Mavrogiannakis, A. (CSE) – Scalable Oblivious Databases and Systems

Modern applications are increasingly designed with a strong emphasis on scalability and performance, as systems are expected to process ever-growing volumes of data and deliver results with minimal latency. Techniques such as distributed architectures, in-memory computation, and optimized data structures are routinely adopted to meet these performance-driven demands. However, in the pursuit of speed and efficiency, security is often treated as a secondary concern or an afterthought. This oversight can lead to critical vulnerabilities, as even the most performant systems remain fundamentally insecure if sensitive information can be leaked or exploited. As data becomes more valuable and privacy regulations grow stricter, ensuring robust security measures is not merely desirable but strictly necessary—an essential requirement that must stand alongside scalability and performance as a first-class design goal.

To meet security requirements, many applications adopt end-to-end encryption to protect data stored in the cloud. While this prevents external adversaries from accessing sensitive information, prior work [CITE] has demonstrated that encryption alone is insufficient: an untrusted server can still exploit execution patterns and access behaviors to gradually reconstruct the underlying database in plaintext. As an alternative, other applications rely on Trusted Execution Environments (TEEs), which offer strong guarantees through memory encryption, isolation, and integrity checks. TEEs are particularly appealing due to their ease of use and high performance, often approaching that of non-encrypted systems. However, TEEs are not without limitations [CITE]. They remain vulnerable to leakage-abuse attacks and side-channel vulnerabilities [CITE], which can undermine their security guarantees in practice.

In my research, I combine TEEs with oblivious computation to achieve stronger security guarantees without sacrificing practicality. Specifically, my work focuses on designing, analyzing, and implementing oblivious algorithms for databases and systems. A central theme of my research is bridging the gap between security and performance, developing scalable algorithms that approach the efficiency of plaintext execution. For example, in our first project, Obliviator (to appear at USENIX Security ’25), we introduced oblivious implementations of fundamental database operators—such as filtering, aggregation, and joins—in a shared-memory setting, achieving efficiency at scale on datasets up to hundreds of gigabytes. Building on this foundation, our subsequent work extends these operators to distributed environments, addressing challenges such as secure execution under weaker trust assumptions and reducing communication overhead, both in terms of rounds and data exchanged. We also introduced frameworks that enable parallelism in oblivious computation, further enhancing performance. My current work focuses on extending these techniques to multi-way joins, where combining multiple tables introduces new challenges in both efficiency and security. In parallel, I am exploring query optimization strategies tailored to the oblivious setting, with the goal of pushing oblivious database systems closer to the performance of traditional plaintext systems.

Event Host: Apostolos Mavrogiannakis, Ph.D Student, Computer Science & Engineering