{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,21]],"date-time":"2026-04-21T19:11:04Z","timestamp":1776798664401,"version":"3.51.2"},"publisher-location":"New York, NY, USA","reference-count":96,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,11,1]],"date-time":"2021-11-01T00:00:00Z","timestamp":1635724800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11]]},"DOI":"10.1145\/3472883.3486998","type":"proceedings-article","created":{"date-parts":[[2021,10,27]],"date-time":"2021-10-27T10:48:16Z","timestamp":1635331696000},"page":"546-561","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":25,"title":["Citadel"],"prefix":"10.1145","author":[{"given":"Chengliang","family":"Zhang","sequence":"first","affiliation":[{"name":"Hong Kong University of Science and Technology"}]},{"given":"Junzhe","family":"Xia","sequence":"additional","affiliation":[{"name":"Hong Kong University of Science and Technology"}]},{"given":"Baichen","family":"Yang","sequence":"additional","affiliation":[{"name":"Hong Kong University of Science and Technology"}]},{"given":"Huancheng","family":"Puyang","sequence":"additional","affiliation":[{"name":"Hong Kong University of Science and Technology"}]},{"given":"Wei","family":"Wang","sequence":"additional","affiliation":[{"name":"Hong Kong University of Science and Technology"}]},{"given":"Ruichuan","family":"Chen","sequence":"additional","affiliation":[{"name":"Nokia Bell Labs"}]},{"given":"Istemi Ekin","family":"Akkus","sequence":"additional","affiliation":[{"name":"Nokia Bell Labs"}]},{"given":"Paarijaat","family":"Aditya","sequence":"additional","affiliation":[{"name":"Nokia Bell Labs"}]},{"given":"Feng","family":"Yan","sequence":"additional","affiliation":[{"name":"University of Nevada, Reno"}]}],"member":"320","published-online":{"date-parts":[[2021,11]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"2016. AMD Memory Encryption. https:\/\/developer.amd.com\/wordpress\/media\/2013\/12\/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf.  2016. AMD Memory Encryption. https:\/\/developer.amd.com\/wordpress\/media\/2013\/12\/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf."},{"key":"e_1_3_2_2_2_1","volume-title":"Tensorflow: A system for large-scale machine learning. In USENIX OSDI. 265--283.","author":"Abadi Mart\u00edn","year":"2016","unstructured":"Mart\u00edn Abadi , Paul Barham , Jianmin Chen , Zhifeng Chen , Andy Davis , Jeffrey Dean , Matthieu Devin , Sanjay Ghemawat , Geoffrey Irving , Michael Isard , 2016 . Tensorflow: A system for large-scale machine learning. In USENIX OSDI. 265--283. Mart\u00edn Abadi, Paul Barham, Jianmin Chen, Zhifeng Chen, Andy Davis, Jeffrey Dean, Matthieu Devin, Sanjay Ghemawat, Geoffrey Irving, Michael Isard, et al. 2016. Tensorflow: A system for large-scale machine learning. In USENIX OSDI. 265--283."},{"key":"e_1_3_2_2_3_1","doi-asserted-by":"crossref","unstructured":"Adil Ahmad Juhee Kim Jaebaek Seo Insik Shin Pedro Fonseca and Byoungyoung Lee. 2021. Chancel: efficient multi-client isolation under adversarial programs. In NDSS.  Adil Ahmad Juhee Kim Jaebaek Seo Insik Shin Pedro Fonseca and Byoungyoung Lee. 2021. Chancel: efficient multi-client isolation under adversarial programs. In NDSS.","DOI":"10.14722\/ndss.2021.24057"},{"key":"e_1_3_2_2_4_1","volume-title":"Sparse communication for distributed gradient descent. arXiv preprint arXiv:1704.05021","author":"Aji Alham Fikri","year":"2017","unstructured":"Alham Fikri Aji and Kenneth Heafield . 2017. Sparse communication for distributed gradient descent. arXiv preprint arXiv:1704.05021 ( 2017 ). Alham Fikri Aji and Kenneth Heafield. 2017. Sparse communication for distributed gradient descent. arXiv preprint arXiv:1704.05021 (2017)."},{"key":"e_1_3_2_2_5_1","unstructured":"altexsoft 2020. How Machine Learning Systems Help Reveal Scams in Fintech Healthcare and eCommerce. http:\/\/bit.ly\/2K58Nli.  altexsoft 2020. How Machine Learning Systems Help Reveal Scams in Fintech Healthcare and eCommerce. http:\/\/bit.ly\/2K58Nli."},{"key":"e_1_3_2_2_6_1","unstructured":"Amazon 2020. Amazon SageMaker. https:\/\/aws.amazon.com\/sagemaker\/.  Amazon 2020. Amazon SageMaker. https:\/\/aws.amazon.com\/sagemaker\/."},{"key":"e_1_3_2_2_7_1","unstructured":"Arm 2020. Arm TrustZone. https:\/\/developer.arm.com\/ip-products\/security-ip\/trustzone.  Arm 2020. Arm TrustZone. https:\/\/developer.arm.com\/ip-products\/security-ip\/trustzone."},{"key":"e_1_3_2_2_8_1","volume-title":"SCONE: Secure linux containers with intel SGX. In USENIX OSDI. 689--703.","author":"Arnautov Sergei","year":"2016","unstructured":"Sergei Arnautov , Bohdan Trach , Franz Gregor , Thomas Knauth , Andre Martin , Christian Priebe , Joshua Lind , Divya Muthukumaran , Dan O'keeffe , Mark L Stillwell , 2016 . SCONE: Secure linux containers with intel SGX. In USENIX OSDI. 689--703. Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O'keeffe, Mark L Stillwell, et al. 2016. SCONE: Secure linux containers with intel SGX. In USENIX OSDI. 689--703."},{"key":"e_1_3_2_2_9_1","unstructured":"AWS 2020. AWS Nitro System. https:\/\/aws.amazon.com\/ec2\/nitro\/.  AWS 2020. AWS Nitro System. https:\/\/aws.amazon.com\/ec2\/nitro\/."},{"key":"e_1_3_2_2_10_1","unstructured":"azure 2020. DCsv2-series. https:\/\/docs.microsoft.com\/en-us\/azure\/virtual-machines\/dcv2-series.  azure 2020. DCsv2-series. https:\/\/docs.microsoft.com\/en-us\/azure\/virtual-machines\/dcv2-series."},{"key":"e_1_3_2_2_11_1","unstructured":"Eugene Bagdasaryan Andreas Veit Yiqing Hua Deborah Estrin and Vitaly Shmatikov. 2020. How to backdoor federated learning. In PMLR AISTATS. 2938--2948.  Eugene Bagdasaryan Andreas Veit Yiqing Hua Deborah Estrin and Vitaly Shmatikov. 2020. How to backdoor federated learning. In PMLR AISTATS. 2938--2948."},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2799647"},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"crossref","unstructured":"Keith Bonawitz Vladimir Ivanov Ben Kreuter Antonio Marcedone H Brendan McMahan Sarvar Patel Daniel Ramage Aaron Segal and Karn Seth. 2017. Practical secure aggregation for privacy-preserving machine learning. In ACM CCS. 1175--1191.  Keith Bonawitz Vladimir Ivanov Ben Kreuter Antonio Marcedone H Brendan McMahan Sarvar Patel Daniel Ramage Aaron Segal and Karn Seth. 2017. Practical secure aggregation for privacy-preserving machine learning. In ACM CCS. 1175--1191.","DOI":"10.1145\/3133956.3133982"},{"key":"e_1_3_2_2_14_1","unstructured":"California State Legislature 2018. California Consumer Privacy Act (CCPA). https:\/\/oag.ca.gov\/privacy\/ccpa.  California State Legislature 2018. California Consumer Privacy Act (CCPA). https:\/\/oag.ca.gov\/privacy\/ccpa."},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"crossref","unstructured":"Somnath Chakrabarti Matthew Hoekstra Dmitrii Kuvaiskii and Mona Vij. 2019. Scaling Intel\u00ae Software Guard Extensions Applications with Intel\u00ae SGX Card. In HASP. 1--9.  Somnath Chakrabarti Matthew Hoekstra Dmitrii Kuvaiskii and Mona Vij. 2019. Scaling Intel\u00ae Software Guard Extensions Applications with Intel\u00ae SGX Card. In HASP. 1--9.","DOI":"10.1145\/3337167.3337173"},{"key":"e_1_3_2_2_16_1","volume-title":"SecureBoost: A Lossless Federated Learning Framework. arXiv preprint arXiv:1901.08755","author":"Cheng Kewei","year":"2019","unstructured":"Kewei Cheng , Tao Fan , Yilun Jin , Yang Liu , Tianjian Chen , and Qiang Yang . 2019. SecureBoost: A Lossless Federated Learning Framework. arXiv preprint arXiv:1901.08755 ( 2019 ). Kewei Cheng, Tao Fan, Yilun Jin, Yang Liu, Tianjian Chen, and Qiang Yang. 2019. SecureBoost: A Lossless Federated Learning Framework. arXiv preprint arXiv:1901.08755 (2019)."},{"key":"e_1_3_2_2_17_1","unstructured":"Citadel 2021. Citadel codebase. https:\/\/github.com\/marcoszh\/citadel-project.  Citadel 2021. Citadel codebase. https:\/\/github.com\/marcoszh\/citadel-project."},{"key":"e_1_3_2_2_18_1","unstructured":"docker 2020. Docker. https:\/\/www.docker.com\/.  docker 2020. Docker. https:\/\/www.docker.com\/."},{"key":"e_1_3_2_2_19_1","volume-title":"Privacy-preserving multivariate statistical analysis: Linear regression and classification","author":"Du Wenliang","unstructured":"Wenliang Du , Yunghsiang S Han , and Shigang Chen . 2004. Privacy-preserving multivariate statistical analysis: Linear regression and classification . In SDM. SIAM , 222--233. Wenliang Du, Yunghsiang S Han, and Shigang Chen. 2004. Privacy-preserving multivariate statistical analysis: Linear regression and classification. In SDM. SIAM, 222--233."},{"key":"e_1_3_2_2_20_1","unstructured":"EP 2016. Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95\/46\/EC (General Data Protection Regulation). https:\/\/eur-lex.europa.eu\/eli\/reg\/2016\/679\/oj.  EP 2016. Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95\/46\/EC (General Data Protection Regulation). https:\/\/eur-lex.europa.eu\/eli\/reg\/2016\/679\/oj."},{"key":"e_1_3_2_2_21_1","unstructured":"EU 2020. What are the GDPR Fines? https:\/\/gdpr.eu\/fines\/.  EU 2020. What are the GDPR Fines? https:\/\/gdpr.eu\/fines\/."},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"crossref","unstructured":"Matt Fredrikson Somesh Jha and Thomas Ristenpart. 2015. Model inversion attacks that exploit confidence information and basic countermeasures. In ACM CCS. 1322--1333.  Matt Fredrikson Somesh Jha and Thomas Ristenpart. 2015. Model inversion attacks that exploit confidence information and basic countermeasures. In ACM CCS. 1322--1333.","DOI":"10.1145\/2810103.2813677"},{"key":"e_1_3_2_2_23_1","volume-title":"Differentially private federated learning: A client level perspective. arXiv preprint arXiv:1712.07557","author":"Geyer Robin C","year":"2017","unstructured":"Robin C Geyer , Tassilo Klein , and Moin Nabi . 2017. Differentially private federated learning: A client level perspective. arXiv preprint arXiv:1712.07557 ( 2017 ). Robin C Geyer, Tassilo Klein, and Moin Nabi. 2017. Differentially private federated learning: A client level perspective. arXiv preprint arXiv:1712.07557 (2017)."},{"key":"e_1_3_2_2_24_1","unstructured":"Google 2020. Google Prediction API. https:\/\/cloud.google.com\/ai-platform\/training.  Google 2020. Google Prediction API. https:\/\/cloud.google.com\/ai-platform\/training."},{"key":"e_1_3_2_2_25_1","volume-title":"Sergei Arnautov, Andr\u00e9 Martin, Valerio Schiavoni, Pascal Felber, and Christof Fetzer.","author":"Gregor Franz","year":"2020","unstructured":"Franz Gregor , Wojciech Ozga , S\u00e9bastien Vaucher , Rafael Pires , Do Le Quoc , Sergei Arnautov, Andr\u00e9 Martin, Valerio Schiavoni, Pascal Felber, and Christof Fetzer. 2020 . Trust Management as a Service : Enabling Trusted Execution in the Face of Byzantine Stakeholders . arXiv preprint arXiv:2003.14099 (2020). Franz Gregor, Wojciech Ozga, S\u00e9bastien Vaucher, Rafael Pires, Do Le Quoc, Sergei Arnautov, Andr\u00e9 Martin, Valerio Schiavoni, Pascal Felber, and Christof Fetzer. 2020. Trust Management as a Service: Enabling Trusted Execution in the Face of Byzantine Stakeholders. arXiv preprint arXiv:2003.14099 (2020)."},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2018.05.003"},{"key":"e_1_3_2_2_27_1","volume-title":"Mehrdad Mahdavi, and Viveck Cadambe.","author":"Haddadpour Farzin","year":"2019","unstructured":"Farzin Haddadpour , Mohammad Mahdi Kamani , Mehrdad Mahdavi, and Viveck Cadambe. 2019 . Local SGD with periodic averaging: Tighter analysis and adaptive synchronization. In NeurIPS. Farzin Haddadpour, Mohammad Mahdi Kamani, Mehrdad Mahdavi, and Viveck Cadambe. 2019. Local SGD with periodic averaging: Tighter analysis and adaptive synchronization. In NeurIPS."},{"key":"e_1_3_2_2_28_1","volume-title":"Pipedream: Fast and efficient pipeline parallel dnn training. arXiv preprint arXiv:1806.03377","author":"Harlap Aaron","year":"2018","unstructured":"Aaron Harlap , Deepak Narayanan , Amar Phanishayee , Vivek Seshadri , Nikhil Devanur , Greg Ganger , and Phil Gibbons . 2018 . Pipedream: Fast and efficient pipeline parallel dnn training. arXiv preprint arXiv:1806.03377 (2018). Aaron Harlap, Deepak Narayanan, Amar Phanishayee, Vivek Seshadri, Nikhil Devanur, Greg Ganger, and Phil Gibbons. 2018. Pipedream: Fast and efficient pipeline parallel dnn training. arXiv preprint arXiv:1806.03377 (2018)."},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"crossref","unstructured":"Briland Hitaj Giuseppe Ateniese and Fernando Perez-Cruz. 2017. Deep models under the GAN: information leakage from collaborative deep learning. In ACM CCS. 603--618.  Briland Hitaj Giuseppe Ateniese and Fernando Perez-Cruz. 2017. Deep models under the GAN: information leakage from collaborative deep learning. In ACM CCS. 603--618.","DOI":"10.1145\/3133956.3134012"},{"key":"e_1_3_2_2_30_1","volume-title":"Phillip B Gibbons, Garth A Gibson, Greg Ganger, and Eric P Xing.","author":"Ho Qirong","year":"2013","unstructured":"Qirong Ho , James Cipar , Henggang Cui , Seunghak Lee , Jin Kyu Kim , Phillip B Gibbons, Garth A Gibson, Greg Ganger, and Eric P Xing. 2013 . More effective distributed ml via a stale synchronous parallel parameter server. In NeurIPS. Qirong Ho, James Cipar, Henggang Cui, Seunghak Lee, Jin Kyu Kim, Phillip B Gibbons, Garth A Gibson, Greg Ganger, and Eric P Xing. 2013. More effective distributed ml via a stale synchronous parallel parameter server. In NeurIPS."},{"key":"e_1_3_2_2_31_1","volume-title":"Long short-term memory. Neural computation 9, 8","author":"Hochreiter Sepp","year":"1997","unstructured":"Sepp Hochreiter and J\u00fcrgen Schmidhuber . 1997. Long short-term memory. Neural computation 9, 8 ( 1997 ), 1735--1780. Sepp Hochreiter and J\u00fcrgen Schmidhuber. 1997. Long short-term memory. Neural computation 9, 8 (1997), 1735--1780."},{"key":"e_1_3_2_2_32_1","volume-title":"Gpipe: Efficient training of giant neural networks using pipeline parallelism. In NeurIPS. 103--112.","author":"Huang Yanping","year":"2019","unstructured":"Yanping Huang , Youlong Cheng , Ankur Bapna , Orhan Firat , Dehao Chen , Mia Chen , HyoukJoong Lee , Jiquan Ngiam , Quoc V Le , Yonghui Wu , 2019 . Gpipe: Efficient training of giant neural networks using pipeline parallelism. In NeurIPS. 103--112. Yanping Huang, Youlong Cheng, Ankur Bapna, Orhan Firat, Dehao Chen, Mia Chen, HyoukJoong Lee, Jiquan Ngiam, Quoc V Le, Yonghui Wu, et al. 2019. Gpipe: Efficient training of giant neural networks using pipeline parallelism. In NeurIPS. 103--112."},{"key":"e_1_3_2_2_33_1","volume-title":"Chiron: Privacy-preserving machine learning as a service. arXiv preprint arXiv:1803.05961","author":"Hunt Tyler","year":"2018","unstructured":"Tyler Hunt , Congzheng Song , Reza Shokri , Vitaly Shmatikov , and Emmett Witchel . 2018 . Chiron: Privacy-preserving machine learning as a service. arXiv preprint arXiv:1803.05961 (2018). Tyler Hunt, Congzheng Song, Reza Shokri, Vitaly Shmatikov, and Emmett Witchel. 2018. Chiron: Privacy-preserving machine learning as a service. arXiv preprint arXiv:1803.05961 (2018)."},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3231594"},{"key":"e_1_3_2_2_35_1","volume-title":"Efficient deep learning on multi-source private data. arXiv preprint arXiv:1807.06689","author":"Hynes Nick","year":"2018","unstructured":"Nick Hynes , Raymond Cheng , and Dawn Song . 2018. Efficient deep learning on multi-source private data. arXiv preprint arXiv:1807.06689 ( 2018 ). Nick Hynes, Raymond Cheng, and Dawn Song. 2018. Efficient deep learning on multi-source private data. arXiv preprint arXiv:1807.06689 (2018)."},{"key":"e_1_3_2_2_36_1","unstructured":"IBMWH 2020. IBM Watson Health: Diagnostic Imaging Solutions. https:\/\/www.ibm.com\/watson-health\/solutions\/diagnostic-imaging.  IBMWH 2020. IBM Watson Health: Diagnostic Imaging Solutions. https:\/\/www.ibm.com\/watson-health\/solutions\/diagnostic-imaging."},{"key":"e_1_3_2_2_37_1","unstructured":"Intel 2020. Intel SGX. https:\/\/software.intel.com\/content\/www\/us\/en\/develop\/topics\/software-guard-extensions.html.  Intel 2020. Intel SGX. https:\/\/software.intel.com\/content\/www\/us\/en\/develop\/topics\/software-guard-extensions.html."},{"key":"e_1_3_2_2_38_1","first-page":"1808","article-title":"Preserving model privacy for machine learning in distributed systems","volume":"29","author":"Jia Qi","year":"2018","unstructured":"Qi Jia , Linke Guo , Zhanpeng Jin , and Yuguang Fang . 2018 . Preserving model privacy for machine learning in distributed systems . IEEE TPDS 29 , 8 (2018), 1808 -- 1822 . Qi Jia, Linke Guo, Zhanpeng Jin, and Yuguang Fang. 2018. Preserving model privacy for machine learning in distributed systems. IEEE TPDS 29, 8 (2018), 1808--1822.","journal-title":"IEEE TPDS"},{"key":"e_1_3_2_2_39_1","unstructured":"k8s 2020. Kubernetes. https:\/\/kubernetes.io\/.  k8s 2020. Kubernetes. https:\/\/kubernetes.io\/."},{"key":"e_1_3_2_2_40_1","unstructured":"Kaggle 2020. Diabetic Retinopathy. https:\/\/www.kaggle.com\/sovitrath\/diabetic-retinopathy-224x224-gaussian-filtered.  Kaggle 2020. Diabetic Retinopathy. https:\/\/www.kaggle.com\/sovitrath\/diabetic-retinopathy-224x224-gaussian-filtered."},{"key":"e_1_3_2_2_41_1","unstructured":"Kaggle 2020. SMS Spam Collection. https:\/\/www.kaggle.com\/uciml\/sms-spam-collection-dataset.  Kaggle 2020. SMS Spam Collection. https:\/\/www.kaggle.com\/uciml\/sms-spam-collection-dataset."},{"key":"e_1_3_2_2_42_1","volume-title":"Keith Bonawitz, Zachary Charles, Graham Cormode, Rachel Cummings, et al.","author":"Kairouz Peter","year":"2019","unstructured":"Peter Kairouz , H Brendan McMahan , Brendan Avent , Aur\u00e9lien Bellet , Mehdi Bennis , Arjun Nitin Bhagoji , Keith Bonawitz, Zachary Charles, Graham Cormode, Rachel Cummings, et al. 2019 . Advances and Open Problems in Federated Learning . arXiv preprint arXiv:1912.04977 (2019). Peter Kairouz, H Brendan McMahan, Brendan Avent, Aur\u00e9lien Bellet, Mehdi Bennis, Arjun Nitin Bhagoji, Keith Bonawitz, Zachary Charles, Graham Cormode, Rachel Cummings, et al. 2019. Advances and Open Problems in Federated Learning. arXiv preprint arXiv:1912.04977 (2019)."},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3302424.3303951"},{"key":"e_1_3_2_2_44_1","volume-title":"Pesos: Policy enhanced secure object store. In EuroSys. 1--17.","author":"Krahn Robert","year":"2018","unstructured":"Robert Krahn , Bohdan Trach , Anjo Vahldiek-Oberwagner , Thomas Knauth , Pramod Bhatotia , and Christof Fetzer . 2018 . Pesos: Policy enhanced secure object store. In EuroSys. 1--17. Robert Krahn, Bohdan Trach, Anjo Vahldiek-Oberwagner, Thomas Knauth, Pramod Bhatotia, and Christof Fetzer. 2018. Pesos: Policy enhanced secure object store. In EuroSys. 1--17."},{"key":"e_1_3_2_2_45_1","unstructured":"Alex Krizhevsky Ilya Sutskever and Geoffrey E Hinton. 2012. Imagenet classification with deep convolutional neural networks. In NeurIPS.  Alex Krizhevsky Ilya Sutskever and Geoffrey E Hinton. 2012. Imagenet classification with deep convolutional neural networks. In NeurIPS."},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3065386"},{"key":"e_1_3_2_2_47_1","volume-title":"Franz Gregor, Sergei Arnautov, Pramod Bhatotia, and Christof Fetzer.","author":"Kunkel Roland","year":"2019","unstructured":"Roland Kunkel , Do Le Quoc , Franz Gregor, Sergei Arnautov, Pramod Bhatotia, and Christof Fetzer. 2019 . TensorSCONE: A secure TensorFlow framework using Intel SGX. arXiv preprint arXiv:1902.04413 (2019). Roland Kunkel, Do Le Quoc, Franz Gregor, Sergei Arnautov, Pramod Bhatotia, and Christof Fetzer. 2019. TensorSCONE: A secure TensorFlow framework using Intel SGX. arXiv preprint arXiv:1902.04413 (2019)."},{"key":"e_1_3_2_2_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/5.726791"},{"key":"e_1_3_2_2_49_1","unstructured":"Xiangru Lian Yijun Huang Yuncheng Li and Ji Liu. 2015. Asynchronous parallel stochastic gradient for nonconvex optimization. In NeurIPS.  Xiangru Lian Yijun Huang Yuncheng Li and Ji Liu. 2015. Asynchronous parallel stochastic gradient for nonconvex optimization. In NeurIPS."},{"key":"e_1_3_2_2_50_1","volume-title":"Kumar Kshitij Patel, and Martin Jaggi","author":"Lin Tao","year":"2018","unstructured":"Tao Lin , Sebastian U Stich , Kumar Kshitij Patel, and Martin Jaggi . 2018 . Don't Use Large Mini-Batches, Use Local SGD. arXiv preprint arXiv:1808.07217 (2018). Tao Lin, Sebastian U Stich, Kumar Kshitij Patel, and Martin Jaggi. 2018. Don't Use Large Mini-Batches, Use Local SGD. arXiv preprint arXiv:1808.07217 (2018)."},{"key":"e_1_3_2_2_51_1","volume-title":"Policy-Based Autonomic Data Governance","author":"Liu Changchang","unstructured":"Changchang Liu , Supriyo Chakraborty , and Dinesh Verma . 2019. Secure Model Fusion for Distributed Learning Using Partial Homomorphic Encryption . In Policy-Based Autonomic Data Governance . Springer , 154--179. Changchang Liu, Supriyo Chakraborty, and Dinesh Verma. 2019. Secure Model Fusion for Distributed Learning Using Partial Homomorphic Encryption. In Policy-Based Autonomic Data Governance. Springer, 154--179."},{"key":"e_1_3_2_2_52_1","volume-title":"Secure Federated Transfer Learning. arXiv preprint arXiv:1812.03337","author":"Liu Yang","year":"2018","unstructured":"Yang Liu , Tianjian Chen , and Qiang Yang . 2018. Secure Federated Transfer Learning. arXiv preprint arXiv:1812.03337 ( 2018 ). Yang Liu, Tianjian Chen, and Qiang Yang. 2018. Secure Federated Transfer Learning. arXiv preprint arXiv:1812.03337 (2018)."},{"key":"e_1_3_2_2_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/3338466.3358926"},{"key":"e_1_3_2_2_54_1","volume-title":"A general approach to adding differential privacy to iterative training procedures. arXiv preprint arXiv:1812.06210","author":"McMahan H Brendan","year":"2018","unstructured":"H Brendan McMahan , Galen Andrew , Ulfar Erlingsson , Steve Chien , Ilya Mironov , Nicolas Papernot , and Peter Kairouz . 2018. A general approach to adding differential privacy to iterative training procedures. arXiv preprint arXiv:1812.06210 ( 2018 ). H Brendan McMahan, Galen Andrew, Ulfar Erlingsson, Steve Chien, Ilya Mironov, Nicolas Papernot, and Peter Kairouz. 2018. A general approach to adding differential privacy to iterative training procedures. arXiv preprint arXiv:1812.06210 (2018)."},{"key":"e_1_3_2_2_55_1","volume-title":"Federated Learning of Deep Networks using Model Averaging. ArXiv abs\/1602.05629","author":"McMahan H. Brendan","year":"2016","unstructured":"H. Brendan McMahan , Eider Moore , Daniel Ramage , and Blaise Ag\u00fcera y Arcas . 2016. Federated Learning of Deep Networks using Model Averaging. ArXiv abs\/1602.05629 ( 2016 ). H. Brendan McMahan, Eider Moore, Daniel Ramage, and Blaise Ag\u00fcera y Arcas. 2016. Federated Learning of Deep Networks using Model Averaging. ArXiv abs\/1602.05629 (2016)."},{"key":"e_1_3_2_2_56_1","volume-title":"Learning differentially private recurrent language models. arXiv preprint arXiv:1710.06963","author":"McMahan H Brendan","year":"2017","unstructured":"H Brendan McMahan , Daniel Ramage , Kunal Talwar , and Li Zhang . 2017. Learning differentially private recurrent language models. arXiv preprint arXiv:1710.06963 ( 2017 ). H Brendan McMahan, Daniel Ramage, Kunal Talwar, and Li Zhang. 2017. Learning differentially private recurrent language models. arXiv preprint arXiv:1710.06963 (2017)."},{"key":"e_1_3_2_2_57_1","volume-title":"PPFL: privacy-preserving federated learning with trusted execution environments. arXiv preprint arXiv:2104.14380","author":"Mo Fan","year":"2021","unstructured":"Fan Mo , Hamed Haddadi , Kleomenis Katevas , Eduard Marin , Diego Perino , and Nicolas Kourtellis . 2021. PPFL: privacy-preserving federated learning with trusted execution environments. arXiv preprint arXiv:2104.14380 ( 2021 ). Fan Mo, Hamed Haddadi, Kleomenis Katevas, Eduard Marin, Diego Perino, and Nicolas Kourtellis. 2021. PPFL: privacy-preserving federated learning with trusted execution environments. arXiv preprint arXiv:2104.14380 (2021)."},{"key":"e_1_3_2_2_58_1","unstructured":"Payman Mohassel and Peter Rindal. 2018. ABY 3: a mixed protocol framework for machine learning. In ACM CCS. 35--52.  Payman Mohassel and Peter Rindal. 2018. ABY 3: a mixed protocol framework for machine learning. In ACM CCS. 35--52."},{"key":"e_1_3_2_2_59_1","volume-title":"Secureml: A system for scalable privacy-preserving machine learning","author":"Mohassel Payman","year":"2017","unstructured":"Payman Mohassel and Yupeng Zhang . 2017 . Secureml: A system for scalable privacy-preserving machine learning . In IEEE SP. 19--38. Payman Mohassel and Yupeng Zhang. 2017. Secureml: A system for scalable privacy-preserving machine learning. In IEEE SP. 19--38."},{"key":"e_1_3_2_2_60_1","unstructured":"mongodb 2020. mongoDB. https:\/\/www.mongodb.com\/.  mongodb 2020. mongoDB. https:\/\/www.mongodb.com\/."},{"key":"e_1_3_2_2_61_1","unstructured":"nexusguard 2021. NexusGuard. http:\/\/www.nexusguard.consulting\/.  nexusguard 2021. NexusGuard. http:\/\/www.nexusguard.consulting\/."},{"key":"e_1_3_2_2_62_1","unstructured":"NPCSC 2017. Cybersecurity Law of the People's Republic of China. http:\/\/www.lawinfochina.com\/display.aspx?id=22826&lib=law.  NPCSC 2017. Cybersecurity Law of the People's Republic of China. http:\/\/www.lawinfochina.com\/display.aspx?id=22826&lib=law."},{"key":"e_1_3_2_2_63_1","unstructured":"Olga Ohrimenko Felix Schuster C\u00e9dric Fournet Aastha Mehta Sebastian Nowozin Kapil Vaswani and Manuel Costa. 2016. Oblivious multi-party machine learning on trusted processors. In USENIX Security. 619--636.  Olga Ohrimenko Felix Schuster C\u00e9dric Fournet Aastha Mehta Sebastian Nowozin Kapil Vaswani and Manuel Costa. 2016. Oblivious multi-party machine learning on trusted processors. In USENIX Security. 619--636."},{"key":"e_1_3_2_2_64_1","volume-title":"Varys: Protecting SGX enclaves from practical side-channel attacks. In USENIX ATC. 227--240.","author":"Oleksenko Oleksii","year":"2018","unstructured":"Oleksii Oleksenko , Bohdan Trach , Robert Krahn , Mark Silberstein , and Christof Fetzer . 2018 . Varys: Protecting SGX enclaves from practical side-channel attacks. In USENIX ATC. 227--240. Oleksii Oleksenko, Bohdan Trach, Robert Krahn, Mark Silberstein, and Christof Fetzer. 2018. Varys: Protecting SGX enclaves from practical side-channel attacks. In USENIX ATC. 227--240."},{"key":"e_1_3_2_2_65_1","volume-title":"Knockoff nets: Stealing functionality of black-box models","author":"Orekondy Tribhuvanesh","unstructured":"Tribhuvanesh Orekondy , Bernt Schiele , and Mario Fritz . 2019. Knockoff nets: Stealing functionality of black-box models . In IEEE CVPR. 4954--4963. Tribhuvanesh Orekondy, Bernt Schiele, and Mario Fritz. 2019. Knockoff nets: Stealing functionality of black-box models. In IEEE CVPR. 4954--4963."},{"key":"e_1_3_2_2_66_1","doi-asserted-by":"crossref","unstructured":"Nicolas Papernot Patrick McDaniel Ian Goodfellow Somesh Jha Z Berkay Celik and Ananthram Swami. 2017. Practical black-box attacks against machine learning. In ACM ASIACCS. 506--519.  Nicolas Papernot Patrick McDaniel Ian Goodfellow Somesh Jha Z Berkay Celik and Ananthram Swami. 2017. Practical black-box attacks against machine learning. In ACM ASIACCS. 506--519.","DOI":"10.1145\/3052973.3053009"},{"key":"e_1_3_2_2_67_1","volume-title":"Memoir: Practical state continuity for protected modules","author":"Parno Bryan","year":"2011","unstructured":"Bryan Parno , Jacob R Lorch , John R Douceur , James Mickens , and Jonathan M McCune . 2011 . Memoir: Practical state continuity for protected modules . In IEEE SP. 379--394. Bryan Parno, Jacob R Lorch, John R Douceur, James Mickens, and Jonathan M McCune. 2011. Memoir: Practical state continuity for protected modules. In IEEE SP. 379--394."},{"key":"e_1_3_2_2_68_1","volume-title":"Pytorch: An imperative style, high-performance deep learning library. In NeuriPS. 8026--8037.","author":"Paszke Adam","year":"2019","unstructured":"Adam Paszke , Sam Gross , Francisco Massa , Adam Lerer , James Bradbury , Gregory Chanan , Trevor Killeen , Zeming Lin , Natalia Gimelshein , Luca Antiga , 2019 . Pytorch: An imperative style, high-performance deep learning library. In NeuriPS. 8026--8037. Adam Paszke, Sam Gross, Francisco Massa, Adam Lerer, James Bradbury, Gregory Chanan, Trevor Killeen, Zeming Lin, Natalia Gimelshein, Luca Antiga, et al. 2019. Pytorch: An imperative style, high-performance deep learning library. In NeuriPS. 8026--8037."},{"key":"e_1_3_2_2_69_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2017.2787987"},{"key":"e_1_3_2_2_70_1","unstructured":"PingAn 2020. Ping An: Security Technology Reduces Data Silos. https:\/\/www.intel.com\/content\/www\/us\/en\/customer-spotlight\/stories\/ping-an-sgx-customer-story.html.  PingAn 2020. Ping An: Security Technology Reduces Data Silos. https:\/\/www.intel.com\/content\/www\/us\/en\/customer-spotlight\/stories\/ping-an-sgx-customer-story.html."},{"key":"e_1_3_2_2_71_1","unstructured":"python 2020. CFFI. https:\/\/cffi.readthedocs.io\/en\/latest\/.  python 2020. CFFI. https:\/\/cffi.readthedocs.io\/en\/latest\/."},{"key":"e_1_3_2_2_72_1","unstructured":"python 2020. Python GIL. https:\/\/realpython.com\/python-gil\/.  python 2020. Python GIL. https:\/\/realpython.com\/python-gil\/."},{"key":"e_1_3_2_2_73_1","doi-asserted-by":"crossref","unstructured":"Do Le Quoc Franz Gregor Sergei Arnautov Roland Kunkel Pramod Bhatotia and Christof Fetzer. 2020. secureTF: A secure tensorflow framework. In USENIX Middleware. 44--59.  Do Le Quoc Franz Gregor Sergei Arnautov Roland Kunkel Pramod Bhatotia and Christof Fetzer. 2020. secureTF: A secure tensorflow framework. In USENIX Middleware. 44--59.","DOI":"10.1145\/3423211.3425687"},{"key":"e_1_3_2_2_74_1","volume-title":"Crosstalk: Speculative data leaks across cores are real. In S&P","author":"Ragab Hany","year":"2021","unstructured":"Hany Ragab , Alyssa Milburn , Kaveh Razavi , Herbert Bos , and Cristiano Giuffrida . 2021 . Crosstalk: Speculative data leaks across cores are real. In S&P . IEEE. Hany Ragab, Alyssa Milburn, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida. 2021. Crosstalk: Speculative data leaks across cores are real. In S&P. IEEE."},{"key":"e_1_3_2_2_75_1","volume-title":"An overview of gradient descent optimization algorithms. arXiv preprint arXiv:1609.04747","author":"Ruder Sebastian","year":"2016","unstructured":"Sebastian Ruder . 2016. An overview of gradient descent optimization algorithms. arXiv preprint arXiv:1609.04747 ( 2016 ). Sebastian Ruder. 2016. An overview of gradient descent optimization algorithms. arXiv preprint arXiv:1609.04747 (2016)."},{"key":"e_1_3_2_2_76_1","doi-asserted-by":"publisher","DOI":"10.1145\/3373376.3378469"},{"key":"e_1_3_2_2_77_1","doi-asserted-by":"crossref","unstructured":"Reza Shokri and Vitaly Shmatikov. 2015. Privacy-preserving deep learning. In ACM CCS. 1310--1321.  Reza Shokri and Vitaly Shmatikov. 2015. Privacy-preserving deep learning. In ACM CCS. 1310--1321.","DOI":"10.1109\/ALLERTON.2015.7447103"},{"key":"e_1_3_2_2_78_1","volume-title":"Membership inference attacks against machine learning models","author":"Shokri Reza","unstructured":"Reza Shokri , Marco Stronati , Congzheng Song , and Vitaly Shmatikov . 2017. Membership inference attacks against machine learning models . In IEEE SP. IEEE , 3--18. Reza Shokri, Marco Stronati, Congzheng Song, and Vitaly Shmatikov. 2017. Membership inference attacks against machine learning models. In IEEE SP. IEEE, 3--18."},{"key":"e_1_3_2_2_79_1","unstructured":"Samuel Smith Erich Elsen and Soham De. 2020. On the Generalization Benefit of Noise in Stochastic Gradient Descent. In ICML. PMLR.  Samuel Smith Erich Elsen and Soham De. 2020. On the Generalization Benefit of Noise in Stochastic Gradient Descent. In ICML. PMLR."},{"key":"e_1_3_2_2_80_1","volume-title":"Turbo-Aggregate: Breaking the Quadratic Aggregation Barrier in Secure Federated Learning. arXiv preprint arXiv:2002.04156","author":"So Jinhyun","year":"2020","unstructured":"Jinhyun So , Basak Guler , and A Salman Avestimehr . 2020. Turbo-Aggregate: Breaking the Quadratic Aggregation Barrier in Secure Federated Learning. arXiv preprint arXiv:2002.04156 ( 2020 ). Jinhyun So, Basak Guler, and A Salman Avestimehr. 2020. Turbo-Aggregate: Breaking the Quadratic Aggregation Barrier in Secure Federated Learning. arXiv preprint arXiv:2002.04156 (2020)."},{"key":"e_1_3_2_2_81_1","volume-title":"Slalom: Fast, verifiable and private execution of neural networks in trusted hardware. arXiv preprint arXiv:1806.03287","author":"Tramer Florian","year":"2018","unstructured":"Florian Tramer and Dan Boneh . 2018 . Slalom: Fast, verifiable and private execution of neural networks in trusted hardware. arXiv preprint arXiv:1806.03287 (2018). Florian Tramer and Dan Boneh. 2018. Slalom: Fast, verifiable and private execution of neural networks in trusted hardware. arXiv preprint arXiv:1806.03287 (2018)."},{"key":"e_1_3_2_2_82_1","unstructured":"Florian Tram\u00e8r Fan Zhang Ari Juels Michael K Reiter and Thomas Ristenpart. 2016. Stealing machine learning models via prediction apis. In USENIX Security. 601--618.  Florian Tram\u00e8r Fan Zhang Ari Juels Michael K Reiter and Thomas Ristenpart. 2016. Stealing machine learning models via prediction apis. In USENIX Security. 601--618."},{"key":"e_1_3_2_2_83_1","volume-title":"Graphene-sgx: A practical library OS for unmodified applications on SGX. In USENIX ATC). 645--658.","author":"Tsai Chia-Che","year":"2017","unstructured":"Chia-Che Tsai , Donald E Porter , and Mona Vij . 2017 . Graphene-sgx: A practical library OS for unmodified applications on SGX. In USENIX ATC). 645--658. Chia-Che Tsai, Donald E Porter, and Mona Vij. 2017. Graphene-sgx: A practical library OS for unmodified applications on SGX. In USENIX ATC). 645--658."},{"key":"e_1_3_2_2_84_1","volume-title":"Foreshadow: Extracting the keys to the intel {SGX} kingdom with transient out-of-order execution. In USENIX Security. 991--1008.","author":"Bulck Jo Van","year":"2018","unstructured":"Jo Van Bulck , Marina Minkin , Ofir Weisse , Daniel Genkin , Baris Kasikci , Frank Piessens , Mark Silberstein , Thomas F Wenisch , Yuval Yarom , and Raoul Strackx . 2018 . Foreshadow: Extracting the keys to the intel {SGX} kingdom with transient out-of-order execution. In USENIX Security. 991--1008. Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F Wenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting the keys to the intel {SGX} kingdom with transient out-of-order execution. In USENIX Security. 991--1008."},{"key":"e_1_3_2_2_85_1","volume-title":"Split learning for health: Distributed deep learning without sharing raw patient data. arXiv preprint arXiv:1812.00564","author":"Vepakomma Praneeth","year":"2018","unstructured":"Praneeth Vepakomma , Otkrist Gupta , Tristan Swedish , and Ramesh Raskar . 2018. Split learning for health: Distributed deep learning without sharing raw patient data. arXiv preprint arXiv:1812.00564 ( 2018 ). Praneeth Vepakomma, Otkrist Gupta, Tristan Swedish, and Ramesh Raskar. 2018. Split learning for health: Distributed deep learning without sharing raw patient data. arXiv preprint arXiv:1812.00564 (2018)."},{"key":"e_1_3_2_2_86_1","volume-title":"Graviton: Trusted execution environments on GPUs. In USENIX OSDI. 681--696.","author":"Volos Stavros","year":"2018","unstructured":"Stavros Volos , Kapil Vaswani , and Rodrigo Bruno . 2018 . Graviton: Trusted execution environments on GPUs. In USENIX OSDI. 681--696. Stavros Volos, Kapil Vaswani, and Rodrigo Bruno. 2018. Graviton: Trusted execution environments on GPUs. In USENIX OSDI. 681--696."},{"key":"e_1_3_2_2_87_1","doi-asserted-by":"crossref","unstructured":"Robert Wahbe Steven Lucco Thomas E Anderson and Susan L Graham. 1993. Efficient software-based fault isolation. In SOSP.  Robert Wahbe Steven Lucco Thomas E Anderson and Susan L Graham. 1993. Efficient software-based fault isolation. In SOSP.","DOI":"10.1145\/168619.168635"},{"key":"e_1_3_2_2_88_1","volume-title":"Adaptive communication strategies to achieve the best error-runtime trade-off in local-update SGD. arXiv preprint arXiv:1810.08313","author":"Wang Jianyu","year":"2018","unstructured":"Jianyu Wang and Gauri Joshi . 2018. Adaptive communication strategies to achieve the best error-runtime trade-off in local-update SGD. arXiv preprint arXiv:1810.08313 ( 2018 ). Jianyu Wang and Gauri Joshi. 2018. Adaptive communication strategies to achieve the best error-runtime trade-off in local-update SGD. arXiv preprint arXiv:1810.08313 (2018)."},{"key":"e_1_3_2_2_89_1","doi-asserted-by":"crossref","unstructured":"Nico Weichbrodt Pierre-Louis Aublin and R\u00fcdiger Kapitza. 2018. sgxperf: A performance analysis tool for Intel SGX enclaves. In USENIX Middleware. 201--213.  Nico Weichbrodt Pierre-Louis Aublin and R\u00fcdiger Kapitza. 2018. sgxperf: A performance analysis tool for Intel SGX enclaves. In USENIX Middleware. 201--213.","DOI":"10.1145\/3274808.3274824"},{"key":"e_1_3_2_2_90_1","first-page":"12","article-title":"Federated machine learning: Concept and applications","volume":"10","author":"Yang Qiang","year":"2019","unstructured":"Qiang Yang , Yang Liu , Tianjian Chen , and Yongxin Tong . 2019 . Federated machine learning: Concept and applications . ACM TIST 10 , 2 (2019), 12 . Qiang Yang, Yang Liu, Tianjian Chen, and Yongxin Tong. 2019. Federated machine learning: Concept and applications. ACM TIST 10, 2 (2019), 12.","journal-title":"ACM TIST"},{"key":"e_1_3_2_2_91_1","volume-title":"Wei Wang, Ruichuan Chen, and Bo Li.","author":"Yu Minchen","year":"2021","unstructured":"Minchen Yu , Zhifeng Jiang , Hok Chun Ng , Wei Wang, Ruichuan Chen, and Bo Li. 2021 . Gillis : Serving Large Neural Networks in Serverless Functions with Automatic Model Partitioning . (2021). Minchen Yu, Zhifeng Jiang, Hok Chun Ng, Wei Wang, Ruichuan Chen, and Bo Li. 2021. Gillis: Serving Large Neural Networks in Serverless Functions with Automatic Model Partitioning. (2021)."},{"key":"e_1_3_2_2_92_1","volume-title":"Adadelta: an adaptive learning rate method. arXiv preprint arXiv:1212.5701","author":"Zeiler Matthew D","year":"2012","unstructured":"Matthew D Zeiler . 2012. Adadelta: an adaptive learning rate method. arXiv preprint arXiv:1212.5701 ( 2012 ). Matthew D Zeiler. 2012. Adadelta: an adaptive learning rate method. arXiv preprint arXiv:1212.5701 (2012)."},{"key":"e_1_3_2_2_93_1","unstructured":"Chengliang Zhang Suyi Li Junzhe Xia Wei Wang Feng Yan and Yang Liu. 2020. BatchCrypt: Efficient homomorphic encryption for cross-silo federated learning. In USENIX ATC.  Chengliang Zhang Suyi Li Junzhe Xia Wei Wang Feng Yan and Yang Liu. 2020. BatchCrypt: Efficient homomorphic encryption for cross-silo federated learning. In USENIX ATC."},{"key":"e_1_3_2_2_94_1","volume-title":"Stay Fresh: Speculative Synchronization for Fast Distributed Machine Learning","author":"Zhang Chengliang","year":"2018","unstructured":"Chengliang Zhang , Huangshi Tian , Wei Wang , and Feng Yan . 2018 . Stay Fresh: Speculative Synchronization for Fast Distributed Machine Learning . In ICDCS. IEEE. Chengliang Zhang, Huangshi Tian, Wei Wang, and Feng Yan. 2018. Stay Fresh: Speculative Synchronization for Fast Distributed Machine Learning. In ICDCS. IEEE."},{"key":"e_1_3_2_2_95_1","volume-title":"Why gradient clipping accelerates training: A theoretical justification for adaptivity. arXiv preprint arXiv:1905.11881","author":"Zhang Jingzhao","year":"2019","unstructured":"Jingzhao Zhang , Tianxing He , Suvrit Sra , and Ali Jadbabaie . 2019. Why gradient clipping accelerates training: A theoretical justification for adaptivity. arXiv preprint arXiv:1905.11881 ( 2019 ). Jingzhao Zhang, Tianxing He, Suvrit Sra, and Ali Jadbabaie. 2019. Why gradient clipping accelerates training: A theoretical justification for adaptivity. arXiv preprint arXiv:1905.11881 (2019)."},{"key":"e_1_3_2_2_96_1","doi-asserted-by":"crossref","unstructured":"Yanjun Zhang Guangdong Bai Xue Li Caitlin Curtis Chen Chen and Ryan KL Ko. 2020. PrivColl: Practical Privacy-Preserving Collaborative Machine Learning. In ESORICS.  Yanjun Zhang Guangdong Bai Xue Li Caitlin Curtis Chen Chen and Ryan KL Ko. 2020. PrivColl: Practical Privacy-Preserving Collaborative Machine Learning. In ESORICS.","DOI":"10.1007\/978-3-030-58951-6_20"}],"event":{"name":"SoCC '21: ACM Symposium on Cloud Computing","location":"Seattle WA USA","acronym":"SoCC '21","sponsor":["SIGMOD ACM Special Interest Group on Management of Data","SIGOPS ACM Special Interest Group on Operating Systems"]},"container-title":["Proceedings of the ACM Symposium on Cloud Computing"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3472883.3486998","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3472883.3486998","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:11:57Z","timestamp":1750191117000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3472883.3486998"}},"subtitle":["Protecting Data Privacy and Model Confidentiality for Collaborative Learning"],"short-title":[],"issued":{"date-parts":[[2021,11]]},"references-count":96,"alternative-id":["10.1145\/3472883.3486998","10.1145\/3472883"],"URL":"https:\/\/doi.org\/10.1145\/3472883.3486998","relation":{},"subject":[],"published":{"date-parts":[[2021,11]]},"assertion":[{"value":"2021-11-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}