GraphOS: Towards Oblivious Graph Processing

Proc. VLDB Endow. Pub Date : 2023-09-01 DOI:10.14778/3625054.3625067

Javad Ghareh Chamani, I. Demertzis, Dimitrios Papadopoulos, Charalampos Papamanthou, R. Jalili

{"title":"GraphOS: Towards Oblivious Graph Processing","authors":"Javad Ghareh Chamani, I. Demertzis, Dimitrios Papadopoulos, Charalampos Papamanthou, R. Jalili","doi":"10.14778/3625054.3625067","DOIUrl":null,"url":null,"abstract":"We propose GraphOS, a system that allows a client that owns a graph database to outsource it to an untrusted server for storage and querying. It relies on doubly-oblivious primitives and trusted hardware to achieve a very strong privacy and efficiency notion which we call oblivious graph processing : the server learns nothing besides the number of graph vertexes and edges, and for each query its type and response size. At a technical level, GraphOS stores the graph on a doubly-oblivious data structure , so that all vertex/edge accesses are indistinguishable. For this purpose, we propose Omix++, a novel doubly-oblivious map that outperforms the previous state of the art by up to 34×, and may be of independent interest. Moreover, to avoid any leakage from CPU instruction-fetching during query evaluation, we propose algorithms for four fundamental graph queries (BFS/DFS traversal, minimum spanning tree, and single-source shortest paths) that have a fixed execution trace , i.e., the sequence of executed operations is independent of the input. By combining these techniques, we eliminate all information that a hardware adversary observing the memory access pattern within the protected enclave can infer. We benchmarked GraphOS against the best existing solution, based on oblivious relational DBMS (translating graph queries to relational operators). GraphOS is not only significantly more performant (by up to two orders of magnitude for our tested graphs) but it eliminates leakage related to the graph topology that is practically inherent when a relational DBMS is used unless all operations are \"padded\" to the worst case.","PeriodicalId":20467,"journal":{"name":"Proc. VLDB Endow.","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proc. VLDB Endow.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.14778/3625054.3625067","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

We propose GraphOS, a system that allows a client that owns a graph database to outsource it to an untrusted server for storage and querying. It relies on doubly-oblivious primitives and trusted hardware to achieve a very strong privacy and efficiency notion which we call oblivious graph processing : the server learns nothing besides the number of graph vertexes and edges, and for each query its type and response size. At a technical level, GraphOS stores the graph on a doubly-oblivious data structure , so that all vertex/edge accesses are indistinguishable. For this purpose, we propose Omix++, a novel doubly-oblivious map that outperforms the previous state of the art by up to 34×, and may be of independent interest. Moreover, to avoid any leakage from CPU instruction-fetching during query evaluation, we propose algorithms for four fundamental graph queries (BFS/DFS traversal, minimum spanning tree, and single-source shortest paths) that have a fixed execution trace , i.e., the sequence of executed operations is independent of the input. By combining these techniques, we eliminate all information that a hardware adversary observing the memory access pattern within the protected enclave can infer. We benchmarked GraphOS against the best existing solution, based on oblivious relational DBMS (translating graph queries to relational operators). GraphOS is not only significantly more performant (by up to two orders of magnitude for our tested graphs) but it eliminates leakage related to the graph topology that is practically inherent when a relational DBMS is used unless all operations are "padded" to the worst case.

查看原文本刊更多论文

GraphOS：走向遗忘图处理

我们提出的 GraphOS 是一个允许拥有图形数据库的客户端将其外包给不受信任的服务器进行存储和查询的系统。该系统依赖于双盲基元和可信硬件来实现极强的隐私和效率概念，我们称之为 "遗忘图处理"：服务器除了知道图顶点和边的数量，以及每次查询的类型和响应大小外，什么也不知道。在技术层面上，GraphOS 将图存储在双盲数据结构中，因此所有顶点/边的访问都是不可区分的。为此，我们提出了一种新型双盲图 Omix++，它的性能比以前的技术水平高出 34 倍，而且可能具有独立的意义。此外，为了避免查询评估过程中 CPU 指令抓取造成的任何泄漏，我们提出了四种基本图查询算法（BFS/DFS 遍历、最小生成树和单源最短路径），这些算法具有固定的执行轨迹，即执行操作的顺序与输入无关。通过结合这些技术，我们消除了观察受保护飞地内内存访问模式的硬件对手可以推断出的所有信息。我们将 GraphOS 与基于遗忘关系 DBMS（将图形查询转换为关系运算符）的现有最佳解决方案进行了比较。GraphOS 不仅性能显著提高（对于我们测试过的图形，提高了两个数量级），而且消除了与图形拓扑相关的泄漏，而使用关系数据库管理系统时，除非所有操作都 "填充 "到最坏情况，否则泄漏实际上是固有的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proc. VLDB Endow.

自引率

0.00%

发文量

文献相关原料

公司名称	产品信息	采购帮参考价格