Confidential Machine Learning on Untrusted Platforms: A Survey

TL;DR

This survey reviews cryptographic and hardware-assisted methods for confidential machine learning on untrusted platforms, highlighting challenges, innovations, and trade-offs in protecting sensitive data and models.

Contribution

It provides a comprehensive overview of recent cryptographic approaches and challenges in confidential machine learning, unifying diverse studies under a common framework.

Findings

Cryptographic methods effectively protect data confidentiality during model training.

Hardware-assisted approaches offer performance benefits for confidential machine learning.

Trade-offs exist between data utility, cost, and security in confidential ML solutions.

Abstract

With the ever-growing data and the need for developing powerful machine learning models, data owners increasingly depend on various untrusted platforms (e.g., public clouds, edges, and machine learning service providers) for scalable processing or collaborative learning. Thus, sensitive data and models are in danger of unauthorized access, misuse, and privacy compromises. A relatively new body of research confidentially trains machine learning models on protected data to address these concerns. In this survey, we summarize notable studies in this emerging area of research. With a unified framework, we highlight the critical challenges and innovations in outsourcing machine learning confidentially. We focus on the cryptographic approaches for confidential machine learning (CML), primarily on model training, while also covering other directions such as perturbation-based approaches and CML in the hardware-assisted computing environment. The discussion will take a holistic way to consider a rich context of the related threat models, security assumptions, design principles, and associated trade-offs amongst data utility, cost, and confidentiality.