SlideShare a Scribd company logo

secureTF: A Secure TensorFlow Framework

LEGATO project, profile picture
LEGATO project

The document introduces SecureTF, a framework designed to ensure the confidentiality and integrity of machine learning data and models using Intel SGX technology. It addresses limitations of existing systems by supporting both training and inference while maintaining security and performance. The evaluation shows that SecureTF incurs only minimal overhead compared to native implementations, providing a transparent solution for unmodified TensorFlow applications.

Science
1 of 10
Download to read offline
1
2
3
4
5
6
7
8
9
10
1secureTF: A Secure TensorFlow Framework – Middleware 2020 1 secureTF: A Secure TensorFlow Framework Do Le Quoc, Franz Gregor, Sergei Arnautov, Roland Kunkel, Pramod Bhatotia, Christof Fetzer
2secureTF: A Secure TensorFlow Framework – Middleware 2020 2 Cloud Provider Motivation Data Clients Training Data Training Model Inference How to ensure confidentiality and integrity of data, code (e.g., Python code), model and computation with low performance overhead while retaining accuracy?
3secureTF: A Secure TensorFlow Framework – Middleware 2020 3 Application Application Libraries (Enclave) Hypervisor Container Engine Operating System Host SGX (Software Guard eXtensions) is a set of processor extensions for establishing a TEE inside an application Intel SGX Intel SGX protects the integrity and confidentiality of applications
4secureTF: A Secure TensorFlow Framework – Middleware 2020 4 Several works rely on Intel SGX to support secure machine learning: • Privado [Microsoft Research 2019] • Slalom [ICLR2019] • Occlumency [MobiCom19] • … State-of-the-art systems Limitations: • Focuses only for secure inferences, not for training computation • Does not support distributed setting • Supports only a limited number of operators
5secureTF: A Secure TensorFlow Framework – Middleware 2020 5 Cloud Provider User secureTF: Overview secureTF (Enclave) SGXTLS (1) Remote Attestation (2) Keys, certificate transferring (3) Computation results Data & Code Model
6secureTF: A Secure TensorFlow Framework – Middleware 2020 6 Clients Cloud Provider Data User TLS Attestation & policy submitting TLS TLSTLS Attestation & secrets provision Training Data Inference Training Model SGX SGX 1. Protect against attackers with privileged/root accesses Configuration & Attestation Service (CAS) SGX 2. Perform transparently attestation & Key Management secureTF: Design
7secureTF: A Secure TensorFlow Framework – Middleware 2020 7 TensorFlow Application (e.g., Python code) secureTF TensorFlow Libraries (Enclave) Network Shield File system shield M:N Threading secureTF Controller SCONE Runtime Intel SGX Driver Container (cgroups) Host Operating System Untrusted Reduce #Enclave entries/exits Actively protect data, model, and code secureTF: Implementation
8secureTF: A Secure TensorFlow Framework – Middleware 2020 8 secureTF: Evaluation 0 500 1000 1500 2000 2500 Native musl Native glibc secureTF SIM secureTF HW Graphene SGX Latency(milliseconds) Inception_v4 (163MB) Inception_v3 (91MB) Lower the better secureTF incurs ~5% in SIM mode, ~22% overhead in HW mode compared to native versions secureTF is ~1.1X – 1.4X faster than Graphene-SGX based system
9secureTF: A Secure TensorFlow Framework – Middleware 2020 9 secureTF: A Secure TensorFlow Framework • Transparency: supports unmodified TensorFlow applications (both training and inferences) • Security: provides end-to-end security for the input data, ML model, and application code • Accuracy: maintains the same in the native TensorFlow framework Conclusion Thank you!
10secureTF: A Secure TensorFlow Framework – Middleware 2020 10 Products https://sconedocs.github.io https://scontain.com Contact do@scontain.com

More Related Content

PDF
TEEMon: A continuous performance monitoring framework for TEEs
LEGATO project
 
PDF
Automatisez la détection des menaces et évitez les faux positifs
Elasticsearch
 
PDF
Cloud-Trust - a Security Assessment Model for Infrastructure as a Service (Ia...
kitechsolutions
 
DOCX
Cloud-Trust - a Security Assessment Model for Infrastructure as a Service (Ia...
I3E Technologies
 
PPTX
CCSA NGX R71 Course Overview
daisuke_tanabe
 
PDF
'Moon' Security Management System for OPNFV
OPNFV
 
PPTX
Security & fault tolerance in fresco
Amit Lanjewar
 
PPTX
Top 5 Priorities for Cloud Security
2nd Sight Lab
 
TEEMon: A continuous performance monitoring framework for TEEs
LEGATO project
 
Automatisez la détection des menaces et évitez les faux positifs
Elasticsearch
 
Cloud-Trust - a Security Assessment Model for Infrastructure as a Service (Ia...
kitechsolutions
 
Cloud-Trust - a Security Assessment Model for Infrastructure as a Service (Ia...
I3E Technologies
 
CCSA NGX R71 Course Overview
daisuke_tanabe
 
'Moon' Security Management System for OPNFV
OPNFV
 
Security & fault tolerance in fresco
Amit Lanjewar
 
Top 5 Priorities for Cloud Security
2nd Sight Lab
 

What's hot (18)

PDF
Network Function Virtualization - Security Best Practices AtlSecCon 2015
Winston Morton
 
PDF
The Intersection of Security and DevOps
Alert Logic
 
PDF
LCJ2010-KaiGai-sepgsql
Kohei KaiGai
 
PPTX
Under-reported Security Defects in Kubernetes Manifests
Akond Rahman
 
DOCX
message passing interface
ZTech Proje
 
PPTX
What Questions Do Programmers Ask About Configuration as Code?
Akond Rahman
 
PDF
The Intersection of Security & DevOps
Alert Logic
 
PDF
a famework for analyzing template security and privacy in biometric authenti...
ZTech Proje
 
PPTX
Extract Network and System resource for analysis of Network Security Modeling
Dhiraj Gajurel
 
PPTX
Microservices docker-security
Sergio Loureiro
 
PDF
Infrastructure as (Secure) Code
Mark Nunnikhoven
 
PPTX
Shhh!: Secret Management Practices for Infrastructure as Code
Akond Rahman
 
PDF
Virtual Networking Security - Network Security
Eng Teong Cheah
 
PPTX
Locking Down Your Cloud
2nd Sight Lab
 
PPTX
AWS Security Ideas - re:Invent 2016
2nd Sight Lab
 
PDF
Securing an NGINX deployment for K8s
DevOps Indonesia
 
PPTX
Characteristics of Defective Infrastructure as Code Scripts in Continuous Dep...
Akond Rahman
 
PPTX
Network-Project-in-Linux
Phdtopiccom
 
Network Function Virtualization - Security Best Practices AtlSecCon 2015
Winston Morton
 
The Intersection of Security and DevOps
Alert Logic
 
LCJ2010-KaiGai-sepgsql
Kohei KaiGai
 
Under-reported Security Defects in Kubernetes Manifests
Akond Rahman
 
message passing interface
ZTech Proje
 
What Questions Do Programmers Ask About Configuration as Code?
Akond Rahman
 
The Intersection of Security & DevOps
Alert Logic
 
a famework for analyzing template security and privacy in biometric authenti...
ZTech Proje
 
Extract Network and System resource for analysis of Network Security Modeling
Dhiraj Gajurel
 
Microservices docker-security
Sergio Loureiro
 
Infrastructure as (Secure) Code
Mark Nunnikhoven
 
Shhh!: Secret Management Practices for Infrastructure as Code
Akond Rahman
 
Virtual Networking Security - Network Security
Eng Teong Cheah
 
Locking Down Your Cloud
2nd Sight Lab
 
AWS Security Ideas - re:Invent 2016
2nd Sight Lab
 
Securing an NGINX deployment for K8s
DevOps Indonesia
 
Characteristics of Defective Infrastructure as Code Scripts in Continuous Dep...
Akond Rahman
 
Network-Project-in-Linux
Phdtopiccom
 
Ad

Similar to secureTF: A Secure TensorFlow Framework (20)

PPTX
SECRY - Secure file storage on cloud using hybrid cryptography
ALIN BABU
 
PDF
Improved Secure Cloud Transmission Protocol
neirew J
 
PDF
IMPROVED SECURE CLOUD TRANSMISSION PROTOCOL
ijccsa
 
PDF
IMPROVED SECURE CLOUD TRANSMISSION PROTOCOL
ijccsa
 
PDF
IMPROVED SECURE CLOUD TRANSMISSION PROTOCOL
hiij
 
PDF
IS - SSL
FumikageTokoyami4
 
PDF
IRJET- Storage Security in Cloud Computing
IRJET Journal
 
PDF
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET Journal
 
PDF
Fpga based encryption design using vhdl
eSAT Publishing House
 
PDF
Working Survey of Authentication Header and Encapsulating Security Payload
ijtsrd
 
PDF
Go3611771182
IJERA Editor
 
PPT
Websecurity
Merve Bilgen
 
PDF
Data security framework for cloud computing networks
IAEME Publication
 
PDF
Analysis Of Internet Protocol ( IP ) Datagrams
Emily Jones
 
PDF
CrAlSim: A Cryptography Algorithm Simulator
IRJET Journal
 
PDF
End to end IoT Solution using Mongoose OS.
Emertxe Information Technologies Pvt Ltd
 
PDF
Making networks secure with multi-layer encryption
ADVA
 
PDF
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Ramesh Nagappan
 
PDF
2010.hari_kannan.phd_thesis.slides.pdf
AlexKarasulu1
 
PPTX
Advancing IoT Communication Security with TLS and DTLS v1.3
Hannes Tschofenig
 
SECRY - Secure file storage on cloud using hybrid cryptography
ALIN BABU
 
Improved Secure Cloud Transmission Protocol
neirew J
 
IMPROVED SECURE CLOUD TRANSMISSION PROTOCOL
ijccsa
 
IMPROVED SECURE CLOUD TRANSMISSION PROTOCOL
ijccsa
 
IMPROVED SECURE CLOUD TRANSMISSION PROTOCOL
hiij
 
IS - SSL
FumikageTokoyami4
 
IRJET- Storage Security in Cloud Computing
IRJET Journal
 
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET Journal
 
Fpga based encryption design using vhdl
eSAT Publishing House
 
Working Survey of Authentication Header and Encapsulating Security Payload
ijtsrd
 
Go3611771182
IJERA Editor
 
Websecurity
Merve Bilgen
 
Data security framework for cloud computing networks
IAEME Publication
 
Analysis Of Internet Protocol ( IP ) Datagrams
Emily Jones
 
CrAlSim: A Cryptography Algorithm Simulator
IRJET Journal
 
End to end IoT Solution using Mongoose OS.
Emertxe Information Technologies Pvt Ltd
 
Making networks secure with multi-layer encryption
ADVA
 
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Ramesh Nagappan
 
2010.hari_kannan.phd_thesis.slides.pdf
AlexKarasulu1
 
Advancing IoT Communication Security with TLS and DTLS v1.3
Hannes Tschofenig
 
Ad

More from LEGATO project (20)

PDF
Scrooge Attack: Undervolting ARM Processors for Profit
LEGATO project
 
PDF
A practical approach for updating an integrity-enforced operating system
LEGATO project
 
PDF
PipeTune: Pipeline Parallelism of Hyper and System Parameters Tuning for Deep...
LEGATO project
 
PDF
LEGaTO: Machine Learning Use Case
LEGATO project
 
PPTX
Smart Home AI at the edge
LEGATO project
 
PPTX
LEGaTO: Low-Energy Heterogeneous Computing Use of AI in the project
LEGATO project
 
PPTX
LEGaTO Integration
LEGATO project
 
PPTX
LEGaTO: Use cases
LEGATO project
 
PPTX
LEGaTO: Software Stack Programming Models
LEGATO project
 
PPTX
LEGaTO: Software Stack Runtimes
LEGATO project
 
PPTX
LEGaTO Heterogeneous Hardware
LEGATO project
 
PPTX
LEGaTO: Low-Energy Heterogeneous Computing Workshop
LEGATO project
 
PDF
TZ4Fabric: Executing Smart Contracts with ARM TrustZone
LEGATO project
 
PDF
Infection Research with Maxeler Dataflow Computing
LEGATO project
 
PDF
Smart Home - AI at the edge
LEGATO project
 
PDF
FPGA Undervolting and Checkpointing for Energy-Efficiency and Error-Resiliency
LEGATO project
 
PDF
Device Data Directory and Asynchronous execution: A path to heterogeneous com...
LEGATO project
 
PDF
Scheduling Task-parallel Applications in Dynamically Asymmetric Environments
LEGATO project
 
PDF
RECS – Cloud to Edge Microserver Platform for Energy-Efficient Computing
LEGATO project
 
PDF
Secure Task-Based Programming with OmpSs and SGX
LEGATO project
 
Scrooge Attack: Undervolting ARM Processors for Profit
LEGATO project
 
A practical approach for updating an integrity-enforced operating system
LEGATO project
 
PipeTune: Pipeline Parallelism of Hyper and System Parameters Tuning for Deep...
LEGATO project
 
LEGaTO: Machine Learning Use Case
LEGATO project
 
Smart Home AI at the edge
LEGATO project
 
LEGaTO: Low-Energy Heterogeneous Computing Use of AI in the project
LEGATO project
 
LEGaTO Integration
LEGATO project
 
LEGaTO: Use cases
LEGATO project
 
LEGaTO: Software Stack Programming Models
LEGATO project
 
LEGaTO: Software Stack Runtimes
LEGATO project
 
LEGaTO Heterogeneous Hardware
LEGATO project
 
LEGaTO: Low-Energy Heterogeneous Computing Workshop
LEGATO project
 
TZ4Fabric: Executing Smart Contracts with ARM TrustZone
LEGATO project
 
Infection Research with Maxeler Dataflow Computing
LEGATO project
 
Smart Home - AI at the edge
LEGATO project
 
FPGA Undervolting and Checkpointing for Energy-Efficiency and Error-Resiliency
LEGATO project
 
Device Data Directory and Asynchronous execution: A path to heterogeneous com...
LEGATO project
 
Scheduling Task-parallel Applications in Dynamically Asymmetric Environments
LEGATO project
 
RECS – Cloud to Edge Microserver Platform for Energy-Efficient Computing
LEGATO project
 
Secure Task-Based Programming with OmpSs and SGX
LEGATO project
 

Recently uploaded (20)

PPTX
2Systematics of Living Organisms t-.pptx
RachanaT6
 
PPTX
ECG_Course_Presentation د.محمد صقران ppt
lelouchml1995
 
PDF
VARICELLA VACCINATION: A POTENTIAL STRATEGY FOR PREVENTING MULTIPLE SCLEROSIS
ijab2
 
PPTX
Comparative Structure of Integument in Vertebrates.pptx
Dr Showkat Ahmad Wani
 
PDF
bbec55_b34400a7914c42429908233dbd381773.pdf
agambirev
 
PDF
SEHH2274 Organic Chemistry Notes 1 Structure and Bonding.pdf
ivan1108lau
 
PDF
Unveiling a 36 billion solar mass black hole at the centre of the Cosmic Hors...
Sérgio Sacani
 
PPT
The World of Physical Science, • Labs: Safety Simulation, Measurement Practice
joybejerano
 
PDF
CAPERS-LRD-z9:AGas-enshroudedLittleRedDotHostingaBroad-lineActive GalacticNuc...
Sérgio Sacani
 
DOCX
Viruses (History, structure and composition, classification, Bacteriophage Re...
Educator
 
PPTX
2. Earth - The Living Planet Module 2ELS
markjustinebarolobau
 
PDF
Biophysics 2.pdffffffffffffffffffffffffff
MiraMusleh
 
PDF
HPLC-PPT.docx high performance liquid chromatography
darshanambiga1633
 
PPTX
The KM-GBF monitoring framework – status & key messages.pptx
pensoftservices
 
PPTX
ognitive-behavioral therapy, mindfulness-based approaches, coping skills trai...
OliveJolly1
 
PDF
Formation of Supersonic Turbulence in the Primordial Star-forming Cloud
Sérgio Sacani
 
PPTX
GEN. BIO 1 - CELL TYPES & CELL MODIFICATIONS
breeysal7
 
PPTX
Classification Systems_TAXONOMY_SCIENCE8.pptx
glofernignacio
 
PPTX
Introduction to Cardiovascular system_structure and functions-1
muralinath2
 
PDF
. Radiology Case Scenariosssssssssssssss
MiraMusleh
 
2Systematics of Living Organisms t-.pptx
RachanaT6
 
ECG_Course_Presentation د.محمد صقران ppt
lelouchml1995
 
VARICELLA VACCINATION: A POTENTIAL STRATEGY FOR PREVENTING MULTIPLE SCLEROSIS
ijab2
 
Comparative Structure of Integument in Vertebrates.pptx
Dr Showkat Ahmad Wani
 
bbec55_b34400a7914c42429908233dbd381773.pdf
agambirev
 
SEHH2274 Organic Chemistry Notes 1 Structure and Bonding.pdf
ivan1108lau
 
Unveiling a 36 billion solar mass black hole at the centre of the Cosmic Hors...
Sérgio Sacani
 
The World of Physical Science, • Labs: Safety Simulation, Measurement Practice
joybejerano
 
CAPERS-LRD-z9:AGas-enshroudedLittleRedDotHostingaBroad-lineActive GalacticNuc...
Sérgio Sacani
 
Viruses (History, structure and composition, classification, Bacteriophage Re...
Educator
 
2. Earth - The Living Planet Module 2ELS
markjustinebarolobau
 
Biophysics 2.pdffffffffffffffffffffffffff
MiraMusleh
 
HPLC-PPT.docx high performance liquid chromatography
darshanambiga1633
 
The KM-GBF monitoring framework – status & key messages.pptx
pensoftservices
 
ognitive-behavioral therapy, mindfulness-based approaches, coping skills trai...
OliveJolly1
 
Formation of Supersonic Turbulence in the Primordial Star-forming Cloud
Sérgio Sacani
 
GEN. BIO 1 - CELL TYPES & CELL MODIFICATIONS
breeysal7
 
Classification Systems_TAXONOMY_SCIENCE8.pptx
glofernignacio
 
Introduction to Cardiovascular system_structure and functions-1
muralinath2
 
. Radiology Case Scenariosssssssssssssss
MiraMusleh
 

secureTF: A Secure TensorFlow Framework

  • 1. 1secureTF: A Secure TensorFlow Framework – Middleware 2020 1 secureTF: A Secure TensorFlow Framework Do Le Quoc, Franz Gregor, Sergei Arnautov, Roland Kunkel, Pramod Bhatotia, Christof Fetzer
  • 2. 2secureTF: A Secure TensorFlow Framework – Middleware 2020 2 Cloud Provider Motivation Data Clients Training Data Training Model Inference How to ensure confidentiality and integrity of data, code (e.g., Python code), model and computation with low performance overhead while retaining accuracy?
  • 3. 3secureTF: A Secure TensorFlow Framework – Middleware 2020 3 Application Application Libraries (Enclave) Hypervisor Container Engine Operating System Host SGX (Software Guard eXtensions) is a set of processor extensions for establishing a TEE inside an application Intel SGX Intel SGX protects the integrity and confidentiality of applications
  • 4. 4secureTF: A Secure TensorFlow Framework – Middleware 2020 4 Several works rely on Intel SGX to support secure machine learning: • Privado [Microsoft Research 2019] • Slalom [ICLR2019] • Occlumency [MobiCom19] • … State-of-the-art systems Limitations: • Focuses only for secure inferences, not for training computation • Does not support distributed setting • Supports only a limited number of operators
  • 5. 5secureTF: A Secure TensorFlow Framework – Middleware 2020 5 Cloud Provider User secureTF: Overview secureTF (Enclave) SGXTLS (1) Remote Attestation (2) Keys, certificate transferring (3) Computation results Data & Code Model
  • 6. 6secureTF: A Secure TensorFlow Framework – Middleware 2020 6 Clients Cloud Provider Data User TLS Attestation & policy submitting TLS TLSTLS Attestation & secrets provision Training Data Inference Training Model SGX SGX 1. Protect against attackers with privileged/root accesses Configuration & Attestation Service (CAS) SGX 2. Perform transparently attestation & Key Management secureTF: Design
  • 7. 7secureTF: A Secure TensorFlow Framework – Middleware 2020 7 TensorFlow Application (e.g., Python code) secureTF TensorFlow Libraries (Enclave) Network Shield File system shield M:N Threading secureTF Controller SCONE Runtime Intel SGX Driver Container (cgroups) Host Operating System Untrusted Reduce #Enclave entries/exits Actively protect data, model, and code secureTF: Implementation
  • 8. 8secureTF: A Secure TensorFlow Framework – Middleware 2020 8 secureTF: Evaluation 0 500 1000 1500 2000 2500 Native musl Native glibc secureTF SIM secureTF HW Graphene SGX Latency(milliseconds) Inception_v4 (163MB) Inception_v3 (91MB) Lower the better secureTF incurs ~5% in SIM mode, ~22% overhead in HW mode compared to native versions secureTF is ~1.1X – 1.4X faster than Graphene-SGX based system
  • 9. 9secureTF: A Secure TensorFlow Framework – Middleware 2020 9 secureTF: A Secure TensorFlow Framework • Transparency: supports unmodified TensorFlow applications (both training and inferences) • Security: provides end-to-end security for the input data, ML model, and application code • Accuracy: maintains the same in the native TensorFlow framework Conclusion Thank you!
  • 10. 10secureTF: A Secure TensorFlow Framework – Middleware 2020 10 Products https://sconedocs.github.io https://scontain.com Contact do@scontain.com