research-article

secureTF: A Secure TensorFlow Framework

Authors:

Sergei Arnautov,

Pramod Bhatotia,

Christof FetzerAuthors Info & Claims

Middleware '20: Proceedings of the 21st International Middleware Conference

Pages 44 - 59

https://doi.org/10.1145/3423211.3425687

Published: 11 December 2020 Publication History

Abstract

Data-driven intelligent applications in modern online services have become ubiquitous. These applications are usually hosted in the untrusted cloud computing infrastructure. This poses significant security risks since these applications rely on applying machine learning algorithms on large datasets which may contain private and sensitive information.

To tackle this challenge, we designed secureTF, a distributed secure machine learning framework based on Tensorflow for the untrusted cloud infrastructure. secureTF is a generic platform to support unmodified TensorFlow applications, while providing end-to-end security for the input data, ML model, and application code. secureTF is built from ground-up based on the security properties provided by Trusted Execution Environments (TEEs). However, it extends the trust of a volatile memory region (or secure enclave) provided by the single node TEE to secure a distributed infrastructure required for supporting unmodified stateful machine learning applications running in the cloud.

The paper reports on our experiences about the system design choices and the system deployment in production use-cases. We conclude with the lessons learned based on the limitations of our commercially available platform, and discuss open research problems for the future work.

References

[1]

Alpine Linux. https://alpinelinux.org/. Accessed: May, 2020.

[2]

Alpine Linux FAQ. https://wiki.musl-libc.org/faq.html. Accessed: May 2020.

[3]

AMD Secure Technology. https://www.amd.com/en/technologies/security. Accessed: May 2020.

[4]

Comparison of C/POSIX standard library implementations for Linux. http://www.etalabs.net/compare_libcs.html. Accessed: May, 2020.

[5]

Deepmind health and research collaborations. https://deepmind.com/applied/deepmind-health/working-partners/health-research-tomorrow/. Accessed: May, 2020.

[6]

Graphene Tensorflow Lite benchmark. https://github.com/oscarlab/graphene-tests/tree/master/tensorflow/. Accessed: May, 2020.

[7]

Tensorflow lite. https://www.tensorflow.org/lite. Accessed: Jan, 2020.

[8]

M. Abadi, P. Barham, J. Chen, Z. Chen, A. Davis, J. Dean, M. Devin, S. Ghemawat, G. Irving, et al. TensorFlow: A System for Large-Scale Machine Learning. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2016.

[9]

M. Abadi, A. Chu, I. Goodfellow, H. B. McMahan, I. Mironov, K. Talwar, and L. Zhang. Deep learning with differential privacy. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS), 2016.

Digital Library

[10]

G. Allen and M. Owens. The Definitive Guide to SQLite. Apress, 2010.

Digital Library

[11]

ARM. Building a secure system using TrustZone technology. http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf, 2009. Accessed: May, 2020.

[12]

S. Arnautov, B. Trach, F. Gregor, T. Knauth, A. Martin, C. Priebe, J. Lind, D. Muthukumaran, et al. SCONE: Secure Linux Containers with Intel SGX. In Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2016.

[13]

N. Aviram, S. Schinzel, J. Somorovsky, N. Heninger, M. Dankel, J. Steube, L. Valenta, D. Adrian, J. A. Halderman, V. Dukhovni, E. Käsper, S. Cohney, S. Engels, C. Paar, and Y. Shavitt. DROWN: Breaking TLS using sslv2. In 25th USENIX Security Symposium (USENIX Security), 2016.

[14]

M. Bailleu, D. Dragoti, P. Bhatotia, and C. Fetzer. Tee-perf: A profiler for trusted execution environments. In 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2019.

[15]

M. Bailleu, J. Thalheim, P. Bhatotia, C. Fetzer, M. Honda, and K. Vaswani. SPEICHER: Securing lsm-based key-value stores using shielded execution. In 17th USENIX Conference on File and Storage Technologies (FAST), 2019.

Digital Library

[16]

A. Baumann, M. Peinado, and G. Hunt. Shielding Applications from an Untrusted Cloud with Haven. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2014.

Digital Library

[17]

Bazel. The Bazel project. https://bazel.build/. Accessed: May, 2020.

[18]

R. Bekkerman, M. Bilenko, and J. Langford. Scaling up machine learning: Parallel and distributed approaches. Cambridge University Press, 2011.

Digital Library

[19]

J. Bennett, S. Lanning, et al. The netflix prize. In Proceedings of KDD cup and workshop, 2007.

[20]

H. Böck, J. Somorovsky, and C. Young. Return of bleichenbacher's oracle threat (ROBOT). In 27th USENIX Security Symposium (USENIX Security), 2018.

Digital Library

[21]

R. Bost, R. A. Popa, S. Tu, and S. Goldwasser. Machine learning classification over encrypted data. In Proceedings of the Annual Network and Distributed System Security Symposium (NDSS), 2015.

[22]

F. Brasser, U. Müller, A. Dmitrienko, K. Kostiainen, S. Capkun, and A.-R. Sadeghi. Software grand exposure: {SGX } cache attacks are practical. In 11th {USENIX} Workshop on Offensive Technologies (WOOT), 2017.

[23]

C. Carruth. Speculative load hardening. https://llvm.org/docs/SpeculativeLoadHardening.html, 2019.

[24]

S. Checkoway and H. Shacham. Iago Attacks: Why the System Call API is a Bad Untrusted RPC Interface. In Proceedings of the 18th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2013.

Digital Library

[25]

S. Checkoway and H. Shacham. Iago attacks: Why the system call api is a bad untrusted rpc interface. In Proceedings of the Eighteenth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2013.

Digital Library

[26]

G. Chen, S. Chen, Y. Xiao, Y. Zhang, Z. Lin, and T. H. Lai. Sgxpectre attacks: Stealing intel secrets from sgx enclaves via speculative execution. arXiv e-prints, 2018.

[27]

I. Corp. 10th Generation Intel Processors Core Families. https://www.intel.com/content/dam/www/public/us/en/documents/datasheets/10th-gen-core-families-datasheet-vol-1-datasheet.pdf. Accessed: May, 2020.

[28]

I. Corp. Intel Software Guard Extensions (Intel SGX). https://software.intel.com/en-us/sgx. Accessed: May, 2020.

[29]

I. Corporation. Intel nuc kits. Accessed: 28 May 2020.

[30]

V. Costan and S. Devadas. Intel SGX Explained. IACR Cryptology ePrint Archive, 2016.

[31]

D. Dolev and A. C. Yao. On the security of public key protocols. In Proceedings of the 22nd Annual Symposium on Foundations of Computer Science (SFCS), pages 350--357, 1981.

Digital Library

[32]

W. Du and Z. Zhan. Using randomized response techniques for privacy-preserving data mining. In Proceedings of the ninth international conference on Knowledge discovery and data mining (SIGKDD), 2003.

Digital Library

[33]

K. R. Foster, R. Koprowski, and J. D. Skufca. Machine learning, medical diagnosis, and biomedical engineering research-commentary. Biomedical engineering online, 2014.

[34]

M. Fredrikson, S. Jha, and T. Ristenpart. Model inversion attacks that exploit confidence information and basic countermeasures. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS), 2015.

Digital Library

[35]

Google. Google protocol buffers. https://developers.google.com/protocol-buffers/. Accessed: May, 2020.

[36]

J. C. Gordon. Microsoft azure confidential computing with intel sgx. Accessed: 28 May 2020.

[37]

J. Götzfried, M. Eckert, S. Schinzel, and T. Müller. Cache attacks on intel sgx. In Proceedings of the 10th European Workshop on Systems Security, 2017.

Digital Library

[38]

T. Graepel, K. Lauter, and M. Naehrig. Ml confidential: Machine learning on encrypted data. In Proceedings of the International Conference on Information Security and Cryptology, 2012.

[39]

F. Gregor, W. Ozga, S. Vaucher, R. Pires, D. L. Quoc, S. Arnautov, A. Martin, V. Schiavoni, P. Felber, and C. Fetzer. Trust Management as a Service: Enabling Trusted Execution in the Face of Byzantine Stakeholders. In Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2020.

[40]

K. Grover, S. Tople, S. Shinde, R. Bhagwan, and R. Ramjee. Privado: Practical and secure dnn inference with enclaves. 2018.

[41]

H. S. Gunawi, M. Hao, T. Leesatapornwongsa, T. Patana-anake, T. Do, J. Adityatama, K. J. Eliazar, A. Laksono, J. F. Lukman, V. Martin, and A. D. Satria. What Bugs Live in the Cloud? A Study of 3000+ Issues in Cloud Systems. In Proceedings of the ACM Symposium on Cloud Computing (SoCC), 2014.

Digital Library

[42]

M. Hähnel, W. Cui, and M. Peinado. High-resolution side channels for untrusted operating systems. In Proceedings of the USENIX Annual Technical Conference (ATC), 2017.

Digital Library

[43]

K. He, X. Zhang, S. Ren, and J. Sun. Deep residual learning for image recognition. In Proceedings of the IEEE conference on computer vision and pattern recognition, 2016.

[44]

B. Hitaj, G. Ateniese, and F. Perez-Cruz. Deep models under the gan: Information leakage from collaborative deep learning. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS), 2017.

Digital Library

[45]

G. Huang, Z. Liu, L. Van Der Maaten, and K. Q. Weinberger. Densely connected convolutional networks. In Proceedings of the IEEE conference on computer vision and pattern recognition, 2017.

[46]

T. Hunt, C. Song, R. Shokri, V. Shmatikov, and E. Witchel. Chiron: Privacy-preserving machine learning as a service. CoRR, 2018.

[47]

I. Jang, A. Tang, T. Kim, S. Sethumadhavan, and J. Huh. Heterogeneous isolated execution for commodity gpus. In Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2019.

Digital Library

[48]

C. Juvekar, V. Vaikuntanathan, and A. Chandrakasan. Gazelle: A low latency framework for secure neural network inference. In Proceedings of the 27th USENIX Conference on Security Symposium (USENIX Security), 2018.

[49]

P. Karnati. Data-in-use protection on ibm cloud using intel sgx. Accessed: 28 May 2020.

[50]

P. Kocher, J. Horn, A. Fogh, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp, S. Mangard, T. Prescher, M. Schwarz, and Y. Yarom. Spectre Attacks: Exploiting Speculative Execution. In 40th IEEE Symposium on Security and Privacy (S&P), 2019.

[51]

R. Krahn, D. Dragoti, F. Gregor, D. Le Quoc, V. Schiavoni, P. Felber, C. Souza, A. Brito, and C. Fetzer. TEEMon: A continuous performance monitoring framework for TEEs. In Proceedings of the 21th International Middleware Conference (Middleware), 2020.

Digital Library

[52]

R. Krahn, B. Trach, A. Vahldiek-Oberwagner, T. Knauth, P. Bhatotia, and C. Fetzer. Pesos: Policy enhanced secure object store. In Proceedings of the Thirteenth EuroSys Conference (EuroSys), 2018.

Digital Library

[53]

A. Krizhevsky and G. Hinton. Learning multiple layers of features from tiny images. Technical report, Citeseer, 2009.

[54]

N. Kumar, M. Rathee, N. Chandran, D. Gupta, A. Rastogi, and R. Sharma. CrypTFlow: Secure TensorFlow Inference. In IEEE Symposium on Security and Privacy (S&P), 2020.

[55]

R. Kunkel, D. L. Quoc, F. Gregor, S. Arnautov, P. Bhatotia, and C. Fetzer. TensorSCONE: A Secure TensorFlow Framework using Intel SGX. arXiv preprint arXiv:1902.04413, 2019.

[56]

D. Kuvaiskii, O. Oleksenko, S. Arnautov, B. Trach, P. Bhatotia, P. Felber, and C. Fetzer. SGXBOUNDS: Memory Safety for Shielded Execution. In Proceedings of the 12th ACMEuropean Conference on Computer Systems (EuroSys), 2017.

Digital Library

[57]

D. Le Quoc, F. Gregor, J. Singh, and C. Fetzer. Sgx-pyspark: Secure distributed data analytics. In Proceedings of the World Wide Web Conference (WWW), 2019.

Digital Library

[58]

Y. LeCun and C. Cortes. MNIST handwritten digit database. 2010.

[59]

N. D. Matsakis and F. S. Klock, II. The rust language. In Proceedings of the 2014 ACM SIGAda Annual Conference on High Integrity Language Technology, HILT '14, 2014.

Digital Library

[60]

B. McMahan, E. Moore, D. Ramage, S. Hampson, and B. A. y Arcas. Communication-Efficient Learning of Deep Networks from Decentralized Data. In Proceedings of the 20th International Conference on Artificial Intelligence and Statistics, 2017.

[61]

D. Merkel. Docker: lightweight linux containers for consistent development and deployment. Linux Journal, 2014.

[62]

P. Mishra, R. Lehmkuhl, A. Srinivasan, W. Zheng, and R. A. Popa. Delphi: A cryptographic inference service for neural networks. In 29th USENIX Security Symposium ( USENIXSecurity), 2020.

[63]

S. Mofrad, F. Zhang, S. Lu, and W. Shi. A comparison study of Intel SGX and AMD memory encryption technology. In Proceedings of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy, 2018.

Digital Library

[64]

P. Mohassel and Y. Zhang. Secureml: A system for scalable privacy-preserving machine learning. In 2017 IEEE Symposium on Security and Privacy (S&P), 2017.

[65]

O. Ohrimenko, F. Schuster, C. Fournet, A. Mehta, S. Nowozin, K. Vaswani, and M. Costa. Oblivious multi-party machine learning on trusted processors. In Proceedings of the 25th USENIX Security Symposium (USENIX Security), 2016.

Digital Library

[66]

O. Oleksenko, D. Kuvaiskii, P. Bhatotia, P. Felber, and C. Fetzer. Intel MPX Explained: A Cross-layer Analysis of the Intel MPX System Stack. Proceedings of the ACM on Measurement and Analysis of Computing Systems, 2018.

Digital Library

[67]

O. Oleksenko, B. Trach, R. Krahn, M. Silberstein, and C. Fetzer. Varys: Protecting SGX enclaves from practical side-channel attacks. In Proceedings of the USENIX Annual Technical Conference (USENIX ATC), 2018.

[68]

R. Oppliger. SSL and TLS: Theory and Practice. Artech House, 2016.

[69]

M. Orenbach, M. Minkin, P. Lifshits, and M. Silberstein. Eleos: Exit-Less OS services for SGX enclaves. In Proceedings of the 12th ACM European ACM Conference in Computer Systems (EuroSys), 2017.

Digital Library

[70]

W. Ozga, D. Le Quoc, and C. Fetzer. A practical approach for updating an integrity-enforced operating system. In Proceedings of the 21th International Middleware Conference (Middleware), 2020.

Digital Library

[71]

B. Parno, J. R. Lorch, J. R. Douceur, J. Mickens, and J. M. McCune. Memoir: Practical state continuity for protected modules. In Proceedings of the 32nd IEEE Symposium on Security and Privacy (S&P), 2011.

Digital Library

[72]

R. Pires, D. Goltzsche, S. B. Mokhtar, S. Bouchenak, A. Boutet, P. Felber, R. Kapitza, M. Pasin, and V. Schiavoni. CYCLOSA: decentralizing private web search through sgx-based browser extensions. In 38th IEEE International Conference on Distributed Computing Systems(ICDCS), 2018.

[73]

D. L. Quoc, M. Beck, P. Bhatotia, R. Chen, C. Fetzer, and T. Strufe. PrivApprox: Privacy-Preserving Stream Analytics. In Proceedings of the 2017 USENIX Annual Technical Conference (USENIX ATC), 2017.

Digital Library

[74]

N. Santos, K. P. Gummadi, and R. Rodrigues. Towards Trusted Cloud Computing. In Proceedings of the 1st USENIX Workshop on Hot Topics in Cloud Computing (HotCloud), 2009.

Digital Library

[75]

N. Santos, R. Rodrigues, K. P. Gummadi, and S. Saroiu. Policy-sealed data: A new abstraction for building trusted cloud services. In Proceedings of the 21st USENIX Security Symposium, 2012.

Digital Library

[76]

V. A. Sartakov, S. Brenner, S. Ben Mokhtar, S. Bouchenak, G. Thomas, and R. Kapitza. Eactors: Fast and flexible trusted computing using sgx. In Proceedings of the 19th International Middleware Conference (Middleware), 2018.

Digital Library

[77]

F. Schuster, M. Costa, C. Gkantsidis, M. Peinado, G. Mainar-ruiz, and M. Russinovich. VC3: Trustworthy Data Analytics in the Cloud using SGX. In Proceedings of the 36th IEEE Symposium on Security and Privacy (S&P), 2015.

Digital Library

[78]

S. Shinde, D. Tien, S. Tople, and P. Saxena. Panoply: Low-tcb linux applications with sgx enclaves. In Proceedings of the Annual Network and Distributed System Security Symposium (NDSS), page 12, 2017.

[79]

O. Simeone. A brief introduction to machine learning for engineers. arXiv preprint arXiv:1709.02840, 2017.

[80]

L. Soares and M. Stumm. FlexSC: Flexible System Call Scheduling with Exception-less System Calls. In Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2010.

Digital Library

[81]

C. Szegedy, S. Ioffe, V. Vanhoucke, and A. A. Alemi. Inception-v4, inception-resnet and the impact of residual connections on learning. In Proceedings of the 31th AAAI Conference on Artificial Intelligence (AAAI), 2017.

[82]

C. Szegedy, V. Vanhoucke, S. Ioffe, J. Shlens, and Z. Wojna. Rethinking the inception architecture for computer vision. In Proceedings of the IEEE conference on computer vision and pattern recognition, 2016.

[83]

Y. Taigman, M. Yang, M. Ranzato, and L. Wolf. Deepface: Closing the gap to human-level performance in face verification. In Proceedings of the IEEE conference on computer vision and pattern recognition, 2014.

Digital Library

[84]

S. Tallam, C. Coutant, I. L. Taylor, X. D. Li, and C. Demetriou. Safe icf: Pointer safe and unwinding aware identical code folding in gold. In GCC Developers Summit, 2010.

[85]

B. Trach, R. Faqeh, O. Oleksenko, W. Ozga, P. Bhatotia, and C. Fetzer. T-lease: A trusted lease primitive for distributed systems. In ACM Symposium on Cloud Computing 2020 (SoCC), 2020.

Digital Library

[86]

B. Trach, A. Krohmer, S. Arnautov, F. Gregor, P. Bhatotia, and C. Fetzer. Slick: Secure Middleboxes using Shielded Execution. 2017.

[87]

B. Trach, A. Krohmer, F. Gregor, S. Arnautov, P. Bhatotia, and C. Fetzer. ShieldBox: Secure Middleboxes using Shielded Execution. In Proceedings of the ACM SIGCOMM Symposium on SDN Research (SOSR), 2018.

Digital Library

[88]

B. Trach, O. Oleksenko, F. Gregor, P. Bhatotia, and C. Fetzer. Clemmys: Towards secure remote execution in faas. In 12th ACM International Conference on Systems and Storage (SYSTOR), 2019.

Digital Library

[89]

F. Tramèr and D. Boneh. Slalom: Fast, verifiable and private execution of neural networks in trusted hardware. In 7th International Conference on Learning Representations (ICLR), 2019.

[90]

C.-C. Tsai, D. E. Porter, and M. Vij. Graphene-SGX: A practical library OS for unmodified applications on SGX. In Proceedings of the USENIX Annual Technical Conference (USENIX ATC), 2017.

Digital Library

[91]

A. Vahldiek-Oberwagner, E. Elnikety, A. Mehta, D. Garg, P. Druschel, R. Rodrigues, J. Gehrke, and A. Post. Guardat: Enforcing data policies at the storage layer. In Proceedings of the 10th ACM European Conference on Computer Systems (EuroSys), 2015.

Digital Library

[92]

J. Van Bulck, M. Minkin, O. Weisse, D. Genkin, B. Kasikci, F. Piessens, M. Silberstein, T. F. Wenisch, Y. Yarom, and R. Strackx. Foreshadow: Extracting the keys to the Intel SGX kingdom with transient out-of-order execution. In Proceedings of the 27th USENIX Security Symposium (USENIX Security), 2018.

[93]

J. Van Bulck, M. Minkin, O. Weisse, D. Genkin, B. Kasikci, F. Piessens, M. Silberstein, T. F. Wenisch, Y. Yarom, and R. Strackx. Foreshadow: Extracting the keys to the intel sgx kingdom with transient out-of-order execution. In Proceedings of the 27th USENIX Security Symposium (USENIX Security), 2018.

[94]

S. Volos, K. Vaswani, and R. Bruno. Graviton: Trusted execution environments on gpus. In Proceedings of the 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2018.

[95]

W. Wang, G. Chen, X. Pan, Y. Zhang, X. Wang, V. Bindschaedler, H. Tang, and C. A. Gunter. Leaky cauldron on the dark land: Understanding memory side-channel hazards in sgx. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS), 2017.

Digital Library

[96]

O. Weisse, J. Van Bulck, M. Minkin, D. Genkin, B. Kasikci, F. Piessens, M. Silberstein, R. Strackx, T. F. Wenisch, and Y. Yarom. Foreshadow-NG: Breaking the virtual memory abstraction with transient out-of-order execution. Technical report, 2018. See also USENIX Security paper Foreshadow [93].

[97]

B. Xu, N. Wang, T. Chen, and M. Li. Empirical evaluation of rectified activations in convolutional network. arXiv preprint arXiv:1505.00853, 2015.

[98]

Y. Xu, W. Cui, and M. Peinado. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In Proceedings of the 36th IEEE Symposium on Security and Privacy (S&P), 2015.

Digital Library

[99]

A. Zaytsev and A. Zaytsev. Openvino toolkit. =https://software.intel.com/content/www/us/en/develop/articles/openvino-relnotes.html. Accessed: 28 May 2020.

[100]

W. Zheng, A. Dave, J. G. Beekman, R. A. Popa, J. E. Gonzalez, and I. Stoica. Opaque: An Oblivious and Encrypted Distributed Analytics Platform. In Proceedings of the 14th USENIX Symposium on Networked Systems Design and Implementation (NSDI), 2017.

Digital Library

Cited By

Ling PSheikh U(2024)Secure Deep Learning Inference with Intel SGX on Intel Ice Lake-SP Xeon Processor2024 10th International Conference on Smart Computing and Communication (ICSCC)10.1109/ICSCC62041.2024.10690574(55-59)Online publication date: 25-Jul-2024
https://doi.org/10.1109/ICSCC62041.2024.10690574
Li YZeng DGut LGuo SZomaya A(2024)DNN Partitioning and Assignment for Distributed Inference in SGX Empowered Edge Cloud2024 IEEE 44th International Conference on Distributed Computing Systems (ICDCS)10.1109/ICDCS60910.2024.00065(635-644)Online publication date: 23-Jul-2024
https://doi.org/10.1109/ICDCS60910.2024.00065
Rocha IFelber PMartorel XPasin MSchiavoni VUnsal O(2024)Combining Asynchronous Task Parallelism and Intel SGX for Secure Deep Learning : (Practical Experience Report)2024 19th European Dependable Computing Conference (EDCC)10.1109/EDCC61798.2024.00029(97-102)Online publication date: 8-Apr-2024
https://doi.org/10.1109/EDCC61798.2024.00029
Show More Cited By

Index Terms

secureTF: A Secure TensorFlow Framework

Index terms have been assigned to the content through auto-classification.

Recommendations

Trustworthy confidential virtual machines for the masses
Middleware '23: Proceedings of the 24th International Middleware Conference

Confidential computing alleviates the concerns of distrustful customers by removing the cloud provider from their trusted computing base and resolves their disincentive to migrate their workloads to the cloud. This is facilitated by new hardware ...
Hecate: Lifting and Shifting On-Premises Workloads to an Untrusted Cloud
CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

Despite the recent exponential growth in cloud adoption, businesses that handle sensitive data (e.g., health and financial sectors) are hesitant to migrate their on-premises IT infrastructure to the public cloud due to the lack of trust on the cloud ...
TwinVisor: Hardware-isolated Confidential Virtual Machines for ARM
SOSP '21: Proceedings of the ACM SIGOPS 28th Symposium on Operating Systems Principles

Confidential VM, which offers an isolated execution environment for cloud tenants with limited trust in the cloud provider, has recently been deployed in major clouds such as AWS and Azure. However, while ARM has become increasingly popular in cloud ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

Middleware '20: Proceedings of the 21st International Middleware Conference

December 2020

455 pages

ISBN:9781450381536

DOI:10.1145/3423211

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 December 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

Middleware '20

Sponsor:

ACM

Middleware '20: 21st International Middleware Conference

December 7 - 11, 2020

Delft, Netherlands

Acceptance Rates

Overall Acceptance Rate 203 of 948 submissions, 21%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

27
Total Citations
View Citations
868
Total Downloads

Downloads (Last 12 months)104
Downloads (Last 6 weeks)5

Reflects downloads up to 10 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Ling PSheikh U(2024)Secure Deep Learning Inference with Intel SGX on Intel Ice Lake-SP Xeon Processor2024 10th International Conference on Smart Computing and Communication (ICSCC)10.1109/ICSCC62041.2024.10690574(55-59)Online publication date: 25-Jul-2024
https://doi.org/10.1109/ICSCC62041.2024.10690574
Li YZeng DGut LGuo SZomaya A(2024)DNN Partitioning and Assignment for Distributed Inference in SGX Empowered Edge Cloud2024 IEEE 44th International Conference on Distributed Computing Systems (ICDCS)10.1109/ICDCS60910.2024.00065(635-644)Online publication date: 23-Jul-2024
https://doi.org/10.1109/ICDCS60910.2024.00065
Rocha IFelber PMartorel XPasin MSchiavoni VUnsal O(2024)Combining Asynchronous Task Parallelism and Intel SGX for Secure Deep Learning : (Practical Experience Report)2024 19th European Dependable Computing Conference (EDCC)10.1109/EDCC61798.2024.00029(97-102)Online publication date: 8-Apr-2024
https://doi.org/10.1109/EDCC61798.2024.00029
Krauß TGötz RDmitrienko A(2024)Security of NVMe Offloaded Data in Large-Scale Machine LearningComputer Security – ESORICS 202310.1007/978-3-031-51482-1_8(143-163)Online publication date: 11-Jan-2024
https://doi.org/10.1007/978-3-031-51482-1_8
Gao HYue CDinh THuang ZOoi B(2023)Enabling Secure and Efficient Data Analytics Pipeline Evolution with Trusted Execution EnvironmentProceedings of the VLDB Endowment10.14778/3603581.360358916:10(2485-2498)Online publication date: 8-Aug-2023
https://dl.acm.org/doi/10.14778/3603581.3603589
Mann ZWeinert CChabal DBos J(2023)Towards Practical Secure Neural Network Inference: The Journey So Far and the Road AheadACM Computing Surveys10.1145/3628446Online publication date: 18-Oct-2023
https://dl.acm.org/doi/10.1145/3628446
Briongos SKarame GSoriente CWilde A(2023)No Forking Way: Detecting Cloning Attacks on Intel SGX ApplicationsProceedings of the 39th Annual Computer Security Applications Conference10.1145/3627106.3627187(744-758)Online publication date: 4-Dec-2023
https://dl.acm.org/doi/10.1145/3627106.3627187
Paju AJaved MNurmi JSavimäki JMcGillion BBrumley B(2023)SoK: A Systematic Review of TEE Usage for Developing Trusted ApplicationsProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3600169(1-15)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3600169
Will NMaziero C(2023)Intel Software Guard Extensions Applications: A SurveyACM Computing Surveys10.1145/359302155:14s(1-38)Online publication date: 17-Jul-2023
https://dl.acm.org/doi/10.1145/3593021
Yuhala PFelber PGuiroux HLozi JTchana ASchiavoni VThomas G(2023)SecVProceedings of the 24th International Middleware Conference10.1145/3590140.3629116(207-219)Online publication date: 27-Nov-2023
https://dl.acm.org/doi/10.1145/3590140.3629116
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten