Privacy-preserving deep-learning framework based on a trusted execution environment

Abstract

Deep-learning (DL) is receiving huge attention as enabling techniques for emerging mobile and IoT applications. It is a common practice to conduct DNN model-based inference using cloud services due to their high computation and memory cost. However, such a cloud-offloaded inference raises serious privacy concerns. Malicious external attackers or untrustworthy internal administrators of clouds may leak highly sensitive and private data such as image, voice and textual data. In this paper, we propose Occlumency, a novel cloud-driven solution designed to protect user privacy without compromising the benefit of using powerful cloud resources to run highly-accurate large DNN models at low latency. Occlumency leverages secure SGX enclave to preserve the confidentiality and the integrity of user data throughout the entire DL inference process. DL inference in SGX enclave, however, impose a severe performance challenge. Our motivational study shows that a naive DL inference inside SGX is 6.4x slower compared to the native environment. To accelerate DL inference inside the enclave, we designed a suite of novel techniques to overcome the limited physical memory space and inefficient page swapping of the enclave, which are the leading causes of the performance degradation. We implemented Occlumency based on Caffe in both Linux and Windows environments. Our experiment with various DNN models shows that Occlumency improves inference speed by 3.6x compared to the baseline DL inference in SGX and achieves a secure DL inference within 72% of latency overhead compared to inference in the native environment.