Perun: Secure Multi-Stakeholder Machine Learning Framework with GPU Support
This addresses the need for secure and efficient collaborative ML training for stakeholders requiring confidentiality, though it is incremental as it builds on existing trusted computing methods.
The paper tackled the problem of low performance in confidential multi-stakeholder machine learning training by designing Perun, a framework that uses trusted computing technologies with GPU support, achieving speedups of 161x to 1560x compared to pure TEE-based approaches on datasets like CIFAR-10 and medical data.
Confidential multi-stakeholder machine learning (ML) allows multiple parties to perform collaborative data analytics while not revealing their intellectual property, such as ML source code, model, or datasets. State-of-the-art solutions based on homomorphic encryption incur a large performance overhead. Hardware-based solutions, such as trusted execution environments (TEEs), significantly improve the performance in inference computations but still suffer from low performance in training computations, e.g., deep neural networks model training, because of limited availability of protected memory and lack of GPU support. To address this problem, we designed and implemented Perun, a framework for confidential multi-stakeholder machine learning that allows users to make a trade-off between security and performance. Perun executes ML training on hardware accelerators (e.g., GPU) while providing security guarantees using trusted computing technologies, such as trusted platform module and integrity measurement architecture. Less compute-intensive workloads, such as inference, execute only inside TEE, thus at a lower trusted computing base. The evaluation shows that during the ML training on CIFAR-10 and real-world medical datasets, Perun achieved a 161x to 1560x speedup compared to a pure TEE-based approach.