Publications

BibTex format

@unpublished{Mo:2020,
author = {Mo, F and Shamsabadi, AS and Katevas, K and Demetriou, S and Leontiadis, I and Cavallaro, A and Haddadi, H},
publisher = {arXiv},
title = {DarkneTZ: towards model privacy at the edge using trusted execution  environments},
url = {http://arxiv.org/abs/2004.05703v1},
year = {2020}
}

Download

RIS format (EndNote, RefMan)

TY  - UNPB
AB  - We present DarkneTZ, a framework that uses an edge device's Trusted ExecutionEnvironment (TEE) in conjunction with model partitioning to limit the attacksurface against Deep Neural Networks (DNNs). Increasingly, edge devices(smartphones and consumer IoT devices) are equipped with pre-trained DNNs for avariety of applications. This trend comes with privacy risks as models can leakinformation about their training data through effective membership inferenceattacks (MIAs). We evaluate the performance of DarkneTZ, including CPUexecution time, memory usage, and accurate power consumption, using two smalland six large image classification models. Due to the limited memory of theedge device's TEE, we partition model layers into more sensitive layers (to beexecuted inside the device TEE), and a set of layers to be executed in theuntrusted part of the operating system. Our results show that even if a singlelayer is hidden, we can provide reliable model privacy and defend against stateof the art MIAs, with only 3% performance overhead. When fully utilizing theTEE, DarkneTZ provides model protections with up to 10% overhead.
AU  - Mo,F
AU  - Shamsabadi,AS
AU  - Katevas,K
AU  - Demetriou,S
AU  - Leontiadis,I
AU  - Cavallaro,A
AU  - Haddadi,H
PB  - arXiv
PY  - 2020///
TI  - DarkneTZ: towards model privacy at the edge using trusted execution  environments
UR  - http://arxiv.org/abs/2004.05703v1
UR  - http://hdl.handle.net/10044/1/78113
ER  -

Download

Professor Hamed Haddadi

Contact

Location

Summary

Citation

BibTex format

RIS format (EndNote, RefMan)