Security and confidentiality on shared computational resources

Abstract

The distinction between local and remote computing is increasingly blurred as modern computation relies extensively on the use of shared resources. Pervasive sharing of computational resources is evident in many use cases such as cloud computing, where computational tasks are outsourced to remote servers. Addition- ally, rented servers, Virtual Private Networks (VPNs), and even web browsers often rely on shared hardware infrastructure. While the benefits of shared computing resources, such as scalability and cost- effectiveness, are well-documented, this trend also introduces novel security risks. The reliance on shared hardware infrastructure creates opportunities for unautho- rized access, data breaches, and other malicious activities. One very prominent example of sharing both hardware and data are machine learning applications. The use of machine learning applications is rapidly increasing in almost every part of our lives, which includes granting them access to highly sensitive information like health or credit data. At the same time, the models that are used grow larger and larger, necessitating substantial computational resources. This surge in resource consumption has led to a rise in outsourcing both training and inference processes, resulting in the processing of sensitive data on untrusted machines. In this thesis, we examine how to protect data in distributed machine learning systems. In particular, we look at outsourced computations on a machine with a Trusted Execution Environment (TEE) and a fast processing unit, such as a Graphics Processing Unit (GPU). I examined the SLALOM protocol, a seminal work in privacy-preserving inference. In this theses I present a new method, CARNIVAL, to significantly speed up the preprocessing phase. CARNIVAL leverages the pseudo- randomness of the Subset sum problem to enable efficient outsourcing during the preprocessing phase. The findings from the performance benchmarks demonstrate that CARNIVAL is a promising candidate for real-world implementations. A second possibility to continue working with the SLALOM framework, DASH, is introduced briefly. It builds on arithmetic Garbled Circuits (GCs) in combination with a TEE.