OblivIO: Securing reactive programs by oblivious execution with bounded traffic overheads

Abstract: Traffic analysis attacks remain a significant problem for online security. Communication between nodes can be observed by network level attackers as it inherently takes place in the open. Despite online services increasingly using encrypted traffic, the shape of the traffic is not hidden. To prevent traffic analysis, the shape of a system's traffic must be independent of secrets.We investigate adapting the data-oblivious approach the reactive setting and present OblivIO, a secure language for writing reactive … Show more