Making Your Program Oblivious: a Comparative
Study for Side-channel-safe Confidential Computing
A K M Mubashwir Alam
Computer Science
Marquette University
Milwaukee, WI, USA
[email protected]
[email protected]
arXiv:2308.06442v1 [cs.CR] 12 Aug 2023
Abstract—Trusted Execution Environments (TEEs) are grad-
ually adopted by major cloud providers, offering a practical
option of confidential computing for users who don’t fully trust
public clouds. TEEs use CPU-enabled hardware features to
eliminate direct breaches from compromised operating systems
or hypervisors. However, recent studies have shown that side-
channel attacks are still effective on TEEs. An appealing solution
is to convert applications to be data oblivious to deter many side-
channel attacks. While a few research prototypes on TEEs have
adopted specific data oblivious operations, the general conversion
approaches have never been thoroughly compared against and
tested on benchmark TEE applications. These limitations make it
difficult for researchers and practitioners to choose and adopt a
suitable data oblivious approach for their applications. To address
these issues, we conduct a comprehensive analysis of several
representative conversion approaches and implement benchmark
TEE applications with them. We also perform an extensive
empirical study to provide insights into their performance and
ease of use.
Index Terms—Access-Pattern, TEE, SGX, Obliviousness, Side-
Channel, Confidential Computing
I. I NTRODUCTION
Confidential computing enables users to enjoy public clouds
without the need to trust cloud providers’ security infras-
tructure. Researchers are actively developing cryptographic
approaches to secure processing in untrusted platforms, such as
Homomorphic Encryption [5] and Secure Multiparty Compu-
tation (SMC) [20], [25]. While recent cryptographic methods,
e.g., hybrid protocols [25], [26], [39], are getting more effi-
cient, pure software-based solutions are still too expensive to
be practical for complex computational tasks or data-intensive
applications [35].
More recently, Trusted Execution Environment (TEE) [13]
emerges as a more practical solution for confidential comput-
ing. TEE utilizes CPUs’ new hardware features to securely
isolate a user’s application from the cloud system. Therefore,
even if an entire system, including the operating system or
hypervisor, is compromised, the adversary cannot access the
application. Major CPU manufacturers have implemented the
TEE concept in their recent CPUs, e.g., Intel SGX and AMD
SEV. Correspondingly, TEE-enabled servers are increasingly
available in major public clouds, e.g., Azure provides SGX-
enabled servers, and Google adopts AMD SEV.
Keke Chen
Computer Science
Marquette University
Milwaukee, WI, USA
While TEE performs much more efficiently than software-
based cryptographic approaches, recent studies have also
identified several side-channel attacks [8], [11], [40], [44],
[47]. Although the TEE enclave cannot be directly breached,
side channels are still there – The enclave interacts with
untrusted memories and file systems, and the CPU cache is still
shared among processes/virtual machines owned by different
users. Thus, attackers can utilize such controlled channel
attacks, e.g., manipulating page faults and page-table entries
and exploiting the flaws of modern CPU’s micro-architecture
execution optimization. Powerful attacks like Foreshadow [7]
and Load Value Injection [43] can combine memory/cache
footprints and CPU speculative execution to extract the secrets
in TEE execution.
So far, countermeasures on side-channel attacks are limited
to specific applications [2], [28] or firmware fixes at the
micro-architectural [43]. Among the candidate solutions, data-
oblivious algorithms and applications appear attractive and
promising. Regular programs’ data flow and execution paths
vary according to input data, i.e., a specific input value may
trigger different steps to execute. In contrast, data-oblivious
algorithms’ data flow and execution paths are invariant to the
input. This data obliviousness property can potentially help
address many side-channel issues, as we will discuss in Section
II-B.
Nevertheless, it is challenging for users to develop an
oblivious solution for the following reasons. First, it’s unclear
how complex to compose an oblivious data program manually.
Although recent TEE-related studies [12], [29], [36] have indi-
cated some oblivious primitives that one can use to compose an
oblivious solution, the complexity and the efforts to develop
such a solution are unclear. Second, automated approaches
can help convert regular programs to oblivious ones, but it’s
unclear how practical they are for TEE applications. Third,
the quality of automatically generated oblivious solutions is
also a concern. Oblivious programs generally cost more than
their non-oblivious equivalent in terms of performance and
memory. Low-quality conversion may also result in a higher
performance penalty. There is no systematic study to answer
these questions for TEE-based applications.
Contributions. We conduct a comprehensive analysis and
empirical study to compare several data oblivious solutions
for TEE applications. The result will help researchers and
practitioners understand the benefits and limitations of current
solutions, possibly identify new research topics and assess the
strategies for adopting the side-channel-safe TEE solutions.
Specifically, we first analyze whether and how data obliv-
iousness can address side-channel attacks. Then, we sum-
marize four representative solutions: the manual composition
approach, the compiler approach, the circuit approach, and
the application-framework approach and their characteristics
in terms of performance, ease of use, and maturity for appli-
cation.
Finally, we develop an evaluation benchmark that includes
basic oblivious operations, compute-intensive tasks, and data-
intensive tasks. Then, we apply different oblivious program
conversion approaches to the benchmark and evaluate the
resulting oblivious programs’ performance and ease of use.
Our study reveals the strengths and weaknesses of different
oblivious solutions and provides guidelines for selecting suit-
able techniques under different scenarios.
In the remaining sections, we will first present the back-
ground knowledge for our approach (Section II), then dive
in the details of how data oblivious solutions help to protect
side-channels (Section III), then discuss different oblivious
approaches (Section IV), and, finally, perform the experimental
evalution (Section V) and conclusion (Section VI).
II. P RELIMINARIES
This section presents the necessary preliminaries for under-
standing the paper. We will give the related background knowl-
edge before analyzing oblivious solutions. In the following, we
will introduce the concept of Trusted Execution Environments
(TEE), the status of TEE development and deployment, and
the effect of side-channel attacks in TEEs.
A. Trusted Execution Environment
Trusted Execution Environment (TEE) is a hardware-based
solution for executing code in a secure environment where
powerful adversaries cannot access code or data within this
secure area. Using TEEs, a user can run their sensitive
computations in a TEE called Enclave, which uses a hardware-
assisted mechanism to preserve the privacy and integrity of en-
clave memory. With TEEs, users can pass encrypted data into
the Enclave, decrypt it, compute with plaintext data, encrypt
the result, and return it to the untrusted cloud components.
TEEs isolate private reserved memory for secure applications
from other system components, such as operating systems and
hypervisors. When the operating system or other system appli-
cations want to access the dedicated private memory, the CPU
restricts the access and redirects to some abort memory page.
Therefore, TEE applications can perform plaintext calculations
without compromising privacy and security.
However, without verifying the correctness of the cloud
hardware and the user binary, the remote user still cannot
trust the TEE. The Remote Attestation procedure establishes
the trust between the TEE hardware and the user. Using
remote attestation, the user can verify if the cloud provider
is using certified TEE hardware and if the program running
in an enclave is from a digitally signed binary. During remote
attestation, a secret key is generated by Diffie-Hellman key
exchange between the Enclave and the remote user to establish
a secure channel for the follow-up communication between the
user and the Enclave.
Major cloud platforms have provided different types of
TEE-enabled servers. Intel SGX is one of the popular TEE
implementations. Since 2015, SGX has been available in most
Intel CPUs. Unlike Intel SGX, the other two major TEEs,
such as ARM TrustZone and AMD PSP, rely on secure
hardware and a secure operating system. As AMD integrated
ARM TrustZone as an extension of CPU [17] and later
renamed it Platform Security Processor (PSP), the underlying
technology of both systems remains similar. While all TEE
implementations feature complete memory isolations from the
system components and remote attestation to establish trust,
they still suffer from side-channel attacks.
B. Side Channel Attacks on TEEs
Since the advent of TEEs, many studies have explored the
weaknesses of TEE side channels. While passive adversaries
can exploit some attacks [10], [34], [50] by only observing
interactions between TEEs and other system components, the
assumption of TEEs enables more powerful attacks to be
performed, some of which can even retrieve plaintext infor-
mation directly from the Enclave. Based on the attack strate-
gies, these attacks can be categorized as (i) memory/cache-
targeted attacks and (ii) microarchitecture-level attacks. In
memory/cache-targeted attacks, the attacker exploits the inter-
actions between TEEs and untrusted memory or applications
and observes enclave memory page loading and CPU cache
usages. Microarchitecture-level attacks utilize modern CPU
features, such as CPU transient memory execution [7], to
retrieve fine-grained information from the low-level cache
lines. We will discuss more details in the next section.
III. DATA O BLIVIOUS S OLUTIONS FOR S IDE C HANNEL
P ROTECTION
A. Threat Model
Users may run confidential computation tasks in an un-
trusted cloud server, where the server’s OS or hypervisor can
be compromised. The goal is to preserve data and program’s
integrity and confidentiality while availability is out of con-
cern. A typical TEE, such as Intel SGX, provides a hardware-
protected memory area, i.e., the enclave [13], and guarantees
the integrity of the data and computation running inside the
enclave. While adversaries cannot directly access the enclave,
they can still glean information via side channels, such as
memory access patterns and CPU caches. However, cache-
based attacks target all CPUs (regardless of having TEEs or
not) and thus need manufacturers’ micro-architecture level
fixes. In contrast, the exposure of memory access patterns
is inevitable as enclaves have to interact with the untrusted
memory area. It’s also reasonable to assume that attackers
cannot access the cloud server physically, e.g., attaching a
 CPU
Trusted Cache
CPU
Core
Enclave
Encrypted
Side-Channel
Attacks
Data
Untrusted Memory
Untrusted Server
Fig. 1: TEE, side channels, and the threat model.
device to the server or touching the motherboard, which
excludes all attacks based on physical accesses. Figure 1
illustrates the threat model.
B. Data Obliviousness
Definition. The execution path and data flow of a (data)
oblivious program do not change with different input data
and parameter settings. When all the steps of an algorithm or
mechanism do not depend on input data, one cannot determine
the nature of the data by observing the steps of that algorithm.
Thus, oblivious solutions can effectively protect from attacks
depending on data-dependent access patterns.
Oblivious Primitives. The goal of developing data obliv-
ious programs is to eliminate any data-dependent operations.
We list the primitives that data oblivious programs heavily
depend on.
• Address-based Access. This operation includes array el-
ement access or data block access. Exposing the position
of accessed data is the fundamental access pattern. A
naive solution is to iterate over the whole data structure to
hide the actual accessed position. In contrast, Oblivious
RAM (ORAM) [18] has been a well-accepted primitive
for more efficiently hiding accessed addresses. It can ef-
fectively reduce the cost of oblivious access to O(log N )
for a structure of N data items. ORAM has been used in
a few TEE-based solutions to hide access patterns.
• Data-dependent Branching. Most programs contain
data-dependent branching statements. Depending on the
different inputs, a program execution may choose dif-
ferent paths, resulting in distinct access patterns. The
following code snippet shows how an attacker can utilize
the branching access pattern.
if (a >= b){
// swap a and b, and
// the page access can be observed.
}else{
// no page access.
} sensitive information, such as age group, birthplace, and
The common method uses the CPU’s conditional move
(CMOV) instructions to eliminate the branching state-
ments. A simplified example is shown as follows:
//if (a < b) x = a else x = b
CMOVL x, a
CMOVGE x, b
A few studies [3], [30], [33] have used CMOV instruc-
tions to provide code-level obliviousness for branching
statements. Without specific conditional jumps, CMOV
instructions move the source operand to the destination
when a conditional flag is set. However, regardless the
flag is set or not, it reads the source operand. Therefore,
the access to the source operand cannot be used to infer
whether the source is copied to the destination or not.
Ohrimenko et al. [30] also designed library functions
omove and ogreater to wrap up the CMOV instructions
for conveniently converting the branching statements. No-
tably, a completely oblivious branching execution needs
to run both branches and select the desired result with
the above method, which often leads to very high costs.
• Circuit. Circuits are considered a natural way to hide
access patterns, as the circuit execution activates the
gates in a certain order regardless of the input values
[19]. The branching statement is readily implemented
with a bitwise multiplexer. However, oblivious memory
access imposes significant challenges. Many solutions
implement linear scan so far [9], [32], [41], which incurs
very high costs.
• Oblivious algorithms. Task-specific oblivious algorithms
are methods specifically designed to work with a specific
task or a data structure. They work more efficiently
than solutions composed of general primitives such as
ORAM. For example, MergeSort can be converted to be
oblivious by simply replacing every memory interaction
of the merge phase with ORAM and unwinding data-
dependent loops with fixed iteration loops. However, this
direct conversion can be much more expensive than a
specially designed oblivious sorting algorithm, such as
BitonicSort [4]. Similarly, frequently used data-intensive
operations, such as join and group by, can have more
efficient dedicated oblivious versions.
C. Can Data Obliviousness Address TEE Side-channel At-
tacks?
Against Memory Targeted Attacks. Memory-targeted at-
tacks glean and utilize access patterns within the system
memory. TEE applications store data in an encrypted form
outside the TEE. When encrypted messages are accessed from
memory, i.e., between TEE and untrusted memory and even
within TEE, an adversary who controls the operating system
can observe the data access patterns and possibly extract
sensitive information by manipulating page-fault interrupts
[10], [40]. Page-table entries [8]. For distributed data-intensive
applications, Ohrimenko et al. [34] also demonstrated how
marital status, can be extracted from MapReduce programs
by only observing the network flow and memory skew.
These attacks all depend on the differential access patterns
observed via the side channels. For example, an important
step in KMeans clustering is to find the nearest centroid and
update the temporal cluster information for each training data.
A straightforward way of accessing cluster information creates
data-dependent branching based on cluster ids. If each cluster
object resides in separate memory pages, an attacker can
exploit cluster id-dependent branches by observing memory
page access patterns. Thus, the adversary can estimate the
cluster size, which may be sensitive to the user. However,
a simplified oblivious version of this step hides the secret
dependent branch by accessing each cluster object with a
CMOV operation. Thus, the attacker cannot distinguish which
cluster-id is being updated for the training data.
Against Cache Attacks. Cache-based side-channel attacks
[27] had been long exploited before TEE became popular.
The basic mechanism of cache attacks remains the same for
systems with or without TEE. The main idea of the cache
attack is to load the system memory into the CPU cache and
perform a time analysis by loading different byte values to
retrieve the value of the previously loaded memory, such as
Prime+Probe [24] and Flush+Reload [48] methods.
Like regular applications, TEE is also vulnerable to cache-
based side-channel attacks. Since the last level cache (LLC) is
a shared resource, an attacker can exploit fine-grained infor-
mation at a specific stage of the program by probing the data
access time in each cache line. However, in a data-oblivious
algorithm, all the steps and data accesses are fixed. Thus, an
attacker cannot distinguish the secret value and dummy access
from the cache-level timing at a given time. For example, a
cache attack cannot distinguish the secret-dependent block IDs
or block data from dummy ones if accessed through oblivious
RAM [2], [36].
Against Micro-architectural Attacks. Some powerful at-
tacks exploit the CPU’s micro-architecture to retrieve secrets
from TEE applications. Foreshadow [7] exploits meltdown-
type [22] attacks on TEE applications. Load Value Injection
(LVI) [43] is the most recent attack on Intel SGX that suc-
cessfully retrieves the secrets from the victim’s Enclave within
the victim’s address space. The CPU’s micro-architectural
buffer must be prepared with some attacker-controlled secret
value to perform the LVI attack. These attacks are powerful
enough to extract plain text information from the TEE without
physical access. Manufacturers have issued microarchitectural-
level firmware patches for some [7], [43] of these attacks.
However, not all micro-architectural attacks can be pre-
vented from firmware-level patches. Some micro-architectural-
level attacks still utilize access patterns. For example,
Bulck et al. [45] show that, by exploiting the timing of
micro-architectural instructions, attackers can observe secret-
dependent branches at the CPU instruction level. This type
of micro-architectural-level attacks cannot succeed if the ap-
plication developer hides the data-dependent branches with
oblivious solutions. Therefore, oblivious programs can still
help mitigate these attacks.
IV. M AKING YOUR P ROGRAM O BLIVIOUS
While the fundamentals of data-oblivious operations are
clear, developing a practical solution is challenging for several
reasons. First, it requires the developer to have basic knowl-
edge of every data-dependent part of their programs and the
risk of leaking a particular access pattern. Second, converting
the program to an oblivious one can be complex and error-
prone. We investigate the existing candidate approaches and
summarize the following four most representative ones for
developing oblivious solutions: (i) manual composition (or
manual approach), (ii) compiler approach, (iii) circuit ap-
proach, and (iv) framework approach.
A. Manual Composition
In manual composition, developers need to learn all the
knowledge of sensitive access patterns and the methods of
converting them to be oblivious. These approaches may vary
depending on the applications’ related access pattern problems.
The key challenges of this approach are to manually analyze
the access pattern problem for every line of the code and
replace the vulnerable parts with their oblivious alternatives.
Developers may also need to experiment with different obliv-
ious primitives to determine the most efficient one. It’s also
necessary to verify whether the conversion is complete with a
tool such as ObliCheck [42].
Several problem-specific manual compositions have been
reported to address the access-pattern based attacks on TEE
applications. To protect the random access over block data
in untrusted memory, the developer can implement Oblivious
RAM that works with TEE, e.g., ZeroTrace [2], [36], that
hides which block is read or written by shuffling memory
blocks during each access. Other problem-specific algorithms
have also been used to hide access patterns of specific tasks,
such as Oblivious Sorting [4], Oblivious Filter [50], Oblivious
Join [21], etc. CMOV-based oblivious branching is also ac-
tively applied in developing specific machine algorithms [29]
and addressing the in-enclave access patterns [3], [36], with
wrapped functions such as oblivious move, greater, swap, etc.
Manually applying oblivious solutions enables the designing
of both memory and performance-efficient application. How-
ever, manually analyzing sensitive data access and code vul-
nerabilities and applying oblivious solution is time-consuming,
domain-expertise demanding, and sometimes error prone. De-
velopers may utilize existing oblivious libraries [12] to reduce
manual efforts.
B. Compiler Approach
Compiler techniques (e.g., static code analysis) can be used
to minimize manual efforts. The current compiler approaches
for generating oblivious code follow two directions: automate
the manual composition approach, and hide code and data
access patterns via randomization.
The first category of approaches includes Raccoon [33]
and Ghostrider [23] for automating the manual process. They
utilize static code analysis to detect vulnerabilities, i.e., the
primitive operations that need to be obfuscated, and then
apply suitable oblivious measures, as we have discussed in the
manual approach. They also use a few methods to optimize
performance. For example, they often provide an option to
allow developers to annotate the parts to be obfuscated; based
on the array size, the compiler can decide to use linear scan
or ORAM to hide the accessed element.
Another compiler approach is to randomize access patterns
and program execution paths [1], [6], [31] by using primitives
like ORAMs. For example, Obfuscuro [1] divides the memory
and code pages into two classes and achieves obliviousness
via ORAM. Similarly, Dr. SGX [6] and CoSMIX [31] also
use data randomization techniques to achieve fully automated
memory obfuscation. The non-deterministic run-time access
patterns successfully hinder the adversary from extracting any
information.
These approaches are mostly experimental, not fully achiev-
ing the design goal yet. First, while the compiler approach
avoids most manual efforts, it may not generate the most
efficient oblivious solution. In particular, the randomization
approach often results in significantly high costs. Second,
since the compilers depend on static analysis to identify the
sensitive code blocks, they may apply unnecessary obfuscation
due to a lack of context awareness and the limitation of static
analysis tools. Son et al. [42] showed how static analysis-based
methods failed to recognize standard oblivious algorithms
and were marked as non-oblivious, leading to unnecessary
obfuscation in the mitigation phase.
The ultimate goal of the compiler approach is to entirely
free developers from complex and expensive manual efforts,
which is appealing. Unfortunately, existing compilers have not
reached the goal yet. In fact, we could not find a stable open-
source implementation for any of the mentioned approaches.
Nevertheless, we still believe this is a promising direction.
C. Circuit Approach
In many cryptographic approaches [20], [25], circuits have
been used as a building block for secure evaluation. Boolean
circuits are naturally oblivious as they execute all the paths
[32], [41]. Since automated program-to-circuit conversion
tools have been built for the cryptographic approaches, such
as ObliVM [23], CircC [32], and HyCC [9], we wonder
whether this approach can also be a candidate for TEE-based
applications.
Cryptographic circuit compilers ensure many things, includ-
ing variable mutations, conditional branching, loops, loops
with breaks, early returns, and random array access, are
oblivious. We briefly describe some of the key features:
• Variable Mutations. In a regular program, the value of a
variable can be updated; however, in Boolean circuits,
values are mutation free. When required to update a
variable, it uses versions of the variable. For example,
if the previous value of x was zero and then assigned to
ten, it will be converted to x0 = 0, x1 = 10.
• Branching. To protect the branching attack, researchers
implement guarded execution, executing both branches
and selecting the result based on condition.
• Loops. In circuits, each gate is executed only once. Thus,
circuits do not have any loops. Compilers unroll the loops
to linear execution for bounded iterations. If you do not
provide a bound, it will unroll the loop up to the size of
data types. For example, a byte-type loop variable will
unroll for 256 iterations.
• Loops with breaks. Loops with breaks are common in
programming. While older compilers do not support
break statements, modern compilers support break/con-
tinue commands. In short, compilers use a similar ap-
proach that resolves conditional branching. Expressly,
compilers turn the loop into a breakable block. When
there is a breakable block, it will execute all iterations,
except it will use guarded execution to hide which value
will be chosen last.
• Random Array access. That array access depends on the
input. It requires O(n) operations. Since the value is not
constant, array access is implemented using an n-sized
multiplexer with the index as the multiplexer selector.
Cryptographic circuit compilers such as CircC [32] and
HyCC [9] can convert regular C programs to executable C
circuit programs. However, very few TEE-related studies [16],
[38] have applied circuits as an access pattern protection
mechanism. We show in experiments that the performance can
be a significant concern due to three reasons (1) the extensive
uses of the above methods to ensure obliviousness; (2) the size
of the generated circuit is large, proportional to the input data
size; (3) executing a circuit in a software mode is inherently
slow.
D. Framework Approach
For TEE-based data-intensive applications, the framework
approach can be a valid candidate [3], [15], [29], [37], [50]. We
refer “framework” here to the well-known big data processing
frameworks, such as MapReduce [14] and Spark [49]. We have
witnessed two types of framework approaches.
The first type aims to extend the big data frameworks to
take advantage of TEEs, which will have to handle side-
channel attacks, as well. VC3 [37] applied this strategy for
modifying the Hadoop [46] system. M2R [15] targets the
problem of access-pattern leakage in the shuffling phase of
VC3 and proposes to use the oblivious schemes for shuffling.
Another significant work, Opaque [50], tries to revise Spark
for SGX. They focus on the data access patterns between
computing nodes, illustrate how adversaries can use these to
infer sensitive information in the encrypted data and design
data-oblivious methods to address these attacks. These frame-
works have a shared weakness: only a few data processing
components of the framework were moved to the TEE, leaving
most parts of the framework in untrusted areas under serious
threats. However, re-implementing the frameworks with the
data obliviousness guarantee is too expensive to be practical.
The second type of framework approach utilizes a data-
intensive framework to simplify the development of data
oblivious solutions. Specifically, the framework serves as
the middleware to hide the complexity of data-oblivious
processing. The developer only needs to spend much less
effort implementing data-oblivious TEE applications. SGX-
MR [3] utilizes the MapReduce processing model to regulate
application dataflow so that the framework can integrate the
application-independent data-oblivious protection mechanisms
in the framework code to protect any data mining algorithms
that can be cast to the MapReduce framework. Developers
only need to handle a much smaller number of and often
simpler access patterns in the application-specific map and
reduce functions.
This framework approach has a few unique benefits: (1) It
significantly reduces the complexity of the manual approach
for data-intensive processing; (2) It can integrate both the latest
big-data processing techniques and data-oblivious solutions at
the framework level, which is transparent to developers; (3) It
can incorporate data-intensive optimization techniques in the
framework implementation, e.g., most block-based operations.
Thus it can be more efficient than directly applying fully
automated compiler or circuit approaches that are unaware of
data-intensive features.
We use Table I to summarize the four approaches qual-
itatively in terms of ease of use, performance, and unique
features. In experiments, we will see more quantitative results.
TABLE I: Summary of existing data oblivious solutions.
Method Easy use Performance Other features
Manual Low High Require expertise,
time consuming
Compiler High Mid May incur unnecessary
obfuscation
Circuit Mid Low compilation very slow,
circuit size greater than data
F/W High High only domain specific
functionalities
V. E XPERIMENTAL E VALUATIONS
The experimental evaluation has the following goals.
• Observe how different conversion approaches perform on
the primitive operations, which are the building blocks
of an oblivious program. These operations include (i)
oblivious data access, (ii) oblivious branching, and (iii)
basic oblivious algorithms, such as sorting. The primitive
operations will be discussed under compute-intensive and
data-intensive workloads.
• Understand how the oblivious programs generated with
different approaches perform. We evaluate the perfor-
mance with compute-intensive and data-intensive bench-
mark applications.
• Investigate the ease of use, i.e., the developers’ efforts,
via multiple measures, e.g., the line of code (LOC), the
number of sensitive code blocks susceptible to access
pattern leakages, and LOC overhead to achieve mitigation
techniques.
A. Experiment Setup
The experiments were conducted on a Linux machine with
an Intel(R) Core(TM) i7-8700K CPU of a 3.70GHz processor
and 16 GB of DRAM. The TEE environment is Intel SGX
v1.0, and the Linux version is Ubuntu 22.04.
Approach Implementation. The unprotected approach is
the simple implementation without considering obliviousness.
The manual composition approach has used the following
primitive operations: linear scan and ORAM for random array
accesses, the omove/ogreater functions [3], [29], [36] for
oblivious branching, and BitonicSort for sorting, to convert the
implementation. We used ZeroTrace’s open-source implemen-
tation for ORAM on SGX, and the HyCC circuit generator [9]
to convert a plain implementation to a circuit for the circuit-
based evaluation. For data-intensive applications, we adopted
the SGX-MR framework in the evaluation. Unfortunately, we
could not find a working open-source implementation for the
published compiler approaches. Due to the sheer complexity
of implementing such a compiler, we have not included the
compiler approach in the evaluation.
• Oblivious Operations. We evaluate the three basic obliv-
ious operations: random array access (block access in
data-intensive workloads), branching, and sorting. This
evaluation should help understand the performance of
each approach at low-level operations.
• Sample Applications. In addition to the basic oblivi-
ous operations, we also include four applications for
compute-intensive and data-intensive workloads, two for
each category respectively. Each application will be a
certain blend of primitive oblivious operations. (1) The
compute-intensive applications include the Edit Distance
computation for varying lengths of strings, which has a
complexity of O(N 2 ) for the string length N , and the
All-Pair Shortest Path algorithm, Floyd-Warshall, with
a complexity of O(N 3 ) for N nodes in the graph. (2)
The data-intensive applications include the WordCount
and KMeans clustering algorithms.
In the following, we will organize the results in terms of
compute-intensive and data-intensive workloads. The primitive
operations are discussed under each category correspondingly.
B. Results for Compute-Intensive Workloads
Compute-intensive workloads use a relatively small dataset
that can be fit into the TEE memory. We choose three basic
operations and then two well-known applications to evaluate
the performance of different oblivious methods.
Random Array Access. Accessing array elements is one
of the basic operations of most applications. Figure 2(a)
shows the execution time of various oblivious implementa-
tion methods. First, the expenses of all oblivious solutions
are significantly higher than the unprotected version. ORAM
shows performance advantages over linear scans for larger
sizes. For smaller sizes, ORAM’s maintenance cost becomes
relatively high, resulting in higher overall costs than linear
scans. The circuit version of array access also uses linear
scans. However, executing a circuit at the software level is
clearly very inefficient regardless of the array size.
Branching. We design a benchmark program to evaluate
the impact of oblivious branching. In a loop, a branching

Execution time (ms) Unprotected
105 Manual-Linear Scan
Execution Time (ms)
104 Manual-ORAM
103 Circuit
102
101
100
10−1
10−2
10−3
101 102 103 104 105
Number of records
(a) Oblivious array access. Record size 8 bytes.
Fig. 2: Performance evaluation of in-memory core operations.
statement decides to execute one of the two functions: one
with a low cost and the other with a high cost. We repeated the
experiments a few times. Naturally, the unprotected version’s
performance varies over different runs. Figure 2(b) shows
that the manual approach, which uses CMOV instructions,
is relatively efficient. However, the circuit approach shows
multiple orders of magnitude higher costs.
Sorting. The manual approach adopts BitonicSort. Since
the circuit approach can convert any algorithm to its oblivious
version, we have considered different sorting algorithms for
the circuit approach. It turns out BitonicSort is also the
most efficient one in circuit form. Figure 2(c) shows the
manual approach is much faster than the circuit approach on
BitonicSort.
Edit Distance. Edit distance uses dynamic programming to
compute the distance between two sequences, whose complex-
ity is O(N 2 ) for sequences of length N . It’s a typical high-
complexity algorithm working with a relatively small amount
of memory. In Figure 3(a), we notice that the manual method is
close to the unprotected version, but again the circuit approach
is much more expensive than others.
All-pair shortest path. The all-pair shortest path Floyd-
Warshall algorithm is expensive with a complexity of O(N 3 )
for N nodes. Figure 3(b) shows the manual approach is signif-
icantly slower than the unprotected one, but at a manageable
scale. In contrast, the circuit approach is too expensive to
handle larger N .
C. Results for Data-intensive Workloads
For data-intensive workloads, we evaluate two basic oper-
ations: block-level random access and block-based external
sorting. In application-based evaluations, we also include the
framework approach: SGX-MR.
Random block access. Similar to the evaluation on array
access, we include linear scan and ORAM methods for the
manual approach. Figure 4(a) clearly shows the manual-
ORAM approach performs much better. However, due to the
large data size, the gap between oblivious approaches and the
unprotected is also large.
Block-based External Sorting. Next, we implement block-
level sorting to understand the sorting cost in block-level
102
Execution time (ms)
1065
Circuit
104
1 Manual
10 103 Unprotected
102
100 101
100
10
10−1 10−1
10−2
10−2 24 25 26 27 28
Number of records
Unprotected Manual Circuit
(b) Oblivious branching. (c) Oblivious sorting. Record size 8 bytes.
operations. We used 1-KB blocks filled with string data. The
manual approach adopts a block-level BitonicSort algorithm
with oblivious in-block operations [3], while the circuit ap-
proach converts the block-level BitonicSort algorithm. In Fig-
ure 4(b), we observe that the circuit approach is still orders of
magnitude higher than the manual approach, while the manual
approach is about ten times slower than the unprotected one.
WordCount. For application-level evaluation, we take a
fixed amount of input, 500 1KB blocks, each of which is
filled with random text. As the MapReduce-based solution
is the most efficient one for the WordCount problem, the
manual approach essentially duplicates the processing encoded
in the framework of SGX-MR, which uses BitonicSort for
the intermediate sorting of word-count pairs. As a result, the
manual approach has an almost identical cost to the SGX-
MR approach. Certainly, SGX-MR significantly simplifies the
developer’s coding efforts. Again, the circuit approach is too
expensive to be a practical solution.
KMeans. We use 4000 1k data blocks consisting of 34×104
records and five clusters. Due to the small number of clusters,
we use hash and ORAM for aggregation (check Appendix A),
which appears more efficient than sorting-based aggregation in
SGX-MR. Figure 5(b) shows this manual approach performs
best among the candidate techniques.
D. Developers’ effort to achieve data oblivious solutions
We are also curious about how easy a developer can use
each of these approaches. This evaluation does not include
the extra time learning the different approaches – apparently,
developers need to take a significant amount of time to learn
the manual approach and the framework approach.
Instead, we look at the result of developing the evaluated
applications to understand the difficulty levels of using differ-
ent approaches. We also assume developers will use a library
of oblivious primitives, e.g., ORAM, oblivious branching, and
oblivious sorting. The use of library will also significantly
reduce the line of code (LOC) for the manual and framework
approaches.
Table II summarizes the additional effort a developer need
to achieve data oblivious applications. In the following we will
discuss the compared data oblivious strategies.
 106 104
Unprotected
105 103
Execution time (ms)

Execution time (ms)

Manual
104 Circuit 102
103
101
102
101 100
Unprotected
100 10−1 Manual
10−1 10−2
Circuit

10 20 40 60 80 100 0 50 100 200 300 400

Sequence lengths Number of Nodes
(a) Edit distance. (b) Floyd-Warshall all-pair shortest path.

Fig. 3: Performance evaluation of compute-intensive applications.

Circuit Circuit Manual Unprotected

107 Manual-Linear Scan 105
106
Execution time (ms)

Manual-ORAM

Execution time (s)

105 Unprotected
104
104
103
102 103
101
100 102
10−1
10−2 101
10−3
3,000 9,000 15,000 21,000 100
250 500 1,000 1,500 2,000
Number of blocks
Number of blocks
(a) Comparing random Access over blocks. Block size 1KB.
(b) Block-based oblivious sorting. Block size 1KB with 75 words
(records) per block.

Fig. 4: Performance evaluation of core operations for data-intensive applications.

• Manual Composition. Manual composition requires do-
main knowledge on TEE side channels. The table shows
the manual approach requires identifying one to six
sensitive code segments and hiding the access pattern
with data-oblivious alternatives. This approach requires
the developer to write more lines of code than other
approaches, even when the oblivious library is used.
• Circuit. The circuit approach is fully automated, and the
developer does not need to do any additional work.
• Framework. With a framework like SGX-MR, the devel-
oper only focuses on small pieces of application-specific
code, such as the map and reduce functions, dramatically
reducing the developer’s burden compared to the manual
approach. The framework software contains fully opti-
mized oblivious code that is transparent to developers
and shared by all SGX-MR applications. Table II shows
by using SGX-MR for framework-level protection, the
developer does not require any LOC overhead for word
count, and for KMeans developer only needs to add six
lines of code to solve one access pattern issue.
Overall, the circuit approach is the easiest to use as it
does not require any additional effort from the developer.
The manual approach involves a lot of efforts in analyzing
the original code and conducting the conversion. In contrast,
the framework approach hides many details with the frame-
work implementation and minimizes the developer’s efforts.
However, it does require the developer to learn to use the
framework first.
VI. C ONCLUSION
Data oblivious programs provide excellent defenses against
several side-channel attacks targeting TEE applications. How-
ever, developing oblivious programs is challenging. We have
analyzed four representative approaches that can help develop-
ers convert non-oblivious programs to oblivious ones. Among
these approaches, we consider performance and ease of use
 104 105

Execution Time (s)

Execution Time (s)

104
3
10
103

102
102
101

101 100
Manual SGX-MR Circuit Manual SGX-MR Circuit
(a) Application-level perfromance for Wordcount. (b) Application-level performance for KMeans.
Number of blocks 500 with 75 words/block. 4000 1KB-Blocks with eight bytes per record,
and five clusters.

Fig. 5: Performance evaluation of data-intensive applications.

TABLE II: Summary of developers’ effort to implement the oblivious solutions. The table represents the total line of code as
LOC and the number of access-pattern sensitive segment in the code as AP. LOC-overhead means the lines used to achieve
data obliviousness.
Application Manual Circuit Framework
LOC LOC-Overhead AP LOC LOC-Overhead AP LOC LOC-Overhead AP
Edit Distance 58 28 4 48 0 - - - -
All-Pair Shortest Path 47 15 1 36 0 - - - -
Word Count 277 21 6 155 0 - 22 0 0
KMeans 330 24 4 263 0 - 58 6 1

(and possibly readiness to use) are critical measures. Our
experimental results show that: (1) The manual composition
approach gives the best performance guarantee, while devel-
opers must fully understand the access pattern of every part
of their code and learn the corresponding conversion method;
(2) The framework approach for data-intensive applications
achieves a good balance between performance and ease of
use; (3) The circuit approach is theoretically sound, but
extremely expensive in practice; and (4) the compiler approach
is promising, but not mature enough for practical use. We
hope our analysis and evaluation will help both practitioners
to decide their solutions and researchers to explore potential
issues.
We consider a few promising research directions. (1) The
compiler approach is the most appealing one, as it aims to
make the conversion process fully transparent to developers
and the converted program to have a good performance close
to the manual composition approach. (2) Another direction
is data oblivious libraries/frameworks and software tools to
automate the conversion process as possible and minimize
the developers’ manual efforts. The framework approach is
an excellent example of this direction.
R EFERENCES
[1] A. Ahmad, B. Joe, Y. Xiao, Y. Zhang, I. Shin, and B. Lee. Obfuscuro: A
commodity obfuscation engine on intel sgx. In Network and Distributed
System Security Symposium, 2019.
[2] A. Ahmad, K. Kim, M. I. Sarfaraz, and B. Lee. Obliviate: A data
oblivious file system for intel sgx. In the Network and Distributed
System Security Symposium, 2018.
[3] A. K. M. M. Alam, S. Sharma, and K. Chen. Sgx-mr: Regulating
dataflows for protecting access patterns of data-intensive sgx applica-
tions. Proceedings on Privacy Enhancing Technologies, 2021(1):5 – 20,
01 Jan. 2021.
[4] K. E. Batcher. Sorting networks and their applications. In Proceedings
of the April 30–May 2, 1968, Spring Joint Computer Conference, AFIPS
’68 (Spring), pages 307–314, New York, NY, USA, 1968. ACM.
[5] Z. Brakerski and V. Vaikuntanathan. Fully homomorphic encryption
from ring-lwe and security for key dependent messages. In Proceedings
of the 31st Annual Conference on Advances in Cryptology, CRYPTO’11,
pages 505–524, Berlin, Heidelberg, 2011. Springer-Verlag.
[6] F. Brasser, S. Capkun, A. Dmitrienko, T. Frassetto, K. Kostiainen, and
A.-R. Sadeghi. Dr. sgx: Hardening sgx enclaves against cache attacks
with data location randomization. arXiv preprint arXiv:1709.09917,
2017.
[7] J. V. Bulck, M. Minkin, O. Weisse, D. Genkin, B. Kasikci, F. Piessens,
M. Silberstein, T. F. Wenisch, Y. Yarom, and R. Strackx. Foreshadow:
Extracting the keys to the intel SGX kingdom with transient out-of-order
execution. In 27th USENIX Security Symposium (USENIX Security 18),
page 991–1008, Baltimore, MD, Aug. 2018. USENIX Association.
[8] J. V. Bulck, N. Weichbrodt, R. Kapitza, F. Piessens, and R. Strackx.
Telling your secrets without page faults: Stealthy page table-based
attacks on enclaved execution. In 26th USENIX Security Symposium
(USENIX Security 17), pages 1041–1056, Vancouver, BC, Aug. 2017.
USENIX Association.
[9] N. Büscher, D. Demmler, S. Katzenbeisser, D. Kretzmer, and T. Schnei-
der. Hycc: Compilation of hybrid protocols for practical secure computa-
tion. In Proceedings of the 2018 ACM SIGSAC Conference on Computer
and Communications Security, pages 847–861, 2018.
[10] D. Cash, P. Grubbs, J. Perry, and T. Ristenpart. Leakage-abuse attacks
against searchable encryption. In Proceedings of the 22nd ACM SIGSAC
Conference on Computer and Communications Security, CCS ’15, page
668–679, New York, NY, USA, 2015. Association for Computing
Machinery.
[11] K. Chen and S. Guo. Rasp-boost: Confidential boosting-model learning
with perturbed data in the cloud. IEEE Transactions on Cloud Comput-
ing, 6(2):584–597, 2018.
[12] S. D. Constable and S. Chapin. libOblivious: A c++ library for oblivious
data structures and algorithms. In Electrical Engineering and Computer
Science - Technical Reports. 184, 2018.
[13] V. Costan and S. Devadas. Intel sgx explained. IACR Cryptology ePrint
Archive, 2016:86, 2016.
[14] J. Dean and S. Ghemawat. Mapreduce: Simplified data processing on
large clusters. In OSDI, pages 137–150, 2004.
[15] T. T. A. Dinh, P. Saxena, E. Chang, B. C. Ooi, and C. Zhang. M2R:
enabling stronger privacy in mapreduce computation. In USENIX
Security Symposium, pages 447–462. USENIX Association, 2015.
[16] S. Felsen, Á. Kiss, T. Schneider, and C. Weinert. Secure and private
function evaluation with intel sgx. In Proceedings of the 2019 ACM
SIGSAC Conference on Cloud Computing Security Workshop, pages
165–181, 2019.
[17] Freundschafter. About amd trustzone, amd platform security processor
(psp), amd secure technology. accessed: Jan. 13, 2020. [Online].
[18] O. Goldreich and R. Ostrovsky. Software protection and simulation on
oblivious ram. Journal of the ACM, 43:431–473, 1996.
[19] D. A. Heath. New Directions in Garbled Circuits. PhD thesis, Georgia
Institute of Technology, 2022.
[20] Y. Huang, D. Evans, J. Katz, and L. Malka. Faster secure two-party
computation using garbled circuits. In USENIX Conference on Security,
pages 35–35, 2011.
[21] S. Krastnikov, F. Kerschbaum, and D. Stebila. Efficient oblivious
database joins. Proc. VLDB Endow., 13(12):2132–2145, jul 2020.
[22] M. Lipp, M. Schwarz, D. Gruss, T. Prescher, W. Haas, A. Fogh,
J. Horn, S. Mangard, P. Kocher, D. Genkin, Y. Yarom, and M. Hamburg.
Meltdown: Reading kernel memory from user space. In 27th USENIX
Security Symposium (USENIX Security 18), 2018.
[23] C. Liu, X. S. Wang, K. Nayak, Y. Huang, and E. Shi. Oblivm:
A programming framework for secure computation. In 2015 IEEE
Symposium on Security and Privacy, pages 359–376, May 2015.
[24] F. Liu, Y. Yarom, Q. Ge, G. Heiser, and R. B. Lee. Last-level cache
side-channel attacks are practical. In Proceedings of the 2015 IEEE
Symposium on Security and Privacy, SP ’15, page 605–622, USA, 2015.
IEEE Computer Society.
[25] P. Mohassel and Y. Zhang. Secureml: A system for scalable privacy-
preserving machine learning. In 2017 IEEE Symposium on Security and
Privacy (SP), pages 19–38, 2017.
[26] V. Nikolaenko, U. Weinsberg, S. Ioannidis, M. Joye, D. Boneh, and
N. Taft. Privacy-preserving ridge regression on hundreds of millions of
records. In IEEE Symposium on Security and Privacy, pages 334–348,
2013.
[27] A. Nilsson, P. N. Bideh, and J. Brorsson. A survey of published attacks
on intel sgx. arXiv preprint arXiv:2006.13598, 2020.
[28] O. Ohrimenko, M. Costa, C. Fournet, C. Gkantsidis, M. Kohlweiss,
and D. Sharma. Observing and preventing leakage in mapreduce. In
Proceedings of the 22nd ACM SIGSAC Conference on Computer and
Communications Security, CCS ’15, page 1570–1581, New York, NY,
USA, 2015. Association for Computing Machinery.
[29] O. Ohrimenko, F. Schuster, C. Fournet, A. Mehta, S. Nowozin,
K. Vaswani, and M. Costa. Oblivious multi-party machine learning
on trusted processors. In T. Holz and S. Savage, editors, 25th USENIX
Security Symposium, USENIX Security 16, Austin, TX, USA, August 10-
12, 2016, pages 619–636. USENIX Association, 2016.
[30] O. Ohrimenko, F. Schuster, C. Fournet, A. Mehta, S. Nowozin,
K. Vaswani, and M. Costa. Oblivious multi-party machine learning
on trusted processors. In 25th USENIX Security Symposium, USENIX
Security 16, Austin, TX, USA, August 10-12, 2016., pages 619–636,
2016.
[31] M. Orenbach, Y. Michalevsky, C. Fetzer, and M. Silberstein. Cosmix: A
compiler-based system for secure memory instrumentation and execution
in enclaves. In USENIX Annual Technical Conference, pages 555–570,
2019.
[32] A. Ozdemir, F. Brown, and R. S. Wahby. Circ: Compiler infrastructure
for proof systems, software verification, and more. In 2022 IEEE
Symposium on Security and Privacy (SP), pages 2248–2266. IEEE,
2022.
[33] A. Rane, C. Lin, and M. Tiwari. Raccoon: Closing digital side-channels
through obfuscated execution. In Proceedings of the 24th USENIX
Conference on Security Symposium, SEC’15, page 431–446, USA, 2015.
USENIX Association.
[34] O. Russakovsky, J. Deng, H. Su, J. Krause, S. Satheesh, S. Ma,
Z. Huang, A. Karpathy, A. Khosla, M. Bernstein, A. C. Berg, and L. Fei-
Fei. ImageNet Large Scale Visual Recognition Challenge. International
Journal of Computer Vision (IJCV), 115(3):211–252, 2015.
[35] S. Sagar and C. Keke. Confidential machine learning on untrusted
platforms: a survey. Cybersecurity, 4(1):1–19, 2021.
[36] S. Sasy, S. Gorbunov, and C. W. Fletcher. Zerotrace : Oblivious memory
primitives from intel SGX. In 25th Annual Network and Distributed
System Security Symposium, NDSS 2018, San Diego, California, USA,
February 18-21, 2018, 2018.
[37] F. Schuster, M. Costa, C. Fournet, C. Gkantsidis, M. Peinado, G. Mainar-
Ruiz, and M. Russinovich. Vc3: Trustworthy data analytics in the cloud
using sgx. In 36th IEEE Symposium on Security and Privacy, 2015.
[38] O. A. Selo, M. H. Rachid, A. Shikfa, Y. Wang, and Q. Malluhi. Private
function evaluation using intel’s sgx. Security and Communication
Networks, 2020:1–10, 2020.
[39] S. Sharma and K. Chen. Confidential boosting with random linear
classifiers for outsourced user-generated data. In Computer Security
- ESORICS 2019 - 24th European Symposium on Research in Computer
Security, Luxembourg, September 23-27, 2019, Proceedings, Part I,
pages 41–65, 2019.
[40] S. Shinde, Z. L. Chua, V. Narayanan, and P. Saxena. Preventing page
faults from telling your secrets. In Proceedings of the 11th ACM on Asia
Conference on Computer and Communications Security, ASIACCS16,
page 317–328, New York, NY, USA, 2016. Association for Computing
Machinery.
[41] R. L. Simon. Fair play: The ethics of sport. Routledge, 2018.
[42] J. Son, G. Prechter, R. Poddar, R. A. Popa, and K. Sen. ObliCheck:
Efficient verification of oblivious algorithms with unobservable state. In
30th USENIX Security Symposium (USENIX Security 21), 2021.
[43] J. Van Bulck, D. Moghimi, M. Schwarz, M. Lipp, M. Minkin, D. Genkin,
Y. Yuval, B. Sunar, D. Gruss, and F. Piessens. LVI: Hijacking Transient
Execution through Microarchitectural Load Value Injection. In 41th
IEEE Symposium on Security and Privacy (S&P’20), 2020.
[44] J. Van Bulck, F. Piessens, and R. Strackx. Sgx-step: A practical attack
framework for precise enclave execution control. In Proceedings of the
2nd Workshop on System Software for Trusted Execution, SysTEX’17,
New York, NY, USA, 2017. Association for Computing Machinery.
[45] J. Van Bulck, F. Piessens, and R. Strackx. Nemesis: Studying mi-
croarchitectural timing leaks in rudimentary cpu interrupt logic. In
Proceedings of the 2018 ACM SIGSAC Conference on Computer and
Communications Security, pages 178–195, 2018.
[46] T. White. Hadoop: The Definitive Guide. O’Reilly Media, 2009.
[47] Y. Xu, W. Cui, and M. Peinado. Controlled-channel attacks: Deter-
ministic side channels for untrusted operating systems. In 2015 IEEE
Symposium on Security and Privacy, pages 640–656, May 2015.
[48] Y. Yarom and K. Falkner. Flush+reload: A high resolution, low noise,
l3 cache side-channel attack. In Proceedings of the 23rd USENIX
Conference on Security Symposium, SEC’14, page 719–732, USA, 2014.
USENIX Association.
[49] M. Zaharia, M. Chowdhury, M. J. Franklin, S. Shenker, and I. Stoica.
Spark: Cluster computing with working sets. In Proceedings of the 2Nd
USENIX Conference on Hot Topics in Cloud Computing, HotCloud’10,
pages 10–10, Berkeley, CA, USA, 2010. USENIX Association.
[50] W. Zheng, A. Dave, J. G. Beekman, R. A. Popa, J. E. Gonzalez, and
I. Stoica. Opaque: An oblivious and encrypted distributed analytics
platform. In USENIX Symposium on Networked Systems Design and
Implementation, 2017.
A PPENDIX A
S AMPLE ORAM-H ASH ALGORITHMS
Algorithm 1 Buffer Management for ORAM-Hash algorithms
1: Buffer contains a working block B for new records, and
a cache of m blocks C.
2: Function GetBlock(block id)
3: if block id not in the cache C then
4: decide a block to overwrite with an algorithm like LRU;
the victim block is written back to the output file.
5: new block ← request oram block(block id)
6: add new block to the cache
7: end if
8: block ref erence ← find the block id in the cache
9: return block ref erence
1: Function AddRecordToBlock(record)
2: if working block B is full then
3: evict LRU and write out the victim block
4: copy B to the cache
5: clear the working block
6: end if
7: add record to the working block
8: return working block id

Algorithm 2 HashMap-based KMeans in Enclave

1: Function KMeans(centroid f ile, coordinates f ile)
2: initialize ORAM and Cache block
3: load initial centroids from centroid f ile
4: for all block in coordinates f ile do
5: points ← ParseCoordinates(block)
6: for each pt in points do
7: centroid index ← FindNearestCentroid(pt,
centroids)
8: LocalMap[ centroid index ] ← pt
9: end for
10: combined points ← aggregate points under same cen-
troid
11: for each (centroid index, point) in
combined points do
12: if centroid index not not in HashM ap then
13: record ← (centroid index, point)
14: id ← AddRecordToBlock(centroid index)
15: HashM ap[centroid index] ← id
16: else
17: id ← HashM ap[centroid index]
18: block ref erence ← GetBlock(id)
19: update block in block ref erence with
(centroid index, point)
20: Write(block)
21: end if
22: end for
23: end for
24: write all blocks from ORAM to centroid f ile