Making Your Program Oblivious: a Comparative Study for Side-channel-safe Confidential Computing

TL;DR

This paper compares various data oblivious conversion approaches for TEEs, analyzing their performance and usability to help researchers and practitioners select suitable methods for side-channel-resistant confidential computing.

Contribution

It provides a comprehensive comparison and empirical evaluation of different data oblivious conversion techniques applied to benchmark TEE applications.

Findings

Different approaches vary in performance and ease of implementation.

Some methods offer better security-performance trade-offs.

Guidelines for choosing appropriate oblivious techniques are proposed.

Abstract

Trusted Execution Environments (TEEs) are gradually adopted by major cloud providers, offering a practical option of \emph{confidential computing} for users who don't fully trust public clouds. TEEs use CPU-enabled hardware features to eliminate direct breaches from compromised operating systems or hypervisors. However, recent studies have shown that side-channel attacks are still effective on TEEs. An appealing solution is to convert applications to be \emph{data oblivious} to deter many side-channel attacks. While a few research prototypes on TEEs have adopted specific data oblivious operations, the general conversion approaches have never been thoroughly compared against and tested on benchmark TEE applications. These limitations make it difficult for researchers and practitioners to choose and adopt a suitable data oblivious approach for their applications. To address these issues, we conduct a comprehensive analysis of several representative conversion approaches and implement benchmark TEE applications with them. We also perform an extensive empirical study to provide insights into their performance and ease of use.