Using Intel SGX to improve private neural network training and inference

Abstract

The importance of leveraging machine learning (ML) algorithms to make critical business and government decisions continues to grow. To improve performance, such algorithms are often outsourced to the cloud, but within privacy sensitive domains this presents several challenges for ensuring data is protected from malicious parties. One practical solution to these problems comes from Trusted Execution Environments (TEEs), which utilize hardware technologies to isolate sensitive computations from untrusted software. This paper investigates a new technique utilizing a TEE to allow for the high performance training and execution of Deep Neural Networks (DNNs), an ML algorithm that has recently been used with great success in a variety of challenging tasks, including speech and face recognition.