{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,18]],"date-time":"2026-05-18T11:26:54Z","timestamp":1779103614578,"version":"3.51.4"},"reference-count":112,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2025]]},"DOI":"10.1109\/access.2025.3557228","type":"journal-article","created":{"date-parts":[[2025,4,3]],"date-time":"2025-04-03T00:21:00Z","timestamp":1743639660000},"page":"61483-61510","source":"Crossref","is-referenced-by-count":6,"title":["GuardianML: Anatomy of Privacy-Preserving Machine Learning Techniques and Frameworks"],"prefix":"10.1109","volume":"13","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-3393-6851","authenticated-orcid":false,"given":"Nges Brian","family":"Njungle","sequence":"first","affiliation":[{"name":"STAM Center, Ira A. Fulton Schools of Engineering, Arizona State University, Tempe, AZ, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-5511-7975","authenticated-orcid":false,"given":"Eric","family":"Jahns","sequence":"additional","affiliation":[{"name":"STAM Center, Ira A. Fulton Schools of Engineering, Arizona State University, Tempe, AZ, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-4235-0463","authenticated-orcid":false,"given":"Zhenqi","family":"Wu","sequence":"additional","affiliation":[{"name":"STAM Center, Ira A. Fulton Schools of Engineering, Arizona State University, Tempe, AZ, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-7294-8466","authenticated-orcid":false,"given":"Luigi","family":"Mastromauro","sequence":"additional","affiliation":[{"name":"STAM Center, Ira A. Fulton Schools of Engineering, Arizona State University, Tempe, AZ, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0602-0606","authenticated-orcid":false,"given":"Milan","family":"Stojkov","sequence":"additional","affiliation":[{"name":"Faculty of Technical Sciences, University of Novi Sad, Novi Sad, Serbia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1432-6939","authenticated-orcid":false,"given":"Michel A.","family":"Kinsy","sequence":"additional","affiliation":[{"name":"STAM Center, Ira A. Fulton Schools of Engineering, Arizona State University, Tempe, AZ, USA"}]}],"member":"263","reference":[{"key":"ref1","volume-title":"What Are Machine Learning Applications? Top 10 Industry and Real-world Use Cases","author":"Shinde","year":"2022"},{"key":"ref2","volume-title":"Future of Patient Care: The Use of Machine Learning in Healthcare","author":"Srivastava","year":"2023"},{"key":"ref3","article-title":"Privacy-preserving machine learning: Methods, challenges and directions","author":"Xu","year":"2021","journal-title":"arXiv:2108.04417"},{"key":"ref4","volume-title":"Privacy-Preserving Machine Learning: Ml and Data Security","author":"Lezginov","year":"2023"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-30619-9_4"},{"key":"ref6","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2023.103605","article-title":"Preserving data privacy in machine learning systems","volume":"137","author":"El Mestari","year":"2024","journal-title":"Comput. Secur."},{"key":"ref7","doi-asserted-by":"crossref","first-page":"21","DOI":"10.1016\/j.neucom.2019.11.041","article-title":"A review of privacy-preserving techniques for deep learning","volume":"384","author":"Boulemtafes","year":"2020","journal-title":"Neurocomputing"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/MSEC.2018.2888775"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-68035-0_9"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3219049"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/CSR57506.2023.10224826"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2021.3058638"},{"key":"ref13","doi-asserted-by":"crossref","DOI":"10.1016\/j.knosys.2021.106775","article-title":"A survey on federated learning","volume":"216","author":"Zhang","year":"2021","journal-title":"Knowl.-Based Syst."},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/MCI.2020.2976185"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/3670007"},{"key":"ref16","article-title":"A survey of secure computation using trusted execution environments","author":"Li","year":"2023","journal-title":"arXiv:2302.12150"},{"key":"ref17","first-page":"89","article-title":"A state-of-the-art survey on local training methods in federated learning","volume-title":"Proc. IEEE 23rd Int. Symp. Comput. Intell. Informat. (CINTI)","author":"Sta\\v{n}o"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/SACI58269.2023.10158622"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.3390\/s21010167"},{"key":"ref20","first-page":"1","article-title":"FATE: An industrial grade platform for collaborative learning with data protection","volume":"22","author":"Liu","year":"2021","journal-title":"J. Mach. Learn. Res."},{"key":"ref21","article-title":"Flower: A friendly federated learning research framework","author":"Beutel","year":"2020","journal-title":"arXiv:2007.14390"},{"key":"ref22","article-title":"Flute: A scalable, extensible framework for high-performance federated learning simulations","author":"Garcia","year":"2022","journal-title":"arXiv:2203.13789"},{"key":"ref23","article-title":"FedML: A research library and benchmark for federated machine learning","author":"He","year":"2020","journal-title":"arXiv:2007.13518"},{"key":"ref24","article-title":"LEAF: A benchmark for federated settings","author":"Caldas","year":"2019","journal-title":"arXiv:1812.01097"},{"key":"ref25","article-title":"IBM federated learning: An enterprise framework white paper V0.1","author":"Ludwig","year":"2020","journal-title":"arXiv:2007.10987"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1088\/1361-6560\/ac97d9"},{"key":"ref27","volume-title":"Federated Learning for Healthcare Using NVIDIA Clara","year":"2024"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-60548-3_19"},{"key":"ref29","article-title":"Substra: A framework for privacy-preserving, traceable and collaborative machine learning","author":"Galtier","year":"2019","journal-title":"arXiv:1910.11567"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/3477114.3488760"},{"key":"ref31","article-title":"FederatedScope: A flexible federated learning platform for heterogeneity","author":"Xie","year":"2022","journal-title":"arXiv:2204.05011"},{"key":"ref32","doi-asserted-by":"crossref","DOI":"10.1016\/j.iot.2024.101174","article-title":"OpenFL: A scalable and secure decentralized federated learning system on the Ethereum blockchain","volume":"26","author":"Wahrst\u00e4tter","year":"2024","journal-title":"Internet Things"},{"key":"ref33","volume-title":"NVIDIA Clara for Medical Devices","year":"2024"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1561\/3300000019"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/SFCS.1982.38"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.12"},{"key":"ref37","doi-asserted-by":"crossref","DOI":"10.1145\/3133956.3134056","volume-title":"Oblivious Neural Network Predictions Via Minionn Transformations","author":"Liu","year":"2017"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1145\/3196494.3196522"},{"key":"ref39","volume-title":"ABY3: A Mixed Protocol Framework for Machine Learning","author":"Mohassel","year":"2018"},{"key":"ref40","volume-title":"Flash: Fast and Robust Framework for Privacy-Preserving Machine Learning","author":"Byali","year":"2019"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2019.00043"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00092"},{"key":"ref43","volume-title":"Blaze: Blazing Fast Privacy-preserving Machine Learning","author":"Patra","year":"2020"},{"key":"ref44","volume-title":"Tetrad: Actively Secure 4PC for Secure Training and Inference","author":"Koti","year":"2021"},{"key":"ref45","first-page":"2651","article-title":"SWIFT: Super-fast and robust privacy-preserving machine learning","volume-title":"Proc. 30th USENIX Secur. Symp.","author":"Koti"},{"key":"ref46","volume-title":"Aegis: A Lightning Fast Privacy-preserving Machine Learning Platform Against Malicious Adversaries","author":"Lu","year":"2023"},{"key":"ref47","first-page":"17","article-title":"SecretFlow-SPU: A performant and user-friendly framework for privacy-preserving machine learning","volume-title":"Proc. USENIX Annu. Tech. Conf.","author":"Ma"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-39118-5_12"},{"key":"ref49","article-title":"A fully homomorphic encryption scheme","author":"Gentry","year":"2009"},{"key":"ref50","volume-title":"Homomorphic Encryption for Arithmetic of Approximate Numbers","author":"Cheon","year":"2016"},{"key":"ref51","first-page":"144","article-title":"Somewhat practical fully homomorphic encryption","volume":"2012","author":"Fan","year":"2012","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/CCIOT.2014.7062497"},{"key":"ref53","volume-title":"TFHE: Fast Fully Homomorphic Encryption Over the Torus","author":"Chillotti","year":"2018"},{"key":"ref54","volume-title":"Microsoft SEAL (Release 4.1)","year":"2023"},{"key":"ref55","volume-title":"Openfhe on Github","year":"2024"},{"key":"ref56","volume-title":"TFHE-RS: A Pure Rust Implementation of the TFHE Scheme for Boolean and Integer Arithmetics Over Encrypted Data","year":"2022"},{"key":"ref57","volume-title":"Design and Implementation of Helib: A Homomorphic Encryption Library","author":"Halevi","year":"2020"},{"key":"ref58","first-page":"201","article-title":"Cryptonets: Applying neural networks to encrypted data with high throughput and accuracy","volume-title":"Proc. Int. Conf. Mach. Learn.","author":"Dowlin"},{"key":"ref59","doi-asserted-by":"crossref","DOI":"10.1145\/3243734.3243837","volume-title":"Secure Outsourced Matrix Computation and Application to Neural Networks","author":"Jiang","year":"2018"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3045465"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1145\/3310273.3323047"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1145\/3314221.3314628"},{"key":"ref63","article-title":"CryptoDL: Deep neural networks over encrypted data","author":"Hesamifard","year":"2017","journal-title":"arXiv:1711.05189"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1109\/ICDIS55630.2022.00027"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3159694"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1109\/DAC18072.2020.9218508"},{"key":"ref67","doi-asserted-by":"crossref","DOI":"10.1142\/S0129065724500254","volume-title":"Encrypted Image Classification With Low Memory Footprint Using Fully Homomorphic Encryption","author":"Rovida","year":"2024"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1145\/3493700.3493760"},{"key":"ref69","volume-title":"Towards the AlexNet Moment for Homomorphic Encryption: HCNN, the First Homomorphic CNN on Encrypted Data With GPUs","author":"Badawi","year":"2018"},{"key":"ref70","article-title":"TT-TFHE: A torus fully homomorphic encryption-friendly neural network architecture","author":"Benamira","year":"2023","journal-title":"arXiv:2302.01584"},{"key":"ref71","article-title":"Faster CryptoNets: Leveraging sparsity for real-world encrypted inference","author":"Chou","year":"2018","journal-title":"arXiv:1811.09953"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1137\/1.9781611975949"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978318"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1109\/ICDM.2017.48"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2019.2952146"},{"key":"ref76","doi-asserted-by":"crossref","first-page":"131","DOI":"10.1016\/j.neunet.2020.02.001","article-title":"Preserving differential privacy in deep neural networks with relevance-based adaptive noise imposition","volume":"125","author":"Gong","year":"2020","journal-title":"Neural Netw."},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1109\/TCSS.2019.2950017"},{"issue":"3","key":"ref78","first-page":"1","article-title":"Deep learning with Gaussian differential privacy","volume":"2","author":"Bu","year":"2020","journal-title":"Harvard Data Sci. Rev."},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1109\/HOST55118.2023.10133266"},{"key":"ref80","article-title":"Approximate, adapt, anonymize (3A): A framework for privacy preserving training data release for machine learning","author":"Madl","year":"2023","journal-title":"arXiv:2307.01875"},{"key":"ref81","article-title":"Differential privacy meets neural network pruning","author":"Adamczewski","year":"2023","journal-title":"arXiv:2303.04612"},{"key":"ref82","first-page":"1","article-title":"Survey on trusted execution environments","volume":"21","author":"Buchner","year":"2022","journal-title":"Network"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1145\/3300061.3345447"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.56553\/popets-2022-0105"},{"key":"ref85","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2024.03.008"},{"key":"ref86","first-page":"1","article-title":"Privacy-preserving inference on the edge: Mitigating a new threat model","volume-title":"Proc. Res. Symp. Tiny Mach. Learn.","author":"Prabhu"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-99-7969-1_1"},{"key":"ref88","article-title":"Privacy-preserving inference in machine learning services using trusted execution environments","author":"Giri Narra","year":"2019","journal-title":"arXiv:1912.03485"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.1145\/3488932.3517391"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1145\/3555776.3578591"},{"key":"ref91","article-title":"Privacy-preserving machine learning in untrusted clouds made simple","author":"Lee","year":"2020","journal-title":"arXiv:2009.04390"},{"key":"ref92","doi-asserted-by":"publisher","DOI":"10.1145\/3466752.3480112"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2021.3126315"},{"key":"ref94","doi-asserted-by":"publisher","DOI":"10.1109\/CLOUD55607.2022.00059"},{"key":"ref95","article-title":"Slalom: Fast, verifiable and private execution of neural networks in trusted hardware","author":"Tram\u00e9r","year":"2019","journal-title":"arXiv:1806.0328"},{"key":"ref96","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2023.103509","article-title":"HT2ML: An efficient hybrid framework for privacy-preserving machine learning using HE and TEE","volume":"135","author":"Wang","year":"2023","journal-title":"Comput. Secur."},{"key":"ref97","article-title":"Toward scalable fully homomorphic encryption through light trusted computing assistance","author":"Wang","year":"2019","journal-title":"arXiv:1905.07766"},{"key":"ref98","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS51616.2021.00077"},{"key":"ref99","article-title":"A generic framework for privacy preserving deep learning","author":"Ryffel","year":"2018","journal-title":"arXiv:1811.04017"},{"key":"ref100","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-030-70604-3_5","article-title":"PyAyft: A library for easy federated learning","volume-title":"Federated Learning Systems","author":"Ziller","year":"2021"},{"key":"ref101","doi-asserted-by":"crossref","DOI":"10.1016\/j.simpa.2022.100286","article-title":"PPML-TSA: A modular privacy-preserving time series classification framework","volume":"12","author":"Mercier","year":"2022","journal-title":"Softw. Impacts"},{"key":"ref102","volume-title":"GenoPPML\u2014A Framework for Genomic Privacy-preserving Machine Learning","author":"Carpov","year":"2021"},{"key":"ref103","volume-title":"Machine Learning Classification Over Encrypted Data","author":"Bost","year":"2014"},{"key":"ref104","first-page":"619","article-title":"Oblivious multi-party machine learning on trusted processors","volume-title":"Proc. 25th USENIX Secur. Symp.","author":"Ohrimenko"},{"key":"ref105","volume-title":"Gazelle: A Low Latency Framework for Secure Neural Network Inference","author":"Juvekar","year":"2018"},{"key":"ref106","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2020.2974555"},{"key":"ref107","article-title":"Chiron: Privacy-preserving machine learning as a service","author":"Hunt","year":"2018","journal-title":"arXiv:1803.05961"},{"key":"ref108","article-title":"Training differentially private models with secure multiparty computation","author":"Pentyala","year":"2022","journal-title":"arXiv:2202.02625"},{"key":"ref109","doi-asserted-by":"publisher","DOI":"10.1145\/3453142.3491287"},{"key":"ref110","article-title":"Distributed privacy-preserving machine learning via homomorphic encryption","author":"Chen","year":"2023"},{"key":"ref111","volume-title":"SoK: New Insights Into Fully Homomorphic Encryption Libraries Via Standardized Benchmarks","author":"Gouert","year":"2022"},{"key":"ref112","first-page":"1","article-title":"Linear integer programming methods and approaches-a survey","volume":"11","author":"Genova","year":"2011","journal-title":"Cybern. Inf. Technol."}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6287639\/10820123\/10947759.pdf?arnumber=10947759","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,11]],"date-time":"2025-04-11T04:30:34Z","timestamp":1744345834000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10947759\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":112,"URL":"https:\/\/doi.org\/10.1109\/access.2025.3557228","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]}}}