Title
DarkneTZ: Towards Model Privacy at the Edge using Trusted Execution Environments
Abstract
We present DarkneTZ, a framework that uses an edge device's Trusted Execution Environment (TEE) in conjunction with model partitioning to limit the attack surface against Deep Neural Networks (DNNs). Increasingly, edge devices (smartphones and consumer IoT devices) are equipped with pre-trained DNNs for a variety of applications. This trend comes with privacy risks as models can leak information about their training data through effective membership inference attacks (MIAs). We evaluate the performance of DarkneTZ, including CPU execution time, memory usage, and accurate power consumption, using two small and six large image classification models. Due to the limited memory of the edge device's TEE, we partition model layers into more sensitive layers (to be executed inside the device TEE), and a set of layers to be executed in the untrusted part of the operating system. Our results show that even if a single layer is hidden, we can provide reliable model privacy and defend against state of the art MIAs, with only 3% performance overhead. When fully utilizing the TEE, DarkneTZ provides model protections with up to 10% overhead.
Year
DOI
Venue
2020
10.1145/3386901.3388946
MobiSys '20: The 18th Annual International Conference on Mobile Systems, Applications, and Services Toronto Ontario Canada June, 2020
DocType
ISBN
Citations 
Conference
978-1-4503-7954-0
4
PageRank 
References 
Authors
0.50
0
7
Name
Order
Citations
PageRank
Fan Mo1627.64
Shamsabadi Ali Shahin240.50
Kleomenis Katevas3395.89
Demetriou Soteris440.50
Ilias Leontiadis576144.38
A. Cavallaro61938140.21
Hamed Haddadi722322.94