{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T20:01:19Z","timestamp":1776888079441,"version":"3.51.2"},"publisher-location":"New York, NY, USA","reference-count":82,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,10,17]],"date-time":"2021-10-17T00:00:00Z","timestamp":1634428800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc\/4.0\/"}],"funder":[{"name":"Facebook AI Research","award":["2215031173, 2215031183"],"award-info":[{"award-number":["2215031173, 2215031183"]}]},{"name":"Defense Advanced Research Projects Agency (DARPA)","award":["HR001117C0053, HR001120C0088"],"award-info":[{"award-number":["HR001117C0053, HR001120C0088"]}]},{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["5345039074"],"award-info":[{"award-number":["5345039074"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,10,18]]},"DOI":"10.1145\/3466752.3480112","type":"proceedings-article","created":{"date-parts":[[2021,10,17]],"date-time":"2021-10-17T19:16:55Z","timestamp":1634498215000},"page":"212-224","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":44,"title":["DarKnight: An Accelerated Framework for Privacy and Integrity Preserving Deep Learning Using Trusted Hardware"],"prefix":"10.1145","author":[{"given":"Hanieh","family":"Hashemi","sequence":"first","affiliation":[{"name":"University of Southern California"}]},{"given":"Yongqin","family":"Wang","sequence":"additional","affiliation":[{"name":"University of Southern California, United States of America"}]},{"given":"Murali","family":"Annavaram","sequence":"additional","affiliation":[{"name":"University of Southern California, United States of America"}]}],"member":"320","published-online":{"date-parts":[[2021,10,17]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978318"},{"key":"e_1_3_2_1_2_1","volume-title":"Trustzone: Integrated hardware and software security. White paper","author":"Alves Tiago","year":"2004","unstructured":"Tiago Alves . 2004 . Trustzone: Integrated hardware and software security. White paper (2004). Tiago Alves. 2004. Trustzone: Integrated hardware and software security. White paper (2004)."},{"key":"e_1_3_2_1_3_1","unstructured":"Amazon. 2020. Machine Learning on AWS. https:\/\/aws.amazon.com\/machine-learning  Amazon. 2020. Machine Learning on AWS. https:\/\/aws.amazon.com\/machine-learning"},{"key":"e_1_3_2_1_4_1","volume-title":"GOAT: GPU Outsourcing of Deep Learning Training With Asynchronous Probabilistic Integrity Verification Inside Trusted Execution Environment. arXiv preprint arXiv:2010.08855(2020).","author":"Asvadishirehjini Aref","year":"2020","unstructured":"Aref Asvadishirehjini , Murat Kantarcioglu , and Bradley Malin . 2020 . GOAT: GPU Outsourcing of Deep Learning Training With Asynchronous Probabilistic Integrity Verification Inside Trusted Execution Environment. arXiv preprint arXiv:2010.08855(2020). Aref Asvadishirehjini, Murat Kantarcioglu, and Bradley Malin. 2020. GOAT: GPU Outsourcing of Deep Learning Training With Asynchronous Probabilistic Integrity Verification Inside Trusted Execution Environment. arXiv preprint arXiv:2010.08855(2020)."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1073\/pnas.1918257117"},{"key":"e_1_3_2_1_6_1","volume-title":"Toward a mathematical theory of inductive inference. Information and control 28, 2","author":"Blum Lenore","year":"1975","unstructured":"Lenore Blum and Manuel Blum . 1975. Toward a mathematical theory of inductive inference. Information and control 28, 2 ( 1975 ), 125\u2013155. Lenore Blum and Manuel Blum. 1975. Toward a mathematical theory of inductive inference. Information and control 28, 2 (1975), 125\u2013155."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133982"},{"key":"e_1_3_2_1_8_1","volume-title":"11th {USENIX} Workshop on Offensive Technologies ({WOOT} 17).","author":"Brasser Ferdinand","unstructured":"Ferdinand Brasser , Urs M\u00fcller , Alexandra Dmitrienko , Kari Kostiainen , Srdjan Capkun , and Ahmad-Reza Sadeghi . 2017. Software grand exposure:{SGX} cache attacks are practical . In 11th {USENIX} Workshop on Offensive Technologies ({WOOT} 17). Ferdinand Brasser, Urs M\u00fcller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. 2017. Software grand exposure:{SGX} cache attacks are practical. In 11th {USENIX} Workshop on Offensive Technologies ({WOOT} 17)."},{"key":"e_1_3_2_1_9_1","unstructured":"Alfredo Canziani Adam Paszke and Eugenio Culurciello. 2016. An analysis of deep neural network models for practical applications. arXiv preprint arXiv:1605.07678(2016).  Alfredo Canziani Adam Paszke and Eugenio Culurciello. 2016. An analysis of deep neural network models for practical applications. arXiv preprint arXiv:1605.07678(2016)."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"crossref","unstructured":"Nicholas Carlini Samuel Deng Sanjam Garg Somesh Jha Saeed Mahloujifar Mohammad Mahmoody Shuang Song Abhradeep Thakurta and Florian Tramer. 2020. An Attack on InstaHide: Is Private Learning Possible with Instance Encoding?arXiv preprint arXiv:2011.05315(2020).  Nicholas Carlini Samuel Deng Sanjam Garg Somesh Jha Saeed Mahloujifar Mohammad Mahmoody Shuang Song Abhradeep Thakurta and Florian Tramer. 2020. An Attack on InstaHide: Is Private Learning Possible with Instance Encoding?arXiv preprint arXiv:2011.05315(2020).","DOI":"10.1109\/SP40001.2021.00099"},{"key":"e_1_3_2_1_11_1","volume-title":"IACR Cryptology ePrint Archive","author":"Costan Victor","year":"2016","unstructured":"Victor Costan and Srinivas Devadas . 2016. Intel SGX Explained. IACR Cryptology ePrint Archive 2016 , 086 (2016), 1\u2013118. Victor Costan and Srinivas Devadas. 2016. Intel SGX Explained.IACR Cryptology ePrint Archive 2016, 086 (2016), 1\u2013118."},{"key":"e_1_3_2_1_12_1","volume-title":"Sanctum: Minimal hardware extensions for strong software isolation. In 25th {USENIX} Security Symposium ({USENIX} Security 16). 857\u2013874.","author":"Costan Victor","year":"2016","unstructured":"Victor Costan , Ilia Lebedev , and Srinivas Devadas . 2016 . Sanctum: Minimal hardware extensions for strong software isolation. In 25th {USENIX} Security Symposium ({USENIX} Security 16). 857\u2013874. Victor Costan, Ilia Lebedev, and Srinivas Devadas. 2016. Sanctum: Minimal hardware extensions for strong software isolation. In 25th {USENIX} Security Symposium ({USENIX} Security 16). 857\u2013874."},{"key":"e_1_3_2_1_13_1","volume-title":"Elements of information theory","author":"Cover M","unstructured":"Thomas\u00a0 M Cover . 1999. Elements of information theory . John Wiley & Sons . Thomas\u00a0M Cover. 1999. Elements of information theory. John Wiley & Sons."},{"key":"e_1_3_2_1_14_1","first-page":"165","article-title":"Matrix masking methods for disclosure limitation in microdata","volume":"20","author":"Cox LH","year":"1994","unstructured":"LH Cox . 1994 . Matrix masking methods for disclosure limitation in microdata . Surv. Methodol. 20 (1994), 165 \u2013 169 . LH Cox. 1994. Matrix masking methods for disclosure limitation in microdata. Surv. Methodol. 20(1994), 165\u2013169.","journal-title":"Surv. Methodol."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1080\/01621459.1980.10477481"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1103\/PhysRevA.69.052319"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/MNET.2019.1900025"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1137\/1.9781611975482.151"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660348"},{"key":"e_1_3_2_1_20_1","unstructured":"Jakob Foerster Ioannis\u00a0Alexandros Assael Nando De\u00a0Freitas and Shimon Whiteson. 2016. Learning to communicate with deep multi-agent reinforcement learning. In Advances in neural information processing systems. 2137\u20132145.  Jakob Foerster Ioannis\u00a0Alexandros Assael Nando De\u00a0Freitas and Shimon Whiteson. 2016. Learning to communicate with deep multi-agent reinforcement learning. In Advances in neural information processing systems. 2137\u20132145."},{"key":"e_1_3_2_1_21_1","unstructured":"Jonas Geiping Hartmut Bauermeister Hannah Dr\u00f6ge and Michael Moeller. 2020. Inverting Gradients\u2013How easy is it to break privacy in federated learning?arXiv preprint arXiv:2003.14053(2020).  Jonas Geiping Hartmut Bauermeister Hannah Dr\u00f6ge and Michael Moeller. 2020. Inverting Gradients\u2013How easy is it to break privacy in federated learning?arXiv preprint arXiv:2003.14053(2020)."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1536414.1536440"},{"key":"e_1_3_2_1_23_1","volume-title":"Safetynets: Verifiable execution of deep neural networks on an untrusted cloud. arXiv preprint arXiv:1706.10268(2017).","author":"Ghodsi Zahra","year":"2017","unstructured":"Zahra Ghodsi , Tianyu Gu , and Siddharth Garg . 2017 . Safetynets: Verifiable execution of deep neural networks on an untrusted cloud. arXiv preprint arXiv:1706.10268(2017). Zahra Ghodsi, Tianyu Gu, and Siddharth Garg. 2017. Safetynets: Verifiable execution of deep neural networks on an untrusted cloud. arXiv preprint arXiv:1706.10268(2017)."},{"key":"e_1_3_2_1_24_1","volume-title":"International Conference on Machine Learning. 201\u2013210","author":"Gilad-Bachrach Ran","year":"2016","unstructured":"Ran Gilad-Bachrach , Nathan Dowlin , Kim Laine , Kristin Lauter , Michael Naehrig , and John Wernsing . 2016 . Cryptonets: Applying neural networks to encrypted data with high throughput and accuracy . In International Conference on Machine Learning. 201\u2013210 . Ran Gilad-Bachrach, Nathan Dowlin, Kim Laine, Kristin Lauter, Michael Naehrig, and John Wernsing. 2016. Cryptonets: Applying neural networks to encrypted data with high throughput and accuracy. In International Conference on Machine Learning. 201\u2013210."},{"key":"e_1_3_2_1_25_1","volume-title":"Foundations of cryptography","author":"Goldreich Oded","unstructured":"Oded Goldreich . 2007. Foundations of cryptography : volume 1 , basic tools. Cambridge university press . Oded Goldreich. 2007. Foundations of cryptography: volume 1, basic tools. Cambridge university press."},{"key":"e_1_3_2_1_26_1","unstructured":"Google. 2020. Google AI platform. https:\/\/cloud.google.com\/products\/ai  Google. 2020. Google AI platform. https:\/\/cloud.google.com\/products\/ai"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3065913.3065915"},{"key":"e_1_3_2_1_28_1","volume-title":"International Conference on Machine Learning. 1737\u20131746","author":"Gupta Suyog","year":"2015","unstructured":"Suyog Gupta , Ankur Agrawal , Kailash Gopalakrishnan , and Pritish Narayanan . 2015 . Deep learning with limited numerical precision . In International Conference on Machine Learning. 1737\u20131746 . Suyog Gupta, Ankur Agrawal, Kailash Gopalakrishnan, and Pritish Narayanan. 2015. Deep learning with limited numerical precision. In International Conference on Machine Learning. 1737\u20131746."},{"key":"e_1_3_2_1_29_1","unstructured":"Song Han Huizi Mao and William\u00a0J Dally. 2015. Deep compression: Compressing deep neural networks with pruning trained quantization and huffman coding. arXiv preprint arXiv:1510.00149(2015).  Song Han Huizi Mao and William\u00a0J Dally. 2015. Deep compression: Compressing deep neural networks with pruning trained quantization and huffman coding. arXiv preprint arXiv:1510.00149(2015)."},{"key":"e_1_3_2_1_30_1","unstructured":"Hanieh Hashemi Yongqin Wang Chuan Guo and Murali Annavaram. 2021. Byzantine-Robust and Privacy-Preserving Framework for FedML. arXiv preprint arXiv:2105.02295(2021).  Hanieh Hashemi Yongqin Wang Chuan Guo and Murali Annavaram. 2021. Byzantine-Robust and Privacy-Preserving Framework for FedML. arXiv preprint arXiv:2105.02295(2021)."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.90"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1002\/asmb.2209"},{"key":"e_1_3_2_1_33_1","unstructured":"Weizhe Hua Muhammad Umar Zhiru Zhang and G\u00a0Edward Suh. 2020. GuardNN: Secure DNN Accelerator for Privacy-Preserving Deep Learning. arXiv preprint arXiv:2008.11632(2020).  Weizhe Hua Muhammad Umar Zhiru Zhang and G\u00a0Edward Suh. 2020. GuardNN: Secure DNN Accelerator for Privacy-Preserving Deep Learning. arXiv preprint arXiv:2008.11632(2020)."},{"key":"e_1_3_2_1_34_1","volume-title":"International Conference on Machine Learning. PMLR, 4507\u20134518","author":"Huang Yangsibo","year":"2020","unstructured":"Yangsibo Huang , Zhao Song , Kai Li , and Sanjeev Arora . 2020 . Instahide: Instance-hiding schemes for private distributed learning . In International Conference on Machine Learning. PMLR, 4507\u20134518 . Yangsibo Huang, Zhao Song, Kai Li, and Sanjeev Arora. 2020. Instahide: Instance-hiding schemes for private distributed learning. In International Conference on Machine Learning. PMLR, 4507\u20134518."},{"key":"e_1_3_2_1_35_1","volume-title":"Chiron: Privacy-preserving machine learning as a service. arXiv preprint arXiv:1803.05961(2018).","author":"Hunt Tyler","year":"2018","unstructured":"Tyler Hunt , Congzheng Song , Reza Shokri , Vitaly Shmatikov , and Emmett Witchel . 2018 . Chiron: Privacy-preserving machine learning as a service. arXiv preprint arXiv:1803.05961(2018). Tyler Hunt, Congzheng Song, Reza Shokri, Vitaly Shmatikov, and Emmett Witchel. 2018. Chiron: Privacy-preserving machine learning as a service. arXiv preprint arXiv:1803.05961(2018)."},{"key":"e_1_3_2_1_36_1","unstructured":"Nick Hynes Raymond Cheng and Dawn Song. 2018. Efficient deep learning on multi-source private data. arXiv preprint arXiv:1807.06689(2018).  Nick Hynes Raymond Cheng and Dawn Song. 2018. Efficient deep learning on multi-source private data. arXiv preprint arXiv:1807.06689(2018)."},{"key":"e_1_3_2_1_37_1","volume-title":"27th {USENIX} Security Symposium ({USENIX} Security 18). 1651\u20131669.","author":"Juvekar Chiraag","unstructured":"Chiraag Juvekar , Vinod Vaikuntanathan , and Anantha Chandrakasan . 2018. {GAZELLE} : A low latency framework for secure neural network inference . In 27th {USENIX} Security Symposium ({USENIX} Security 18). 1651\u20131669. Chiraag Juvekar, Vinod Vaikuntanathan, and Anantha Chandrakasan. 2018. {GAZELLE}: A low latency framework for secure neural network inference. In 27th {USENIX} Security Symposium ({USENIX} Security 18). 1651\u20131669."},{"key":"e_1_3_2_1_38_1","volume-title":"Proceedings of the section on survey research methods. American Statistical Association Alexandria, VA, 303\u2013308","author":"Kim J","year":"1986","unstructured":"Jay\u00a0 J Kim . 1986 . A method for limiting disclosure in microdata based on random noise and transformation . In Proceedings of the section on survey research methods. American Statistical Association Alexandria, VA, 303\u2013308 . Jay\u00a0J Kim. 1986. A method for limiting disclosure in microdata based on random noise and transformation. In Proceedings of the section on survey research methods. American Statistical Association Alexandria, VA, 303\u2013308."},{"key":"e_1_3_2_1_39_1","volume-title":"Learning multiple layers of features from tiny images. online: http:\/\/www. cs. toronto. edu\/kriz\/cifar. html","author":"Krizhevsky Alex","year":"2009","unstructured":"Alex Krizhevsky , Geoffrey Hinton , 2009. Learning multiple layers of features from tiny images. online: http:\/\/www. cs. toronto. edu\/kriz\/cifar. html ( 2009 ). Alex Krizhevsky, Geoffrey Hinton, 2009. Learning multiple layers of features from tiny images. online: http:\/\/www. cs. toronto. edu\/kriz\/cifar. html (2009)."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3300061.3345447"},{"key":"e_1_3_2_1_41_1","volume-title":"International conference on machine learning. PMLR, 2849\u20132858","author":"Lin Darryl","year":"2016","unstructured":"Darryl Lin , Sachin Talathi , and Sreekanth Annapureddy . 2016 . Fixed point quantization of deep convolutional networks . In International conference on machine learning. PMLR, 2849\u20132858 . Darryl Lin, Sachin Talathi, and Sreekanth Annapureddy. 2016. Fixed point quantization of deep convolutional networks. In International conference on machine learning. PMLR, 2849\u20132858."},{"key":"e_1_3_2_1_42_1","unstructured":"Ji Lin Chuang Gan and Song Han. 2019. Defensive quantization: When efficiency meets robustness. arXiv preprint arXiv:1904.08444(2019).  Ji Lin Chuang Gan and Song Han. 2019. Defensive quantization: When efficiency meets robustness. arXiv preprint arXiv:1904.08444(2019)."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134056"},{"key":"e_1_3_2_1_44_1","unstructured":"Microsoft. 2020. Azure Machine Learning. https:\/\/azure.microsoft.com\/en-us\/services\/machine-learning  Microsoft. 2020. Azure Machine Learning. https:\/\/azure.microsoft.com\/en-us\/services\/machine-learning"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3373376.3378522"},{"key":"e_1_3_2_1_46_1","unstructured":"Fatemehsadat Mirshghallah Mohammadkazem Taram Praneeth Vepakomma Abhishek Singh Ramesh Raskar and Hadi Esmaeilzadeh. 2020. Privacy in deep learning: A survey. arXiv preprint arXiv:2004.12254(2020).  Fatemehsadat Mirshghallah Mohammadkazem Taram Praneeth Vepakomma Abhishek Singh Ramesh Raskar and Hadi Esmaeilzadeh. 2020. Privacy in deep learning: A survey. arXiv preprint arXiv:2004.12254(2020)."},{"key":"e_1_3_2_1_47_1","volume-title":"DELPHI: A cryptographic inference service for neural networks. In 29th {USENIX} Security Symposium ({USENIX} Security 20).","author":"Mishra Pratyush","year":"2020","unstructured":"Pratyush Mishra , Ryan Lehmkuhl , Akshayaram Srinivasan , Wenting Zheng , and Raluca\u00a0Ada Popa . 2020 . DELPHI: A cryptographic inference service for neural networks. In 29th {USENIX} Security Symposium ({USENIX} Security 20). Pratyush Mishra, Ryan Lehmkuhl, Akshayaram Srinivasan, Wenting Zheng, and Raluca\u00a0Ada Popa. 2020. DELPHI: A cryptographic inference service for neural networks. In 29th {USENIX} Security Symposium ({USENIX} Security 20)."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"crossref","unstructured":"Fan Mo Hamed Haddadi Kleomenis Katevas Eduard Marin Diego Perino and Nicolas Kourtellis. 2021. PPFL: privacy-preserving federated learning with trusted execution environments. arXiv preprint arXiv:2104.14380(2021).  Fan Mo Hamed Haddadi Kleomenis Katevas Eduard Marin Diego Perino and Nicolas Kourtellis. 2021. PPFL: privacy-preserving federated learning with trusted execution environments. arXiv preprint arXiv:2104.14380(2021).","DOI":"10.1145\/3458864.3466628"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3386901.3388946"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243760"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.12"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/3341301.3359646"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/3295500.3356170"},{"key":"e_1_3_2_1_54_1","unstructured":"Krishna\u00a0Giri Narra Zhifeng Lin Yongqin Wang Keshav Balasubramaniam and Murali Annavaram. 2019. Privacy-Preserving Inference in Machine Learning Services Using Trusted Execution Environments. arXiv preprint arXiv:1912.03485(2019).  Krishna\u00a0Giri Narra Zhifeng Lin Yongqin Wang Keshav Balasubramaniam and Murali Annavaram. 2019. Privacy-Preserving Inference in Machine Learning Services Using Trusted Execution Environments. arXiv preprint arXiv:1912.03485(2019)."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v35i17.17746"},{"key":"e_1_3_2_1_56_1","volume-title":"Varys: Protecting {SGX} enclaves from practical side-channel attacks. In 2018 {Usenix} Annual Technical Conference ({USENIX}{ATC} 18). 227\u2013240.","author":"Oleksenko Oleksii","year":"2018","unstructured":"Oleksii Oleksenko , Bohdan Trach , Robert Krahn , Mark Silberstein , and Christof Fetzer . 2018 . Varys: Protecting {SGX} enclaves from practical side-channel attacks. In 2018 {Usenix} Annual Technical Conference ({USENIX}{ATC} 18). 227\u2013240. Oleksii Oleksenko, Bohdan Trach, Robert Krahn, Mark Silberstein, and Christof Fetzer. 2018. Varys: Protecting {SGX} enclaves from practical side-channel attacks. In 2018 {Usenix} Annual Technical Conference ({USENIX}{ATC} 18). 227\u2013240."},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISCA45697.2020.00069"},{"key":"e_1_3_2_1_58_1","volume-title":"An introduction to the infiniband architecture. High performance mass storage and parallel I\/O 42, 617-632","author":"Pfister F","year":"2001","unstructured":"Gregory\u00a0 F Pfister . 2001. An introduction to the infiniband architecture. High performance mass storage and parallel I\/O 42, 617-632 ( 2001 ), 102. Gregory\u00a0F Pfister. 2001. An introduction to the infiniband architecture. High performance mass storage and parallel I\/O 42, 617-632 (2001), 102."},{"key":"e_1_3_2_1_59_1","unstructured":"Saurav Prakash Hanieh Hashemi Yongqin Wang Murali Annavaram and Amir\u00a0Salman Avestimehr. 2020. Mitigating byzantine attacks in federated learning. arXiv preprint arXiv:2010.07541(2020).  Saurav Prakash Hanieh Hashemi Yongqin Wang Murali Annavaram and Amir\u00a0Salman Avestimehr. 2020. Mitigating byzantine attacks in federated learning. arXiv preprint arXiv:2010.07541(2020)."},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2015.10.002"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1109\/msec.2019.2935666"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11263-015-0816-y"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2018.00474"},{"key":"e_1_3_2_1_64_1","volume-title":"Intel Makes 3rd Gen Xeon Scalable Processor Rollout Official. https:\/\/www.channelfutures.com\/data-centers\/intel-makes-3rd-gen-xeon-scalable-processor-rollout-official","author":"Schwartz Jeffrey","unstructured":"Jeffrey Schwartz . 2021. Intel Makes 3rd Gen Xeon Scalable Processor Rollout Official. https:\/\/www.channelfutures.com\/data-centers\/intel-makes-3rd-gen-xeon-scalable-processor-rollout-official Jeffrey Schwartz. 2021. Intel Makes 3rd Gen Xeon Scalable Processor Rollout Official. https:\/\/www.channelfutures.com\/data-centers\/intel-makes-3rd-gen-xeon-scalable-processor-rollout-official"},{"key":"e_1_3_2_1_65_1","volume-title":"InfiniBand network architecture","author":"Shanley Tom","unstructured":"Tom Shanley . 2003. InfiniBand network architecture . Addison-Wesley Professional . Tom Shanley. 2003. InfiniBand network architecture. Addison-Wesley Professional."},{"key":"e_1_3_2_1_66_1","volume-title":"Proceedings of the 22nd ACM SIGSAC conference on computer and communications security. 1310\u20131321","author":"Shokri Reza","year":"2015","unstructured":"Reza Shokri and Vitaly Shmatikov . 2015 . Privacy-preserving deep learning . In Proceedings of the 22nd ACM SIGSAC conference on computer and communications security. 1310\u20131321 . Reza Shokri and Vitaly Shmatikov. 2015. Privacy-preserving deep learning. In Proceedings of the 22nd ACM SIGSAC conference on computer and communications security. 1310\u20131321."},{"key":"e_1_3_2_1_67_1","unstructured":"Karen Simonyan and Andrew Zisserman. 2014. Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556(2014).  Karen Simonyan and Andrew Zisserman. 2014. Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556(2014)."},{"key":"e_1_3_2_1_68_1","unstructured":"Jinhyun So Basak Guler and A\u00a0Salman Avestimehr. 2020. Byzantine-Resilient Secure Federated Learning. arXiv preprint arXiv:2007.11115(2020).  Jinhyun So Basak Guler and A\u00a0Salman Avestimehr. 2020. Byzantine-Resilient Secure Federated Learning. arXiv preprint arXiv:2007.11115(2020)."},{"key":"e_1_3_2_1_69_1","first-page":"602","article-title":"The confidentiality and analytic usefulness of masked business microdata","volume":"1983","author":"Spruill Nancy","year":"1983","unstructured":"Nancy Spruill . 1983 . The confidentiality and analytic usefulness of masked business microdata . Proceedings of the Section on Survey Research Methods , 1983 (1983), 602 \u2013 607 . Nancy Spruill. 1983. The confidentiality and analytic usefulness of masked business microdata. Proceedings of the Section on Survey Research Methods, 1983 (1983), 602\u2013607.","journal-title":"Proceedings of the Section on Survey Research Methods"},{"key":"e_1_3_2_1_70_1","volume-title":"Learning with privacy at scale. Apple Mach. Learn. J 1, 9","author":"Team ADP","year":"2017","unstructured":"ADP Team . 2017. Learning with privacy at scale. Apple Mach. Learn. J 1, 9 ( 2017 ). ADP Team. 2017. Learning with privacy at scale. Apple Mach. Learn. J 1, 9 (2017)."},{"key":"e_1_3_2_1_71_1","unstructured":"SGX team. 2021. Intel SGX in clouds. https:\/\/software.intel.com\/content\/www\/us\/en\/develop\/topics\/software-guard-extensions.html  SGX team. 2021. Intel SGX in clouds. https:\/\/software.intel.com\/content\/www\/us\/en\/develop\/topics\/software-guard-extensions.html"},{"key":"e_1_3_2_1_72_1","volume-title":"Verifiable and Private Execution of Neural Networks in Trusted Hardware. In International Conference on Learning Representations.","author":"Tramer Florian","year":"2018","unstructured":"Florian Tramer and Dan Boneh . 2018 . Slalom: Fast , Verifiable and Private Execution of Neural Networks in Trusted Hardware. In International Conference on Learning Representations. Florian Tramer and Dan Boneh. 2018. Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware. In International Conference on Learning Representations."},{"key":"e_1_3_2_1_73_1","volume-title":"Graviton: Trusted execution environments on gpus. In 13th {USENIX} Symposium on Operating Systems Design and Implementation ({OSDI} 18). 681\u2013696.","author":"Volos Stavros","year":"2018","unstructured":"Stavros Volos , Kapil Vaswani , and Rodrigo Bruno . 2018 . Graviton: Trusted execution environments on gpus. In 13th {USENIX} Symposium on Operating Systems Design and Implementation ({OSDI} 18). 681\u2013696. Stavros Volos, Kapil Vaswani, and Rodrigo Bruno. 2018. Graviton: Trusted execution environments on gpus. In 13th {USENIX} Symposium on Operating Systems Design and Implementation ({OSDI} 18). 681\u2013696."},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2019-0035"},{"key":"e_1_3_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134038"},{"key":"e_1_3_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.45"},{"key":"e_1_3_2_1_77_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISCA45697.2020.00067"},{"key":"e_1_3_2_1_78_1","volume-title":"International Conference on Machine Learning. PMLR, 7015\u20137024","author":"Yang Guandao","year":"2019","unstructured":"Guandao Yang , Tianyi Zhang , Polina Kirichenko , Junwen Bai , Andrew\u00a0Gordon Wilson , and Chris De\u00a0Sa . 2019 . SWALP: Stochastic weight averaging in low precision training . In International Conference on Machine Learning. PMLR, 7015\u20137024 . Guandao Yang, Tianyi Zhang, Polina Kirichenko, Junwen Bai, Andrew\u00a0Gordon Wilson, and Chris De\u00a0Sa. 2019. SWALP: Stochastic weight averaging in low precision training. In International Conference on Machine Learning. PMLR, 7015\u20137024."},{"key":"e_1_3_2_1_79_1","volume-title":"The 22nd International Conference on Artificial Intelligence and Statistics. PMLR, 1215\u20131225","author":"Yu Qian","year":"2019","unstructured":"Qian Yu , Songze Li , Netanel Raviv , Seyed Mohammadreza\u00a0Mousavi Kalan , Mahdi Soltanolkotabi , and Salman\u00a0 A Avestimehr . 2019 . Lagrange coded computing: Optimal design for resiliency, security, and privacy . In The 22nd International Conference on Artificial Intelligence and Statistics. PMLR, 1215\u20131225 . Qian Yu, Songze Li, Netanel Raviv, Seyed Mohammadreza\u00a0Mousavi Kalan, Mahdi Soltanolkotabi, and Salman\u00a0A Avestimehr. 2019. Lagrange coded computing: Optimal design for resiliency, security, and privacy. In The 22nd International Conference on Artificial Intelligence and Statistics. PMLR, 1215\u20131225."},{"key":"e_1_3_2_1_80_1","unstructured":"Wei Zhang Suyog Gupta Xiangru Lian and Ji Liu. 2015. Staleness-aware async-sgd for distributed deep learning. arXiv preprint arXiv:1511.05950(2015).  Wei Zhang Suyog Gupta Xiangru Lian and Ji Liu. 2015. Staleness-aware async-sgd for distributed deep learning. arXiv preprint arXiv:1511.05950(2015)."},{"key":"e_1_3_2_1_81_1","first-page":"660","article-title":"System and method for predicting behaviors of detected objects","volume":"8","author":"Zhu Jiajun","year":"2014","unstructured":"Jiajun Zhu , David\u00a0 I Ferguson , and Dmitri\u00a0 A Dolgov . 2014 . System and method for predicting behaviors of detected objects . US Patent 8 , 660 ,734. Jiajun Zhu, David\u00a0I Ferguson, and Dmitri\u00a0A Dolgov. 2014. System and method for predicting behaviors of detected objects. US Patent 8,660,734.","journal-title":"US Patent"},{"key":"e_1_3_2_1_82_1","unstructured":"Ligeng Zhu Zhijian Liu and Song Han. 2019. Deep leakage from gradients. In Advances in Neural Information Processing Systems. 14747\u201314756.  Ligeng Zhu Zhijian Liu and Song Han. 2019. Deep leakage from gradients. In Advances in Neural Information Processing Systems. 14747\u201314756."}],"event":{"name":"MICRO '21: 54th Annual IEEE\/ACM International Symposium on Microarchitecture","location":"Virtual Event Greece","acronym":"MICRO '21","sponsor":["SIGMICRO ACM Special Interest Group on Microarchitectural Research and Processing"]},"container-title":["MICRO-54: 54th Annual IEEE\/ACM International Symposium on Microarchitecture"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3466752.3480112","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/abs\/10.1145\/3466752.3480112","content-type":"text\/html","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3466752.3480112","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3466752.3480112","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:18:56Z","timestamp":1750191536000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3466752.3480112"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,10,17]]},"references-count":82,"alternative-id":["10.1145\/3466752.3480112","10.1145\/3466752"],"URL":"https:\/\/doi.org\/10.1145\/3466752.3480112","relation":{},"subject":[],"published":{"date-parts":[[2021,10,17]]},"assertion":[{"value":"2021-10-17","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}