Machine Learning (ML) models affect every aspect of our lives, from individuals to enterprises. As a result, ecosystems relating to ML models and datasets used to train them emerge, trying to facilitate the exchange of such assets among their owners. However, trust requirements among these entities pose a significant barrier to the scale and extent of these exchanges.

These trust concerns are intertwined with the privacy of the individuals that may be present in these datasets (e.g., hospital patient data). Privacy concerns about such data have already been reflected in laws and regulations (e.g., GDPR and EU AI Act in Europe, HIPAA and CCPA in the US). These regulations will certainly reflect on the owners and users in terms of compliance, whether these assets are datasets, models trained on those datasets or the processes of said training. This compliance aspect can demonstrate itself as an enforced requirement (e.g., by regulatory bodies) or a self-imposed public relations act (e.g., showing `good faith` to the public). Simultaneously protecting the confidentiality of these assets (i.e., models, datasets) and providing provable assurances about their properties (e.g., privacy, provenance) with acceptable cost, performance and trust assumptions is an important problem.

Confidential computing using Trusted Execution Environments (TEEs), such as Intel SGX, ARM TrustZone, AMD SEV and Intel TDX, have been proposed as a potential solution to these problems. In this project, you will learn and explore how TEEs can be utilized to protect data confidentiality and computational integrity. Using these primitives, you will explore how compliance with such regulations can be shown using technical means by using two important properties: jurisdiction of processing (i.e., location) and energy consumption.

 

Qualifications

Students enrolled in a Ph.D. in Computer Science/Engineering. Strong programming skills in Python and bash Experience in designing, implementing and evaluating distributed systems is a big plus. Experience related to TEEs is a big plus. Experience related to ML pipelines and systems is a big plus. A strong publication record is a big plus. Language skills: English
 

Duration: flexible, to be agreed (typically 3-4 months), starting time flexible

Location: Stuttgart (Germany)

 

Tasks

You will explore how TEEs can be used to provide confidentiality and integrity guarantees for distributed systems. You will design and implement protocols or algorithms to compute various properties of computations (e.g., jurisdiction detection, energy usage). You will implement a prototype using open-source software and/or our in-house platform and develop a demo to showcase your prototype. You will evaluate your results with various tests. Ideally, this project will lead to a publication at an academic venue.