Go to DBLP homepageTTFL: Towards Trustworthy Federated Learning with Arm Confidential Computing
Abstract: Federated learning (FL), as a distributed training paradigm, has drawn great attention from both academia and industry. Recently, privacy and security concerns have been raised for FL. Despite many efforts to protect privacy and security, an FL framework that can systematically provide privacy and security guarantees is lacking. In this work, we present TTFL, a trustworthy FL framework in practice to defend the security and privacy issues based on Arm Confidential Compute Architecture (CCA). TTFL has two core designs. (1) It achieves a high-availability privacy protection based on flexible Trusted Execution Environments (TEEs). It leverages the resource-rich and conveniently accessed features of the latest TEE on Arm CCA, combined with our TEE secure interconnection design, to enable the whole FL process performed in distributed TEEs, which efficiently protects parameter confidentiality and protocol integrity. (2) It achieves effective security protection by proposing an effective poisoning-resisted secure aggregation scheme and protecting it within TEE. The new proposed secure aggregation combines the advantages of existing defenses and is placed in the flexible TEE to ensure a secure, effective, and non-bypassable aggregation procedure. We implement a prototype of TTFL and evaluate it regarding security, privacy, and system performance. Evaluation results show that TTFL can comprehensively and efficiently address the main privacy and security threats in FL. For instance, compared with previous work, it improves the model accuracy by 1.9% and reduces the attack success rate by 79.7% on the CIFAR-10 dataset with only about 19.8% training time overhead.
Loading