Data-driven intelligent applications in modern online services have become ubiquitous. These applications are usually hosted in the untrusted cloud computing infrastructure. This poses significant security risks since these applications rely on applying machine learning algorithms on large datasets which may contain private and sensitive information. To tackle this challenge, we designed secureTF, a distributed secure machine learning framework based on Tensorflow for the untrusted cloud infrastructure. secureTF is a generic platform to support unmodified TensorFlow applications, while providing end-to-end security for the input data, ML model, and application code. secureTF is built from ground-up based on the security properties provided by Trusted Execution Environments (TEEs). However, it extends the trust of a volatile memory region (or secure enclave) provided by the single node TEE to secure a distributed infrastructure required for supporting unmodified stateful machine learning applications running in the cloud. The paper reports on our experiences about the system design choices and the system deployment in production use-cases. We conclude with the lessons learned based on the limitations of our commercially available platform, and discuss open research problems for the future work.

中文翻译：

---

secureTF：安全的TensorFlow框架

在现代在线服务中，数据驱动的智能应用已变得无处不在。这些应用程序通常托管在不受信任的云计算基础架构中。由于这些应用程序依赖于对可能包含私有和敏感信息的大型数据集应用机器学习算法，因此这带来了重大的安全风险。为了应对这一挑战，我们设计了secureTF，这是一种基于Tensorflow的分布式安全机器学习框架，用于不可信的云基础架构。secureTF是一个通用平台，支持未修改的TensorFlow应用程序，同时为输入数据，ML模型和应用程序代码提供端到端的安全性。secureTF是基于受信任的执行环境（TEE）提供的安全属性从头开始构建的。然而，它扩展了由单节点TEE提供的易失性存储区域（或安全区域）的信任，以保护支持在云中运行的未修改的有状态机器学习应用程序所需的分布式基础结构。本文报告了我们在生产用例中有关系统设计选择和系统部署的经验。我们根据可商用平台的局限性总结经验教训，并讨论未来工作中的开放研究问题。