MirrorNet: A TEE-Friendly Framework for Secure On-device DNN Inference
Ziyu Liu, Yukui Luo, Shijin Duan, Tong Zhou, Xiaolin Xu
TL;DR
MirrorNet is a framework that enables secure on-device DNN inference using TEE, protecting model confidentiality while maintaining low latency and high accuracy through a novel mirrored architecture.
Contribution
It introduces a TEE-friendly DNN implementation with a dual-component architecture and strategy generator to balance security and performance.
Findings
Achieves 18.6% accuracy gap between authorized and illegal use
Introduces only 0.99% hardware overhead
Provides effective security with low latency
Abstract
Deep neural network (DNN) models have become prevalent in edge devices for real-time inference. However, they are vulnerable to model extraction attacks and require protection. Existing defense approaches either fail to fully safeguard model confidentiality or result in significant latency issues. To overcome these challenges, this paper presents MirrorNet, which leverages Trusted Execution Environment (TEE) to enable secure on-device DNN inference. It generates a TEE-friendly implementation for any given DNN model to protect the model confidentiality, while meeting the stringent computation and storage constraints of TEE. The framework consists of two key components: the backbone model (BackboneNet), which is stored in the normal world but achieves lower inference accuracy, and the Companion Partial Monitor (CPM), a lightweight mirrored branch stored in the secure world, preserving…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Security and Verification in Computing · Semiconductor materials and devices