Practical ORAM Delegation for Untrusted Memory on Cloud Servers
University of Pittsburgh researchers have developed a novel secure memory architecture called ORAM Delegator, designed to enhance privacy protection and reduce execution interference on cloud servers with untrusted memory. This technology leverages the buffer-onboard (BOB) memory architecture to offload Path ORAM primitives to a secure engine, significantly improving system performance and privacy protection. The ORAM Delegator optimizes link utilization and achieves a 22.5% performance improvement over the Path ORAM baseline.
Description
The ORAM Delegator is a secure memory architecture that uses the BOB memory architecture to offload Path ORAM primitives to a secure engine within the BOB unit. This approach alleviates contention for the off-chip memory bus between secure and non-secure applications. The secure delegator (SD) unit within the BOB architecture performs Path ORAM accesses, securing communication between the CPU and SD, and converting memory requests into multiple memory accesses along the ORAM tree. This design does not require modifications to the memory DIMM hardware or timing standards, making it a cost-effective and feasible solution for server settings.Applications
- Cloud computing- Data privacy protection
- Secure memory management
- Server performance optimization