SecFL: Confidential Federated Learning using TEEs
This work addresses security vulnerabilities in Federated Learning for applications requiring data privacy, though it is incremental as it builds on existing TEE technology.
The authors tackled privacy and security issues in Federated Learning, such as information leakage from shared parameters and malicious client collusion, by proposing SecFL, a framework that uses Trusted Execution Environments (TEEs) to ensure confidentiality and integrity, and includes a remote attestation mechanism to detect malicious clients.
Federated Learning (FL) is an emerging machine learning paradigm that enables multiple clients to jointly train a model to take benefits from diverse datasets from the clients without sharing their local training datasets. FL helps reduce data privacy risks. Unfortunately, FL still exist several issues regarding privacy and security. First, it is possible to leak sensitive information from the shared training parameters. Second, malicious clients can collude with each other to steal data, models from regular clients or corrupt the global training model. To tackle these challenges, we propose SecFL - a confidential federated learning framework that leverages Trusted Execution Environments (TEEs). SecFL performs the global and local training inside TEE enclaves to ensure the confidentiality and integrity of the computations against powerful adversaries with privileged access. SecFL provides a transparent remote attestation mechanism, relying on the remote attestation provided by TEEs, to allow clients to attest the global training computation as well as the local training computation of each other. Thus, all malicious clients can be detected using the remote attestation mechanisms.