mofanv
commented
3 years ago Hi @aghia98 , DarkneTZ is designed to defend against membership inference attacks, so the last several layers are in TEE, and both parameters and gradients cannot be accessed from outsiders. You can have a look at the corresponding paper to understand the backyard https://arxiv.org/abs/2004.05703
For fully protecting all layers, you can further check https://arxiv.org/abs/2104.14380
Hi, I am studying DarkneTZ for my end-of-studies project.
I am wondering what are you exactly protecting when you put a layer inside an enclave: does its parameters becomes unreadable for external users? what about its gradients?
If gradients of protected layer are secured, what computation of backpropagation are you protecting?
Thanks in advance