Purdue University Graduate School
Browse

File(s) under embargo

1

month(s)

4

day(s)

until file(s) become available

ENHANCING PRIVACY OF TRAINING DATA OF DEEP NEURAL NETWORKS ON EDGE USING TRUSTED EXECUTION ENVIRONMENTS

thesis
posted on 2024-04-18, 21:10 authored by Gowri RamshankarGowri Ramshankar

Deep Neural Networks (DNNs) are deployed in many applications and protecting the privacy of training data has become a major concern. Membership Inference Attacks (MIAs) occur when an unauthorized person is able to determine whether a piece of data is used in training the DNNs. This paper investigates using Trusted Execution Environments (TEEs) in modern processors to protect the privacy of training data. Running DNNs on TEE, however, encounters many challenges, including limited computing and storage resources as well as a lack of development frameworks. This paper proposes a new method to partition pre-trained DNNs so that parts of the DNNs can fit into TEE to protect data privacy. The existing software infrastructure for running DNNs on TEE requires a significant amount of human effort using C programs. However, most existing DNNs are implemented using Python. This paper presents a framework that can automate most parts of the process of porting Python-based DNNs to TEE. The proposed method is deployed in Arm TrustZone-A on Raspberry Pi 3B+ with OPTEE-OS and evaluated on popular image classification models - AlexNet, ResNet, and VGG. Experimental results show that our method can reduce the accuracy of gradient-based MIAs on AlexNet, VGG- 16, and ResNet-20 evaluated on the CIFAR-100 dataset by 17.9%, 11%, and 35.3%. On average, processing an image in the native execution environment takes 4.3 seconds, whereas in the Trusted Execution Environment (TEE), it takes about 10.1 seconds per image.

History

Degree Type

  • Master of Science

Department

  • Electrical and Computer Engineering

Campus location

  • West Lafayette

Advisor/Supervisor/Committee Chair

Yung-Hsiang Lu

Additional Committee Member 2

Dongyan Xu

Additional Committee Member 3

Jing Tian

Usage metrics

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC