ObliCheck: Efficient Verification of Oblivious Algorithms with Unobservable State

Jeongseok Son, Griffin Prechter, Rishabh Poddar, Raluca Ada Popa and Koushik Sen

EECS Department
University of California, Berkeley
Technical Report No. UCB/EECS-2021-29
May 1, 2021

http://www2.eecs.berkeley.edu/Pubs/TechRpts/2021/EECS-2021-29.pdf

Encryption of secret data prevents an adversary from learning sensitive information by observing the transferred data. Even though the data itself is encrypted, however, an attacker can watch which locations of the memory, disk, and network are accessed and infer a significant amount of secret information.

To defend attacks based on this access pattern leakage, a number of oblivious algorithms have been devised. These algorithms transform the access pattern in a way that the access sequences are independent of the secret input data. Since oblivious algorithms tend to be slow, a go-to optimization for algorithm designers is to leverage space unobservable to the attacker. However, one can easily miss a subtle detail and violate the oblivious property in the process of doing so.

In this paper, we propose ObliCheck, a checker verifying whether a given algorithm is indeed oblivious. In contrast to existing checkers, ObliCheck distinguishes observable and unobservable state of an algorithm. It employs symbolic execution to check whether all execution paths exhibit the same observable behavior. To achieve accuracy and efficiency, ObliCheck introduces two key techniques: Domain Specific Merging to quickly check if the algorithm is oblivious, and Iterative State Unmerging to iteratively refine its judgment if the algorithm is reported as not oblivious. ObliCheck achieves x4850 of performance improvement over conventional symbolic execution without sacrificing accuracy.

Advisor: Raluca Ada Popa


BibTeX citation:

@mastersthesis{Son:EECS-2021-29,
    Author = {Son, Jeongseok and Prechter, Griffin and Poddar, Rishabh and Popa, Raluca Ada and Sen, Koushik},
    Title = {ObliCheck: Efficient Verification of Oblivious Algorithms with Unobservable State},
    School = {EECS Department, University of California, Berkeley},
    Year = {2021},
    Month = {May},
    URL = {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2021/EECS-2021-29.html},
    Number = {UCB/EECS-2021-29},
    Abstract = {Encryption of secret data prevents an adversary from learning sensitive information by observing the transferred data. Even though the data itself is encrypted, however, an attacker can watch which locations of the memory, disk, and network are accessed and infer a significant amount of secret information. 

To defend attacks based on this access pattern leakage, a number of oblivious algorithms have been devised. These algorithms transform the access pattern in a way that the access sequences are independent of the secret input data. Since oblivious algorithms tend to be slow, a go-to optimization for algorithm designers is to leverage space unobservable to the attacker.  However, one can easily miss a subtle detail and violate the oblivious property in the process of doing so.

In this paper, we propose ObliCheck, a checker verifying whether a given algorithm is indeed oblivious. In contrast to existing checkers, ObliCheck distinguishes observable and unobservable state of an algorithm. It employs symbolic execution to check whether all execution paths exhibit the same observable behavior. To achieve accuracy and efficiency, ObliCheck introduces two key techniques: Domain Specific Merging to quickly check if the algorithm is oblivious, and Iterative State Unmerging to iteratively refine its judgment if the algorithm is reported as not oblivious. ObliCheck achieves x4850 of performance improvement over conventional symbolic execution without sacrificing accuracy.}
}

EndNote citation:

%0 Thesis
%A Son, Jeongseok
%A Prechter, Griffin
%A Poddar, Rishabh
%A Popa, Raluca Ada
%A Sen, Koushik
%T ObliCheck: Efficient Verification of Oblivious Algorithms with Unobservable State
%I EECS Department, University of California, Berkeley
%D 2021
%8 May 1
%@ UCB/EECS-2021-29
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2021/EECS-2021-29.html
%F Son:EECS-2021-29