TBNet: A Neural Architectural Defense Framework Facilitating DNN Model Protection in Trusted Execution Environments
Ziyu Liu, Tong Zhou, Yukui Luo, Xiaolin Xu
TL;DR
TBNet is a TEE-based framework that protects DNN models by combining a two-branch substitution model, balancing security and performance on edge devices like Raspberry Pi.
Contribution
Introduces TBNet, a neural architectural defense framework that leverages a two-branch substitution model for efficient DNN protection in TEEs.
Findings
Achieves low-cost, efficient model protection on Raspberry Pi.
Balances security and performance effectively.
Works across diverse DNN architectures and datasets.
Abstract
Trusted Execution Environments (TEEs) have become a promising solution to secure DNN models on edge devices. However, the existing solutions either provide inadequate protection or introduce large performance overhead. Taking both security and performance into consideration, this paper presents TBNet, a TEE-based defense framework that protects DNN model from a neural architectural perspective. Specifically, TBNet generates a novel Two-Branch substitution model, to respectively exploit (1) the computational resources in the untrusted Rich Execution Environment (REE) for latency reduction and (2) the physically-isolated TEE for model protection. Experimental results on a Raspberry Pi across diverse DNN model architectures and datasets demonstrate that TBNet achieves efficient model protection at a low cost.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSecurity and Verification in Computing · Adversarial Robustness in Machine Learning · Advanced Malware Detection Techniques