BlindAI: Secure Remote ML Inference with Intel SGX Enclaves
Confidential Computing Consortium via YouTube
Overview
Syllabus
Intro
Security and ML inference
On-device Machine Learning
Homomorphic encryption
Confidential Computing
Trusted computing base
Shrink the TCB
Overview
Enclave manifest
Threat: Memory vulnerability
Defense: SGX enclave in Rust
Threat: lago attacks, Confused dep
Threat: Software side channels
Defense : Constant-time programming
Side channel mitigation for the application code Hard to enforce in all code: âš« Compiler are allowed to add "side channel" when optimizing
Threat: n-day attacks
Defense: Plan for the worst
Transparency: reproducibility
Transparency: optimize for auditability
How do we protect ourselves?
Taught by
Confidential Computing Consortium