Privacy and Integrity Preserving Training Using Trusted Hardware
This addresses security concerns for data holders using cloud-based machine learning, though it appears incremental as it builds on existing trusted hardware methods.
The paper tackles the problem of training large deep neural networks with private data on cloud accelerators while protecting against privacy and integrity attacks, presenting DarKnight, a framework that uses trusted execution environments and accelerators to achieve this.
Privacy and security-related concerns are growing as machine learning reaches diverse application domains. The data holders want to train with private data while exploiting accelerators, such as GPUs, that are hosted in the cloud. However, Cloud systems are vulnerable to attackers that compromise the privacy of data and integrity of computations. This work presents DarKnight, a framework for large DNN training while protecting input privacy and computation integrity. DarKnight relies on cooperative execution between trusted execution environments (TEE) and accelerators, where the TEE provides privacy and integrity verification, while accelerators perform the computation heavy linear algebraic operations.