swMATH ID: 32567
Software Authors: Karan Grover, Shruti Tople, Shweta Shinde, Ranjita Bhagwan, Ramachandran Ramjee
Description: Privado: Practical and Secure DNN Inference with Enclaves. Cloud providers are extending support for trusted hardware primitives such as Intel SGX. Simultaneously, the field of deep learning is seeing enormous innovation as well as an increase in adoption. In this paper, we ask a timely question: ”Can third-party cloud services use Intel SGX enclaves to provide practical, yet secure DNN Inference-as-a-service?” We first demonstrate that DNN models executing inside enclaves are vulnerable to access pattern based attacks. We show that by simply observing access patterns, an attacker can classify encrypted inputs with 97
Homepage: https://arxiv.org/abs/1810.00602
Keywords: Cryptography and Security (cs.CR); Artificial Intelligence (cs.AI); Computer Vision and Pattern Recognition (cs.CV)
Related Software: PyTorch; SqueezeNet; Chiron; MLCapsule; DarkneTZ
Referenced in: 0 Publications