Graph in the Vault: Protecting Edge GNN Inference with Trusted Execution   Environment

Ruyi Ding; Tianhong Xu; Aidong Adam Ding; Yunsi Fei

arXiv:2502.15012·cs.CR·February 24, 2025

Graph in the Vault: Protecting Edge GNN Inference with Trusted Execution Environment

Ruyi Ding, Tianhong Xu, Aidong Adam Ding, Yunsi Fei

PDF

TL;DR

GNNVault is a novel secure deployment strategy for Graph Neural Networks on edge devices using Trusted Execution Environments, protecting model IP and data privacy with minimal accuracy loss.

Contribution

It introduces GNNVault, the first approach combining TEE with a partitioned GNN model to secure inference and private data on edge devices.

Findings

01

Protects GNN inference against link stealing attacks

02

Achieves negligible accuracy degradation (<2%)

03

Demonstrated with Intel SGX implementations

Abstract

Wide deployment of machine learning models on edge devices has rendered the model intellectual property (IP) and data privacy vulnerable. We propose GNNVault, the first secure Graph Neural Network (GNN) deployment strategy based on Trusted Execution Environment (TEE). GNNVault follows the design of 'partition-before-training' and includes a private GNN rectifier to complement with a public backbone model. This way, both critical GNN model parameters and the private graph used during inference are protected within secure TEE compartments. Real-world implementations with Intel SGX demonstrate that GNNVault safeguards GNN inference against state-of-the-art link stealing attacks with negligible accuracy degradation (<2%).

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

MethodsGraph Neural Network