darknetz icon indicating copy to clipboard operation
darknetz copied to clipboard

Published 20 hours ago verified publisher icon mofanv

Meaning of protecting layer

Open aghia98 opened this issue 3 years ago • 1 comments

Hi, I am studying DarkneTZ for my end-of-studies project.

I am wondering what are you exactly protecting when you put a layer inside an enclave: does its parameters becomes unreadable for external users? what about its gradients?

If gradients of protected layer are secured, what computation of backpropagation are you protecting?

Thanks in advance

aghia98 avatar Jun 25 '21 16:06 aghia98

Hi @aghia98 , DarkneTZ is designed to defend against membership inference attacks, so the last several layers are in TEE, and both parameters and gradients cannot be accessed from outsiders. You can have a look at the corresponding paper to understand the backyard https://arxiv.org/abs/2004.05703

For fully protecting all layers, you can further check https://arxiv.org/abs/2104.14380

mofanv avatar Jun 29 '21 07:06 mofanv