Oblivious RAM
Primitives
https://gyazo.com/5001428f49c1cfb521ff31febe8e146a
Oblix: An Efficient Oblivious Search Index
Pratyush Mishra, UC Berkeley
https://gyazo.com/1a24d31984fd8c2c4034e21bba62fdb5
DB
Obladi: Oblivious Serializable Transactions in the Cloud
KVS
indexをサポートせず、バッチ実行する必要
DBMS engineのgeneralなクエリ実行をobliviousに
Ring ORAMを利用
https://gyazo.com/fbaff4d08fbdd882430872795b821c4e
TEE*DB
ObliDB
oblivious data accessをuntrusted memoryに適用
doubly-oblivious data structures and enclave to construct a search index for encrypted data
オーバーヘッドがimpractical
Path ORAMを利用
ObliDB supports oblivious versions of the operators SELECT, INSERT, UPDATE, DELETE, GROUP BY and JOIN as well as the aggregates COUNT, SUM, MIN, MAX, and AVG.
トランザクションはサポートしていない
TEE*memory
InvisiPage: Oblivious Demand Paging for Secure Enclaves
ISCA'19
TEE*app
signal
TEEでのcontact discovery時に登録されているuser_idセットに送信したuser_idセットが含まれているかチェックする部分でアクセスパターンが漏洩してしまうので、ORAMを適用
There are some elegant generalized ORAM techniques, like Path ORAM, but unfortunately they don’t work well for this problem. Most perform best when applications have a relatively small number of keys that map to large values, whereas we have an extremely large number of keys and zero-sized values. The more complicated attempts to provide generalized ORAM for data sets like ours, such as Recursive Path ORAM, don’t scale very well and are difficult to build for concurrent access.
Attacks
USENIX WOOT'20
InvisiPageに対する攻撃