GuaranTEE: Towards Attestable and Private ML with CCA

Sandra Siby, Sina Abdollahi, Mohammad Maheri, Marios Kogias, Hamed Haddadi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Machine-learning (ML) models are increasingly being deployed on edge devices to provide a variety of services. However, their deployment is accompanied by challenges in model privacy and auditability. Model providers want to ensure that (i) their proprietary models are not exposed to third parties; and (ii) be able to get attestations that their genuine models are operating on edge devices in accordance with the service agreement with the user. Existing measures to address these challenges have been hindered by issues such as high overheads and limited capability (processing/secure memory) on edge devices. In this work, we propose GuaranTEE, a framework to provide attestable private machine learning on the edge. GuaranTEE uses Confidential Computing Architecture (CCA), Arm’s latest architectural extension that allows for the creation and deployment of dynamic Trusted Execution Environments (TEEs) within which models can be executed. We evaluate CCA’s feasibility to deploy ML models by developing, evaluating, and openly releasing a prototype. We also suggest improvements to CCA to facilitate its use in protecting the entire ML deployment pipeline on edge devices.

Original languageEnglish (US)
Title of host publicationEuroMLSys 2024 - Proceedings of the 2024 4th Workshop on Machine Learning and Systems
PublisherAssociation for Computing Machinery, Inc
Pages1-9
Number of pages9
ISBN (Electronic)9798400705410
DOIs
StatePublished - Apr 22 2024
Event4th Workshop on Machine Learning and Systems, EuroMLSys 2024, held in conjunction with ACM EuroSys 2024 - Athens, Greece
Duration: Apr 22 2024 → …

Publication series

NameEuroMLSys 2024 - Proceedings of the 2024 4th Workshop on Machine Learning and Systems

Conference

Conference4th Workshop on Machine Learning and Systems, EuroMLSys 2024, held in conjunction with ACM EuroSys 2024
Country/TerritoryGreece
CityAthens
Period4/22/24 → …

Keywords

  • Attestation
  • Machine Learning
  • Security

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Computer Networks and Communications
  • Computer Science Applications
  • Hardware and Architecture
  • Human-Computer Interaction
  • Software
  • Information Systems

Fingerprint

Dive into the research topics of 'GuaranTEE: Towards Attestable and Private ML with CCA'. Together they form a unique fingerprint.

Cite this