ABSTRACT
Deep-learning (DL) is receiving huge attention as enabling techniques for emerging mobile and IoT applications. It is a common practice to conduct DNN model-based inference using cloud services due to their high computation and memory cost. However, such a cloud-offloaded inference raises serious privacy concerns. Malicious external attackers or untrustworthy internal administrators of clouds may leak highly sensitive and private data such as image, voice and textual data. In this paper, we propose Occlumency, a novel cloud-driven solution designed to protect user privacy without compromising the benefit of using powerful cloud resources. Occlumency leverages secure SGX enclave to preserve the confidentiality and the integrity of user data throughout the entire DL inference process. DL inference in SGX enclave, however, impose a severe performance degradation due to limited physical memory space and inefficient page swapping. We designed a suite of novel techniques to accelerate DL inference inside the enclave with a limited memory size and implemented Occlumency based on Caffe. Our experiment with various DNN models shows that Occlumency improves inference speed by 3.6x compared to the baseline DL inference in SGX and achieves a secure DL inference within 72% of latency overhead compared to inference in the native environment.
- General Data Protection Regulation. Retrieved July 18, 2019 from https://eugdpr.orgGoogle Scholar
- Monsoon Power Monitor. Retrieved July 18, 2019 from https://www. msoon.com/online-storeGoogle Scholar
- ONNX Open Source Model Zoo. Retrieved July 18, 2019 from https: //github.com/onnx/modelsGoogle Scholar
- The Microsoft Cognitive Toolkit. Retrieved July 18, 2019 from https: //www.microsoft.com/en-us/cognitive-toolkitGoogle Scholar
- TP-Link AC1900. Retrieved July 18, 2019 from https://www.tplink. com/us/products/details/cat-9_Archer-C9.htmlGoogle Scholar
- Protocol Buffers. Retrieved July 18, 2019 from http://code.google.com/ apis/protocolbuffers/Google Scholar
- ARM Security Technology: Building a Secure System using TrustZone® Technology. http://infocenter.arm.com/ help/topic/com.arm.doc.prd29-genc-009492c/PRD29-GENC- 009492C_trustzone_security_whitepaper.pdfGoogle Scholar
- xxHash. Retrieved July 18, 2019 from https://cyan4973.github.io/ xxHash/Google Scholar
- Intel Software Guard Extensions (Intel SGX). Retrieved July 18, 2019 from https://software.intel.com/en-us/sgxGoogle Scholar
- Intel Software Guard Extensions (Intel SGX) SDK. Retrieved July 18, 2019 from https://software.intel.com/en-us/sgx-sdkGoogle Scholar
- Caffe Model Zoo. Retrieved July 18, 2019 from http://caffe. berkeleyvision.org/model_zoo.htmlGoogle Scholar
- OpenBLAS. Retrieved July 18, 2019 from https://www.openblas.net/Google Scholar
- Keystone Enclave: An Open-Source Secure Enclave for RISC-V. Retrieved July 18, 2019 from https://docs.keystone-enclave.org/en/latest/Google Scholar
- TensorFlow: An open source machine learning framework for everyone. Retrieved July 18, 2019 from https://www.tensorflow.org/Google Scholar
- Facebook Security Breach Exposes Accounts of 50 Million Users. Retrieved July 18, 2019 from https://www.nytimes.com/2018/09/28/ technology/facebook-hack-data-breach.htmlGoogle Scholar
- Google Cloud TPU. Retrieved July 18, 2019 from https://cloud.google. com/tpuGoogle Scholar
- Huawei Kirin 970 - HiSilicon. Retrieved July 18, 2019 from https: //en.wikichip.org/wiki/hisilicon/kirin/970Google Scholar
- Microsoft Azure Cognitive Services. Retrieved July 18, 2019 from https://azure.microsoft.com/en-us/services/cognitive-services/Google Scholar
- Dakshi Agrawal and Charu C. Aggarwal. 2001. On the Design and Quantification of Privacy Preserving Data Mining Algorithms. In Proceedings of the Twentieth ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems (PODS '01). ACM, New York, NY, USA, 247--255. https://doi.org/10.1145/375551.375602Google Scholar
- Hany Hassan amd Anthony Aue, Chang Chen, Vishal Chowdhary, Jonathan Clark, Christian Federmann, Marcin Junczys-Dowmunt Xuedong Huang, William Lewis, Mu Li, Shujie Liu, Tie-Yan Liu, Renqian Luo, Arul Menezes, Tao Qin, Frank Seide, Xu Tan, Fei Tian, Lijun Wu, ShuangzhiWu, Yingce Xia, Dongdong Zhang, Zhirui Zhang, and Ming Zhou. 2018. Achieving Human Parity on Automatic Chinese to English News Translation. (March 2018). https://www.microsoft.com/enus/ research/uploads/prod/2018/03/final-achieving-human.pdfGoogle Scholar
- Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O'Keeffe, Mark L. Stillwell, David Goltzsche, David Eyers, Rüdiger Kapitza, Peter Pietzuch, and Christof Fetzer. 2016. SCONE: Secure Linux Containers with Intel SGX. In Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation (OSDI'16). USENIX Association, Berkeley, CA, USA, 689--703. http://dl.acm.org/ citation.cfm?id=3026877.3026930Google ScholarDigital Library
- Ferdinand Brasser, Urs Müller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. 2017. Software Grand Exposure: SGX Cache Attacks Are Practical. CoRR abs/1702.07521 (2017). arXiv:1702.07521 http://arxiv.org/abs/1702.07521Google Scholar
- Kumar Chellapilla, Sidd Puri, and Patrice Simard. 2006. High Performance Convolutional Neural Networks for Document Processing. In Tenth International Workshop on Frontiers in Handwriting Recognition, Guy Lorette (Ed.). Université de Rennes 1, Suvisoft, La Baule (France). https://hal.inria.fr/inria-00112631Google Scholar
- Minsik Cho and Daniel Brand. 2017. MEC: Memory-efficient Convolution for Deep Neural Network. In Proceedings of the 34th International Conference on Machine Learning (ICML '17), Vol. 70. PMLR, Sydney, NSW, Australia, 815--824. http://proceedings.mlr.press/v70/cho17a. htmlGoogle Scholar
- Victor Costan and Srinivas Devadas. 2016. Intel SGX Explained. IACR Cryptology ePrint Archive (2016), 86. http://eprint.iacr.org/2016/086Google Scholar
- Victor Costan, Ilia A. Lebedev, and Srinivas Devadas. 2016. Sanctum: Minimal Hardware Extensions for Strong Software Isolation. In 25th USENIX Security Symposium (USENIX Security '16). USENIX Association, Austin, TX, 857--874. https://www.usenix.org/conference/ usenixsecurity16/technical-sessions/presentation/costanGoogle Scholar
- Tom Woller David Kaplan, Jeremy Powell. AMD memory encryption. http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/ 2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdfGoogle Scholar
- Ran Gilad-Bachrach, Nathan Dowlin, Kim Laine, Kristin Lauter, Michael Naehrig, and John Wernsing. 2016. CryptoNets: Applying Neural Networks to Encrypted Data with High Throughput and Accuracy. In Proceedings of The 33rd International Conference on Machine Learning (ICML '16), Vol. 48. PMLR, New York, NY, USA, 201--210. http://proceedings.mlr.press/v48/gilad-bachrach16.htmlGoogle Scholar
- Yunchao Gong, Liu Liu, Ming Yang, and Lubomir D. Bourdev. 2014. Compressing Deep Convolutional Networks using Vector Quantization. CoRR abs/1412.6115 (2014). arXiv:1412.6115 http://arxiv.org/abs/ 1412.6115Google Scholar
- Johannes Götzfried, Moritz Eckert, Sebastian Schinzel, and Tilo Müller. 2017. Cache Attacks on Intel SGX. In Proceedings of the 10th European Workshop on Systems Security (EuroSec'17). ACM, New York, NY, USA, Article 2, 6 pages. https://doi.org/10.1145/3065913.3065915Google ScholarDigital Library
- Zhongshu Gu, Heqing Huang, Jialong Zhang, Dong Su, Ankita Lamba, Dimitrios Pendarakis, and Ian Molloy. 2018. Securing Input Data of Deep Learning Inference Systems via Partitioned Enclave Execution. CoRR abs/1807.00969 (2018). arXiv:1807.00969 http://arxiv.org/abs/ 1807.00969Google Scholar
- Shay Gueron. A Memory Encryption Engine Suitable for General Purpose Processors. Cryptology ePrint Archive, Report 2016/204. https://eprint.iacr.org/2016/204Google Scholar
- Marcus Hähnel, Weidong Cui, and Marcus Peinado. 2017. High- Resolution Side Channels for Untrusted Operating Systems. In 2017 USENIX Annual Technical Conference (ATC '17). USENIX Association, Santa Clara, CA, 299--312. https://www.usenix.org/conference/atc17/ technical-sessions/presentation/hahnelGoogle Scholar
- Song Han, Huizi Mao, and William J. Dally. 2015. Deep Compression: Compressing Deep Neural Network with Pruning, Trained Quantization and Huffman Coding. CoRR abs/1510.00149 (2015). arXiv:1510.00149 http://arxiv.org/abs/1510.00149Google Scholar
- Song Han, Jeff Pool, John Tran, and William J. Dally. 2015. Learning both Weights and Connections for Efficient Neural Network. In Advances in Neural Information Processing Systems 28 (NIPS '15). Curran Associates, Inc., Montreal, Quebec, Canada, 1135-- 1143. http://papers.nips.cc/paper/5784-learning-both-weights-andconnections- for-efficient-neural-networkGoogle Scholar
- Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. 2016. Deep Residual Learning for Image Recognition. In 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR '16). Las Vegas, NV, USA, 770--778. https://doi.org/10.1109/CVPR.2016.90Google Scholar
- Ehsan Hesamifard, Hassan Takabi, and Mehdi Ghasemi. 2017. CryptoDL: Deep Neural Networks over Encrypted Data. CoRR abs/1711.05189 (2017). arXiv:1711.05189 http://arxiv.org/abs/1711. 05189Google Scholar
- Tyler Highlander and Andres Rodriguez. 2016. Very Efficient Training of Convolutional Neural Networks using Fast Fourier Transform and Overlap-and-Add. CoRR abs/1601.06815 (2016). arXiv:1601.06815 http://arxiv.org/abs/1601.06815Google Scholar
- Andrew G. Howard, Menglong Zhu, Bo Chen, Dmitry Kalenichenko, Weijun Wang, Tobias Weyand, Marco Andreetto, and Hartwig Adam. 2017. MobileNets: Efficient Convolutional Neural Networks for Mobile Vision Applications. CoRR abs/1704.04861 (2017). arXiv:1704.04861 http://arxiv.org/abs/1704.04861Google Scholar
- Jie Hu, Li Shen, and Gang Sun. 2018. Squeeze-and-Excitation Networks. In 2018 IEEE Conference on Computer Vision and Pattern Recognition (CVPR '18). Salt Lake City, UT, USA, 7132--7141. https://doi.org/10. 1109/CVPR.2018.00745Google Scholar
- Tyler Hunt, Congzheng Song, Reza Shokri, Vitaly Shmatikov, and Emmett Witchel. 2018. Chiron: Privacy-preserving Machine Learning as a Service. CoRR abs/1803.05961 (2018). arXiv:1803.05961 http: //arxiv.org/abs/1803.05961Google Scholar
- Tyler Hunt, Zhiting Zhu, Yuanzhong Xu, Simon Peter, and Emmett Witchel. 2016. Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data. In Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation (OSDI'16). USENIX Association, Berkeley, CA, USA, 533--549. http://dl.acm.org/citation. cfm?id=3026877.3026919Google Scholar
- Loc N. Huynh, Youngki Lee, and Rajesh Krishna Balan. 2017. DeepMon: Mobile GPU-based Deep Learning Framework for Continuous Vision Applications. In Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services (MobiSys '17). ACM, New York, NY, USA, 82--95. https://doi.org/10.1145/3081333.3081360Google ScholarDigital Library
- Forrest N. Iandola, Matthew W. Moskewicz, Khalid Ashraf, Song Han, William J. Dally, and Kurt Keutzer. 2016. SqueezeNet: AlexNet-level accuracy with 50x fewer parameters and <1MB model size. CoRR abs/1602.07360 (2016). arXiv:1602.07360 http://arxiv.org/abs/1602. 07360Google Scholar
- Max Jaderberg, Andrea Vedaldi, and Andrew Zisserman. 2014. Speeding up Convolutional Neural Networks with Low Rank Expansions. In Proceedings of the British Machine Vision Conference (BMVC '14). BMVA Press, Nottingham, UK. https://doi.org/10.5244/C.28.88Google ScholarCross Ref
- Yujie Ji, Xinyang Zhang, Shouling Ji, Xiapu Luo, and Ting Wang. 2018. Model-Reuse Attacks on Deep Learning Systems. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS '18). ACM, New York, NY, USA, 349--363. https://doi. org/10.1145/3243734.3243757Google ScholarDigital Library
- Yangqing Jia. 2014. Learning Semantic Image Representations at a Large Scale. Ph.D. Dissertation. University of California, Berkeley, USA. http://www.escholarship.org/uc/item/64c2v6snGoogle Scholar
- Yangqing Jia, Evan Shelhamer, Jeff Donahue, Sergey Karayev, Jonathan Long, Ross Girshick, Sergio Guadarrama, and Trevor Darrell. 2014. Caffe: Convolutional Architecture for Fast Feature Embedding. In Proceedings of the 22Nd ACM International Conference on Multimedia (MM '14). ACM, New York, NY, USA, 675--678. https://doi.org/10.1145/ 2647868.2654889Google ScholarDigital Library
- Yong-Deok Kim, Eunhyeok Park, Sungjoo Yoo, Taelim Choi, Lu Yang, and Dongjun Shin. 2015. Compression of Deep Convolutional Neural Networks for Fast and Low Power Mobile Applications. CoRR abs/1511.06530 (2015). arXiv:1511.06530 http://arxiv.org/abs/1511. 06530Google Scholar
- Alex Krizhevsky, Ilya Sutskever, and Geoffrey E. Hinton. 2012. ImageNet Classification with Deep Convolutional Neural Networks. In Advances in Neural Information Processing Systems 25 (NIPS '12). Curran Associates, Inc., Lake Tahoe, Nevada, USA, 1106-- 1114. http://papers.nips.cc/paper/4824-imagenet-classification-withdeep- convolutional-neural-networksGoogle ScholarDigital Library
- Nicholas D. Lane, Sourav Bhattacharya, Petko Georgiev, Claudio Forlivesi, Lei Jiao, Lorena Qendro, and Fahim Kawsar. 2016. DeepX: A Software Accelerator for Low-power Deep Learning Inference on Mobile Devices. In Proceedings of the 15th International Conference on Information Processing in Sensor Networks (IPSN '16). IEEE Press, Piscataway, NJ, USA, Article 23, 12 pages. http://dl.acm.org/citation.cfm? id=2959355.2959378Google ScholarDigital Library
- Andrew Lavin and Scott Gray. 2016. Fast Algorithms for Convolutional Neural Networks. In 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR '16). Las Vegas, NV, USA, 4013--4021. https: //doi.org/10.1109/CVPR.2016.435Google Scholar
- Kristen LeFevre, David J. DeWitt, and Raghu Ramakrishnan. 2005. Incognito: Efficient Full-domain K-anonymity. In Proceedings of the 2005 ACM SIGMOD International Conference on Management of Data (SIGMOD '05). ACM, New York, NY, USA, 49--60. https://doi.org/10. 1145/1066157.1066164Google ScholarDigital Library
- Meng Li, Liangzhen Lai, Naveen Suda, Vikas Chandra, and David Z. Pan. 2017. PrivyNet: A Flexible Framework for Privacy-Preserving Deep Neural Network Training with A Fine-Grained Privacy Control. CoRR abs/1709.06161 (2017). arXiv:1709.06161 http://arxiv.org/abs/ 1709.06161Google ScholarDigital Library
- Sinisa Matetic, Mansoor Ahmed, Kari Kostiainen, Aritra Dhar, David M. Sommer, Arthur Gervais, Ari Juels, and Srdjan Capkun. 2017. ROTE: Rollback Protection for Trusted Execution. In 26th USENIX Security Symposium (USENIX Security '17). USENIX Association, Vancouver, BC, 1289--1306. https://www.usenix.org/conference/usenixsecurity17/ technical-sessions/presentation/mateticGoogle Scholar
- Olga Ohrimenko, Felix Schuster, Cedric Fournet, Aastha Mehta, Sebastian Nowozin, Kapil Vaswani, and Manuel Costa. 2016. Oblivious Multi- Party Machine Learning on Trusted Processors. In 25th USENIX Security Symposium (USENIX Security '16). USENIX Association, Austin, TX, 619--636. https://www.usenix.org/conference/usenixsecurity16/ technical-sessions/presentation/ohrimenkoGoogle Scholar
- Oleksii Oleksenko, Bohdan Trach, Robert Krahn, Mark Silberstein, and Christof Fetzer. 2018. Varys: Protecting SGX Enclaves from Practical Side-Channel Attacks. In 2018 USENIX Annual Technical Conference (ATC '18). USENIX Association, Boston, MA, 227--240. https://www. usenix.org/conference/atc18/presentation/oleksenkoGoogle Scholar
- Maxime Oquab, Léon Bottou, Ivan Laptev, and Josef Sivic. 2014. Learning and Transferring Mid-level Image Representations Using Convolutional Neural Networks. In 2014 IEEE Conference on Computer Vision and Pattern Recognition (CVPR '14). Columbus, OH, USA, 1717--1724. https://doi.org/10.1109/CVPR.2014.222Google Scholar
- Seyed Ali Ossia, Ali Shahin Shamsabadi, Ali Taheri, Kleomenis Katevas, Hamid R. Rabiee, Nicholas D. Lane, and Hamed Haddadi. 2017. Privacy- Preserving Deep Inference for Rich User Data on The Cloud. CoRR abs/1710.01727 (2017). arXiv:1710.01727 http://arxiv.org/abs/1710. 01727Google Scholar
- Seyed Ali Ossia, Ali Shahin Shamsabadi, Ali Taheri, Hamid R. Rabiee, Nicholas D. Lane, and Hamed Haddadi. 2017. A Hybrid Deep Learning Architecture for Privacy-Preserving Mobile Analytics. CoRR abs/1703.02952 (2017). arXiv:1703.02952 http://arxiv.org/abs/1703. 02952Google Scholar
- Antonis Papadimitriou, Ranjita Bhagwan, Nishanth Chandran, Ramachandran Ramjee, Andreas Haeberlen, Harmeet Singh, Abhishek Modi, and Saikrishna Badrinarayanan. 2016. Big Data Analytics over Encrypted Datasets with Seabed. In Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation (OSDI'16). USENIX Association, Berkeley, CA, USA, 587--602. http://dl.acm.org/citation.cfm?id=3026877.3026922Google ScholarDigital Library
- Mohammad Rastegari, Vicente Ordonez, Joseph Redmon, and Ali Farhadi. 2016. XNOR-Net: ImageNet Classification Using Binary Convolutional Neural Networks. In Computer Vision - ECCV 2016 - 14th European Conference, Amsterdam, The Netherlands. Springer International Publishing, Cham, 525--542. https://doi.org/10.1007/978--3--319- 46493-0_32Google Scholar
- Joseph Redmon, Santosh Kumar Divvala, Ross B. Girshick, and Ali Farhadi. 2016. You Only Look Once: Unified, Real-Time Object Detection. In 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR '16). Las Vegas, NV, USA, 779--788. https://doi.org/10.1109/ CVPR.2016.91Google ScholarCross Ref
- Olga Russakovsky, Jia Deng, Hao Su, Jonathan Krause, Sanjeev Satheesh, Sean Ma, Zhiheng Huang, Andrej Karpathy, Aditya Khosla, Michael Bernstein, Alexander C. Berg, and Li Fei-Fei. 2015. ImageNet Large Scale Visual Recognition Challenge. International Journal of Computer Vision 115, 3 (2015), 211--252. https://doi.org/10.1007/s11263- 015-0816-yGoogle ScholarDigital Library
- Mark Sandler, Andrew G. Howard, Menglong Zhu, Andrey Zhmoginov, and Liang-Chieh Chen. 2018. MobileNetV2: Inverted Residuals and Linear Bottlenecks. In 2018 IEEE Conference on Computer Vision and Pattern Recognition (CVPR '18). Salt Lake City, UT, USA, 4510-- 4520. http://openaccess.thecvf.com/content_cvpr_2018/html/Sandler_ MobileNetV2_Inverted_Residuals_CVPR_2018_paper.htmlGoogle ScholarCross Ref
- Boris Schäling. 2011. The boost C++ libraries. Boris Schäling.Google Scholar
- Karen Simonyan and Andrew Zisserman. 2014. Very Deep Convolutional Networks for Large-Scale Image Recognition. CoRR abs/1409.1556 (2014). arXiv:1409.1556 http://arxiv.org/abs/1409.1556Google Scholar
- Christian Szegedy, Wei Liu, Yangqing Jia, Pierre Sermanet, Scott E. Reed, Dragomir Anguelov, Dumitru Erhan, Vincent Vanhoucke, and Andrew Rabinovich. 2015. Going deeper with convolutions. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR '15). Boston, MA, USA, 1--9. https://doi.org/10.1109/CVPR.2015.7298594Google ScholarCross Ref
- Cheng Tai, Tong Xiao, Xiaogang Wang, and Weinan E. 2015. Convolutional neural networks with low-rank regularization. CoRR abs/1511.06067 (2015). arXiv:1511.06067 http://arxiv.org/abs/1511. 06067Google Scholar
- Shruti Tople, Karan Grover, Shweta Shinde, Ranjita Bhagwan, and Ramachandran Ramjee. 2018. Privado: Practical and Secure DNN Inference. CoRR abs/1810.00602 (2018). arXiv:1810.00602 http://arxiv. org/abs/1810.00602Google Scholar
- Florian Tramèr and Dan Boneh. 2018. Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware. CoRR abs/1806.03287 (2018). arXiv:1806.03287 http://arxiv.org/abs/1806. 03287Google Scholar
- Stavros Volos, Kapil Vaswani, and Rodrigo Bruno. 2018. Graviton: Trusted Execution Environments on GPUs. In Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation (OSDI'18). USENIX Association, Berkeley, CA, USA, 681--696. http: //dl.acm.org/citation.cfm?id=3291168.3291219Google Scholar
- Endong Wang, Qing Zhang, Bo Shen, Guangyong Zhang, Xiaowei Lu, Qing Wu, and Yajuan Wang. 2014. Intel math kernel library. In High- Performance Computing on the Intel® Xeon Phi?. Springer, 167--188.Google Scholar
- Qian Wang, Xianyi Zhang, Yunquan Zhang, and Qing Yi. 2013. AUGEM: Automatically Generate High Performance Dense Linear Algebra Kernels on x86 CPUs. In Proceedings of the International Conference on High Performance Computing, Networking, Storage and Analysis (SC '13). ACM, New York, NY, USA, Article 25, 12 pages. https://doi.org/10.1145/2503210.2503219Google ScholarDigital Library
- Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, and Carl A. Gunter. 2017. Leaky Cauldron on the Dark Land: Understanding Memory Side- Channel Hazards in SGX. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS '17).ACM, New York, NY, USA, 2421--2434. https://doi.org/10.1145/3133956.3134038Google Scholar
- NicoWeichbrodt, Pierre-Louis Aublin, and Rüdiger Kapitza. 2018. Sgxperf: A Performance Analysis Tool for Intel SGX Enclaves. In Proceedings of the 19th International Middleware Conference (Middleware '18). ACM, New York, NY, USA, 201--213. https://doi.org/10.1145/3274808. 3274824Google Scholar
- Jiaxiang Wu, Cong Leng, Yuhang Wang, Qinghao Hu, and Jian Cheng. 2016. Quantized Convolutional Neural Networks for Mobile Devices. In 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR '16). Las Vegas, NV, USA, 4820--4828. https://doi.org/10.1109/ CVPR.2016.521Google Scholar
- Wayne Xiong, Lingfeng Wu, Fil Alleva, Jasha Droppo, Xuedong Huang, and Andreas Stolcke. 2017. The Microsoft 2017 Conversational Speech Recognition System [Technical Report]. (August 2017). https://www.microsoft.com/en-us/research/publication/ microsoft-2017-conversational-speech-recognition-system/Google Scholar
- Mengwei Xu, Jiawei Liu, Yuanqiang Liu, Felix Xiaozhu Lin, Yunxin Liu, and Xuanzhe Liu. 2019. A First Look at Deep Learning Apps on Smartphones. In The World Wide Web Conference (WWW '19). ACM, New York, NY, USA, 2125--2136. https://doi.org/10.1145/3308558.3313591Google ScholarDigital Library
- Mengwei Xu, Mengze Zhu, Yunxin Liu, Felix Xiaozhu Lin, and Xuanzhe Liu. 2018. DeepCache: Principled Cache for Mobile Deep Vision. In Proceedings of the 24th Annual International Conference on Mobile Computing and Networking (MobiCom '18). ACM, New York, NY, USA, 129--144. https://doi.org/10.1145/3241539.3241563Google ScholarDigital Library
- Yuanzhong Xu, Weidong Cui, and Marcus Peinado. 2015. Controlled- Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In 2015 IEEE Symposium on Security and Privacy (SP '15). San Jose, CA, USA, 640--656. https://doi.org/10.1109/SP.2015.45Google Scholar
- Jason Yosinski, Jeff Clune, Yoshua Bengio, and Hod Lipson. 2014. How transferable are features in deep neural networks?. In Advances in Neural Information Processing Systems 27 (NIPS '14). Curran Associates, Inc., Montreal, Quebec, Canada, 3320--3328. http://papers.nips.cc/paper/ 5347-how-transferable-are-features-in-deep-neural-networksGoogle Scholar
- Xiao Zeng, Kai Cao, and Mi Zhang. 2017. MobileDeepPill: A Small- Footprint Mobile Deep Learning System for Recognizing Unconstrained Pill Images. In Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services (MobiSys '17). ACM, New York, NY, USA, 56--67. https://doi.org/10.1145/3081333. 3081336Google ScholarDigital Library
- Jiyuan Zhang, Franz Franchetti, and Tze Meng Low. 2018. High Performance Zero-Memory Overhead Direct Convolutions. In Proceedings of the 35th International Conference on Machine Learning (ICML '18), Vol. 80. PMLR, Stockholmsmässan, Stockholm Sweden, 5776--5785. http://proceedings.mlr.press/v80/zhang18d.htmlGoogle Scholar
Index Terms
- Occlumency: Privacy-preserving Remote Deep-learning Inference Using SGX
Recommendations
TrustAV: Practical and Privacy Preserving Malware Analysis in the Cloud
CODASPY '20: Proceedings of the Tenth ACM Conference on Data and Application Security and PrivacyWhile the number of connected devices is constantly growing, we observe an increased incident rate of cyber attacks that target user data. Typically, personal devices contain the most sensitive information regarding their users, so there is no doubt ...
Consent-driven Data Reuse in Multi-tasking Crowdsensing Systems: A Privacy-by-Design Solution
AbstractMobile crowdsensing allows gathering massive data across time and space to feed our environmental knowledge, and to link such knowledge to user behavior. However, a major challenge facing mobile crowdsensing is to guarantee privacy ...
Graphical abstractDisplay Omitted
Highlights- Identifying the problem of defects in consent
Security Vulnerabilities of SGX and Countermeasures: A Survey
Invited TutorialTrusted Execution Environments (TEEs) have been widely used in many security-critical applications. The popularity of TEEs derives from its high security and trustworthiness supported by secure hardware. Intel Software Guard Extensions (SGX) is one of ...
Comments