Enclave Tree: privacy-preserving data stream training and inference using TEE

Qifan Wang; Shujie Cui; Lei Zhou; Ocean Wu; Yonghua Zhu; Giovanni Russello

doi:10.1145/3488932.3517391

Enclave Tree: privacy-preserving data stream training and inference using TEE

Qifan Wang
, Shujie Cui
, Lei Zhou
, Ocean Wu
, Yonghua Zhu
, Giovanni Russello

Department of Software Systems & Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

8 Citations (Scopus)

Abstract

The classification service over a stream of data is becoming an important offering for cloud providers, but users may encounter obstacles in providing sensitive data due to privacy concerns. While Trusted Execution Environments (TEEs) are promising solutions for protecting private data, they remain vulnerable to side-channel attacks induced by data-dependent access patterns. We propose a Privacy-preserving Data Stream Training and Inference scheme, called EnclaveTree, that provides confidentiality for user's data and the target models against a compromised cloud service provider. We design a matrix-based training and inference procedure to train the Hoeffding Tree (HT) model and perform inference with the trained model inside the trusted area of TEEs, which provably prevent the exploitation of access-pattern-based attacks. The performance evaluation shows that EnclaveTree is practical for processing the data streams with small or medium number of features. When there are less than 63 binary features,EnclaveTree is up to ∼10x and ∼9 faster than naïve oblivious solution on training and inference, respectively.

Original language	English
Title of host publication	Proceedings of the 2022 ACM Asia Conference on Computer and Communications Security
Editors	Minoru Kuribayashi
Place of Publication	New York NY USA
Publisher	Association for Computing Machinery (ACM)
Pages	741-755
Number of pages	15
ISBN (Electronic)	9781450391405
DOIs	https://doi.org/10.1145/3488932.3517391
Publication status	Published - 2022
Event	ACM ASIA Conference on Computer and Communications Security 2022 - Online, Nagasaki, Japan Duration: 30 May 2022 → 3 Jun 2022 Conference number: 17th https://dl.acm.org/doi/proceedings/10.1145/3488932 (Proceedings) https://asiaccs2022.conferenceservice.jp/ (Website)

Conference

Conference	ACM ASIA Conference on Computer and Communications Security 2022
Abbreviated title	ASIA CCS 2022
Country/Territory	Japan
City	Nagasaki
Period	30/05/22 → 3/06/22
Internet address	https://dl.acm.org/doi/proceedings/10.1145/3488932 (Proceedings) https://asiaccs2022.conferenceservice.jp/ (Website)

Keywords

data stream
data-oblivious
hoeffding tree
sgx enclave

Access to Document

10.1145/3488932.3517391

Cite this

@inproceedings{15a2b177a4b94936895c0d24fad38c49,

title = "Enclave Tree: privacy-preserving data stream training and inference using TEE",

abstract = "The classification service over a stream of data is becoming an important offering for cloud providers, but users may encounter obstacles in providing sensitive data due to privacy concerns. While Trusted Execution Environments (TEEs) are promising solutions for protecting private data, they remain vulnerable to side-channel attacks induced by data-dependent access patterns. We propose a Privacy-preserving Data Stream Training and Inference scheme, called EnclaveTree, that provides confidentiality for user's data and the target models against a compromised cloud service provider. We design a matrix-based training and inference procedure to train the Hoeffding Tree (HT) model and perform inference with the trained model inside the trusted area of TEEs, which provably prevent the exploitation of access-pattern-based attacks. The performance evaluation shows that EnclaveTree is practical for processing the data streams with small or medium number of features. When there are less than 63 binary features,EnclaveTree is up to ∼10x and ∼9 faster than na{\"i}ve oblivious solution on training and inference, respectively.",

keywords = "data stream, data-oblivious, hoeffding tree, sgx enclave",

author = "Qifan Wang and Shujie Cui and Lei Zhou and Ocean Wu and Yonghua Zhu and Giovanni Russello",

note = "Funding Information: Russello would like to acknowledge the MBIE-funded programme STRATUS (UOWX1503) Publisher Copyright: {\textcopyright} 2022 ACM.; ACM ASIA Conference on Computer and Communications Security 2022, ASIA CCS 2022 ; Conference date: 30-05-2022 Through 03-06-2022",

year = "2022",

doi = "10.1145/3488932.3517391",

language = "English",

pages = "741--755",

editor = "Minoru Kuribayashi",

booktitle = "Proceedings of the 2022 ACM Asia Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery (ACM)",

address = "United States of America",

url = "https://dl.acm.org/doi/proceedings/10.1145/3488932, https://asiaccs2022.conferenceservice.jp/",

}

Wang, Q, Cui, S, Zhou, L, Wu, O, Zhu, Y & Russello, G 2022, Enclave Tree: privacy-preserving data stream training and inference using TEE. in M Kuribayashi (ed.), Proceedings of the 2022 ACM Asia Conference on Computer and Communications Security. Association for Computing Machinery (ACM), New York NY USA, pp. 741-755, ACM ASIA Conference on Computer and Communications Security 2022, Nagasaki, Japan, 30/05/22. https://doi.org/10.1145/3488932.3517391

Enclave Tree: privacy-preserving data stream training and inference using TEE. / Wang, Qifan; Cui, Shujie; Zhou, Lei et al.
Proceedings of the 2022 ACM Asia Conference on Computer and Communications Security. ed. / Minoru Kuribayashi. New York NY USA: Association for Computing Machinery (ACM), 2022. p. 741-755.

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - Enclave Tree

T2 - ACM ASIA Conference on Computer and Communications Security 2022

AU - Wang, Qifan

AU - Cui, Shujie

AU - Zhou, Lei

AU - Wu, Ocean

AU - Zhu, Yonghua

AU - Russello, Giovanni

N1 - Conference code: 17th

PY - 2022

Y1 - 2022

N2 - The classification service over a stream of data is becoming an important offering for cloud providers, but users may encounter obstacles in providing sensitive data due to privacy concerns. While Trusted Execution Environments (TEEs) are promising solutions for protecting private data, they remain vulnerable to side-channel attacks induced by data-dependent access patterns. We propose a Privacy-preserving Data Stream Training and Inference scheme, called EnclaveTree, that provides confidentiality for user's data and the target models against a compromised cloud service provider. We design a matrix-based training and inference procedure to train the Hoeffding Tree (HT) model and perform inference with the trained model inside the trusted area of TEEs, which provably prevent the exploitation of access-pattern-based attacks. The performance evaluation shows that EnclaveTree is practical for processing the data streams with small or medium number of features. When there are less than 63 binary features,EnclaveTree is up to ∼10x and ∼9 faster than naïve oblivious solution on training and inference, respectively.

AB - The classification service over a stream of data is becoming an important offering for cloud providers, but users may encounter obstacles in providing sensitive data due to privacy concerns. While Trusted Execution Environments (TEEs) are promising solutions for protecting private data, they remain vulnerable to side-channel attacks induced by data-dependent access patterns. We propose a Privacy-preserving Data Stream Training and Inference scheme, called EnclaveTree, that provides confidentiality for user's data and the target models against a compromised cloud service provider. We design a matrix-based training and inference procedure to train the Hoeffding Tree (HT) model and perform inference with the trained model inside the trusted area of TEEs, which provably prevent the exploitation of access-pattern-based attacks. The performance evaluation shows that EnclaveTree is practical for processing the data streams with small or medium number of features. When there are less than 63 binary features,EnclaveTree is up to ∼10x and ∼9 faster than naïve oblivious solution on training and inference, respectively.

KW - data stream

KW - data-oblivious

KW - hoeffding tree

KW - sgx enclave

UR - https://www.scopus.com/pages/publications/85133170666

U2 - 10.1145/3488932.3517391

DO - 10.1145/3488932.3517391

M3 - Conference Paper

AN - SCOPUS:85133170666

SP - 741

EP - 755

BT - Proceedings of the 2022 ACM Asia Conference on Computer and Communications Security

A2 - Kuribayashi, Minoru

PB - Association for Computing Machinery (ACM)

CY - New York NY USA

Y2 - 30 May 2022 through 3 June 2022

ER -

Enclave Tree: privacy-preserving data stream training and inference using TEE

Abstract

Conference

Keywords

Access to Document

Other files and links

Cite this