{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,19]],"date-time":"2026-01-19T09:05:47Z","timestamp":1768813547016,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":20,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,6,23]],"date-time":"2024-06-23T00:00:00Z","timestamp":1719100800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"U.S. National Science Foundation","award":["OAC-2319962"],"award-info":[{"award-number":["OAC-2319962"]}]},{"name":"U.S. National Science Foundation","award":["CNS-2239672"],"award-info":[{"award-number":["CNS-2239672"]}]},{"name":"U.S. National Science Foundation","award":["CNS-2153690"],"award-info":[{"award-number":["CNS-2153690"]}]},{"name":"U.S. National Science Foundation","award":["CNS-2326597"],"award-info":[{"award-number":["CNS-2326597"]}]},{"name":"U.S. National Science Foundation","award":["CNS-2247892"],"award-info":[{"award-number":["CNS-2247892"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,6,23]]},"DOI":"10.1145\/3649329.3658251","type":"proceedings-article","created":{"date-parts":[[2024,11,7]],"date-time":"2024-11-07T19:27:22Z","timestamp":1731007642000},"page":"1-6","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["TBNet: A Neural Architectural Defense Framework Facilitating DNN Model Protection in Trusted Execution Environments"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1844-1114","authenticated-orcid":false,"given":"Ziyu","family":"Liu","sequence":"first","affiliation":[{"name":"Northeastern University, Boston, MA, United States"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8645-5246","authenticated-orcid":false,"given":"Tong","family":"Zhou","sequence":"additional","affiliation":[{"name":"Northeastern University, Boston, MA, United States"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5852-4195","authenticated-orcid":false,"given":"Yukui","family":"Luo","sequence":"additional","affiliation":[{"name":"University of Massachusetts Dartmouth, Dartmouth, MA, United States"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8393-2783","authenticated-orcid":false,"given":"Xiaolin","family":"Xu","sequence":"additional","affiliation":[{"name":"Northeastern University, Boston, MA, United States"}]}],"member":"320","published-online":{"date-parts":[[2024,11,7]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Lejla Batina Shivam Bhasin Dirmanto Jap and Stjepan Picek. 2019. {CSI} {NN}: Reverse engineering of neural network architectures through electromagnetic side channel. In USENIX Security'19."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/3307650.3322251"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-46493-0_38"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPEC.2019.8916519"},{"key":"e_1_3_2_1_5_1","unstructured":"Matthew Jagielski Nicholas Carlini David Berthelot Alex Kurakin and Nicolas Papernot. 2020. High accuracy and high fidelity extraction of neural networks. In USENIX Security'20."},{"key":"e_1_3_2_1_6_1","volume-title":"Convolutional deep belief networks on cifar-10. Unpublished manuscript 40, 7","author":"Krizhevsky Alex","year":"2010","unstructured":"Alex Krizhevsky and Geoff Hinton. 2010. Convolutional deep belief networks on cifar-10. Unpublished manuscript 40, 7 (2010), 1--9."},{"key":"e_1_3_2_1_7_1","unstructured":"Arm Limited. 2023. TrustZone for Cortex-M. https:\/\/www.arm.com\/technologies\/trustzone-for-cortex-m"},{"key":"e_1_3_2_1_8_1","unstructured":"Linaro Limited. 2019. Open Portable Trusted Execution Environment. https:\/\/www.op-tee.org"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV.2017.298"},{"key":"e_1_3_2_1_10_1","volume-title":"MirrorNet: A TEE-Friendly Framework for Secure On-Device DNN Inference. In IEEE\/ACM International Conference on Computer Aided Design (ICCAD). IEEE, 1--9.","author":"Liu Ziyu","year":"2023","unstructured":"Ziyu Liu, Yukui Luo, Shijin Duan, Tong Zhou, and Xiaolin Xu. 2023. MirrorNet: A TEE-Friendly Framework for Secure On-Device DNN Inference. In IEEE\/ACM International Conference on Computer Aided Design (ICCAD). IEEE, 1--9."},{"key":"e_1_3_2_1_11_1","volume-title":"Ownership verification of dnn architectures via hardware cache side channels. TCSVT","author":"Lou Xiaoxuan","year":"2022","unstructured":"Xiaoxuan Lou, Shangwei Guo, Jiwei Li, and Tianwei Zhang. 2022. Ownership verification of dnn architectures via hardware cache side channels. TCSVT (2022)."},{"key":"e_1_3_2_1_12_1","volume-title":"Kleomenis Katevas, Soteris Demetriou, Ilias Leontiadis, Andrea Cavallaro, and Hamed Haddadi.","author":"Mo Fan","year":"2020","unstructured":"Fan Mo, Ali Shahin Shamsabadi, Kleomenis Katevas, Soteris Demetriou, Ilias Leontiadis, Andrea Cavallaro, and Hamed Haddadi. 2020. Darknetz: towards model privacy at the edge using trusted execution environments. In MobiSys'20."},{"key":"e_1_3_2_1_13_1","volume-title":"SoK: machine learning with confidential computing. arXiv preprint arXiv:2208.10134","author":"Mo Fan","year":"2022","unstructured":"Fan Mo, Zahra Tarkhani, and Hamed Haddadi. 2022. SoK: machine learning with confidential computing. arXiv preprint arXiv:2208.10134 (2022)."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3469029"},{"key":"e_1_3_2_1_15_1","volume-title":"Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556","author":"Simonyan Karen","year":"2014","unstructured":"Karen Simonyan and Andrew Zisserman. 2014. Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 (2014)."},{"key":"e_1_3_2_1_16_1","volume-title":"SP'23","author":"Sun Zhichuang","unstructured":"Zhichuang Sun, Ruimin Sun, Changming Liu, Amrita Roy Chowdhury, Long Lu, and Somesh Jha. [n. d.]. Shadownet: A secure and efficient on-device model inference system for convolutional neural networks. In SP'23."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"crossref","unstructured":"Zhichuang Sun Ruimin Sun Long Lu and Alan Mislove. 2021. Mind your weight (s): A large-scale study on insufficient machine learning model protection in mobile apps. In USENIX Security'21.","DOI":"10.1145\/3457682.3457686"},{"key":"e_1_3_2_1_18_1","volume-title":"Confidential deep learning: Executing proprietary models on untrusted devices. arXiv preprint arXiv:1908.10730","author":"VanNostrand Peter M","year":"2019","unstructured":"Peter M VanNostrand, Ioannis Kyriazis, Michelle Cheng, Tian Guo, and Robert J Walls. 2019. Confidential deep learning: Executing proprietary models on untrusted devices. arXiv preprint arXiv:1908.10730 (2019)."},{"key":"e_1_3_2_1_19_1","volume-title":"Chunyan Ji, Jie Hu, and Yi Pan.","author":"Xiao Xueli","year":"2019","unstructured":"Xueli Xiao, Thosini Bamunu Mudiyanselage, Chunyan Ji, Jie Hu, and Yi Pan. 2019. Fast deep learning training through intelligently freezing layers. In iThings'19."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3536168.3543299"}],"event":{"name":"DAC '24: 61st ACM\/IEEE Design Automation Conference","location":"San Francisco CA USA","acronym":"DAC '24","sponsor":["SIGDA ACM Special Interest Group on Design Automation","IEEE-CEDA","SIGBED ACM Special Interest Group on Embedded Systems"]},"container-title":["Proceedings of the 61st ACM\/IEEE Design Automation Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3649329.3658251","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3649329.3658251","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3649329.3658251","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:18:01Z","timestamp":1750295881000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3649329.3658251"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,6,23]]},"references-count":20,"alternative-id":["10.1145\/3649329.3658251","10.1145\/3649329"],"URL":"https:\/\/doi.org\/10.1145\/3649329.3658251","relation":{},"subject":[],"published":{"date-parts":[[2024,6,23]]},"assertion":[{"value":"2024-11-07","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}