Privacy-Preserving Machine Learning in Untrusted Clouds Made Simple
It addresses privacy concerns for users and developers deploying ML in cloud environments, though it is incremental as it builds on existing TEE and library OS technologies.
The paper tackles the problem of deploying privacy-preserving machine learning in untrusted clouds by using Intel SGX enclaves to shield unmodified PyTorch applications, achieving protection of model parameters and input data with minimal developer effort.
We present a practical framework to deploy privacy-preserving machine learning (PPML) applications in untrusted clouds based on a trusted execution environment (TEE). Specifically, we shield unmodified PyTorch ML applications by running them in Intel SGX enclaves with encrypted model parameters and encrypted input data to protect the confidentiality and integrity of these secrets at rest and during runtime. We use the open-source Graphene library OS with transparent file encryption and SGX-based remote attestation to minimize porting effort and seamlessly provide file protection and attestation. Our approach is completely transparent to the machine learning application: the developer and the end-user do not need to modify the ML application in any way.