Serdab: An IoT Framework for Partitioning Neural Networks Computation across Multiple Enclaves

  title={Serdab: An IoT Framework for Partitioning Neural Networks Computation across Multiple Enclaves},
  author={Tarek Elgamal and Klara Nahrstedt},
  journal={2020 20th IEEE/ACM International Symposium on Cluster, Cloud and Internet Computing (CCGRID)},
  • Tarek Elgamal, K. Nahrstedt
  • Published 1 May 2020
  • Computer Science
  • 2020 20th IEEE/ACM International Symposium on Cluster, Cloud and Internet Computing (CCGRID)
Recent advances in Deep Neural Networks (DNN) and Edge Computing have made it possible to automatically analyze streams of videos from home/security cameras over hierarchical clusters that include edge devices, close to the video source, as well as remote cloud compute resources. However, preserving the privacy and confidentiality of users' sensitive data as it passes through different devices remains a concern to most users. Private user data is subject to attacks by malicious attackers or… Expand
AegisDNN: Dependable and Timely Execution of DNN Tasks with SGX
With the rising demand for emerging DNN applications in safety-critical systems, much attention has been given to the reliability and trustworthiness of DNN inference output against maliciousExpand
InvisibleFL: Federated Learning over Non-Informative Intermediate Updates against Multimedia Privacy Leakages
A privacy-preserving solution that avoids multimedia privacy leakages in federated learning by devise a novel encryption scheme called Non-Informative Transformation (NIT) for federated aggregation to eliminates residual multimedia features in intermediate updates and propose Just-Learn-over-Ciphertext (JLoC) mechanism for federate learning. Expand
The Trusted Edge
As the past has shown, the most promising way to tackle Issue 1 is to foster an open edge computing ecosystem, which would attract investments from multiple parties while minimizing the individual risks. Expand
Identity-Aware Attribute Recognition via Real-Time Distributed Inference in Mobile Edge Clouds
Evaluation results show that the performance of the proposed algorithm with distributed inference framework is promising, by reaching the accuracies of attribute recognition and person identification up to 92.9% and 96% respectively, and significantly reducing the inference delay by at least 40.6% compared with existing methods. Expand
Know the Unknowns: Addressing Disturbances and Uncertainties in Autonomous Systems : Invited Paper
A cross-layer framework for modeling and mitigating execution uncertainties (e.g., timing violations, soft errors) with weakly-hard paradigm, quantitative and formal methods for ensuring safe and time-predictable application of neural networks in both perception and decision making, and safety-assured adaptation strategies in dynamic environment are introduced. Expand
Image reconstruction attacks on distributed machine learning models
This work shows that it is possible to carry out a black-box reconstruction attack by training a CNN based encoder-decoder architecture (reconstruction model) using image-IR pairs and shows that the proposed reconstruction model achieves a 70% similarity between the original image and the reconstructed image. Expand


Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware
Slalom is proposed, a framework that securely delegates execution of all linear layers in a DNN from a TEE to a faster, yet untrusted, co-located processor, for high performance execution of Deep Neural Networks in TEEs. Expand
Securing Input Data of Deep Learning Inference Systems via Partitioned Enclave Execution
DeepEnclave is developed, a privacy-enhancing system to mitigate sensitive information disclosure in deep learning inference pipelines and to partition deep learning models and leverage secure enclave techniques on cloud infrastructures to cryptographically protect the confidentiality and integrity of user inputs. Expand
Occlumency: Privacy-preserving Remote Deep-learning Inference Using SGX
This paper designed a suite of novel techniques to accelerate DL inference inside the enclave with a limited memory size and implemented Occlumency based on Caffe, a novel cloud-driven solution designed to protect user privacy without compromising the benefit of using powerful cloud resources. Expand
CryptoNets: applying neural networks to encrypted data with high throughput and accuracy
It is shown that the cloud service is capable of applying the neural network to the encrypted data to make encrypted predictions, and also return them in encrypted form, which allows high throughput, accurate, and private predictions. Expand
Neurosurgeon: Collaborative Intelligence Between the Cloud and Mobile Edge
Neurosurgeon, a lightweight scheduler to automatically partition DNN computation between mobile devices and datacenters at the granularity of neural network layers is designed, finding that a fine-grained, layer-level computation partitioning strategy based on the data and computation variations of each layer within a DNN has significant latency and energy advantages over the status quo approach. Expand
ECHO: An Adaptive Orchestration Platform for Hybrid Dataflows across Cloud and Edge
This work validates the \(\mathbb {ECHO}\) platform for executing video analytics and sensor streams for Smart Traffic and Smart Utility applications on Raspberry Pi, NVidia TX1, ARM64 and Azure Cloud VM resources, and presents the results. Expand
Chiron: Privacy-preserving Machine Learning as a Service
Evaluated Chiron is evaluated on popular deep learning models, focusing on benchmark image classification tasks such as CIFAR and ImageNet, and shows that its training performance and accuracy of the resulting models are practical for common uses of ML-as-a-service. Expand
The Case for VM-Based Cloudlets in Mobile Computing
The results from a proof-of-concept prototype suggest that VM technology can indeed help meet the need for rapid customization of infrastructure for diverse applications, and this article discusses the technical obstacles to these transformations and proposes a new architecture for overcoming them. Expand
Oblivious Neural Network Predictions via MiniONN Transformations
MiniONN is presented, the first approach for transforming an existing neural network to an oblivious neural network supporting privacy-preserving predictions with reasonable efficiency and it is shown that MiniONN outperforms existing work in terms of response latency and message sizes. Expand
Varys: Protecting SGX Enclaves from Practical Side-Channel Attacks
Varys fully protects against all L1/L2 cache timing attacks and significantly raises the bar for page table side-channel attacks and proposes a set of minor hardware extensions that hold the potential to extend Varies' security guarantees to L3 cache and further improve its performance. Expand