University of Pittsburgh researchers have developed a novel secure memory architecture called ORAM Delegator, designed to enhance privacy protection and reduce execution interference on cloud servers with untrusted memory. This technology leverages the buffer-onboard (BOB) memory architecture to offload Path ORAM primitives to a secure engine, significantly improving system performance and privacy protection. The ORAM Delegator optimizes link utilization and achieves a 22.5% performance improvement over the Path ORAM baseline.
Description
The ORAM Delegator is a secure memory architecture that uses the BOB memory architecture to offload Path ORAM primitives to a secure engine within the BOB unit. This approach alleviates contention for the off-chip memory bus between secure and non-secure applications. The secure delegator (SD) unit within the BOB architecture performs Path ORAM accesses, securing communication between the CPU and SD, and converting memory requests into multiple memory accesses along the ORAM tree. This design does not require modifications to the memory DIMM hardware or timing standards, making it a cost-effective and feasible solution for server settings.
Applications
- Cloud computing
- Data privacy protection
- Secure memory management
- Server performance optimization
Advantages
The ORAM Delegator offers high-level privacy protection from access pattern leakage, reduces execution interference and data movement, and improves system performance with a 22.5% performance gain over the Path ORAM baseline. It is a cost-effective implementation that does not require memory DIMM hardware modifications and allows for flexible capacity expansion among secure and normal memory channels, solving capacity limits and minimizing communication overhead.
Invention Readiness
The ORAM Delegator has been evaluated using an 8-core CMP with four off-chip memory channels, demonstrating significant performance improvements and effective privacy protection. The technology is ready for further development and potential commercialization.
IP Status
https://patents.google.com/patent/US11243881B2
