Link to the University of Pittsburgh Homepage
Link to the University Library System Homepage Link to the Contact Us Form

Towards Efficient Secure Memory Systems with Oblivious RAM

Wang, Rujia (2018) Towards Efficient Secure Memory Systems with Oblivious RAM. Doctoral Dissertation, University of Pittsburgh. (Unpublished)

Download (2MB) | Preview


When multiple users and applications share the resources on cloud servers, information may be leaked through hidden channels related to the memory. Encryption can help to protect data privacy. However, the physical address on the memory bus cannot be encrypted if there is no computation power on memory DIMM. The attacker may observe clear-text physical address access frequency and infer sensitive information in the program. To completely protect the system from address access pattern leakage, we need to use Oblivious RAM, which obfuscates the physical address by remapping it after each access. However, the ORAM access is still costly regarding bandwidth.

In this dissertation, I focus on discussing and designing efficient and scalable secure memory systems with ORAM. Firstly, I studied the co-run interference between different applications on the modern computer servers. We found out that how to allocate shared resources between secure applications and other normal applications will determine the overall system performance. I proposed Cooperative-ORAM protocol, which achieves the goal of better resource allocation, utilization and same security guarantee as original ORAM design. Our design delivers an average of 20% overall performance improvement over the baseline Path ORAM design while providing a flexible resource tuning between different kinds of applications.

In the next part, I address the problems when the application number further scales on the same server. The co-run interference and memory traffic will be more intense when we scale the number of applications on the server. Meanwhile, more applications mean that the demand for memory capacity is also increasing. I proposed the design of D-ORAM, which delegate the ORAM based secure engine on Buffer-on-Board(BoB), which is in between of the last level cache and main memory, to enable high-level privacy protection and low execution interference on cloud servers. By pushing the ORAM engine off-chip, most of the ORAM accesses will not need to be sent back to the processor side, which removes the excessive data movement overhead. Our evaluation shows that D-ORAM improves normal applications performance by 22.5% on average.


Social Networking:
Share |


Item Type: University of Pittsburgh ETD
Status: Unpublished
CreatorsEmailPitt UsernameORCID
Wang, Rujiaruw16@pitt.eduRUW16
ETD Committee:
TitleMemberEmail AddressPitt UsernameORCID
Committee ChairJun, Yangjuy9@pitt.edujuy9
Committee CoChairYoutao, Zhangzhangyt@cs.pitt.eduyoutao
Committee MemberKartik, Mohanramkmram@pitt.edukmram
Committee MemberSam, Dickersondickerson@pitt.edudickerson
Committee MemberNatasa, Miskov-Zivanovnmzivanov@pitt.edunmzivanov
Committee MemberAdam, Leeadamlee@pitt.eduadamlee
Date: 7 November 2018
Date Type: Publication
Defense Date: 24 May 2018
Approval Date: 7 November 2018
Submission Date: 15 June 2018
Access Restriction: 1 year -- Restrict access to University of Pittsburgh for a period of 1 year.
Number of Pages: 115
Institution: University of Pittsburgh
Schools and Programs: Swanson School of Engineering > Electrical and Computer Engineering
Degree: PhD - Doctor of Philosophy
Thesis Type: Doctoral Dissertation
Refereed: Yes
Uncontrolled Keywords: Secure memory system, ORAM, access pattern leakage, memory architecture
Date Deposited: 07 Nov 2019 06:00
Last Modified: 07 Nov 2019 06:15


Monthly Views for the past 3 years

Plum Analytics

Actions (login required)

View Item View Item