Secure Collaborative Training and Inference for XGBoost

In recent years, gradient boosted decision tree learning has proven to be an effective method of training robust models. Moreover, collaborative learning among multiple parties has the potential to greatly benefit all parties involved, but organizations have also encountered obstacles in sharing sensitive data due to business, regulatory, and liability concerns. We propose Secure XGBoost, a privacy-preserving system that enables multiparty training and inference of XGBoost models. Secure XGBoost protects the privacy of each party's data as well as the integrity of the computation with the help of hardware enclaves. Crucially, Secure XGBoost augments the security of the enclaves using novel data-oblivious algorithms that prevent access side-channel attacks on enclaves induced via access pattern leakage.

[1]  Marcus Peinado,et al.  Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems , 2015, 2015 IEEE Symposium on Security and Privacy.

[2]  Taesoo Kim,et al.  SGX-Bomb: Locking Down the Processor via Rowhammer Attack , 2017, SysTEX@SOSP.

[3]  Srdjan Capkun,et al.  ROTE: Rollback Protection for Trusted Execution , 2017, USENIX Security Symposium.

[4]  Raluca Ada Popa,et al.  An Off-Chip Attack on Hardware Enclaves via the Memory Bus , 2019, USENIX Security Symposium.

[5]  Rüdiger Kapitza,et al.  Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution , 2017, USENIX Security Symposium.

[6]  Ittai Anati,et al.  Innovative Technology for CPU Based Attestation and Sealing , 2013 .

[7]  Thomas F. Wenisch,et al.  Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution , 2018, USENIX Security Symposium.

[8]  Gorka Irazoqui Apecechea,et al.  CacheZoom: How SGX Amplifies The Power of Cache Attacks , 2017, CHES.

[9]  Rüdiger Kapitza,et al.  Rollback and Forking Detection for Trusted Execution Environments Using Lightweight Collective Memory , 2017, 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[10]  Flavio D. Garcia,et al.  Plundervolt: Software-based Fault Injection Attacks against Intel SGX , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[11]  Srdjan Capkun,et al.  Software Grand Exposure: SGX Cache Attacks Are Practical , 2017, WOOT.

[12]  Daniel Gruss,et al.  ZombieLoad: Cross-Privilege-Boundary Data Sampling , 2019, CCS.

[13]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[14]  Kenneth E. Batcher,et al.  Sorting networks and their applications , 1968, AFIPS Spring Joint Computing Conference.

[15]  Marcus Peinado,et al.  Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing , 2016, USENIX Security Symposium.

[16]  Yuan Xiao,et al.  SgxPectre: Stealing Intel Secrets from SGX Enclaves Via Speculative Execution , 2018, 2019 IEEE European Symposium on Security and Privacy (EuroS&P).

[17]  Jonathan M. McCune,et al.  Memoir: Practical State Continuity for Protected Modules , 2011, 2011 IEEE Symposium on Security and Privacy.

[18]  Yuval Yarom,et al.  Another Flip in the Wall of Rowhammer Defenses , 2017, 2018 IEEE Symposium on Security and Privacy (SP).

[19]  Johannes Götzfried,et al.  Cache Attacks on Intel SGX , 2017, EUROSEC.

[20]  Tianqi Chen,et al.  XGBoost: A Scalable Tree Boosting System , 2016, KDD.

[21]  Salvatore J. Stolfo,et al.  CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management , 2017, USENIX Security Symposium.

[22]  Sebastian Nowozin,et al.  Oblivious Multi-Party Machine Learning on Trusted Processors , 2016, USENIX Security Symposium.

[23]  Srinath T. V. Setty,et al.  Visor: Privacy-Preserving Video Analytics as a Cloud Service , 2020, USENIX Security Symposium.

[24]  Marcus Peinado,et al.  High-Resolution Side Channels for Untrusted Operating Systems , 2017, USENIX Annual Technical Conference.

[25]  Thomas Eisenbarth,et al.  CacheQuote: Efficiently Recovering Long-term Secrets of SGX EPID via Cache Attacks , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[26]  Stefan Mangard,et al.  Malware Guard Extension: Using SGX to Conceal Cache Attacks , 2017, DIMVA.