: Simplified Data Processing on Large Clusters , 2004, OSDI.

[16]  Peter van Emde Boas,et al.  Design and implementation of an efficient priority queue , 1976, Mathematical systems theory.

[17]  Dinesh Manocha,et al.  Cache-oblivious mesh layouts , 2005, ACM Trans. Graph..

[18]  Michael A. Bender,et al.  Cache-oblivious streaming B-trees , 2007, SPAA '07.

[19]  Michael A. Bender,et al.  An Optimal Cache-Oblivious Priority Queue and Its Application to Graph Algorithms , 2007, SIAM J. Comput..

[20]  Sanguthevar Rajasekaran,et al.  Optimal and Practical Algorithms for Sorting on the PDM , 2008, IEEE Transactions on Computers.

[21]  Peter Williams,et al.  Building castles out of mud: practical access pattern privacy and correctness on untrusted storage , 2008, CCS.

[22]  Qin Zhang,et al.  Dynamic external hashing: the limit of buffering , 2008, SPAA '09.

[23]  S. Srinivasa Rao,et al.  Secondary indexing in one dimension: beyond b-trees and bitmap indexes , 2009, PODS.

[24]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[25]  Qin Zhang,et al.  On the cell probe complexity of dynamic membership , 2010, SODA '10.

[26]  David Eppstein,et al.  Privacy-preserving data-oblivious geometric algorithms for geographic data , 2010, GIS '10.

[27]  Michael T. Goodrich,et al.  Data-oblivious external-memory algorithms for the compaction, selection, and sorting of outsourced data , 2011, SPAA '11.

[28]  Michael T. Goodrich,et al.  Privacy-Preserving Access of Outsourced Data via Oblivious RAM Simulation , 2010, ICALP.

[29]  Elaine Shi,et al.  Oblivious RAM with O((logN)3) Worst-Case Cost , 2011, ASIACRYPT.

[30]  Peter Williams,et al.  PrivateFS: a parallel oblivious file system , 2012, CCS.

[31]  Michael T. Goodrich,et al.  Data-Oblivious Graph Drawing Model and Algorithms , 2012, ArXiv.

[32]  Rafail Ostrovsky,et al.  On the (in)security of hash-based oblivious RAM and a new balancing scheme , 2012, SODA.

[33]  Elaine Shi,et al.  Towards Practical Oblivious RAM , 2011, NDSS.

[34]  Simha Sethumadhavan,et al.  Side-channel vulnerability factor: A metric for measuring information leakage , 2012, 2012 39th Annual International Symposium on Computer Architecture (ISCA).

[35]  Michael K. Reiter,et al.  Cross-VM side channels and their use to extract private keys , 2012, CCS.

[36]  Juan del Cuvillo,et al.  Using innovative instructions to create trustworthy software solutions , 2013, HASP '13.

[37]  Elaine Shi,et al.  Memory Trace Oblivious Program Execution , 2013, 2013 IEEE 26th Computer Security Foundations Symposium.

[38]  Srinivas Devadas,et al.  Design space exploration and optimization of path oblivious RAM in secure processors , 2013, ISCA.

[39]  Ittai Anati,et al.  Innovative Technology for CPU Based Attestation and Sealing , 2013 .

[40]  Ling Ren,et al.  Path ORAM , 2012, J. ACM.

[41]  Elaine Shi,et al.  ObliviStore: High Performance Oblivious Cloud Storage , 2013, 2013 IEEE Symposium on Security and Privacy.

[42]  Marina Blanton,et al.  Data-oblivious graph algorithms for secure computation and outsourcing , 2013, ASIA CCS '13.

[43]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[44]  Elaine Shi,et al.  PHANTOM: practical oblivious computation in a secure processor , 2013, CCS.

[45]  Michael T. Goodrich,et al.  Zig-zag sort: a simple deterministic data-oblivious sorting algorithm running in O(n log n) time , 2014, STOC.

[46]  Elaine Shi,et al.  Ring ORAM: Closing the Gap Between Small and Large Client Storage Oblivious RAM , 2014, IACR Cryptol. ePrint Arch..

[47]  Srinivas Devadas,et al.  Suppressing the Oblivious RAM timing channel while making information leakage and program efficiency trade-offs , 2014, 2014 IEEE 20th International Symposium on High Performance Computer Architecture (HPCA).

[48]  Michael K. Reiter,et al.  Cross-Tenant Side-Channel Attacks in PaaS Clouds , 2014, CCS.

[49]  Elaine Shi,et al.  Circuit ORAM: On Tightness of the Goldreich-Ostrovsky Lower Bound , 2015, IACR Cryptol. ePrint Arch..

[50]  Srinivas Devadas,et al.  RAW Path ORAM: A Low-Latency, Low-Area Hardware ORAM Controller with Integrity Verification , 2014, IACR Cryptol. ePrint Arch..

[51]  Michael T. Goodrich,et al.  Data-Oblivious Graph Algorithms in Outsourced External Memory , 2014, COCOA.

[52]  Abhi Shelat,et al.  SCORAM: Oblivious RAM for Secure Computation , 2014, IACR Cryptol. ePrint Arch..

[53]  Elaine Shi,et al.  Burst ORAM: Minimizing ORAM Response Times for Bursty Access Patterns , 2014, USENIX Security Symposium.

[54]  Kai-Min Chung,et al.  Statistically-secure ORAM with Õ(log2 n) Overhead , 2014, ASIACRYPT.

[55]  Elaine Shi,et al.  GhostRider: A Hardware-Software System for Memory Trace Oblivious Computation , 2015, ASPLOS.

[56]  Srinivas Devadas,et al.  Freecursive ORAM: [Nearly] Free Recursion and Integrity Verification for Position-based Oblivious RAM , 2015 .

[57]  Elaine Shi,et al.  Bucket ORAM: Single Online Roundtrip, Constant Bandwidth Oblivious RAM , 2015, IACR Cryptol. ePrint Arch..

[58]  Stratis Ioannidis,et al.  GraphSC: Parallel Secure Computation Made Easy , 2015, 2015 IEEE Symposium on Security and Privacy.

[59]  Kartik Nayak,et al.  ObliVM: A Programming Framework for Secure Computation , 2015, 2015 IEEE Symposium on Security and Privacy.

[60]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[61]  Kartik Nayak,et al.  Oblivious Computation with Data Locality , 2017, IACR Cryptol. ePrint Arch..

[62]  T-H. Hubert Chan Circuit OPRAM : A Unifying Framework for Statistically and Computationally Secure ORAMs and OPRAMs , 2017 .