Implementation of oblivious RAM for cloud services

Supervisor(s)Sebastian Luhn, MSc


Oblivious RAM is a concept to hide which parts of a computer’s memory are accessed. That is, an adversary monitoring queries to the memory cannot distinguish between them if they are of equal running time. This concept is particularly interesting in a cloud environment: hardware is shared between mutually distrustful users and in theory, a user could try to infer something about other tenants on the same (physical) system by monitoring the CPU’s memory access patterns. By using oblivious RAM, this potential attack vector would be diminished.

In this thesis, oblivious RAM shall be implemented and evaluated for usage in a typical cloud service scenario. The most important aspects of the implemenation and its evaluation are whether obfuscating memory access patterns works and, as this technique should be applied to a cloud service, whether it is performant (both in terms of additional memory usage, number of requests, and additional CPU time) and scalable to multiple tenants on a single physical system.


  • Goldreich, O. and Ostrovsky, R. Software Protection and Simulation on Oblivious RAMs. Journal of the ACM (JACM), 43, 3 (1996), 431–473.
  • Pinkas, B. and Reinman, T. Oblivious RAM Revisited. In Advances in Cryptology – CRYPTO 2010. Springer, 2010, pp. 502–519.