PS-ORAM

Abstract

Oblivious RAM (ORAM) is a provable secure primitive to prevent access pattern leakage on the memory bus. It serves as the intermediate layer between the trusted on-chip components and the untrusted external memory systems to modulate the original memory access patterns into indistinguishable memory sequences. By randomly remapping the data blocks and accessing redundant blocks, ORAM prevents access pattern leakage through obfuscation. While there is much prior work focusing on improving ORAM's performance on the conventional DRAM-based memory system, when the memory technology shifts to use non-volatile memory (NVM), new challenges come up as to how to efficiently support crash consistency for ORAM. In this work, we propose EHAP-ORAM, which studies how to persist ORAM construction with an NVM-based memory system. We first analyze the design requirements for a persistent ORAM system and discuss the need to preserve crash consistency and atomicity for both data and ORAM metadata. Next, we discuss some of the challenges in the design of a persistent ORAM system and propose some solutions to those challenges. Then, we propose the modified on-chip ORAM controller architecture. Based on the improved hardware architecture of the ORAM controller on-chip, we propose different persistency protocols to ensure the crash consistency of the ORAM system and satisfy that the metadata in PosMap is safe when it is persisted to NVM in trusted/untrusted off-chip. The proposed architecture and persistency protocol steps minimize the overhead and leakage during the write-back process. Finally, we compared our persistent ORAM with the system without crash consistency support, show that in non-recursive and recursive cases, EHAP-ORAM only incurs 3.36% and 3.65% performance overhead. The results show that the EHAP-ORAM can support efficient crash consistency with minimal performance and hardware overhead.