DPWatch: A Framework for Hardware-Based Differential Privacy Guarantees

IF 1.4 3区计算机科学 Q4 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

IEEE Computer Architecture Letters Pub Date : 2025-03-04 DOI:10.1109/LCA.2025.3547262

Pawan Kumar Sanjaya;Christina Giannoula;Ian Colbert;Ihab Amer;Mehdi Saeedi;Gabor Sines;Nandita Vijaykumar

引用次数: 0

Abstract

Differential privacy (DP) and federated learning (FL) have emerged as important privacy-preserving approaches when using sensitive data to train machine learning models. FL ensures that raw sensitive data does not leave the users’ devices by training the model in a distributed manner. DP ensures that the model does not leak any information about an individual by clipping and adding noise to the gradients. However, real-life deployments of such algorithms assume that the third-party application implementing DP-based FL is trusted, and is thus given access to sensitive data on the data owner’s device/server. In this work, we propose DPWatch, a hardware-based framework for ML accelerators that enforces guarantees that a third party application cannot leak sensitive user data used for training and ensures that the gradients are appropriately noised before leaving the device. We evaluate DPWatch on two accelerators and demonstrate small area and performance overheads.

查看原文本刊更多论文

DPWatch：一个基于硬件的差分隐私保证框架

差分隐私（DP）和联邦学习（FL）在使用敏感数据训练机器学习模型时已成为重要的隐私保护方法。通过以分布式方式训练模型，FL确保原始敏感数据不会离开用户的设备。DP通过对梯度进行剪切和添加噪声来确保模型不会泄露任何关于个体的信息。然而，这种算法的实际部署假设实现基于dp的FL的第三方应用程序是受信任的，因此可以访问数据所有者的设备/服务器上的敏感数据。在这项工作中，我们提出了DPWatch，这是一个基于硬件的机器学习加速器框架，它强制保证第三方应用程序不会泄露用于训练的敏感用户数据，并确保在离开设备之前对梯度进行适当的噪声处理。我们在两个加速器上评估DPWatch，并演示了较小的面积和性能开销。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Computer Architecture Letters COMPUTER SCIENCE, HARDWARE & ARCHITECTURE-

CiteScore

4.60

自引率

4.30%

发文量

期刊介绍： IEEE Computer Architecture Letters is a rigorously peer-reviewed forum for publishing early, high-impact results in the areas of uni- and multiprocessor computer systems, computer architecture, microarchitecture, workload characterization, performance evaluation and simulation techniques, and power-aware computing. Submissions are welcomed on any topic in computer architecture, especially but not limited to: microprocessor and multiprocessor systems, microarchitecture and ILP processors, workload characterization, performance evaluation and simulation techniques, compiler-hardware and operating system-hardware interactions, interconnect architectures, memory and cache systems, power and thermal issues at the architecture level, I/O architectures and techniques, independent validation of previously published results, analysis of unsuccessful techniques, domain-specific processor architectures (e.g., embedded, graphics, network, etc.), real-time and high-availability architectures, reconfigurable systems.