{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,27]],"date-time":"2026-04-27T11:41:19Z","timestamp":1777290079937,"version":"3.51.4"},"publisher-location":"Cham","reference-count":46,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031976223","type":"print"},{"value":"9783031976230","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-97623-0_2","type":"book-chapter","created":{"date-parts":[[2025,7,10]],"date-time":"2025-07-10T09:21:30Z","timestamp":1752139290000},"page":"25-43","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["InferONNX: Practical and Privacy-Preserving Machine Learning Inference Using Trusted Execution Environments"],"prefix":"10.1007","author":[{"given":"Konstantina","family":"Papafragkaki","sequence":"first","affiliation":[]},{"given":"Giorgos","family":"Vasiliadis","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,7,10]]},"reference":[{"key":"2_CR1","unstructured":"Anakin inference framework. https:\/\/github.com\/PaddlePaddle\/Anakin"},{"key":"2_CR2","unstructured":"Mobile AI Compute Engine (MACE) inference framework. https:\/\/github.com\/XiaoMi\/mace"},{"key":"2_CR3","unstructured":"NCNN inference framework. https:\/\/github.com\/Tencent\/ncnn"},{"key":"2_CR4","unstructured":"ONNX Model Zoo. https:\/\/onnx.ai\/models\/"},{"key":"2_CR5","unstructured":"Valgrind Massif: a heap profiler. https:\/\/valgrind.org\/docs\/manual\/ms-manual.html"},{"key":"2_CR6","unstructured":"Bai, J., Lu, F., Zhang, K., et\u00a0al.: ONNX: open neural network exchange (2019). https:\/\/github.com\/onnx\/onnx"},{"key":"2_CR7","unstructured":"Bao, B.: ONNX models. https:\/\/github.com\/BowenBao\/models-1"},{"key":"2_CR8","doi-asserted-by":"publisher","unstructured":"Bourse, F., Minelli, M., Minihold, M., Paillier, P.: Fast homomorphic evaluation of deep discretized neural networks. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10993, pp. 483\u2013512. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96878-0_17","DOI":"10.1007\/978-3-319-96878-0_17"},{"key":"2_CR9","unstructured":"Brasser, F., M\u00fcller, U., Dmitrienko, A., Kostiainen, K., Capkun, S., Sadeghi, A.R.: Software grand exposure: SGX cache attacks are practical. In: Proceedings of the 11th USENIX Conference on Offensive Technologies (2017)"},{"key":"2_CR10","doi-asserted-by":"publisher","unstructured":"Chalkiadakis, N., Deyannis, D., Karnikis, D., Vasiliadis, G., Ioannidis, S.: The million dollar handshake: secure and attested communications in the cloud. In: 2020 IEEE 13th International Conference on Cloud Computing (CLOUD), pp. 63\u201370 (2020). https:\/\/doi.org\/10.1109\/CLOUD49709.2020.00022","DOI":"10.1109\/CLOUD49709.2020.00022"},{"key":"2_CR11","doi-asserted-by":"crossref","unstructured":"Chen, G., Chen, S., Xiao, Y., Zhang, Y., Lin, Z., Lai, T.H.: SgxPectre: stealing intel secrets from SGX enclaves via speculative execution. In: 2019 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 142\u2013157 (2019)","DOI":"10.1109\/EuroSP.2019.00020"},{"key":"2_CR12","unstructured":"Chen, T., et al.: TVM: an automated end-to-end optimizing compiler for deep learning. In: Proceedings of the 13th USENIX conference on Operating Systems Design and Implementation, pp. 579\u2013594 (2018)"},{"key":"2_CR13","unstructured":"Costan, V., Devadas, S.: Intel SGX explained. In: IACR Cryptology ePrint Archive, pp. 1\u2013118 (2016)"},{"key":"2_CR14","doi-asserted-by":"publisher","first-page":"168656","DOI":"10.1109\/ACCESS.2021.3136889","volume":"9","author":"KD Duy","year":"2021","unstructured":"Duy, K.D., Noh, T., Huh, S., Lee, H.: Confidential machine learning computation in untrusted environments: a systems security perspective. IEEE Access 9, 168656\u2013168677 (2021)","journal-title":"IEEE Access"},{"key":"2_CR15","unstructured":"FortanixEDP: Fortanix enclave development platform. https:\/\/edp.fortanix.com\/"},{"key":"2_CR16","unstructured":"Peskine, G., P\u00e9gouri\u00e9-Gonnard, M., et al.: Mbed-TLS library. https:\/\/github.com\/Mbed-TLS\/mbedtls"},{"key":"2_CR17","doi-asserted-by":"crossref","unstructured":"Gallego, A., Odyurt, U., Cheng, Y., Wang, Y., Zhao, Z.: Machine learning inference on serverless platforms using model decomposition. In: Proceedings of the IEEE\/ACM 16th International Conference on Utility and Cloud Computing, pp.\u00a01\u20136. Association for Computing Machinery (2024)","DOI":"10.1145\/3603166.3632535"},{"key":"2_CR18","doi-asserted-by":"crossref","unstructured":"Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing, pp. 169\u2013178 (2009)","DOI":"10.1145\/1536414.1536440"},{"key":"2_CR19","doi-asserted-by":"crossref","unstructured":"G\u00f6tzfried, J., Eckert, M., Schinzel, S., M\u00fcller, T.: Cache attacks on intel SGX. In: Proceedings of the 10th European Workshop on Systems Security, pp.\u00a01\u20136 (2017)","DOI":"10.1145\/3065913.3065915"},{"key":"2_CR20","doi-asserted-by":"crossref","unstructured":"Hanzlik, L., et al.: MLCapsule: guarded offline deployment of machine learning as a service. In: 2021 IEEE\/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW), pp. 3295\u20133304 (2021)","DOI":"10.1109\/CVPRW53098.2021.00368"},{"key":"2_CR21","unstructured":"Juvekar, C., Vaikuntanathan, V., Chandrakasan, A.: GAZELLE: a low latency framework for secure neural network inference. In: Proceedings of the 27th USENIX Conference on Security Symposium, pp. 1651\u20131669 (2018)"},{"key":"2_CR22","doi-asserted-by":"publisher","first-page":"443","DOI":"10.1016\/j.neucom.2021.05.103","volume":"470","author":"I Lauriola","year":"2022","unstructured":"Lauriola, I., Lavelli, A., Aiolli, F.: An introduction to deep learning in natural language processing: models, techniques, and tools. Neurocomputing 470, 443\u2013456 (2022)","journal-title":"Neurocomputing"},{"key":"2_CR23","doi-asserted-by":"crossref","unstructured":"Lee, T., et al.: Occlumency: privacy-preserving remote deep-learning inference using SGX. In: The 25th Annual International Conference on Mobile Computing and Networking, pp. 1\u201317 (2019)","DOI":"10.1145\/3300061.3345447"},{"key":"2_CR24","doi-asserted-by":"crossref","unstructured":"Li, F., Li, X., Gao, M.: Secure MLaaS with temper: trusted and efficient model partitioning and enclave reuse. In: Proceedings of the 39th Annual Computer Security Applications Conference, pp. 621\u2013635 (2023)","DOI":"10.1145\/3627106.3627145"},{"key":"2_CR25","unstructured":"Li, X., et al.: Design and verification of the arm confidential compute architecture. In: 16th USENIX Symposium on Operating Systems Design and Implementation (OSDI 22), pp. 465\u2013484 (2022)"},{"key":"2_CR26","doi-asserted-by":"crossref","unstructured":"Li, Y., et al.: Lasagna: accelerating secure deep learning inference in SGX-enabled edge cloud. In: Proceedings of the ACM Symposium on Cloud Computing, pp. 533\u2013545 (2021)","DOI":"10.1145\/3472883.3486988"},{"key":"2_CR27","doi-asserted-by":"crossref","unstructured":"Li, Y., Zeng, D., Gu, L., Guo, S., Zomaya, A.Y.: DNN partitioning and assignment for distributed inference in SGX empowered edge cloud. In: 2024 IEEE 44th International Conference on Distributed Computing Systems (ICDCS), pp. 635\u2013644 (2024)","DOI":"10.1109\/ICDCS60910.2024.00065"},{"key":"2_CR28","doi-asserted-by":"crossref","unstructured":"Li, D., Zhang, Z., Yao, M., Cai, Y., Guo, Y., Chen, X.: TEESlice: protecting sensitive neural network models in trusted execution environments when attackers have pre-trained models. ACM Trans. Softw. Eng. Methodol. (2024)","DOI":"10.1145\/3707453"},{"issue":"2","key":"2_CR29","first-page":"1","volume":"54","author":"B Liu","year":"2021","unstructured":"Liu, B., Ding, M., Shaham, S., Rahayu, W., Farokhi, F., Lin, Z.: When machine learning meets privacy: a survey and outlook. ACM CSUR 54(2), 1\u201336 (2021)","journal-title":"ACM CSUR"},{"key":"2_CR30","doi-asserted-by":"crossref","unstructured":"Liu, J., Juuti, M., Lu, Y., Asokan, N.: Oblivious neural network predictions via MiniONN transformations. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 619\u2013631 (2017)","DOI":"10.1145\/3133956.3134056"},{"key":"2_CR31","doi-asserted-by":"publisher","first-page":"9411","DOI":"10.1007\/s11042-020-10073-7","volume":"80","author":"M Malik","year":"2021","unstructured":"Malik, M., Malik, M.K., Mehmood, K., Makhdoom, I.: Automatic speech recognition: a survey. Multimedia Tools Appl. 80, 9411\u20139457 (2021)","journal-title":"Multimedia Tools Appl."},{"key":"2_CR32","unstructured":"Poumeyrol, M., et al.: Tract inference engine. https:\/\/github.com\/sonos\/tract"},{"key":"2_CR33","doi-asserted-by":"crossref","unstructured":"Mohassel, P., Zhang, Y.: SecureML: a system for scalable privacy-preserving machine learning. In: 2017 IEEE Symposium on Security and Privacy (SC), pp. 19\u201338 (2017)","DOI":"10.1109\/SP.2017.12"},{"key":"2_CR34","doi-asserted-by":"crossref","unstructured":"Quoc, D.L., Gregor, F., Arnautov, S., Kunkel, R., Bhatotia, P., Fetzer, C.: secureTF: a secure TensorFlow framework. In: Proceedings of the 21st International Middleware Conference, pp. 44\u201359 (2020)","DOI":"10.1145\/3423211.3425687"},{"key":"2_CR35","doi-asserted-by":"crossref","unstructured":"Riazi, M.S., Weinert, C., Tkachenko, O., Songhori, E.M., Schneider, T., Koushanfar, F.: Chameleon: a hybrid secure computation framework for machine learning applications. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 707\u2013721 (2018)","DOI":"10.1145\/3196494.3196522"},{"issue":"11","key":"2_CR36","first-page":"169","volume":"4","author":"RL Rivest","year":"1978","unstructured":"Rivest, R.L., Adleman, L., Dertouzos, M.L.: On data banks and privacy homomorphisms. Found. Secur. Comput. 4(11), 169\u2013180 (1978)","journal-title":"Found. Secur. Comput."},{"key":"2_CR37","doi-asserted-by":"publisher","first-page":"103627","DOI":"10.1016\/j.jbi.2020.103627","volume":"113","author":"S Shamshirband","year":"2021","unstructured":"Shamshirband, S., Fathi, M., Dehzangi, A., Chronopoulos, A.T., Alinejad-Rokny, H.: A review on deep learning approaches in healthcare systems: taxonomies, challenges, and open issues. J. Biomed. Inform. 113, 103627 (2021)","journal-title":"J. Biomed. Inform."},{"key":"2_CR38","unstructured":"Shen, T., et al.: SOTER: guarding black-box inference for general neural networks at the edge. In: Proceedings of the 2022 USENIX Annual Technical Conference, pp. 1651\u20131669 (2022)"},{"key":"2_CR39","doi-asserted-by":"crossref","unstructured":"Shen, Y., et al.: Occlum: secure and efficient multitasking inside a single enclave of intel SGX. In: Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 955\u2013970 (2020)","DOI":"10.1145\/3373376.3378469"},{"key":"2_CR40","doi-asserted-by":"crossref","unstructured":"Siby, S., Abdollahi, S., Maheri, M., Kogias, M., Haddadi, H.: GuaranTEE: towards attestable and private ML with CCA. In: Proceedings of the 4th Workshop on Machine Learning and Systems, pp. 1\u20139 (2024)","DOI":"10.1145\/3642970.3655845"},{"key":"2_CR41","unstructured":"Tram\u00e8r, F., Boneh, D.: Slalom: fast, verifiable and private execution of neural networks in trusted hardware. In: 7th International Conference on Learning Representations, ICLR 2019, New Orleans, LA, USA, May 6-9 (2019)"},{"key":"2_CR42","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s13073-021-00968-x","volume":"13","author":"KA Tran","year":"2021","unstructured":"Tran, K.A., Kondrashova, O., Bradley, A., Williams, E.D., Pearson, J.V., Waddell, N.: Deep learning in cancer diagnosis, prognosis and treatment selection. Genome Med. 13, 1\u201317 (2021)","journal-title":"Genome Med."},{"key":"2_CR43","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1016\/j.patrec.2020.07.042","volume":"141","author":"P Wang","year":"2021","unstructured":"Wang, P., Fan, E., Wang, P.: Comparative analysis of image classification algorithms based on traditional machine learning and deep learning. Pattern Recogn. Lett. 141, 61\u201367 (2021)","journal-title":"Pattern Recogn. Lett."},{"key":"2_CR44","doi-asserted-by":"crossref","unstructured":"Wang, W., et al.: Leaky Cauldron on the dark land: understanding memory side-channel hazards in SGX. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 2421\u20132434 (2017)","DOI":"10.1145\/3133956.3134038"},{"key":"2_CR45","doi-asserted-by":"crossref","unstructured":"Winter, J.: Trusted computing building blocks for embedded Linux-based ARM trustzone platforms. In: Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, pp. 21\u201330 (2009)","DOI":"10.1145\/1456455.1456460"},{"key":"2_CR46","doi-asserted-by":"crossref","unstructured":"Xue, H., et al.: Distributed large scale privacy-preserving deep mining. In: 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC), pp. 418\u2013422 (2018)","DOI":"10.1109\/DSC.2018.00067"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-97623-0_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,7]],"date-time":"2025-09-07T01:43:08Z","timestamp":1757209388000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-97623-0_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031976223","9783031976230"],"references-count":46,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-97623-0_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"10 July 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DIMVA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Graz","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Austria","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 July 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 July 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dimva2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/dimva.org\/dimva2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}