The risk of such attacks by malicious hackers aiming to steal the data is particularly acute in the cloud. Its owner has practically no control over whose applications are sharing server space with his or her. An antagonist could load up multiple cloud servers with small programs that do nothing but spy on other people’s data.
Two years ago, researchers in the group of MIT’s Srini Devadas, the Edwin Sibley Webster Professor in MIT’s Department of Electrical Engineering and Computer Science, proposed a method for thwarting these types of attacks by disguising memory-access patterns. Now, they’ve begun to implement it in hardware.
At the Architectural Support for Programming Languages and Operating Systems conference in March, scientists presented the layout of a custom-built chip that would use their scheme, which is now moving into fabrication.
The scheme has improved abilities of the system to conceal the memory addresses. Whenever a chip needs to fetch data from a particular memory address, it should query a bunch of other addresses. It prevents adversary from determining of those he is really interested in. This requires shipping much more data between the chip and memory than would otherwise be necessary.
To minimize data overload the researched structured memory addresses in “a tree”. A family tree is a familiar example of a tree, in which each “node” (a person’s name) is attached to only one node above it (the node representing the person’s parents) but may connect to several nodes below it (the person’s children).
Every address is randomly assigned to a path through the tree — a sequence of nodes stretching from the top of the tree to the bottom, with no backtracking. When the chip requires the data stored at a particular address, it also requests data from all the other nodes on the same path.