{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,14]],"date-time":"2026-04-14T16:19:39Z","timestamp":1776183579384,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":77,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,6,24]],"date-time":"2021-06-24T00:00:00Z","timestamp":1624492800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100010661","name":"Horizon 2020 Framework Programme","doi-asserted-by":"publisher","award":["830927; 871793; 871370"],"award-info":[{"award-number":["830927; 871793; 871370"]}],"id":[{"id":"10.13039\/100010661","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100000266","name":"Engineering and Physical Sciences Research Council","doi-asserted-by":"publisher","award":["EP\/N028260\/1; EP\/R03351X\/1"],"award-info":[{"award-number":["EP\/N028260\/1; EP\/R03351X\/1"]}],"id":[{"id":"10.13039\/501100000266","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,6,24]]},"DOI":"10.1145\/3458864.3466628","type":"proceedings-article","created":{"date-parts":[[2021,6,22]],"date-time":"2021-06-22T16:13:50Z","timestamp":1624378430000},"page":"94-108","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":197,"title":["PPFL"],"prefix":"10.1145","author":[{"given":"Fan","family":"Mo","sequence":"first","affiliation":[{"name":"Imperial College London"}]},{"given":"Hamed","family":"Haddadi","sequence":"additional","affiliation":[{"name":"Imperial College London"}]},{"given":"Kleomenis","family":"Katevas","sequence":"additional","affiliation":[{"name":"Telef\u00f3nica Research"}]},{"given":"Eduard","family":"Marin","sequence":"additional","affiliation":[{"name":"Telef\u00f3nica Research"}]},{"given":"Diego","family":"Perino","sequence":"additional","affiliation":[{"name":"Telef\u00f3nica Research"}]},{"given":"Nicolas","family":"Kourtellis","sequence":"additional","affiliation":[{"name":"Telef\u00f3nica Research"}]}],"member":"320","published-online":{"date-parts":[[2021,6,24]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-22496-7_9"},{"key":"e_1_3_2_1_2_1","first-page":"5","article-title":"Privacy-preserving deep learning via additively homomorphic encryption","volume":"13","author":"Aono Y.","year":"2017","unstructured":"Aono , Y. , Hayashi , T. , Wang , L. , Moriai , S. , Privacy-preserving deep learning via additively homomorphic encryption . IEEE Transactions on Information Forensics and Security 13 , 5 ( 2017 ), 1333--1345. Aono, Y., Hayashi, T., Wang, L., Moriai, S., et al. Privacy-preserving deep learning via additively homomorphic encryption. IEEE Transactions on Information Forensics and Security 13, 5 (2017), 1333--1345.","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"e_1_3_2_1_3_1","first-page":"15479","volume-title":"Advances in Neural Information Processing Systems","author":"Bagdasaryan E.","year":"2019","unstructured":"Bagdasaryan , E. , Poursaeed , O. , and Shmatikov , V . Differential privacy has disparate impact on model accuracy . In Advances in Neural Information Processing Systems ( 2019 ), pp. 15479 -- 15488 . Bagdasaryan, E., Poursaeed, O., and Shmatikov, V. Differential privacy has disparate impact on model accuracy. In Advances in Neural Information Processing Systems (2019), pp. 15479--15488."},{"key":"e_1_3_2_1_4_1","first-page":"2938","volume-title":"International Conference on Artificial Intelligence and Statistics","author":"Bagdasaryan E.","year":"2020","unstructured":"Bagdasaryan , E. , Veit , A. , Hua , Y. , Estrin , D. , and Shmatikov , V . How to backdoor federated learning . In International Conference on Artificial Intelligence and Statistics ( 2020 ), PMLR, pp. 2938 -- 2948 . Bagdasaryan, E., Veit, A., Hua, Y., Estrin, D., and Shmatikov, V. How to backdoor federated learning. In International Conference on Artificial Intelligence and Statistics (2020), PMLR, pp. 2938--2948."},{"key":"e_1_3_2_1_5_1","first-page":"583","volume-title":"International conference on machine learning","author":"Belilovsky E.","year":"2019","unstructured":"Belilovsky , E. , Eickenberg , M. , and Oyallon , E . Greedy layerwise learning can scale to imagenet . In International conference on machine learning ( 2019 ), PMLR, pp. 583 -- 593 . Belilovsky, E., Eickenberg, M., and Oyallon, E. Greedy layerwise learning can scale to imagenet. In International conference on machine learning (2019), PMLR, pp. 583--593."},{"key":"e_1_3_2_1_6_1","volume-title":"Greedy layer-wise training of deep networks. Advances in neural information processing systems 19","author":"Bengio Y.","year":"2006","unstructured":"Bengio , Y. , Lamblin , P. , Popovici , D. , and Larochelle , H . Greedy layer-wise training of deep networks. Advances in neural information processing systems 19 ( 2006 ), 153--160. Bengio, Y., Lamblin, P., Popovici, D., and Larochelle, H. Greedy layer-wise training of deep networks. Advances in neural information processing systems 19 (2006), 153--160."},{"key":"e_1_3_2_1_7_1","volume-title":"Conference on Machine Learning and Systems","author":"Bonawitz K.","year":"2019","unstructured":"Bonawitz , K. , Eichner , H. , Grieskamp , W. , Huba , D. , Ingerman , A. , Ivanov , V. , Kiddon , C. , Kone\u010dn\u1ef3 , J. , Mazzocchi , S. , McMahan , H. B. , Towards federated learning at scale: System design . In Conference on Machine Learning and Systems ( 2019 ). Bonawitz, K., Eichner, H., Grieskamp, W., Huba, D., Ingerman, A., Ivanov, V., Kiddon, C., Kone\u010dn\u1ef3, J., Mazzocchi, S., McMahan, H. B., et al. Towards federated learning at scale: System design. In Conference on Machine Learning and Systems (2019)."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133982"},{"key":"e_1_3_2_1_9_1","volume-title":"A Gentle Introduction to Transfer Learning for Deep Learning","author":"Brownlee J.","year":"2019","unstructured":"Brownlee , J. A Gentle Introduction to Transfer Learning for Deep Learning , 2019 (accessed November 11, 2020). Brownlee, J. A Gentle Introduction to Transfer Learning for Deep Learning, 2019 (accessed November 11, 2020)."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3307650.3322251"},{"key":"e_1_3_2_1_11_1","volume-title":"ICLR Workshop Track","author":"Chen J.","year":"2016","unstructured":"Chen , J. , Pan , X. , Monga , R. , Bengio , S. , and Jozefowicz , R . Revisiting distributed synchronous sgd . In ICLR Workshop Track ( 2016 ). Chen, J., Pan, X., Monga, R., Bengio, S., and Jozefowicz, R. Revisiting distributed synchronous sgd. In ICLR Workshop Track (2016)."},{"key":"e_1_3_2_1_12_1","volume-title":"30th USENIX Security Symposium","author":"Chen Z.","year":"2021","unstructured":"Chen , Z. , Vasilakis , G. , Murdock , K. , Dean , E. , Oswald , D. , and Garcia , F. D . Voltpillager: Hardware-based fault injection attacks against intel SGX enclaves using the SVID voltage scaling interface . In 30th USENIX Security Symposium ( Vancouver, B.C. , Aug. 2021 ). Chen, Z., Vasilakis, G., Murdock, K., Dean, E., Oswald, D., and Garcia, F. D. Voltpillager: Hardware-based fault injection attacks against intel SGX enclaves using the SVID voltage scaling interface. In 30th USENIX Security Symposium (Vancouver, B.C., Aug. 2021)."},{"key":"e_1_3_2_1_13_1","volume-title":"Intel sgx explained. IACR Cryptol. ePrint Arch","author":"Costan V.","year":"2016","unstructured":"Costan , V. , and Devadas , S . Intel sgx explained. IACR Cryptol. ePrint Arch . 2016 , 86 (2016), 1--118. Costan, V., and Devadas, S. Intel sgx explained. IACR Cryptol. ePrint Arch. 2016, 86 (2016), 1--118."},{"key":"e_1_3_2_1_14_1","first-page":"3","article-title":"The algorithmic foundations of differential privacy","volume":"9","author":"Dwork C.","year":"2014","unstructured":"Dwork , C. , Roth , A. , The algorithmic foundations of differential privacy . Foundations and Trends in Theoretical Computer Science 9 , 3 -- 4 ( 2014 ), 211--407. Dwork, C., Roth, A., et al. The algorithmic foundations of differential privacy. Foundations and Trends in Theoretical Computer Science 9, 3--4 (2014), 211--407.","journal-title":"Foundations and Trends in Theoretical Computer Science"},{"key":"e_1_3_2_1_15_1","first-page":"1605","volume-title":"29th USENIX Security Symposium","author":"Fang M.","year":"2020","unstructured":"Fang , M. , Cao , X. , Jia , J. , and Gong , N . Local model poisoning attacks to byzantine-robust federated learning . In 29th USENIX Security Symposium ( 2020 ), pp. 1605 -- 1622 . Fang, M., Cao, X., Jia, J., and Gong, N. Local model poisoning attacks to byzantine-robust federated learning. In 29th USENIX Security Symposium (2020), pp. 1605--1622."},{"key":"e_1_3_2_1_16_1","volume-title":"Inverting gradients-how easy is it to break privacy in federated learning? arXiv preprint arXiv:2003.14053","author":"Geiping J.","year":"2020","unstructured":"Geiping , J. , Bauermeister , H. , Dr\u00f6ge , H. , and Moeller , M . Inverting gradients-how easy is it to break privacy in federated learning? arXiv preprint arXiv:2003.14053 ( 2020 ). Geiping, J., Bauermeister, H., Dr\u00f6ge, H., and Moeller, M. Inverting gradients-how easy is it to break privacy in federated learning? arXiv preprint arXiv:2003.14053 (2020)."},{"key":"e_1_3_2_1_17_1","volume-title":"Differentially private federated learning: A client level perspective. arXiv preprint arXiv:1712.07557","author":"Geyer R. C.","year":"2017","unstructured":"Geyer , R. C. , Klein , T. , and Nabi , M . Differentially private federated learning: A client level perspective. arXiv preprint arXiv:1712.07557 ( 2017 ). Geyer, R. C., Klein, T., and Nabi, M. Differentially private federated learning: A client level perspective. arXiv preprint arXiv:1712.07557 (2017)."},{"key":"e_1_3_2_1_18_1","volume-title":"Yerbabuena: Securing deep learning inference data via enclave-based ternary model partitioning. arXiv preprint arXiv:1807.00969","author":"Gu Z.","year":"2018","unstructured":"Gu , Z. , Huang , H. , Zhang , J. , Su , D. , Jamjoom , H. , Lamba , A. , Pendarakis , D. , and Molloy , I . Yerbabuena: Securing deep learning inference data via enclave-based ternary model partitioning. arXiv preprint arXiv:1807.00969 ( 2018 ). Gu, Z., Huang, H., Zhang, J., Su, D., Jamjoom, H., Lamba, A., Pendarakis, D., and Molloy, I. Yerbabuena: Securing deep learning inference data via enclave-based ternary model partitioning. arXiv preprint arXiv:1807.00969 (2018)."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.90"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134012"},{"key":"e_1_3_2_1_21_1","volume-title":"An efficiency-boosting client selection scheme for federated learning with fairness guarantee. arXiv preprint arXiv:2011.01783","author":"Huang T.","year":"2020","unstructured":"Huang , T. , Lin , W. , Wu , W. , He , L. , Li , K. , and Zomaya , A. Y . An efficiency-boosting client selection scheme for federated learning with fairness guarantee. arXiv preprint arXiv:2011.01783 ( 2020 ). Huang, T., Lin, W., Wu, W., He, L., Li, K., and Zomaya, A. Y. An efficiency-boosting client selection scheme for federated learning with fairness guarantee. arXiv preprint arXiv:2011.01783 (2020)."},{"key":"e_1_3_2_1_22_1","first-page":"817","volume-title":"17th USENIX Symposium on Networked Systems Design and Implementation (NSDI'20)","author":"Hunt T.","year":"2020","unstructured":"Hunt , T. , Jia , Z. , Miller , V. , Szekely , A. , Hu , Y. , Rossbach , C. J. , and Witchel , E . Telekine: Secure computing with cloud gpus . In 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI'20) ( 2020 ), pp. 817 -- 833 . Hunt, T., Jia, Z., Miller, V., Szekely, A., Hu, Y., Rossbach, C. J., and Witchel, E. Telekine: Secure computing with cloud gpus. In 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI'20) (2020), pp. 817--833."},{"key":"e_1_3_2_1_23_1","volume-title":"Chiron: Privacy-preserving machine learning as a service. arXiv preprint arXiv:1803.05961","author":"Hunt T.","year":"2018","unstructured":"Hunt , T. , Song , C. , Shokri , R. , Shmatikov , V. , and Witchel , E . Chiron: Privacy-preserving machine learning as a service. arXiv preprint arXiv:1803.05961 ( 2018 ). Hunt, T., Song, C., Shokri, R., Shmatikov, V., and Witchel, E. Chiron: Privacy-preserving machine learning as a service. arXiv preprint arXiv:1803.05961 (2018)."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3297858.3304021"},{"key":"e_1_3_2_1_25_1","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Jayaraman B.","year":"2019","unstructured":"Jayaraman , B. , and Evans , D . Evaluating differentially private machine learning in practice . In 28th USENIX Security Symposium (USENIX Security 19) (Santa Clara, CA , Aug. 2019 ), USENIX Association, pp. 1895--1912. Jayaraman, B., and Evans, D. Evaluating differentially private machine learning in practice. In 28th USENIX Security Symposium (USENIX Security 19) (Santa Clara, CA, Aug. 2019), USENIX Association, pp. 1895--1912."},{"key":"e_1_3_2_1_26_1","volume-title":"A taxonomy of attacks on federated learning","author":"Jere M. S.","year":"2020","unstructured":"Jere , M. S. , Farnan , T. , and Koushanfar , F . A taxonomy of attacks on federated learning . IEEE Security & Privacy ( 2020 ), 0--0. Jere, M. S., Farnan, T., and Koushanfar, F. A taxonomy of attacks on federated learning. IEEE Security & Privacy (2020), 0--0."},{"key":"e_1_3_2_1_27_1","volume-title":"Advances and open problems in federated learning. arXiv preprint arXiv:1912.04977","author":"Kairouz P.","year":"2019","unstructured":"Kairouz , P. , McMahan , H. B. , Avent , B. , Bellet , A. , Bennis , M. , Bhagoji , A. N. , Bonawitz , K. , Charles , Z. , Cormode , G. , Cummings , R. , Advances and open problems in federated learning. arXiv preprint arXiv:1912.04977 ( 2019 ). Kairouz, P., McMahan, H. B., Avent, B., Bellet, A., Bennis, M., Bhagoji, A. N., Bonawitz, K., Charles, Z., Cormode, G., Cummings, R., et al. Advances and open problems in federated learning. arXiv preprint arXiv:1912.04977 (2019)."},{"key":"e_1_3_2_1_28_1","volume-title":"Policy-based federated learning. arXiv preprint arXiv:2003.06612","author":"Katevas K.","year":"2021","unstructured":"Katevas , K. , Bagdasaryan , E. , Waterman , J. , Safadieh , M. M. , Birrell , E. , Haddadi , H. , and Estrin , D . Policy-based federated learning. arXiv preprint arXiv:2003.06612 ( 2021 ). Katevas, K., Bagdasaryan, E., Waterman, J., Safadieh, M. M., Birrell, E., Haddadi, H., and Estrin, D. Policy-based federated learning. arXiv preprint arXiv:2003.06612 (2021)."},{"key":"e_1_3_2_1_29_1","first-page":"3301","volume-title":"International Conference on Machine Learning","author":"Kaya Y.","year":"2019","unstructured":"Kaya , Y. , Hong , S. , and Dumitras , T . Shallow-deep networks: Understanding and mitigating network overthinking . In International Conference on Machine Learning ( 2019 ), PMLR, pp. 3301 -- 3310 . Kaya, Y., Hong, S., and Dumitras, T. Shallow-deep networks: Understanding and mitigating network overthinking. In International Conference on Machine Learning (2019), PMLR, pp. 3301--3310."},{"key":"e_1_3_2_1_30_1","volume-title":"Integrating remote attestation with transport layer security. arXiv preprint arXiv:1801.05863","author":"Knauth T.","year":"2018","unstructured":"Knauth , T. , Steiner , M. , Chakrabarti , S. , Lei , L. , Xing , C. , and Vij , M . Integrating remote attestation with transport layer security. arXiv preprint arXiv:1801.05863 ( 2018 ). Knauth, T., Steiner, M., Chakrabarti, S., Lei, L., Xing, C., and Vij, M. Integrating remote attestation with transport layer security. arXiv preprint arXiv:1801.05863 (2018)."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3426745.3431337"},{"key":"e_1_3_2_1_32_1","first-page":"400","volume-title":"Annual International Cryptology Conference","author":"Krawczyk H.","year":"2003","unstructured":"Krawczyk , H. Sigma : The 'sign-and-mac' approach to authenticated diffiehellman and its use in the ike protocols . In Annual International Cryptology Conference ( 2003 ), Springer , pp. 400 -- 425 . Krawczyk, H. Sigma: The 'sign-and-mac' approach to authenticated diffiehellman and its use in the ike protocols. In Annual International Cryptology Conference (2003), Springer, pp. 400--425."},{"key":"e_1_3_2_1_33_1","volume-title":"Learning multiple layers of features from tiny images. Citeseer","author":"Krizhevsky A.","year":"2009","unstructured":"Krizhevsky , A. , Hinton , G. , Learning multiple layers of features from tiny images. Citeseer ( 2009 ). Krizhevsky, A., Hinton, G., et al. Learning multiple layers of features from tiny images. Citeseer (2009)."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3065386"},{"key":"e_1_3_2_1_35_1","volume-title":"Exploring strategies for training deep neural networks. Journal of machine learning research 10, 1","author":"Larochelle H.","year":"2009","unstructured":"Larochelle , H. , Bengio , Y. , Louradour , J. , and Lamblin , P . Exploring strategies for training deep neural networks. Journal of machine learning research 10, 1 ( 2009 ). Larochelle, H., Bengio, Y., Louradour, J., and Lamblin, P. Exploring strategies for training deep neural networks. Journal of machine learning research 10, 1 (2009)."},{"key":"e_1_3_2_1_36_1","volume-title":"Deep learning. nature 521, 7553","author":"LeCun Y.","year":"2015","unstructured":"LeCun , Y. , Bengio , Y. , and Hinton , G . Deep learning. nature 521, 7553 ( 2015 ), 436--444. LeCun, Y., Bengio, Y., and Hinton, G. Deep learning. nature 521, 7553 (2015), 436--444."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/5.726791"},{"key":"e_1_3_2_1_38_1","first-page":"523","volume-title":"Proceedings of the 26th USENIX Conference on Security Symposium","author":"Lee J.","year":"2017","unstructured":"Lee , J. , Jang , J. , Jang , Y. , Kwak , N. , Choi , Y. , Choi , C. , Kim , T. , Peinado , M. , and Kang , B. B . Hacking in Darkness: Return-Oriented Programming against Secure Enclaves . In Proceedings of the 26th USENIX Conference on Security Symposium ( 2017 ), pp. 523 -- 539 . Lee, J., Jang, J., Jang, Y., Kwak, N., Choi, Y., Choi, C., Kim, T., Peinado, M., and Kang, B. B. Hacking in Darkness: Return-Oriented Programming against Secure Enclaves. In Proceedings of the 26th USENIX Conference on Security Symposium (2017), pp. 523--539."},{"key":"e_1_3_2_1_39_1","volume-title":"Federated optimization in heterogeneous networks. arXiv preprint arXiv:1812.06127","author":"Li T.","year":"2018","unstructured":"Li , T. , Sahu , A. K. , Zaheer , M. , Sanjabi , M. , Talwalkar , A. , and Smith , V . Federated optimization in heterogeneous networks. arXiv preprint arXiv:1812.06127 ( 2018 ). Li, T., Sahu, A. K., Zaheer, M., Sanjabi, M., Talwalkar, A., and Smith, V. Federated optimization in heterogeneous networks. arXiv preprint arXiv:1812.06127 (2018)."},{"key":"e_1_3_2_1_40_1","volume-title":"Open Portable Trusted Execution Environment","author":"Linaro","year":"2020","unstructured":"Linaro .org. Open Portable Trusted Execution Environment , 2020 (accessed September 3, 2020). Linaro.org. Open Portable Trusted Execution Environment, 2020 (accessed September 3, 2020)."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00063"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/MIS.2020.2988525"},{"key":"e_1_3_2_1_43_1","first-page":"1273","volume-title":"PMLR","author":"McMahan B.","unstructured":"McMahan , B. , Moore , E. , Ramage , D. , Hampson , S. , and y Arcas , B. A. Communication-efficient learning of deep networks from decentralized data. In Artificial Intelligence and Statistics (2017) , PMLR , pp. 1273 -- 1282 . McMahan, B., Moore, E., Ramage, D., Hampson, S., and y Arcas, B. A. Communication-efficient learning of deep networks from decentralized data. In Artificial Intelligence and Statistics (2017), PMLR, pp. 1273--1282."},{"key":"e_1_3_2_1_44_1","volume-title":"International Conference on Learning Representations","author":"McMahan H. B.","year":"2018","unstructured":"McMahan , H. B. , Ramage , D. , Talwar , K. , and Zhang , L . Learning differentially private recurrent language models . In International Conference on Learning Representations ( 2018 ). McMahan, H. B., Ramage, D., Talwar, K., and Zhang, L. Learning differentially private recurrent language models. In International Conference on Learning Representations (2018)."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00029"},{"key":"e_1_3_2_1_46_1","volume-title":"Open Enclave SDK","author":"Microsoft","year":"2020","unstructured":"Microsoft . Open Enclave SDK , 2020 (accessed Decemenber 4, 2020). Microsoft. Open Enclave SDK, 2020 (accessed Decemenber 4, 2020)."},{"key":"e_1_3_2_1_47_1","volume-title":"ICLR Distributed and Private Machine Learning workshop","author":"Mo F.","year":"2021","unstructured":"Mo , F. , Borovykh , A. , Malekzadeh , M. , Haddadi , H. , and Demetriou , S . Layer-wise characterization of latent information leakage in federated learning . ICLR Distributed and Private Machine Learning workshop ( 2021 ). Mo, F., Borovykh, A., Malekzadeh, M., Haddadi, H., and Demetriou, S. Layer-wise characterization of latent information leakage in federated learning. ICLR Distributed and Private Machine Learning workshop (2021)."},{"key":"e_1_3_2_1_48_1","volume-title":"EuroSys","author":"Mo F.","year":"2019","unstructured":"Mo , F. , and Haddadi , H . Efficient and private federated learning using tee . In EuroSys ( 2019 ). Mo, F., and Haddadi, H. Efficient and private federated learning using tee. In EuroSys (2019)."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3386901.3388946"},{"key":"e_1_3_2_1_50_1","volume-title":"Monsoon solutions inc. home page. https:\/\/www.msoon.com\/","author":"Monsoon","year":"2020","unstructured":"Monsoon . Monsoon solutions inc. home page. https:\/\/www.msoon.com\/ , 2020 (accessed November 12, 2020). Monsoon. Monsoon solutions inc. home page. https:\/\/www.msoon.com\/, 2020 (accessed November 12, 2020)."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046660.2046682"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00065"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2019.8761315"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.5555\/3241094.3241143"},{"key":"e_1_3_2_1_55_1","first-page":"485","volume-title":"Trust Anchors in Software Defined Networks. In Computer Security","author":"Paladi N.","year":"2018","unstructured":"Paladi , N. , Karlsson , L. , and Elbashir , K . Trust Anchors in Software Defined Networks. In Computer Security ( 2018 ), pp. 485 -- 504 . Paladi, N., Karlsson, L., and Elbashir, K. Trust Anchors in Software Defined Networks. In Computer Security (2018), pp. 485--504."},{"key":"e_1_3_2_1_56_1","first-page":"10","article-title":"A survey on transfer learning","volume":"22","author":"Pan S. J.","year":"2009","unstructured":"Pan , S. J. , and Yang , Q . A survey on transfer learning . IEEE Transactions on knowledge and data engineering 22 , 10 ( 2009 ), 1345--1359. Pan, S. J., and Yang, Q. A survey on transfer learning. IEEE Transactions on knowledge and data engineering 22, 10 (2009), 1345--1359.","journal-title":"IEEE Transactions on knowledge and data engineering"},{"key":"e_1_3_2_1_58_1","unstructured":"Redmon J. Darknet: Open source neural networks in c. http:\/\/pjreddie.com\/darknet\/ 2013--2016.  Redmon J. Darknet: Open source neural networks in c. http:\/\/pjreddie.com\/darknet\/ 2013--2016."},{"key":"e_1_3_2_1_59_1","first-page":"5558","volume-title":"International Conference on Machine Learning","author":"Sablayrolles A.","year":"2019","unstructured":"Sablayrolles , A. , Douze , M. , Schmid , C. , Ollivier , Y. , and J\u00e9gou , H . White-box vs black-box: Bayes optimal strategies for membership inference . In International Conference on Machine Learning ( 2019 ), pp. 5558 -- 5567 . Sablayrolles, A., Douze, M., Schmid, C., Ollivier, Y., and J\u00e9gou, H. White-box vs black-box: Bayes optimal strategies for membership inference. In International Conference on Machine Learning (2019), pp. 5558--5567."},{"key":"e_1_3_2_1_60_1","volume-title":"Unsupervised pre-training of a deep lstm-based stacked autoencoder for multivariate time series forecasting problems. Scientific reports 9, 1","author":"Sagheer A.","year":"2019","unstructured":"Sagheer , A. , and Kotb , M . Unsupervised pre-training of a deep lstm-based stacked autoencoder for multivariate time series forecasting problems. Scientific reports 9, 1 ( 2019 ), 1--16. Sagheer, A., and Kotb, M. Unsupervised pre-training of a deep lstm-based stacked autoencoder for multivariate time series forecasting problems. Scientific reports 9, 1 (2019), 1--16."},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2018.00474"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.10"},{"key":"e_1_3_2_1_63_1","volume-title":"Apr.","author":"Microsoft","year":"2020","unstructured":"Microsoft SEAL (release 3.5). https:\/\/github.com\/Microsoft\/SEAL , Apr. 2020 . Microsoft Research , Redmond, WA . Microsoft SEAL (release 3.5). https:\/\/github.com\/Microsoft\/SEAL, Apr. 2020. Microsoft Research, Redmond, WA."},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.41"},{"key":"e_1_3_2_1_65_1","volume-title":"Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556","author":"Simonyan K.","year":"2014","unstructured":"Simonyan , K. , and Zisserman , A . Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 ( 2014 ). Simonyan, K., and Zisserman, A. Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 (2014)."},{"key":"e_1_3_2_1_66_1","volume-title":"Enabling fast differentially private sgd via just-in-time compilation and vectorization. arXiv preprint arXiv:2010.09063","author":"Subramani P.","year":"2020","unstructured":"Subramani , P. , Vadivelu , N. , and Kamath , G . Enabling fast differentially private sgd via just-in-time compilation and vectorization. arXiv preprint arXiv:2010.09063 ( 2020 ). Subramani, P., Vadivelu, N., and Kamath, G. Enabling fast differentially private sgd via just-in-time compilation and vectorization. arXiv preprint arXiv:2010.09063 (2020)."},{"key":"e_1_3_2_1_67_1","volume-title":"Can you really backdoor federated learning? arXiv preprint arXiv:1911.07963","author":"Sun Z.","year":"2019","unstructured":"Sun , Z. , Kairouz , P. , Suresh , A. T. , and McMahan , H. B. Can you really backdoor federated learning? arXiv preprint arXiv:1911.07963 ( 2019 ). Sun, Z., Kairouz, P., Suresh, A. T., and McMahan, H. B. Can you really backdoor federated learning? arXiv preprint arXiv:1911.07963 (2019)."},{"key":"e_1_3_2_1_68_1","volume-title":"Introducing Opacus: A high-speed library for training PyTorch models with differential privacy","author":"Testuggine D.","year":"2020","unstructured":"Testuggine , D. , and Mironov , I . Introducing Opacus: A high-speed library for training PyTorch models with differential privacy , 2020 (accessed January 1, 2021). Testuggine, D., and Mironov, I. Introducing Opacus: A high-speed library for training PyTorch models with differential privacy, 2020 (accessed January 1, 2021)."},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.4018\/978-1-60566-766-9.ch011"},{"key":"e_1_3_2_1_70_1","volume-title":"International Conference on Learning Representations (ICLR)","author":"Tram\u00e8r F.","year":"2019","unstructured":"Tram\u00e8r , F. , and Boneh , D . Slalom: Fast, verifiable and private execution of neural networks in trusted hardware . In International Conference on Learning Representations (ICLR) ( 2019 ). Tram\u00e8r, F., and Boneh, D. Slalom: Fast, verifiable and private execution of neural networks in trusted hardware. In International Conference on Learning Representations (ICLR) (2019)."},{"key":"e_1_3_2_1_71_1","first-page":"1741","volume-title":"Frank. A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS)","author":"Van Bulck","year":"2019","unstructured":"Van Bulck , Jo and Oswald, David and Marin, Eduard and Aldoseri, Abdulla and Garcia, Flavio D. and Piessens , Frank. A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS) ( 2019 ), pp. 1741 -- 1758 . Van Bulck, Jo and Oswald, David and Marin, Eduard and Aldoseri, Abdulla and Garcia, Flavio D. and Piessens, Frank. A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS) (2019), pp. 1741--1758."},{"key":"e_1_3_2_1_72_1","volume-title":"Federated learning with matched averaging. arXiv preprint arXiv:2002.06440","author":"Wang H.","year":"2020","unstructured":"Wang , H. , Yurochkin , M. , Sun , Y. , Papailiopoulos , D. , and Khazaeni , Y . Federated learning with matched averaging. arXiv preprint arXiv:2002.06440 ( 2020 ). Wang, H., Yurochkin, M., Sun, Y., Papailiopoulos, D., and Khazaeni, Y. Federated learning with matched averaging. arXiv preprint arXiv:2002.06440 (2020)."},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2018.00027"},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR42600.2020.00220"},{"key":"e_1_3_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM41043.2020.9155414"},{"key":"e_1_3_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.1145\/3411495.3421352"},{"key":"e_1_3_2_1_77_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363205"},{"key":"e_1_3_2_1_78_1","first-page":"14774","volume-title":"Advances in Neural Information Processing Systems","author":"Zhu L.","year":"2019","unstructured":"Zhu , L. , Liu , Z. , and Han , S . Deep leakage from gradients . In Advances in Neural Information Processing Systems ( 2019 ), pp. 14774 -- 14784 . Zhu, L., Liu, Z., and Han, S. Deep leakage from gradients. In Advances in Neural Information Processing Systems (2019), pp. 14774--14784."}],"event":{"name":"MobiSys '21: The 19th Annual International Conference on Mobile Systems, Applications, and Services","location":"Virtual Event Wisconsin","acronym":"MobiSys '21","sponsor":["SIGMOBILE ACM Special Interest Group on Mobility of Systems, Users, Data and Computing"]},"container-title":["Proceedings of the 19th Annual International Conference on Mobile Systems, Applications, and Services"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3458864.3466628","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3458864.3466628","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:12:22Z","timestamp":1750191142000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3458864.3466628"}},"subtitle":["privacy-preserving federated learning with trusted execution environments"],"short-title":[],"issued":{"date-parts":[[2021,6,24]]},"references-count":77,"alternative-id":["10.1145\/3458864.3466628","10.1145\/3458864"],"URL":"https:\/\/doi.org\/10.1145\/3458864.3466628","relation":{},"subject":[],"published":{"date-parts":[[2021,6,24]]},"assertion":[{"value":"2021-06-24","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}