research-article

Practicing Oblivious Access on Cloud Storage: the Gap, the Fallacy, and the New Way Forward

Authors:

Vincent Bindschaedler,

Muhammad Naveed,

Yan HuangAuthors Info & Claims

CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

Pages 837 - 849

https://doi.org/10.1145/2810103.2813649

Published: 12 October 2015 Publication History

Abstract

To understand the gap between theory and practice for oblivious cloud storage, we experimentally evaluate four representative Oblivious RAM (ORAM) designs on Amazon S3. We replay realistic application traces to these ORAMs in order to understand whether they can meet the demands of various real applications using cloud storage as a backend. We find that metrics traditionally used in the ORAM literature, e.g., bandwidth overhead, fail to capture the practical needs of those applications. With a new understanding of the desirable properties, relevant metrics, and observations about the cloud services and their applications, we propose CURIOUS, a new modular partition-based ORAM framework, and show experimentally that it is thus far the most promising approach.

References

[1]

D. Boneh, D. Mazieres, and R. A. Popa. Remote Oblivious Storage: Making Oblivious RAM Practical. 2011.

[2]

K. Chung, Z. Liu, and R. Pass. Statistically-Secure ORAM with Ø(log2 n) Overhead. ASIACRYPT, 2014.

[3]

J. Dautrich, E. Stefanov, and E. Shi. Burst ORAM: Minimizing ORAM Response Times for Bursty Access Patterns. In USENIX Security, volume 14, 2014.

Digital Library

[4]

S. Devadas, M. van Dijk, C. W. Fletcher, and L. Ren. Onion ORAM: A Constant Bandwidth and Constant Client Storage ORAM (without FHE or SWHE). IACR ePrint, 2015.

[5]

O. Goldreich and R. Ostrovsky. Software Protection and Simulation on Oblivious RAMs. Journal of the ACM, 1996.

Digital Library

[6]

M. T. Goodrich. Randomized Shellsort: A Simple Oblivious Sorting Algorithm. In SODA, 2010.

Digital Library

[7]

M. T. Goodrich, M. Mitzenmacher, O. Ohrimenko, and R. Tamassia. Oblivious RAM Simulation with Efficient Worst-Case Access Overhead. In CCSW, 2011.

Digital Library

[8]

M. T. Goodrich, M. Mitzenmacher, O. Ohrimenko, and R. Tamassia. Practical Oblivious Storage. In CODASPY, 2012.

Digital Library

[9]

E. Kushilevitz, S. Lu, and R. Ostrovsky. On the (In)security of Hash-Based Oblivious RAM and a new Balancing Scheme. In SODA, 2012.

Digital Library

[10]

M. Maas, E. Love, E. Stefanov, M. Tiwari, E. Shi, K. Asanovic, J. Kubiatowicz, and D. Song. PHANTOM: Practical Oblivious Computation in a Secure Processor. In CCS, 2013.

Digital Library

[11]

T. Mayberry, E.-O. Blass, and A. H. Chan. Efficient Private File Retrieval by Combining ORAM and PIR. In NDSS, 2014.

[12]

R. McDougall. Filebench Tutorial. 2004.

[13]

T. Moataz, T. Mayberry, and E. Blass. Resizable Tree-Based Oblivious RAM. IACR ePrint, 2014.

[14]

T. Moataz, T. Mayberry, and E.-O. Blass. Constant Communication ORAM with Small Blocksize. In CCS, 2015.

Digital Library

[15]

O. Ohrimenko, M. T. Goodrich, R. Tamassia, and E. Upfal. The Melbourne Shuffle: Improving Oblivious Storage in the Cloud. In ALP. 2014.

[16]

B. Pinkas and T. Reinman. Oblivious RAM Revisited. In CRYPTO, 2010.

Digital Library

[17]

L. Ren, C. W. Fletcher, A. Kwon, E. Stefanov, E. Shi, M. van Dijk, and S. Devadas. Constants Count: Practical Improvements to Oblivious RAM. In USENIX Security, 2015.

Digital Library

[18]

S. Shepler, E. Kustarz, and A. Wilson. Filebench. http://sourceforge.net/projects/filebench/, 2015.

[19]

E. Shi, T.-H. H. Chan, E. Stefanov, and M. Li. Oblivious RAM with o((log n)3) Worst-Case Cost. In ASIACRYPT, 2011.

Digital Library

[20]

E. Stefanov and E. Shi. ObliviStore: High Performance Oblivious Cloud Storage. In S&P, 2013.

Digital Library

[21]

E. Stefanov, E. Shi, and D. X. Song. Towards Practical Oblivious RAM. In NDSS, 2012.

[22]

E. Stefanov, M. Van Dijk, E. Shi, C. Fletcher, L. Ren, X. Yu, and S. Devadas. Path ORAM: An Extremely Simple Oblivious RAM Protocol. In CCS, 2013.

Digital Library

[23]

X. S. Wang, T.-H. H. Chan, and E. Shi. Circuit ORAM: On Tightness of the Goldreich-Ostrovsky Lower Bound. IACR ePrint, 2014.

[24]

P. Williams and R. Sion. Single Round Access Privacy on Outsourced Storage. In CCS, 2012.

Digital Library

[25]

P. Williams, R. Sion, and A. Tomescu. PrivateFS: A Parallel Oblivious File System. In CCS, 2012.

Digital Library

Cited By

Che YCheng DWang XWang R(2024)Opca: Enabling Optimistic Concurrent Access for Multiple Users in Oblivious Data StorageIEEE Transactions on Parallel and Distributed Systems10.1109/TPDS.2024.344162335:11(1891-1903)Online publication date: Nov-2024
https://doi.org/10.1109/TPDS.2024.3441623
Chang ZXie DWang SLi FShen Y(2024)Towards Practical Oblivious Join ProcessingIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2023.331003836:4(1829-1842)Online publication date: Apr-2024
https://doi.org/10.1109/TKDE.2023.3310038
Tian WJian GXu ZLi RXiao W(2024)PEO-Store: Delegation-Proof based Oblivious Storage with Secure Redundancy EliminationIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.3361450(1-12)Online publication date: 2024
https://doi.org/10.1109/TDSC.2024.3361450
Show More Cited By

Index Terms

Practicing Oblivious Access on Cloud Storage: the Gap, the Fallacy, and the New Way Forward
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Path ORAM: An Extremely Simple Oblivious RAM Protocol
Distributed Computing, Cryptography, Distributed Computing, Cryptography, Coding Theory, Automata Theory, Complexity Theory, Programming Languages, Algorithms, Invited Paper Foreword and Databases

We present Path ORAM, an extremely simple Oblivious RAM protocol with a small amount of client storage. Partly due to its simplicity, Path ORAM is the most practical ORAM scheme known to date with small client storage. We formally prove that Path ORAM ...
Multi-cloud oblivious storage
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

We present a 2-cloud oblivious storage (ORAM) system that achieves 2.6X bandwidth cost between the client and the cloud. Splitting an ORAM across 2 or more non-colluding clouds allows us to reduce the client-cloud bandwidth cost by at least one order of ...
Path ORAM: an extremely simple oblivious RAM protocol
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

We present Path ORAM, an extremely simple Oblivious RAM protocol with a small amount of client storage. Partly due to its simplicity, Path ORAM is the most practical ORAM scheme for small client storage known to date. We formally prove that Path ORAM ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

October 2015

1750 pages

ISBN:9781450338325

DOI:10.1145/2810103

General Chair:
Indrajit Ray
Colorado State University, USA
,
Program Chairs:
Ninghui Li
Purdue University, USA
,
Christopher Kruegel
University of California, Santa Barbara, USA

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 October 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Science Foundation

Conference

CCS'15

Sponsor:

SIGSAC

CCS'15: The 22nd ACM Conference on Computer and Communications Security

October 12 - 16, 2015

Colorado, Denver, USA

Acceptance Rates

CCS '15 Paper Acceptance Rate 128 of 660 submissions, 19%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

67
Total Citations
View Citations
841
Total Downloads

Downloads (Last 12 months)39
Downloads (Last 6 weeks)12

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Che YCheng DWang XWang R(2024)Opca: Enabling Optimistic Concurrent Access for Multiple Users in Oblivious Data StorageIEEE Transactions on Parallel and Distributed Systems10.1109/TPDS.2024.344162335:11(1891-1903)Online publication date: Nov-2024
https://doi.org/10.1109/TPDS.2024.3441623
Chang ZXie DWang SLi FShen Y(2024)Towards Practical Oblivious Join ProcessingIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2023.331003836:4(1829-1842)Online publication date: Apr-2024
https://doi.org/10.1109/TKDE.2023.3310038
Tian WJian GXu ZLi RXiao W(2024)PEO-Store: Delegation-Proof based Oblivious Storage with Secure Redundancy EliminationIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.3361450(1-12)Online publication date: 2024
https://doi.org/10.1109/TDSC.2024.3361450
Li XLuo YGao M(2024)Bulkor: Enabling Bulk Loading for Path ORAM2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00103(4258-4276)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00103
Sun BZhao STian G(2024)SQL queries over encrypted databases: a surveyConnection Science10.1080/09540091.2024.232305936:1Online publication date: 5-Mar-2024
https://doi.org/10.1080/09540091.2024.2323059
Maiyya SVemula SAgrawal DEl Abbadi AKerschbaum F(2023)Waffle: An Online Oblivious Datastore for Protecting Data Access PatternsProceedings of the ACM on Management of Data10.1145/36267601:4(1-25)Online publication date: 12-Dec-2023
https://dl.acm.org/doi/10.1145/3626760
Cheng WSang DZeng LWang YBrinkmann A(2023)Tianji: Securing a Practical Asynchronous Multi-User ORAMIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.324118420:6(5143-5155)Online publication date: Nov-2023
https://doi.org/10.1109/TDSC.2023.3241184
Kim TPark HLee SShin SHur JShin Y(2023)DevIOus: Device-Driven Side-Channel Attacks on the IOMMU2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179283(2288-2305)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179283
Asharov GKomargodski ILin WShi E(2023)Oblivious RAM with Worst-Case Logarithmic OverheadJournal of Cryptology10.1007/s00145-023-09447-536:2Online publication date: 24-Feb-2023
https://dl.acm.org/doi/10.1007/s00145-023-09447-5
Mathialagan S(2023)Memory Checking for Parallel RAMsTheory of Cryptography10.1007/978-3-031-48618-0_15(436-464)Online publication date: 29-Nov-2023
https://dl.acm.org/doi/10.1007/978-3-031-48618-0_15
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten