Privacy and security challenges in Machine Learning (ML) have become a critical topic to address, along with ML's pervasive development and the recent demonstration of large attack surfaces. As a mature system-oriented approach, confidential computing has been increasingly utilized in both academia and industry to improve privacy and security in various ML scenarios. In this paper, we systematize the findings on confidential computing-assisted ML security and privacy techniques for providing i) confidentiality guarantees and ii) integrity assurances. We further identify key challenges and provide dedicated analyses of the limitations in existing Trusted Execution Environment (TEE) systems for ML use cases. We discuss prospective works, including grounded privacy definitions, partitioned ML executions, dedicated TEE designs for ML, TEE-aware ML, and ML full pipeline guarantee. These potential solutions can help achieve a much strong TEE-enabled ML for privacy guarantees without introducing computation and system costs.
翻译:机器学习(ML)中的隐私和安全挑战已成为一个关键议题,需要与ML的普遍发展和最近大规模攻击表面的展示一起,解决其中的隐私和安全挑战。作为一种成熟的系统导向方法,学术界和工业界越来越多地利用保密计算来改善各种ML情景中的隐私和安全。在本文件中,我们把关于保密计算机辅助ML安全和隐私技术的调查结果系统化,以便提供i)保密保证和ii)完整性保证。我们进一步确定关键挑战,并专门分析现有ML使用案例的受托执行环境(TEE)系统的限制。我们讨论了未来的工程,包括基于隐私的定义、隔离的ML处决、ML、TEE-aware ML专用TEE设计以及ML全部管道保证。这些潜在解决方案可以帮助在不引入计算和系统成本的情况下实现由TEE带动的隐私保障的强大 ML。