Paper 2021/966
Soteria: Privacy-Preserving Machine Learning for Apache Spark
Cláudia Brito and Pedro Ferreira and Bernardo Portela and Rui Oliveira and João Paulo
Abstract
Privacy and security are prime obstacles to the wider adoption of machine learning services offered by cloud computing providers. Namely, trusting users' sensitive data to a third-party infrastructure, vulnerable to both external and internal malicious attackers, restricts many companies from leveraging the scalability and flexibility offered by cloud services. We propose Soteria, a system for distributed privacy-preserving machine learning that combines the Apache Spark system, and its machine learning library (MLlib), with the confidentiality features provided by Trusted Execution Environments (e.g., Intel SGX). Soteria supports two main designs, each offering specific guarantees in terms of security and performance. The first encapsulates most of the computation done by Apache Spark on a secure enclave, thus offering stronger security. The second fine-tunes the Spark operations that must be done at the secure enclave to reduce the needed trusted computing base, and consequently the performance overhead, at the cost of an increased attack surface. An extensive evaluation of Soteria, with classification, regression, dimensionality reduction, and clustering algorithms, shows that our system outperforms state-of-the-art solutions, reducing their performance overhead by up to 41%. Moreover, we show that privacy-preserving machine learning is achievable while providing strong security guarantees.
Metadata
- Available format(s)
- Publication info
- Preprint. MINOR revision.
- Keywords
- Privacy-preserving Machine LearningApache SparkConfidential ComputingIntel SGX
- Contact author(s)
- claudia v brito @ inesctec pt,joao t paulo @ inesctec pt
- History
- 2023-07-21: last of 5 revisions
- 2021-07-22: received
- See all versions
- Short URL
- https://ia.cr/2021/966
- License
-
CC BY