TBNet: A Neural Architectural Defense Framework Facilitating DNN Model Protection in Trusted Execution Environments

Ziyu Liu; Tong Zhou; Yukui Luo; Xiaolin Xu

doi:10.1145/3649329.3658251

TBNet: A Neural Architectural Defense Framework Facilitating DNN Model Protection in Trusted Execution Environments

Ziyu Liu
, Tong Zhou
, Yukui Luo
, Xiaolin Xu

Electrical and Computer Eng

Binghamton University

Northeastern University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

3 Scopus citations

Abstract

Trusted Execution Environments (TEEs) have become a promising solution to secure DNN models on edge devices. However, the existing solutions either provide inadequate protection or introduce large performance overhead. Taking both security and performance into consideration, this paper presents TBNet, a TEE-based defense framework that protects DNN model from a neural architectural perspective. Specifically, TBNet generates a novel Two-Branch substitution model, to respectively exploit (1) the computational resources in the untrusted Rich Execution Environment (REE) for latency reduction and (2) the physically-isolated TEE for model protection. Experimental results on a Raspberry Pi across diverse DNN model architectures and datasets demonstrate that TBNet achieves efficient model protection at a low cost.

Original language	English
Title of host publication	Proceedings of the 61st ACM/IEEE Design Automation Conference, DAC 2024
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9798400706011
DOIs	https://doi.org/10.1145/3649329.3658251
State	Published - Nov 7 2024
Event	61st ACM/IEEE Design Automation Conference, DAC 2024 - San Francisco, United States Duration: Jun 23 2024 → Jun 27 2024

Publication series

Name	Proceedings - Design Automation Conference

Conference

Conference	61st ACM/IEEE Design Automation Conference, DAC 2024
Country/Territory	United States
City	San Francisco
Period	06/23/24 → 06/27/24

Access to Document

10.1145/3649329.3658251

Cite this

Liu, Z., Zhou, T., Luo, Y., & Xu, X. (2024). TBNet: A Neural Architectural Defense Framework Facilitating DNN Model Protection in Trusted Execution Environments. In Proceedings of the 61st ACM/IEEE Design Automation Conference, DAC 2024 Article 310 (Proceedings - Design Automation Conference). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1145/3649329.3658251

@inproceedings{a5ed6159b1694c0884f98c26960ec847,

title = "TBNet: A Neural Architectural Defense Framework Facilitating DNN Model Protection in Trusted Execution Environments",

abstract = "Trusted Execution Environments (TEEs) have become a promising solution to secure DNN models on edge devices. However, the existing solutions either provide inadequate protection or introduce large performance overhead. Taking both security and performance into consideration, this paper presents TBNet, a TEE-based defense framework that protects DNN model from a neural architectural perspective. Specifically, TBNet generates a novel Two-Branch substitution model, to respectively exploit (1) the computational resources in the untrusted Rich Execution Environment (REE) for latency reduction and (2) the physically-isolated TEE for model protection. Experimental results on a Raspberry Pi across diverse DNN model architectures and datasets demonstrate that TBNet achieves efficient model protection at a low cost.",

author = "Ziyu Liu and Tong Zhou and Yukui Luo and Xiaolin Xu",

note = "Publisher Copyright: {\textcopyright} 2024 Copyright held by the owner/author(s).; 61st ACM/IEEE Design Automation Conference, DAC 2024 ; Conference date: 23-06-2024 Through 27-06-2024",

year = "2024",

month = nov,

day = "7",

doi = "10.1145/3649329.3658251",

language = "English",

series = "Proceedings - Design Automation Conference",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "Proceedings of the 61st ACM/IEEE Design Automation Conference, DAC 2024",

}

Liu, Z, Zhou, T, Luo, Y & Xu, X 2024, TBNet: A Neural Architectural Defense Framework Facilitating DNN Model Protection in Trusted Execution Environments. in Proceedings of the 61st ACM/IEEE Design Automation Conference, DAC 2024., 310, Proceedings - Design Automation Conference, Institute of Electrical and Electronics Engineers Inc., 61st ACM/IEEE Design Automation Conference, DAC 2024, San Francisco, United States, 06/23/24. https://doi.org/10.1145/3649329.3658251

TBNet: A Neural Architectural Defense Framework Facilitating DNN Model Protection in Trusted Execution Environments. / Liu, Ziyu; Zhou, Tong; Luo, Yukui et al.
Proceedings of the 61st ACM/IEEE Design Automation Conference, DAC 2024. Institute of Electrical and Electronics Engineers Inc., 2024. 310 (Proceedings - Design Automation Conference).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - TBNet

T2 - 61st ACM/IEEE Design Automation Conference, DAC 2024

AU - Liu, Ziyu

AU - Zhou, Tong

AU - Luo, Yukui

AU - Xu, Xiaolin

PY - 2024/11/7

Y1 - 2024/11/7

N2 - Trusted Execution Environments (TEEs) have become a promising solution to secure DNN models on edge devices. However, the existing solutions either provide inadequate protection or introduce large performance overhead. Taking both security and performance into consideration, this paper presents TBNet, a TEE-based defense framework that protects DNN model from a neural architectural perspective. Specifically, TBNet generates a novel Two-Branch substitution model, to respectively exploit (1) the computational resources in the untrusted Rich Execution Environment (REE) for latency reduction and (2) the physically-isolated TEE for model protection. Experimental results on a Raspberry Pi across diverse DNN model architectures and datasets demonstrate that TBNet achieves efficient model protection at a low cost.

AB - Trusted Execution Environments (TEEs) have become a promising solution to secure DNN models on edge devices. However, the existing solutions either provide inadequate protection or introduce large performance overhead. Taking both security and performance into consideration, this paper presents TBNet, a TEE-based defense framework that protects DNN model from a neural architectural perspective. Specifically, TBNet generates a novel Two-Branch substitution model, to respectively exploit (1) the computational resources in the untrusted Rich Execution Environment (REE) for latency reduction and (2) the physically-isolated TEE for model protection. Experimental results on a Raspberry Pi across diverse DNN model architectures and datasets demonstrate that TBNet achieves efficient model protection at a low cost.

UR - https://www.scopus.com/pages/publications/85211088246

U2 - 10.1145/3649329.3658251

DO - 10.1145/3649329.3658251

M3 - Conference contribution

T3 - Proceedings - Design Automation Conference

BT - Proceedings of the 61st ACM/IEEE Design Automation Conference, DAC 2024

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 23 June 2024 through 27 June 2024

ER -

TBNet: A Neural Architectural Defense Framework Facilitating DNN Model Protection in Trusted Execution Environments

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this