Cloud computing allows users to delegate data and computation to cloud providers, at the cost of giving up physical control of their computing infrastructure. An attacker with physical access to the computing platform can perform various physical attacks, referred to as digital insertion and observation attacks, which include probing memory buses, tampering with memory, and cold-boot style attacks. While memory encryption can prevent direct leakage of data under digital observation, memory access patterns to even encrypted data may leak sensitive information. This work will allow organizations to securely outsource their computing infrastructure to an untrusted cloud provider, while preserving a similar level of security as if hosting the infrastructure in house This project will develop DIORE (Digital Insertion and Observation Resistant Execution) which is a combined hardware software platform immune to digital insertion and observation attacks. DIORE provides memory-trace oblivious execution, relying on efficient hardware implementations of Oblivious RAM, and novel compiler techniques for partitioning programs such that Oblivious RAM accesses are minimized. This ensures that an adversary with access to a program execution's memory trace learns nothing about the code or data other than what is revealed intentionally. DIORE opens up possibilities for new cloud applications involving sensitive information such as genomic, medical, or financial data -- domains that are considered too privacy sensitive for today's cloud.
TWC: Medium: Collaborative: DIORE: Digital Insertion and Observation Resistant Execution