Oblivious Remote Data Access Made Practical.

摘要

Access pattern leaks threaten data confidentiality. The ability to access remote information without revealing the objects of interest is thus essential to remote storage privacy. Despite many challenges to deployment, this thesis asserts that there exist practical (applicable and economical) access privacy mechanisms.;Outsourced computing is a popular trend with good reason: significant cost savings can be obtained by consolidating data center management. This trend arrives with a new set of security issues, however. Companies expose themselves to significant risk by placing sensitive data in systems outside their control. Of concern are not only network security, data confidentiality, and collocation issues, but more importantly a significant shift in liability, and a new class of insider attacks.;To defend these new vulnerability surfaces, of special importance becomes the ability to provide clients with practical guarantees of confidentiality and privacy.;This thesis outlines a set of essential outsourcing challenges: (i) How can remotely-hosted data be accessed efficiently with privacy? (ii) How can multiple clients run transactions privately in parallel, with serializability assurances guaranteed by untrusted, possibly malicious transaction managers? (iii) How can new, efficient, minimal-TCB hardware be designed to better provide security and privacy outsourcing guarantees?;To answer these questions, this dissertation introduces new mechanisms for practical private data access and oblivious transaction processing, as well as new trusted hardware designs. A space-time trade-off of client storage vs. efficiency is explored, then expanded to the additional dimensions of multiplicity of clients, the nature of the trusted computing base (hardware vs. software), and the degree of client data processing (access vs. transactions vs. computation). The results are orders of magnitude more efficient than existing work. Together, they bridge the gap between theoretical possibility and practical feasibility.