不经意随机访问机：技术、应用与挑战

王一帆; 朱晓杰; 陈驰

引用本文：

王一帆,朱晓杰,陈驰.不经意随机访问机：技术、应用与挑战[J].信息安全学报,已采用 [点击复制]
WangYifan,ZhuXiaojie,ChenChi.Oblivious RAM: Techniques, Applications, and Challenges[J].Journal of Cyber Security,Accept [点击复制]

本文已被：浏览 470次下载 0次
不经意随机访问机：技术、应用与挑战
王一帆¹, 朱晓杰², 陈驰¹
0 字体:加大+\|默认\|缩小-
(1.中国科学院信息工程研究所;2.阿卜杜拉国王科技大学)

摘要:

随着云计算领域的快速发展，数据隐私安全风险日益严峻，其中访问模式泄露已成为影响用户隐私的重要风险之一。不经意随机访问机(Oblivious RAM, ORAM)作为一种保护访问模式的重要技术，通过混淆访问序列，确保服务器观察到的物理访问模式与随机访问不可区分，从而保护用户的真实访问意图。然而，ORAM在云存储系统、多方安全计算等应用场景中存在通信复杂度高、存储开销大以及运行效率低的问题，引发了学者与工业界的广泛关注。本文首先回顾了ORAM的安全模型及经典构造等基础知识，随后以分层与树型ORAM两类模型为主线，系统梳理了ORAM围绕带宽复杂度、存储开销以及通信轮次开展的性能优化工作；其次，立足于ORAM在云端实际部署的需求，将ORAM的应用方向总结为三类：一是不经意存储系统中并发架构的设计与扩展，二是ORAM与硬件结合协同增强安全与效率，三是ORAM与密码学技术的集成与优化。最后，本文指出ORAM领域当前面临的挑战，并对ORAM在多维性能权衡、软硬件协同设计及动态自适应框架等方向的未来发展进行展望。

关键词: 不经意随机访问机访问模式保护安全云存储安全计算可信执行环境

DOI：

投稿时间：2026-01-16修订日期：2026-04-03

基金项目:中国科学院战略性先导科技专项(No.XDB0690303)

Oblivious RAM: Techniques, Applications, and Challenges

WangYifan¹, ZhuXiaojie², ChenChi¹

(1.Institute of Information Engineering,Chinese Academy of Sciences;2.King Abdullah University of Science and Technology)

Abstract:

With the rapid development of cloud computing, data privacy risks have become increasingly serious, and access pattern leakage has emerged as a significant threat to user privacy. Oblivious RAM (ORAM) is a critical technique for protecting access patterns. By obscuring access sequences, ORAM ensures that the access patterns seen by the server are indistinguishable from random ones, so the server cannot reliably learn the user’s actual access behavior or the relationship between requests and data. Despite this strong protection, ORAM still faces practical barriers in real-world settings such as cloud storage systems and secure multi-party computation, including high communication cost, large storage overhead, and low runtime efficiency. This has attracted broad attention from both academia and industry. First, this paper reviews the fundamentals of ORAM, including its security models and classical constructions. It then takes hierarchical ORAM and tree-based ORAM as two main lines and systematically surveys optimization work that targets key performance metrics, including bandwidth overhead, storage overhead, and the number of communication rounds. Focusing on the practical deployment needs of ORAM in cloud environments, this paper further summarizes ORAM applications in three directions: the design and extension of concurrent architectures in oblivious storage systems; hardware-assisted ORAM for improved security and efficiency; and the integration of ORAM with cryptographic techniques and related optimizations. Finally, this paper identifies current challenges in the field and provides an outlook on future developments, specifically regarding multidimensional performance trade-offs, hardware-software collaboration, and dynamic adaptive frameworks to guide future research.

Key words: oblivious RAM access pattern protection secure cloud storage secure computation trusted execution environment