Privacy and Integrity Preserving Training Using Trusted Hardware
Hanieh Hashemi, Yongqin Wang, Murali Annavaram
TL;DR
The paper introduces DarKnight, a framework that combines trusted hardware and accelerators to enable privacy-preserving and integrity-verified training of large deep neural networks in cloud environments.
Contribution
It proposes a novel cooperative execution model using trusted execution environments and accelerators for secure DNN training.
Findings
Ensures input privacy during training in cloud settings
Verifies computation integrity using trusted hardware
Supports large DNN training with hardware acceleration
Abstract
Privacy and security-related concerns are growing as machine learning reaches diverse application domains. The data holders want to train with private data while exploiting accelerators, such as GPUs, that are hosted in the cloud. However, Cloud systems are vulnerable to attackers that compromise the privacy of data and integrity of computations. This work presents DarKnight, a framework for large DNN training while protecting input privacy and computation integrity. DarKnight relies on cooperative execution between trusted execution environments (TEE) and accelerators, where the TEE provides privacy and integrity verification, while accelerators perform the computation heavy linear algebraic operations.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsCryptography and Data Security · Privacy-Preserving Technologies in Data · Cloud Data Security Solutions