Visor: Privacy-Preserving Video Analytics as a Cloud Service
This addresses privacy concerns for users of cloud-based video analytics services, offering a practical solution with incremental improvements over existing TEE-based methods.
The paper tackles the problem of privacy in video-analytics-as-a-service by presenting Visor, a system that protects video streams and ML models from side-channel attacks in a compromised cloud, achieving speeds up to 1000x faster than naive oblivious solutions with overheads of 2x-6x relative to a non-oblivious baseline.
Video-analytics-as-a-service is becoming an important offering for cloud providers. A key concern in such services is privacy of the videos being analyzed. While trusted execution environments (TEEs) are promising options for preventing the direct leakage of private video content, they remain vulnerable to side-channel attacks. We present Visor, a system that provides confidentiality for the user's video stream as well as the ML models in the presence of a compromised cloud platform and untrusted co-tenants. Visor executes video pipelines in a hybrid TEE that spans both the CPU and GPU. It protects the pipeline against side-channel attacks induced by data-dependent access patterns of video modules, and also addresses leakage in the CPU-GPU communication channel. Visor is up to $1000\times$ faster than naïve oblivious solutions, and its overheads relative to a non-oblivious baseline are limited to $2\times$--$6\times$.