Go to DBLP homepageTo Share or Hide: Confidential Model Compilation as a Service with Privacy-Preserving Transparency
Abstract: Model Compilation as a Service (MCaaS) has emerged as critical Machine Learning (ML) supply chain infrastructure. It provides large-scale model optimization for heteroge-neous hardware devices in an easy-to-use, cost-efficient and fault-tolerant manner. However, a variety of attacks targeting the ML model supply chain have been reported. Further compounded by the complexity of the cloud environments where MCaaS operates, increasing security concerns have been raised about the generated model binaries. In response, we present Themis - confidential MCaaS with privacy-preserving transparency. To help build trust in model binaries, we increase supply chain transparency by introducing property-based integrity that captures complex property evidence throughout the compilation pipeline. Meanwhile, we underscore privacy preservation through the concept of a model property tree, which represents the provenance and integrity of a model binary. It allows constrained sharing and efficient verification of binary properties. In Themis, we enforce confidentiality to all generated binaries by default, but with fine-grained control through the use of hybrid selective encryption based on attribute-based encryption. Themis is further secured within distributed Trusted Execution Environments to ensure confidential and reliable execution. We build Themis on top of a state-of-the-art ML compiler, with our evaluations demonstrating its practicality.
External IDs:dblp:conf/srds/QinG24
Loading