SGX-LKL: Securing the host OS interface for trusted execution
Hardware support for trusted execution in modern CPUs enables tenants to shield their data
processing workloads in otherwise untrusted cloud environments. Runtime systems for the …
processing workloads in otherwise untrusted cloud environments. Runtime systems for the …
Oblidb: Oblivious query processing for secure databases
S Eskandarian, M Zaharia - arXiv preprint arXiv:1710.00458, 2017 - arxiv.org
Hardware enclaves such as Intel SGX are a promising technology for improving the security
of databases outsourced to the cloud. These enclaves provide an execution environment …
of databases outsourced to the cloud. These enclaves provide an execution environment …
{DORY}: An encrypted search system with distributed trust
E Dauterman, E Feng, E Luo, RA Popa… - 14th USENIX Symposium …, 2020 - usenix.org
Efficient, leakage-free search on encrypted data has remained an unsolved problem for the
last two decades; efficient schemes are vulnerable to leakage-abuse attacks, and schemes …
last two decades; efficient schemes are vulnerable to leakage-abuse attacks, and schemes …
{SPEICHER}: Securing {LSM-based}{Key-Value} Stores using Shielded Execution
We introduce Speicher, a secure storage system that not only provides strong confidentiality
and integrity properties, but also ensures data freshness to protect against rollback/forking …
and integrity properties, but also ensures data freshness to protect against rollback/forking …
Pancake: Frequency smoothing for encrypted data stores
We present PANCAKE, the first system to protect key-value stores from access pattern
leakage attacks with small constant factor bandwidth overhead. PANCAKE uses a new …
leakage attacks with small constant factor bandwidth overhead. PANCAKE uses a new …
Snoopy: Surpassing the scalability bottleneck of oblivious storage
Existing oblivious storage systems provide strong security by hiding access patterns, but do
not scale to sustain high throughput as they rely on a central point of coordination. To …
not scale to sustain high throughput as they rely on a central point of coordination. To …
Avocado: A Secure {In-Memory} Distributed Storage System
M Bailleu, D Giantsidi, V Gavrielatos… - 2021 USENIX Annual …, 2021 - usenix.org
We introduce Avocado, a secure in-memory distributed storage system that provides strong
security, fault-tolerance, consistency (linearizability) and performance for untrusted cloud …
security, fault-tolerance, consistency (linearizability) and performance for untrusted cloud …
Basil: Breaking up BFT with ACID (transactions)
This paper presents Basil, the first transactional, leaderless Byzantine Fault Tolerant key-
value store. Basil leverages ACID transactions to scalably implement the abstraction of a …
value store. Basil leverages ACID transactions to scalably implement the abstraction of a …
Adore: Differentially oblivious relational database operators
There has been a recent effort in applying differential privacy on memory access patterns to
enhance data privacy. This is called differential obliviousness. Differential obliviousness is a …
enhance data privacy. This is called differential obliviousness. Differential obliviousness is a …
Cobra: Making Transactional {Key-Value} Stores Verifiably Serializable
Today's cloud databases offer strong properties, including serializability, sometimes called
the gold standard database correctness property. But cloud databases are complicated …
the gold standard database correctness property. But cloud databases are complicated …