{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,7]],"date-time":"2026-04-07T16:03:11Z","timestamp":1775577791627,"version":"3.50.1"},"reference-count":85,"publisher":"Association for Computing Machinery (ACM)","issue":"2","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Proc. VLDB Endow."],"published-print":{"date-parts":[[2019,10]]},"abstract":"<jats:p>\n            Hardware enclaves such as Intel SGX are a promising technology for improving the security of databases outsourced to the cloud. These enclaves provide an execution environment isolated from the hyper-visor\/OS, and encrypt data in RAM. However, for applications that use large amounts of memory, including most databases, enclaves do not protect against\n            <jats:italic>access pattern<\/jats:italic>\n            leaks, which let attackers gain a large amount of information about the data. Moreover, the na\u00efve way to address this issue, using Oblivious RAM (ORAM) primitives from the security literature, adds substantial overhead.\n          <\/jats:p>\n          <jats:p>A number of recent works explore trusted hardware enclaves as a path toward secure, access-pattern oblivious outsourcing of data storage and analysis. While these works efficiently solve specific subproblems (e.g. building secure indexes or running analytics queries that always scan entire tables), no prior work has supported oblivious query processing for general query workloads on a DBMS engine with multiple access methods. Moreover, applying these techniques individually does not guarantee that an end-to-end workload, such as a complex SQL query over multiple tables, will be oblivious. In this paper, we introduce ObliDB, an oblivious database engine design that is the first system to provide obliviousness for general database read workloads over multiple access methods.<\/jats:p>\n          <jats:p>\n            ObliDB introduces a diverse array of new oblivious physical operators to accelerate oblivious SQL queries, giving speedups of up to an order of magnitude over na\u00efve ORAM. It supports a broad range of queries, including aggregation, joins, insertions, deletions and point queries. We implement ObliDB and show that, on analytics workloads, ObliDB ranges from 1.1--19x faster than Opaque, a previous oblivious, enclave-based system designed\n            <jats:italic>only<\/jats:italic>\n            for analytics, and comes within 2.6 x of Spark SQL, which provides no security guarantees. In addition, ObliDB supports point queries with 3--10ms latency, which is comparable to index-only trusted hardware systems, and runs over 7x faster than HIRB, a previous encryption-based oblivious index system that supports point queries.\n          <\/jats:p>","DOI":"10.14778\/3364324.3364331","type":"journal-article","created":{"date-parts":[[2020,9,11]],"date-time":"2020-09-11T03:16:00Z","timestamp":1599794160000},"page":"169-183","source":"Crossref","is-referenced-by-count":101,"title":["ObliDB"],"prefix":"10.14778","volume":"13","author":[{"given":"Saba","family":"Eskandarian","sequence":"first","affiliation":[{"name":"Stanford University"}]},{"given":"Matei","family":"Zaharia","sequence":"additional","affiliation":[{"name":"Stanford University\/Databricks"}]}],"member":"320","published-online":{"date-parts":[[2019,10]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"Big data benchmark. https:\/\/amplab.cs.berkeley.edu\/benchmark\/.  Big data benchmark. https:\/\/amplab.cs.berkeley.edu\/benchmark\/."},{"key":"e_1_2_1_2_1","unstructured":"Intel software guard extensions SDK for Linux OS developer reference. https:\/\/download.01.org\/intel-sgx\/linux-1.8\/docs\/Intel_SGX_SDK_Developer_Reference_Linux_1.8_Open_Source.pdf.  Intel software guard extensions SDK for Linux OS developer reference. https:\/\/download.01.org\/intel-sgx\/linux-1.8\/docs\/Intel_SGX_SDK_Developer_Reference_Linux_1.8_Open_Source.pdf."},{"key":"e_1_2_1_3_1","unstructured":"M. A. Abdelraheem T. Andersson and C. Gehrmann. Inference and record-injection attacks on searchable encrypted relational databases. IACR Cryptology ePrint Archive 2017:24 2017.  M. A. Abdelraheem T. Andersson and C. Gehrmann. Inference and record-injection attacks on searchable encrypted relational databases. IACR Cryptology ePrint Archive 2017:24 2017."},{"key":"e_1_2_1_4_1","volume-title":"CIDR 2013, Sixth Biennial Conference on Innovative Data Systems Research, Asilomar, CA, USA, January 6--9, 2013, Online Proceedings","author":"Arasu A.","year":"2013"},{"key":"e_1_2_1_5_1","first-page":"26","volume-title":"Proc. 17th International Conference on Database Theory (ICDT)","author":"Arasu A.","year":"2014"},{"key":"e_1_2_1_6_1","unstructured":"ARM TrustZone 2017. https:\/\/www.arm.com\/products\/security-on-arm\/trustzone.  ARM TrustZone 2017. https:\/\/www.arm.com\/products\/security-on-arm\/trustzone."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2723372.2742797"},{"key":"e_1_2_1_8_1","unstructured":"A. F. Aviram. Interactive B+ tree (C). http:\/\/www.amittai.com\/prose\/bplustree.html 2016.  A. F. Aviram. Interactive B+ tree (C). http:\/\/www.amittai.com\/prose\/bplustree.html 2016."},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1137\/S0097539795288490"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1989323.1989346"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.14778\/3291264.3291274"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813649"},{"key":"e_1_2_1_13_1","unstructured":"C. Bing. Atos IT provider for winter olympics hacked months before opening ceremony cyberattack 2018. https:\/\/www.cyberscoop.com\/atos-olympics-hack-olympic-destroyer-malware-peyongchang\/.  C. Bing. Atos IT provider for winter olympics hacked months before opening ceremony cyberattack 2018. https:\/\/www.cyberscoop.com\/atos-olympics-hack-olympic-destroyer-malware-peyongchang\/."},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3132747.3132769"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978303"},{"key":"e_1_2_1_16_1","doi-asserted-by":"crossref","unstructured":"R. Bost B. Minaud and O. Ohrimenko. Forward and backward private searchable encryption from constrained cryptographic primitives. IACR Cryptology ePrint Archive 2017:31 2017.  R. Bost B. Minaud and O. Ohrimenko. Forward and backward private searchable encryption from constrained cryptographic primitives. IACR Cryptology ePrint Archive 2017:31 2017.","DOI":"10.1145\/3133956.3133980"},{"key":"e_1_2_1_17_1","first-page":"175","volume-title":"TCC 2016-A, Tel Aviv, Israel, January 10--13, 2016, Proceedings, Part II","author":"Boyle E.","year":"2016"},{"key":"e_1_2_1_18_1","volume-title":"11th USENIX Workshop on Offensive Technologies, WOOT 2017","author":"Brasser F.","year":"2017"},{"key":"e_1_2_1_19_1","unstructured":"B. Butler. NSA spying fiasco sending customers overseas 2013. https:\/\/www.computerworld.com\/article\/2484894\/cloud-computing\/nsa-spying-fiasco-sending-customers-overseas.html.  B. Butler. NSA spying fiasco sending customers overseas 2013. https:\/\/www.computerworld.com\/article\/2484894\/cloud-computing\/nsa-spying-fiasco-sending-customers-overseas.html."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813700"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23411"},{"key":"e_1_2_1_22_1","first-page":"567","volume-title":"Advances in Cryptology - ASIACRYPT 2017 - 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Hong Kong, China, December 3--7","author":"Chan T. H.","year":"2017"},{"key":"e_1_2_1_23_1","first-page":"205","volume-title":"TCC 2016-A, Tel Aviv, Israel, January 10--13, 2016, Proceedings, Part II","author":"Chen B.","year":"2016"},{"key":"e_1_2_1_24_1","unstructured":"G. Chen S. Chen Y. Xiao Y. Zhang Z. Lin and T. H. Lai. Sgxpectre attacks: Stealing Intel secrets from SGX enclaves via speculative execution. CoRR abs\/1802.09085 2016.  G. Chen S. Chen Y. Xiao Y. Zhang Z. Lin and T. H. Lai. Sgxpectre attacks: Stealing Intel secrets from SGX enclaves via speculative execution. CoRR abs\/1802.09085 2016."},{"key":"e_1_2_1_25_1","unstructured":"M. Costa L. Esswood O. Ohrimenko F. Schuster and S. Wagh. The pyramid scheme: Oblivious RAM for trusted processors. CoRR abs\/1712.07882 2017.  M. Costa L. Esswood O. Ohrimenko F. Schuster and S. Wagh. The pyramid scheme: Oblivious RAM for trusted processors. CoRR abs\/1712.07882 2017."},{"key":"e_1_2_1_26_1","unstructured":"V. Costan and S. Devadas. Intel SGX explained. IACR Cryptology ePrint Archive 2016:86 2016.  V. Costan and S. Devadas. Intel SGX explained. IACR Cryptology ePrint Archive 2016:86 2016."},{"key":"e_1_2_1_27_1","first-page":"857","volume-title":"25th USENIX Security Symposium, USENIX Security 16","author":"Costan V.","year":"2016"},{"key":"e_1_2_1_28_1","first-page":"727","volume-title":"13th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2018","author":"Crooks N.","year":"2018"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCN.2018.8487338"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/2882903.2882911"},{"key":"e_1_2_1_31_1","first-page":"447","volume-title":"24th USENIX Security Symposium, USENIX Security 15","author":"Dinh T. T. A.","year":"2015"},{"key":"e_1_2_1_32_1","volume-title":"Pearson","author":"Elmasri R.","year":"2010"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134106"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-61176-1_22"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.10"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.5220\/0006461202000211"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/233551.233553"},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2049697.2049701"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978351"},{"issue":"1","key":"e_1_2_1_40_1","doi-asserted-by":"crossref","first-page":"172","DOI":"10.2478\/popets-2019-0010","article-title":"Hardware-supported ORAM in effect: Practical oblivious search and update on very large dataset","volume":"2019","author":"Hoang T.","year":"2019","journal-title":"PoPETs"},{"key":"e_1_2_1_41_1","volume-title":"19th Annual Network and Distributed System Security Symposium, NDSS 2012","author":"Islam M. S.","year":"2012"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978386"},{"key":"e_1_2_1_43_1","unstructured":"S. Lee M. Shih P. Gera T. Kim H. Kim and M. Peinado. Inferring fine-grained control flow inside SGX enclaves with branch shadowing. CoRR abs\/1611.06952 2016.  S. Lee M. Shih P. Gera T. Kim H. Kim and M. Peinado. Inferring fine-grained control flow inside SGX enclaves with branch shadowing. CoRR abs\/1611.06952 2016."},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/2694344.2694385"},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.29"},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2013.11.021"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516692"},{"key":"e_1_2_1_48_1","first-page":"1289","volume-title":"26th USENIX Security Symposium, USENIX Security 2017","author":"Matetic S.","year":"2017"},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00045"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813651"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23349"},{"key":"e_1_2_1_52_1","unstructured":"K. Nayak and J. Katz. An oblivious parallel RAM with o(log2 N) parallel runtime blowup. IACR Cryptology ePrint Archive 2016:1141 2016.  K. Nayak and J. Katz. An oblivious parallel RAM with o(log 2 N) parallel runtime blowup. IACR Cryptology ePrint Archive 2016:1141 2016."},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.30"},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813695"},{"key":"e_1_2_1_55_1","unstructured":"R. Poddar T. Boelter and R. A. Popa. Arx: A strongly encrypted database system. IACR Cryptology ePrint Archive 2016:591 2016.  R. Poddar T. Boelter and R. A. Popa. Arx: A strongly encrypted database system. IACR Cryptology ePrint Archive 2016:591 2016."},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/2330667.2330691"},{"key":"e_1_2_1_57_1","first-page":"157","volume-title":"Proceedings of the 11th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2014","author":"Popa R. A.","year":"2014"},{"key":"e_1_2_1_58_1","unstructured":"N. Porter J. Garms and S. Simakov. Introducing Asylo: an open-source framework for confidential computing 2018. https:\/\/cloudplatform.googleblog.com\/2018\/05\/Introducing-Asylo-an-open-source-framework-for-confidential-computing.html.  N. Porter J. Garms and S. Simakov. Introducing Asylo: an open-source framework for confidential computing 2018. https:\/\/cloudplatform.googleblog.com\/2018\/05\/Introducing-Asylo-an-open-source-framework-for-confidential-computing.html."},{"key":"e_1_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978401"},{"key":"e_1_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00025"},{"key":"e_1_2_1_61_1","first-page":"431","volume-title":"24th USENIX Security Symposium, USENIX Security 15","author":"Rane A.","year":"2015"},{"key":"e_1_2_1_62_1","first-page":"415","volume-title":"24th USENIX Security Symposium, USENIX Security 15","author":"Ren L.","year":"2015"},{"key":"e_1_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.19"},{"key":"e_1_2_1_64_1","unstructured":"M. Russinovich. Introducing Azure confidential computing 2017. https:\/\/azure.microsoft.com\/en-us\/blog\/introducing-azure-confidential-computing\/.  M. Russinovich. Introducing Azure confidential computing 2017. https:\/\/azure.microsoft.com\/en-us\/blog\/introducing-azure-confidential-computing\/."},{"key":"e_1_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.20"},{"key":"e_1_2_1_66_1","doi-asserted-by":"crossref","unstructured":"S. Sasy S. Gorbunov and C. W. Fletcher. ZeroTrace : Oblivious memory primitives from Intel SGX. IACR Cryptology ePrint Archive 2017:549 2017.  S. Sasy S. Gorbunov and C. W. Fletcher. ZeroTrace : Oblivious memory primitives from Intel SGX. IACR Cryptology ePrint Archive 2017:549 2017.","DOI":"10.14722\/ndss.2018.23239"},{"key":"e_1_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.10"},{"key":"e_1_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23037"},{"key":"e_1_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23193"},{"key":"e_1_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897885"},{"key":"e_1_2_1_71_1","unstructured":"R. Sinha and M. Christodorescu. Veritasdb: High throughput key-value store with integrity. IACR Cryptology ePrint Archive 2018:251 2018.  R. Sinha and M. Christodorescu. Veritasdb: High throughput key-value store with integrity. IACR Cryptology ePrint Archive 2018:251 2018."},{"key":"e_1_2_1_72_1","volume-title":"20th Annual Network and Distributed System Security Symposium, NDSS 2013","author":"Stefanov E.","year":"2013"},{"key":"e_1_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516660"},{"key":"e_1_2_1_74_1","unstructured":"Y. Tang and J. Chen. LPAD: Building secure enclave storage using authenticated log-structured merge trees. IACR Cryptology ePrint Archive 2016:1063 2018.  Y. Tang and J. Chen. LPAD: Building secure enclave storage using authenticated log-structured merge trees. IACR Cryptology ePrint Archive 2016:1063 2018."},{"key":"e_1_2_1_75_1","unstructured":"S. Thielman. Yahoo hack: 1bn accounts compromised by biggest data breach in history 2016. https:\/\/www.theguardian.com\/technology\/2016\/dec\/14\/yahoo-hack-security-of-one-billion-accounts-breached.  S. Thielman. Yahoo hack: 1bn accounts compromised by biggest data breach in history 2016. https:\/\/www.theguardian.com\/technology\/2016\/dec\/14\/yahoo-hack-security-of-one-billion-accounts-breached."},{"key":"e_1_2_1_76_1","volume-title":"Proceedings of the 27th USENIX Security Symposium. USENIX Association","author":"Bulck J. Van","year":"2018"},{"issue":"3","key":"e_1_2_1_77_1","doi-asserted-by":"crossref","first-page":"370","DOI":"10.2478\/popets-2019-0052","article-title":"Stealthdb: a scalable encrypted database with full SQL query support","volume":"2019","author":"Vinayagamurthy D.","year":"2019","journal-title":"PoPETs"},{"key":"e_1_2_1_78_1","first-page":"299","volume-title":"14th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2017","author":"Wang F.","year":"2017"},{"key":"e_1_2_1_79_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660314"},{"key":"e_1_2_1_80_1","first-page":"440","volume-title":"Computer Security - ESORICS 2016 - 21st European Symposium on Research in Computer Security, Heraklion, Greece, September 26--30","author":"Weichbrodt N.","year":"2016"},{"key":"e_1_2_1_81_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23052"},{"key":"e_1_2_1_82_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.45"},{"key":"e_1_2_1_83_1","first-page":"707","volume-title":"25th USENIX Security Symposium, USENIX Security 16","author":"Zhang Y.","year":"2016"},{"key":"e_1_2_1_84_1","first-page":"283","volume-title":"14th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2017","author":"Zheng W.","year":"2017"},{"key":"e_1_2_1_85_1","unstructured":"W. Zheng A. Dave J. G. Beekman R. A. Popa J. E. Gonzalez and I. Stoica. Opaque (github repository) 2017. https:\/\/github.com\/ucbrise\/opaque\/tree\/c42fe1bb758a93239fae284885c3d64991affddf.  W. Zheng A. Dave J. G. Beekman R. A. Popa J. E. Gonzalez and I. Stoica. Opaque (github repository) 2017. https:\/\/github.com\/ucbrise\/opaque\/tree\/c42fe1bb758a93239fae284885c3d64991affddf."}],"container-title":["Proceedings of the VLDB Endowment"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.14778\/3364324.3364331","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,12,28]],"date-time":"2022-12-28T11:00:21Z","timestamp":1672225221000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.14778\/3364324.3364331"}},"subtitle":["oblivious query processing for secure databases"],"short-title":[],"issued":{"date-parts":[[2019,10]]},"references-count":85,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2019,10]]}},"alternative-id":["10.14778\/3364324.3364331"],"URL":"https:\/\/doi.org\/10.14778\/3364324.3364331","relation":{},"ISSN":["2150-8097"],"issn-type":[{"value":"2150-8097","type":"print"}],"subject":[],"published":{"date-parts":[[2019,10]]}}}