TY - GEN
T1 - Secure and Efficient Mobile DNN Using Trusted Execution Environments
AU - Hu, Bin
AU - Wang, Yan
AU - Cheng, Jerry
AU - Zhao, Tianming
AU - Xie, Yucheng
AU - Guo, Xiaonan
AU - Chen, Yingying
N1 - Publisher Copyright:
© 2023 ACM.
PY - 2023/7/10
Y1 - 2023/7/10
N2 - Many mobile applications have resorted to deep neural networks (DNNs) because of their strong inference capabilities. Since both input data and DNN architectures could be sensitive, there is an increasing demand for secure DNN execution on mobile devices. Towards this end, hardware-based trusted execution environments on mobile devices (mobile TEEs), such as ARM TrustZone, have recently been exploited to execute CNN securely. However, running entire DNNs on mobile TEEs is challenging as TEEs have stringent resource and performance constraints. In this work, we develop a novel mobile TEE-based security framework that can efficiently execute the entire DNN in a resource-constrained mobile TEE with minimal inference time overhead. Specifically, we propose a progressive pruning to gradually identify and remove the redundant neurons from a DNN while maintaining a high inference accuracy. Next, we develop a memory optimization method to deallocate the memory storage of the pruned neurons utilizing the low-level programming technique. Finally, we devise a novel adaptive partitioning method that divides the pruned model into multiple partitions according to the available memory in the mobile TEE and loads the partitions into the mobile TEE separately with a minimal loading time overhead. Our experiments with various DNNs and open-source datasets demonstrate that we can achieve 2-30 times less inference time with comparable accuracy compared to existing approaches securing entire DNNs with mobile TEE.
AB - Many mobile applications have resorted to deep neural networks (DNNs) because of their strong inference capabilities. Since both input data and DNN architectures could be sensitive, there is an increasing demand for secure DNN execution on mobile devices. Towards this end, hardware-based trusted execution environments on mobile devices (mobile TEEs), such as ARM TrustZone, have recently been exploited to execute CNN securely. However, running entire DNNs on mobile TEEs is challenging as TEEs have stringent resource and performance constraints. In this work, we develop a novel mobile TEE-based security framework that can efficiently execute the entire DNN in a resource-constrained mobile TEE with minimal inference time overhead. Specifically, we propose a progressive pruning to gradually identify and remove the redundant neurons from a DNN while maintaining a high inference accuracy. Next, we develop a memory optimization method to deallocate the memory storage of the pruned neurons utilizing the low-level programming technique. Finally, we devise a novel adaptive partitioning method that divides the pruned model into multiple partitions according to the available memory in the mobile TEE and loads the partitions into the mobile TEE separately with a minimal loading time overhead. Our experiments with various DNNs and open-source datasets demonstrate that we can achieve 2-30 times less inference time with comparable accuracy compared to existing approaches securing entire DNNs with mobile TEE.
KW - DNN
KW - Network Pruning
KW - Security in Machine Learning
KW - TEE
UR - http://www.scopus.com/inward/record.url?scp=85168107355&partnerID=8YFLogxK
U2 - 10.1145/3579856.3582820
DO - 10.1145/3579856.3582820
M3 - Conference contribution
AN - SCOPUS:85168107355
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 274
EP - 285
BT - ASIA CCS 2023 - Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security
PB - Association for Computing Machinery
T2 - 18th ACM ASIA Conference on Computer and Communications Security, ASIA CCS 2023
Y2 - 10 July 2023 through 14 July 2023
ER -