Pith. sign in

REVIEW 13 cited by

Not yet reviewed by Pith; the record is open.

This paper has not been read by Pith yet. Machine review is queued; the pith claim, tier, and objections will appear here once it completes.

SPECIMEN: schema-true, not a live event

T0 review · schema-true

One-sentence machine reading of the paper's core claim.

pith:XXXXXXXX · record.json · timestamp

arxiv 1806.03287 v2 pith:CTJKWTYR submitted 2018-06-08 stat.ML cs.CRcs.LG

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware

classification stat.ML cs.CRcs.LG
keywords untrustedexecutioncomputationsdnnsslalomtrustedverifiabledelegates
verification ladder T0 review T1 audit T2 compute T3 formal T4 reserved
0 comments
read the original abstract

As Machine Learning (ML) gets applied to security-critical or sensitive domains, there is a growing need for integrity and privacy for outsourced ML computations. A pragmatic solution comes from Trusted Execution Environments (TEEs), which use hardware and software protections to isolate sensitive computations from the untrusted software stack. However, these isolation guarantees come at a price in performance, compared to untrusted alternatives. This paper initiates the study of high performance execution of Deep Neural Networks (DNNs) in TEEs by efficiently partitioning DNN computations between trusted and untrusted devices. Building upon an efficient outsourcing scheme for matrix multiplication, we propose Slalom, a framework that securely delegates execution of all linear layers in a DNN from a TEE (e.g., Intel SGX or Sanctum) to a faster, yet untrusted, co-located processor. We evaluate Slalom by running DNNs in an Intel SGX enclave, which selectively delegates work to an untrusted GPU. For canonical DNNs (VGG16, MobileNet and ResNet variants) we obtain 6x to 20x increases in throughput for verifiable inference, and 4x to 11x for verifiable and private inference.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 13 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Verifiable and Confidential DNN Inference on Low-End Edge Devices

    cs.CR 2026-06 unverdicted novelty 7.0

    VECODI introduces SHANGRI-LA, an intermediate-privilege runtime on TrustZone-M, to enable verifiable confidential DNN inference on constrained edge devices with small TCB and overhead.

  2. KBF: Knowledge Boundary as Fingerprint for Language Model and Black-Box API Auditing

    cs.CR 2026-05 unverdicted novelty 7.0

    KBF uses stable numerical recall near the knowledge boundary to fingerprint and audit black-box LLM APIs, successfully detecting all tested substitutions and some real-world inconsistencies across production endpoints.

  3. Toward Web 4.0: Bidirectional Trust between AI Agents and Blockchain

    cs.CR 2026-05 accept novelty 7.0

    The paper delivers a systematization of knowledge on AI agent-blockchain interactions via a bidirectional trust framework, an Agent-Blockchain Interaction Model, a five-dimensional evaluation lens, and nine identified...

  4. PragLocker: Protecting Agent Intellectual Property in Untrusted Deployments via Non-Portable Prompts

    cs.CR 2026-05 unverdicted novelty 7.0

    PragLocker protects agent prompts as IP by building non-portable obfuscated versions that function only on the intended LLM through code-symbol semantic anchoring followed by target-model feedback noise injection.

  5. Agentic Witnessing: Pragmatic and Scalable TEE-Enabled Privacy-Preserving Auditing

    cs.CR 2026-04 unverdicted novelty 7.0

    Agentic Witnessing enables privacy-preserving auditing of semantic properties in private data by running an LLM auditor in a TEE that answers binary queries and produces cryptographic transcripts of its reasoning.

  6. SPRINT: Robust Model Attribution of Generated Images via Secret Pixel Reconstruction

    cs.CR 2025-08 unverdicted novelty 7.0

    SPRINT achieves over 99% attribution accuracy on FFHQ images across multiple model pools while reducing adaptive attack success rates to 1% or below by keeping verification targets secret.

  7. Evidence-Bound Gateway-Path Provenance for Third-Party LLM Inference

    cs.CR 2026-06 unverdicted novelty 6.0

    Proposes evidence-bound LLM gateway using attested runtime for verifiable path provenance and policy enforcement.

  8. PragLocker: Protecting Agent Intellectual Property in Untrusted Deployments via Non-Portable Prompts

    cs.CR 2026-05 unverdicted novelty 6.0

    PragLocker generates function-preserving but non-portable prompts for LLM agents via code-symbol semantic anchoring followed by target-model feedback noise injection.

  9. Defense Against Prompt Inversion Attacks: An Information-Theoretic Approach for LLM Collaborative Inference

    cs.CR 2026-06 unverdicted novelty 5.0

    Develops an information-theoretic defense using privacy adapters and low-dimensional bottlenecks to minimize mutual information for protecting prompts in collaborative LLM inference, with claimed theoretical bounds an...

  10. Intelligence Delivery Network: Toward an Internet Architecture for the AI Age

    cs.NI 2026-05 unverdicted novelty 5.0

    IDN proposes treating AI intelligence as deliverable network services positioned dynamically across distributed compute environments to improve efficiency, latency, and privacy.

  11. When Agents Handle Secrets: A Survey of Confidential Computing for Agentic AI

    cs.CR 2026-05 unverdicted novelty 5.0

    A survey providing a taxonomy of TEE platforms, an agent-centric threat model, and open challenges for applying confidential computing to secure agentic AI systems.

  12. CoreGuard: Safeguarding Foundational Capabilities of LLMs Against Model Stealing in Edge Deployment

    cs.CR 2024-10 unverdicted novelty 5.0

    CoreGuard introduces a computation- and communication-efficient protocol claimed to deliver upper-bound security against model stealing for edge-deployed LLMs with negligible overhead.

  13. When Agents Handle Secrets: A Survey of Confidential Computing for Agentic AI

    cs.CR 2026-05 unverdicted novelty 4.0

    A structured survey of confidential computing for agentic AI that catalogs TEE platforms, agent-specific threats, transferable defenses, and remaining gaps in end-to-end frameworks.