{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,18]],"date-time":"2025-12-18T19:57:42Z","timestamp":1766087862292,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":40,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,4,14]],"date-time":"2022-04-14T00:00:00Z","timestamp":1649894400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"NIH","award":["1R01HG006844"],"award-info":[{"award-number":["1R01HG006844"]}]},{"DOI":"10.13039\/100000183","name":"Army Research Office","doi-asserted-by":"publisher","award":["W911NF-17-1-0356"],"award-info":[{"award-number":["W911NF-17-1-0356"]}],"id":[{"id":"10.13039\/100000183","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["CNS-1837627, OAC-1828467, IIS-1939728, DMS-1925346, CNS-2029661"],"award-info":[{"award-number":["CNS-1837627, OAC-1828467, IIS-1939728, DMS-1925346, CNS-2029661"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,4,14]]},"DOI":"10.1145\/3508398.3511503","type":"proceedings-article","created":{"date-parts":[[2022,4,16]],"date-time":"2022-04-16T04:13:31Z","timestamp":1650082411000},"page":"4-15","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["GINN"],"prefix":"10.1145","author":[{"given":"Aref","family":"Asvadishirehjini","sequence":"first","affiliation":[{"name":"University of Texas at Dallas, Dallas, TX, USA"}]},{"given":"Murat","family":"Kantarcioglu","sequence":"additional","affiliation":[{"name":"University of Texas at Dallas, Dallas, TX, USA"}]},{"given":"Bradley","family":"Malin","sequence":"additional","affiliation":[{"name":"Vanderbilt University Medical Center, Nashville, TN, USA"}]}],"member":"320","published-online":{"date-parts":[[2022,4,15]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"[n.d.]. Confidential computing on Azure. https:\/\/docs.microsoft.com\/enus\/azure\/confidential-computing\/overview#introduction-to-confidentialcomputing  [n.d.]. Confidential computing on Azure. https:\/\/docs.microsoft.com\/enus\/azure\/confidential-computing\/overview#introduction-to-confidentialcomputing"},{"key":"e_1_3_2_2_2_1","unstructured":"[n.d.]. Intro to optimization in deep learning: Momentum RMSProp and Adam. https:\/\/blog.paperspace.com\/intro-to-optimization-momentum-rmspropadam\/. Accessed: 2010-09--30.  [n.d.]. Intro to optimization in deep learning: Momentum RMSProp and Adam. https:\/\/blog.paperspace.com\/intro-to-optimization-momentum-rmspropadam\/. Accessed: 2010-09--30."},{"volume-title":"Machine Learning and Knowledge Discovery in Databases","author":"Abay Nazmiye Ceren","key":"e_1_3_2_2_3_1","unstructured":"Nazmiye Ceren Abay , Yan Zhou , Murat Kantarcioglu , Bhavani Thuraisingham , and Latanya Sweeney . 2019. Privacy Preserving Synthetic Data Release Using Deep Learning . In Machine Learning and Knowledge Discovery in Databases , Michele Berlingerio , Francesco Bonchi, Thomas G\u00e4rtner, Neil Hurley, and Georgiana Ifrim (Eds.). Springer International Publishing , Cham, 510--526. Nazmiye Ceren Abay, Yan Zhou, Murat Kantarcioglu, Bhavani Thuraisingham, and Latanya Sweeney. 2019. Privacy Preserving Synthetic Data Release Using Deep Learning. In Machine Learning and Knowledge Discovery in Databases, Michele Berlingerio, Francesco Bonchi, Thomas G\u00e4rtner, Neil Hurley, and Georgiana Ifrim (Eds.). Springer International Publishing, Cham, 510--526."},{"key":"e_1_3_2_2_4_1","volume-title":"Proceedings of the 2nd international workshop on hardware and architectural support for security and privacy","volume":"13","author":"Anati Ittai","year":"2013","unstructured":"Ittai Anati , Shay Gueron , Simon Johnson , and Vincent Scarlata . 2013 . Innovative technology for CPU based attestation and sealing . In Proceedings of the 2nd international workshop on hardware and architectural support for security and privacy , Vol. 13 . ACM New York, NY, USA. Ittai Anati, Shay Gueron, Simon Johnson, and Vincent Scarlata. 2013. Innovative technology for CPU based attestation and sealing. In Proceedings of the 2nd international workshop on hardware and architectural support for security and privacy, Vol. 13. ACM New York, NY, USA."},{"key":"e_1_3_2_2_5_1","volume-title":"Zhiwei Steven Wu, and Mingyi Hong","author":"Chen Xiangyi","year":"2020","unstructured":"Xiangyi Chen , Zhiwei Steven Wu, and Mingyi Hong . 2020 . Understanding Gradient Clipping in Private SGD: A Geometric Perspective . arXiv:2006.15429 [cs.LG] Xiangyi Chen, Zhiwei Steven Wu, and Mingyi Hong. 2020. Understanding Gradient Clipping in Private SGD: A Geometric Perspective. arXiv:2006.15429 [cs.LG]"},{"key":"e_1_3_2_2_6_1","first-page":"1","article-title":"Intel SGX Explained","volume":"2016","author":"Costan Victor","year":"2016","unstructured":"Victor Costan and Srinivas Devadas . 2016 . Intel SGX Explained . IACR Cryptology ePrint Archive 2016 , 086 (2016), 1 -- 118 . Victor Costan and Srinivas Devadas. 2016. Intel SGX Explained. IACR Cryptology ePrint Archive 2016, 086 (2016), 1--118.","journal-title":"IACR Cryptology ePrint Archive"},{"key":"e_1_3_2_2_7_1","unstructured":"Rov Csongor. [n.d.]. Tesla Raises the Bar for Self-Driving Carmakers. www.blogs.nvidia.com\/blog\/2019\/04\/23\/tesla-self-driving\/  Rov Csongor. [n.d.]. Tesla Raises the Bar for Self-Driving Carmakers. www.blogs.nvidia.com\/blog\/2019\/04\/23\/tesla-self-driving\/"},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"crossref","unstructured":"J. Deng W. Dong R. Socher L.-J. Li K. Li and L. Fei-Fei. 2009. ImageNet: A Large-Scale Hierarchical Image Database. In CVPR09.  J. Deng W. Dong R. Socher L.-J. Li K. Li and L. Fei-Fei. 2009. ImageNet: A Large-Scale Hierarchical Image Database. In CVPR09.","DOI":"10.1109\/CVPR.2009.5206848"},{"volume-title":"IFIP congress","author":"Freivalds Rusins","key":"e_1_3_2_2_9_1","unstructured":"Rusins Freivalds . 1977. Probabilistic Machines Can Use Less Running Time .. In IFIP congress , Vol. 839 . 842. Rusins Freivalds. 1977. Probabilistic Machines Can Use Less Running Time.. In IFIP congress, Vol. 839. 842."},{"key":"e_1_3_2_2_10_1","volume-title":"International conference on machine learning. PMLR, 201--210","author":"Gilad-Bachrach Ran","year":"2016","unstructured":"Ran Gilad-Bachrach , Nathan Dowlin , Kim Laine , Kristin Lauter , Michael Naehrig , and John Wernsing . 2016 . Cryptonets: Applying neural networks to encrypted data with high throughput and accuracy . In International conference on machine learning. PMLR, 201--210 . Ran Gilad-Bachrach, Nathan Dowlin, Kim Laine, Kristin Lauter, Michael Naehrig, and John Wernsing. 2016. Cryptonets: Applying neural networks to encrypted data with high throughput and accuracy. In International conference on machine learning. PMLR, 201--210."},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.5555\/3086952"},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.5555\/3086952"},{"key":"e_1_3_2_2_13_1","volume-title":"Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733","author":"Gu Tianyu","year":"2017","unstructured":"Tianyu Gu , Brendan Dolan-Gavitt , and Siddharth Garg . 2017 . Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733 (2017). Tianyu Gu, Brendan Dolan-Gavitt, and Siddharth Garg. 2017. Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733 (2017)."},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.90"},{"key":"e_1_3_2_2_15_1","volume-title":"Chiron: Privacy-preserving Machine Learning as a Service. CoRR abs\/1803.05961","author":"Hunt Tyler","year":"2018","unstructured":"Tyler Hunt , Congzheng Song , Reza Shokri , Vitaly Shmatikov , and Emmett Witchel . 2018 . Chiron: Privacy-preserving Machine Learning as a Service. CoRR abs\/1803.05961 (2018). arXiv:1803.05961 http:\/\/arxiv.org\/abs\/1803.05961 Tyler Hunt, Congzheng Song, Reza Shokri, Vitaly Shmatikov, and Emmett Witchel. 2018. Chiron: Privacy-preserving Machine Learning as a Service. CoRR abs\/1803.05961 (2018). arXiv:1803.05961 http:\/\/arxiv.org\/abs\/1803.05961"},{"key":"e_1_3_2_2_16_1","volume-title":"Efficient Deep Learning on Multi-Source Private Data. CoRR abs\/1807.06689","author":"Hynes Nick","year":"2018","unstructured":"Nick Hynes , Raymond Cheng , and Dawn Song . 2018. Efficient Deep Learning on Multi-Source Private Data. CoRR abs\/1807.06689 ( 2018 ). arXiv:1807.06689 http:\/\/arxiv.org\/abs\/1807.06689 Nick Hynes, Raymond Cheng, and Dawn Song. 2018. Efficient Deep Learning on Multi-Source Private Data. CoRR abs\/1807.06689 (2018). arXiv:1807.06689 http:\/\/arxiv.org\/abs\/1807.06689"},{"key":"e_1_3_2_2_17_1","volume-title":"Adam: A method for stochastic optimization. arXiv preprint arXiv:1412.6980","author":"Kingma Diederik P","year":"2014","unstructured":"Diederik P Kingma and Jimmy Ba . 2014 . Adam: A method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014). Diederik P Kingma and Jimmy Ba. 2014. Adam: A method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014)."},{"key":"e_1_3_2_2_18_1","volume-title":"TrojDRL: Trojan Attacks on Deep Reinforcement Learning Agents. CoRR abs\/1903.06638","author":"Kiourti Panagiota","year":"2019","unstructured":"Panagiota Kiourti , Kacper Wardega , Susmit Jha , and Wenchao Li. 2019. TrojDRL: Trojan Attacks on Deep Reinforcement Learning Agents. CoRR abs\/1903.06638 ( 2019 ). arXiv:1903.06638 http:\/\/arxiv.org\/abs\/1903.06638 Panagiota Kiourti, Kacper Wardega, Susmit Jha, and Wenchao Li. 2019. TrojDRL: Trojan Attacks on Deep Reinforcement Learning Agents. CoRR abs\/1903.06638 (2019). arXiv:1903.06638 http:\/\/arxiv.org\/abs\/1903.06638"},{"key":"e_1_3_2_2_19_1","unstructured":"Alex Krizhevsky Vinod Nair and Geoffrey Hinton. [n.d.]. CIFAR-10 (Canadian Institute for Advanced Research). ([n. d.]). http:\/\/www.cs.toronto.edu\/~kriz\/ cifar.html  Alex Krizhevsky Vinod Nair and Geoffrey Hinton. [n.d.]. CIFAR-10 (Canadian Institute for Advanced Research). ([n. d.]). http:\/\/www.cs.toronto.edu\/~kriz\/ cifar.html"},{"key":"e_1_3_2_2_20_1","unstructured":"Alex Krizhevsky Ilya Sutskever and Geoffrey E Hinton. 2012. Imagenet classification with deep convolutional neural networks. In Advances in neural information processing systems.  Alex Krizhevsky Ilya Sutskever and Geoffrey E Hinton. 2012. Imagenet classification with deep convolutional neural networks. In Advances in neural information processing systems."},{"key":"e_1_3_2_2_21_1","unstructured":"Yann LeCun and Corinna Cortes. 2010. MNIST handwritten digit database. http:\/\/yann.lecun.com\/exdb\/mnist\/. (2010). http:\/\/yann.lecun.com\/exdb\/mnist\/  Yann LeCun and Corinna Cortes. 2010. MNIST handwritten digit database. http:\/\/yann.lecun.com\/exdb\/mnist\/. (2010). http:\/\/yann.lecun.com\/exdb\/mnist\/"},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363216"},{"key":"e_1_3_2_2_23_1","unstructured":"Yingqi Liu Shiqing Ma Yousra Aafer Wen-Chuan Lee Juan Zhai Weihang Wang and Xiangyu Zhang. 2017. Trojaning attack on neural networks. (2017).  Yingqi Liu Shiqing Ma Yousra Aafer Wen-Chuan Lee Juan Zhai Weihang Wang and Xiangyu Zhang. 2017. Trojaning attack on neural networks. (2017)."},{"key":"e_1_3_2_2_24_1","volume-title":"ROTE: Rollback Protection for Trusted Execution. In 26th USENIX Security Symposium (USENIX Security 17)","author":"Matetic Sinisa","year":"2017","unstructured":"Sinisa Matetic , Mansoor Ahmed , Kari Kostiainen , Aritra Dhar , David Sommer , Arthur Gervais , Ari Juels , and Srdjan Capkun . 2017 . ROTE: Rollback Protection for Trusted Execution. In 26th USENIX Security Symposium (USENIX Security 17) . USENIX Association , Vancouver, BC , 1289--1306. https:\/\/www.usenix.org\/ conference\/usenixsecurity17\/technical-sessions\/presentation\/matetic Sinisa Matetic, Mansoor Ahmed, Kari Kostiainen, Aritra Dhar, David Sommer, Arthur Gervais, Ari Juels, and Srdjan Capkun. 2017. ROTE: Rollback Protection for Trusted Execution. In 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC, 1289--1306. https:\/\/www.usenix.org\/ conference\/usenixsecurity17\/technical-sessions\/presentation\/matetic"},{"key":"e_1_3_2_2_25_1","first-page":"396","article-title":"SecureML: A System for Scalable Privacy-Preserving Machine Learning","volume":"2017","author":"Mohassel Payman","year":"2017","unstructured":"Payman Mohassel and Yupeng Zhang . 2017 . SecureML: A System for Scalable Privacy-Preserving Machine Learning . IACR Cryptology ePrint Archive 2017 (2017), 396 . http:\/\/eprint.iacr.org\/2017\/396 Payman Mohassel and Yupeng Zhang. 2017. SecureML: A System for Scalable Privacy-Preserving Machine Learning. IACR Cryptology ePrint Archive 2017 (2017), 396. http:\/\/eprint.iacr.org\/2017\/396","journal-title":"IACR Cryptology ePrint Archive"},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v35i17.17746"},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.chaos.2020.109944"},{"key":"e_1_3_2_2_28_1","unstructured":"Joseph Redmon. 2013--2016. Darknet: Open Source Neural Networks in C. http: \/\/pjreddie.com\/darknet\/.  Joseph Redmon. 2013--2016. Darknet: Open Source Neural Networks in C. http: \/\/pjreddie.com\/darknet\/."},{"key":"e_1_3_2_2_29_1","volume-title":"A stochastic approximation method. The annals of mathematical statistics","author":"Robbins Herbert","year":"1951","unstructured":"Herbert Robbins and Sutton Monro . 1951. A stochastic approximation method. The annals of mathematical statistics ( 1951 ). Herbert Robbins and Sutton Monro. 1951. A stochastic approximation method. The annals of mathematical statistics (1951)."},{"key":"e_1_3_2_2_30_1","unstructured":"Ali Shafahi W. Ronny Huang Mahyar Najibi Octavian Suciu Christoph Studer Tudor Dumitras and Tom Goldstein. 2018. Poison Frogs! Targeted Clean-Label Poisoning Attacks on Neural Networks. In Advances in Neural Information Processing Systems 31. http:\/\/papers.nips.cc\/paper\/7849-poison-frogs-targetedclean-label-poisoning-attacks-on-neural-networks.pdf  Ali Shafahi W. Ronny Huang Mahyar Najibi Octavian Suciu Christoph Studer Tudor Dumitras and Tom Goldstein. 2018. Poison Frogs! Targeted Clean-Label Poisoning Attacks on Neural Networks. In Advances in Neural Information Processing Systems 31. http:\/\/papers.nips.cc\/paper\/7849-poison-frogs-targetedclean-label-poisoning-attacks-on-neural-networks.pdf"},{"key":"e_1_3_2_2_31_1","volume-title":"Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556","author":"Simonyan Karen","year":"2014","unstructured":"Karen Simonyan and Andrew Zisserman . 2014. Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 ( 2014 ). Karen Simonyan and Andrew Zisserman. 2014. Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 (2014)."},{"key":"e_1_3_2_2_32_1","volume-title":"Dropout: a simple way to prevent neural networks from overfitting. The journal of machine learning research","author":"Srivastava Nitish","year":"2014","unstructured":"Nitish Srivastava , Geoffrey Hinton , Alex Krizhevsky , Ilya Sutskever , and Ruslan Salakhutdinov . 2014. Dropout: a simple way to prevent neural networks from overfitting. The journal of machine learning research ( 2014 ). Nitish Srivastava, Geoffrey Hinton, Alex Krizhevsky, Ilya Sutskever, and Ruslan Salakhutdinov. 2014. Dropout: a simple way to prevent neural networks from overfitting. The journal of machine learning research (2014)."},{"key":"#cr-split#-e_1_3_2_2_33_1.1","doi-asserted-by":"crossref","unstructured":"J. Stallkamp M. Schlipsing J. Salmen and C. Igel. 2012. Man vs. computer: Benchmarking machine learning algorithms for traffic sign recognition. Neural Networks (2012). https:\/\/doi.org\/10.1016\/j.neunet.2012.02.016 10.1016\/j.neunet.2012.02.016","DOI":"10.1016\/j.neunet.2012.02.016"},{"key":"#cr-split#-e_1_3_2_2_33_1.2","doi-asserted-by":"crossref","unstructured":"J. Stallkamp M. Schlipsing J. Salmen and C. Igel. 2012. Man vs. computer: Benchmarking machine learning algorithms for traffic sign recognition. Neural Networks (2012). https:\/\/doi.org\/10.1016\/j.neunet.2012.02.016","DOI":"10.1016\/j.neunet.2012.02.016"},{"key":"e_1_3_2_2_34_1","unstructured":"Lichao Sun. 2020. Natural Backdoor Attack on Text Data. arXiv:2006.16176 [cs.CL]  Lichao Sun. 2020. Natural Backdoor Attack on Text Data. arXiv:2006.16176 [cs.CL]"},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.5555\/3298023.3298188"},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2015.7298594"},{"key":"e_1_3_2_2_37_1","volume-title":"Slalom: Fast, verifiable and private execution of neural networks in trusted hardware. arXiv preprint arXiv:1806.03287","author":"Tramer Florian","year":"2018","unstructured":"Florian Tramer and Dan Boneh . 2018 . Slalom: Fast, verifiable and private execution of neural networks in trusted hardware. arXiv preprint arXiv:1806.03287 (2018). Florian Tramer and Dan Boneh. 2018. Slalom: Fast, verifiable and private execution of neural networks in trusted hardware. arXiv preprint arXiv:1806.03287 (2018)."},{"volume-title":"Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks. In 2019 IEEE Symposium on Security and Privacy.","author":"Wang B.","key":"e_1_3_2_2_38_1","unstructured":"B. Wang , Y. Yao , S. Shan , H. Li , B. Viswanath , H. Zheng , and B. Y. Zhao . 2019 . Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks. In 2019 IEEE Symposium on Security and Privacy. B. Wang, Y. Yao, S. Shan, H. Li, B. Viswanath, H. Zheng, and B. Y. Zhao. 2019. Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks. In 2019 IEEE Symposium on Security and Privacy."},{"key":"e_1_3_2_2_39_1","unstructured":"Jingzhao Zhang Tianxing He Suvrit Sra and Ali Jadbabaie. 2019. Why gradient clipping accelerates training: A theoretical justification for adaptivity. arXiv:1905.11881 [math.OC]  Jingzhao Zhang Tianxing He Suvrit Sra and Ali Jadbabaie. 2019. Why gradient clipping accelerates training: A theoretical justification for adaptivity. arXiv:1905.11881 [math.OC]"}],"event":{"name":"CODASPY '22: Twelveth ACM Conference on Data and Application Security and Privacy","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Baltimore MD USA","acronym":"CODASPY '22"},"container-title":["Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3508398.3511503","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3508398.3511503","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3508398.3511503","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:30:39Z","timestamp":1750188639000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3508398.3511503"}},"subtitle":["Fast GPU-TEE Based Integrity for Neural Network Training"],"short-title":[],"issued":{"date-parts":[[2022,4,14]]},"references-count":40,"alternative-id":["10.1145\/3508398.3511503","10.1145\/3508398"],"URL":"https:\/\/doi.org\/10.1145\/3508398.3511503","relation":{},"subject":[],"published":{"date-parts":[[2022,4,14]]},"assertion":[{"value":"2022-04-15","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}