Flat ORAM: A Simplified Write-Only Oblivious RAM Construction for Secure Processor Architectures

Oblivious RAM (ORAM) is a cryptographic primitive which obfuscates the access patterns to a storage thereby preventing privacy leakage via access patterns. So far in the current literature only 'fully functional' ORAMs are widely studied which can protect, at a cost of considerable performance penalty, against the strong adversaries who have access to the memory address bus and can monitor all read and write operations. However, for weaker and more common adversaries who can learn the pattern of write accesses only (not reads), a fully functional ORAM turns out to be an overkill, since only write accesses need to be obfuscated. A simple 'write-only' ORAM is sufficient for such adversaries, and, more interestingly, is preferred as it can offer far more performance and energy efficiency than the fully functional ORAM. In this work, we present Flat ORAM: a simplified and efficient write-only ORAM scheme for secure processors. To the best of our knowledge, this is the first ever proposal of a write-only ORAM tailored for secure processor architectures. The proposed Flat ORAM avoids almost all the redundancy incurred by a Path ORAM, while seamlessly adopting its basic structures (e.g. Position Map, Stash) as well as crucial optimizations proposed over the past decade. Specific to write-only ORAMs, we introduce a new ORAM structure called Occupancy Map (OccMap) which contains memory occupancy information vital for correctness and efficiency of our scheme. Our simulation results show that, on average, Flat ORAM only incurs a moderate slowdown of $2.9\times$ over the insecure DRAM for memory intensive benchmarks among Splash2 and $1.5\times$ for SPEC06. Compared to the closest existing write-only ORAM scheme called HIVE, Flat ORAM offers $\approx50\%$ performance gain and $45$-$65\%$ energy savings on average.