Protecting Privacy in Machine Learning on AWS with Confidential Computing

Dr. Sheriffdeen
Ladoke Akintola University of Technology Ogbomoso

View / Download Full Article (PDF)

Abstract

With machine learning being used increasingly in multiple domains, there arises a need to keep private information confidential. Traditional workflows in machine learning expose data to breaches and unauthorized access both during processing and storage. The best way to secure data in use is through the use of Confidential Computing. A great example is Trusted Execution contexts, which are utilized in running apps safely inside encrypted boundaries. The following article will elaborate on the use of AWS Nitro Enclaves as one kind of Confidential Computing for machine learning on Amazon Web Services without exposing the users' privacy-sensitive data. We demonstrate how to combine ML workflows with Nitro Enclaves so that your private data remains safe during training and making predictions. We will discuss how AWS Confidential Computing is set up; how performance overhead can be checked, and not least, present real-world examples of enhancing data privacy by using Confidential Computing with minimal slowdowns. Our research extends the idea that Confidential Computing fits well in cloud-based machine learning as it provides safety from personal information disclosure and solves some security problems brought in by big data in highly regulated industries.

Keywords

Privacy-Preserving Machine Learning, Confidential Computing, AWS Nitro Enclaves, Trusted Execution Environment (TEE), Data Security, Cloud Computing, Secure Machine Learning, Data Privacy, GDPR Compliance, Hardware Security Enclaves.

References

[1] Costan, V., & Devadas, S. (2016). Intel SGX Explained. IACR Cryptology ePrint Archive, 2016, 86.

[2] Hunt, T., et al. (2020). Nitro Enclaves: Isolated Compute Environments to Protect and Secure Data on AWS. AWS re:Invent.

[3] Shinde, S., et al. (2017). Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. USENIX ATC.

[4] Abadi, M., et al. (2016). Deep Learning with Differential Privacy. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security.

[5] McMahan, H. B., et al. (2017). Communication-Efficient Learning of Deep Networks from Decentralized Data. AISTATS.

[6] Rane, S., & Rajkumar, R. (2021). Confidential Computing: Hardware-Enforced Security for the Cloud. IEEE Security & Privacy, 19(3), 20-27.

[7] Zhang, J., et al. (2021). Privacy-Preserving Machine Learning with Homomorphic Encryption: Challenges and Opportunities. IEEE Transactions on Emerging Topics in Computing.

[8] Hunt, T., & Coleman, C. (2021). AWS Nitro System: Next-Generation AWS Infrastructure Security. ACM Queue.

[9] Truong, N. B., et al. (2020). Security and Privacy for Machine Learning in the Cloud. IEEE Access.

[10] Jagielski, M., et al. (2020). Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning. IEEE Symposium on Security and Privacy.

[11] Lee, S., et al. (2018). Using Trusted Execution Environments for Secure Machine Learning. International Conference on Trust and Trustworthy Computing.

[12] Hu, Y. C., et al. (2018). Privacy-Preserving Deep Learning via Enclaves. Workshop on Privacy-Preserving Machine Learning.

[13] Götzfried, J., et al. (2021). An Overview of Confidential Computing Technologies. arXiv preprint arXiv:2101.05462.

[14] Bindschaedler, V., & Shokri, R. (2016). Privacy Attacks Against Machine Learning Models. arXiv preprint arXiv:1610.05189.

[15] Fan, L., et al. (2019). Securing Machine Learning in the Cloud with Trusted Execution Environments. IEEE Transactions on Cloud Computing.