LanguageTerm (authority = ISO 639-3:2007); (type = text)
English
Abstract (type = abstract)
Deep neural networks (DNNs) have been increasingly adopted in many mobile applications involving security/privacy sensitive data and inference models. Therefore, there is an urgent demand for security and privacy protection of DNN execution on mobile devices. Catering to this demand, hardware-based trusted execution environments (TEEs), such as ARM TrustZone, have recently been considered for secure mobile DNN execution. However, none of the existing attempts of running DNN in TrustZone have been successful due to the stringent resource and performance limitations posed by the mobile TEE. We develop HybridTEE, a novel hardware-based security framework to securely execute DNN in the resource-constrained local TEE (i.e., ARM TrustZone), by offloading a part of the DNN model to a resource-rich remote TEE (i.e., Intel SGX). The key design of HybridTEE is two-fold. First, it strategically divides the DNN model into privacy-aware local (TrustZone) and remote (SGX) partitions by employing two privacy-oriented metrics based on object recognition and Scale Invariant Feature Transform (SIFT). Second, it builds a trustworthy communication channel bridging TrustZone and SGX to enable secure offloading of the DNN model between the two TEEs. Our evaluations based on a prototype implementation of HybridTEE and 4 popular DNN models indicate enhanced security and a 1.75x - 3.5x speedup compared to mobile-only DNN execution without TEE.
Subject (authority = local)
Topic
Deep neural networks
Subject (authority = RUETD)
Topic
Electrical and Computer Engineering
RelatedItem (type = host)
TitleInfo
Title
Rutgers University Electronic Theses and Dissertations
I hereby grant to the Rutgers University Libraries and to my school the non-exclusive right to archive, reproduce and distribute my thesis or dissertation, in whole or in part, and/or my abstract, in whole or in part, in and from an electronic format, subject to the release date subsequently stipulated in this submittal form and approved by my school. I represent and stipulate that the thesis or dissertation and its abstract are my original work, that they do not infringe or violate any rights of others, and that I make these grants as the sole owner of the rights to my thesis or dissertation and its abstract. I represent that I have obtained written permissions, when necessary, from the owner(s) of each third party copyrighted matter to be included in my thesis or dissertation and will supply copies of such upon request by my school. I acknowledge that RU ETD and my school will not distribute my thesis or dissertation or its abstract if, in their reasonable judgment, they believe all such rights have not been secured. I acknowledge that I retain ownership rights to the copyright of my work. I also retain the right to use all or part of this thesis or dissertation in future works, such as articles or books.