Graph in the Vault: Protecting Edge GNN Inference with Trusted Execution Environment
This addresses security vulnerabilities for edge device deployments of GNNs, offering a novel protection method.
The paper tackles the problem of protecting Graph Neural Network (GNN) intellectual property and data privacy during edge inference by proposing GNNVault, a secure deployment strategy using Trusted Execution Environments (TEEs), which safeguards against link stealing attacks with less than 2% accuracy degradation.
Wide deployment of machine learning models on edge devices has rendered the model intellectual property (IP) and data privacy vulnerable. We propose GNNVault, the first secure Graph Neural Network (GNN) deployment strategy based on Trusted Execution Environment (TEE). GNNVault follows the design of 'partition-before-training' and includes a private GNN rectifier to complement with a public backbone model. This way, both critical GNN model parameters and the private graph used during inference are protected within secure TEE compartments. Real-world implementations with Intel SGX demonstrate that GNNVault safeguards GNN inference against state-of-the-art link stealing attacks with negligible accuracy degradation (<2%).