Privacy and security challenges in Machine Learning (ML) have become increasingly severe, along with ML’s pervasive development and the recent demonstration of large attack surfaces. As a mature system-oriented approach, Confidential Computing has been utilized in both academia and industry to mitigate privacy and security issues in various ML scenarios. In this paper, the conjunction between ML and Confidential Computing is investigated. We systematize the prior work on Confidential Computing-assisted ML techniques that provide i) confidentiality guarantees and ii) integrity assurances, and discuss their advanced features and drawbacks. Key challenges are further identified, and we provide dedicated analyses of the limitations in existing Trusted Execution Environment (TEE) systems for ML use cases. Finally, prospective works are discussed, including grounded privacy definitions for closed-loop protection, partitioned executions of efficient ML, dedicated TEE-assisted designs for ML, TEE-aware ML, and ML full pipeline guarantees. By providing these potential solutions in our systematization of knowledge, we aim to build the bridge to help achieve a much stronger TEE-enabled ML for privacy guarantees without introducing computation and system costs.

随着机器学习 (ML) 的普遍发展和最近出现的大型攻击面，机器学习 (ML) 中的隐私和安全挑战变得越来越严峻。作为一种成熟的面向系统的方法，机密计算已在学术界和工业界广泛使用，以缓解各种机器学习场景中的隐私和安全问题。本文研究了机器学习和机密计算之间的结合。我们对机密计算辅助机器学习技术的先前工作进行了系统化，这些技术提供了 i) 机密性保证和 ii) 完整性保证，并讨论了它们的高级特性和缺点。我们进一步确定了关键挑战，并针对 ML 用例的现有可信执行环境 (TEE) 系统的局限性进行了专门分析。最后，讨论了未来的工作，包括用于闭环保护的接地隐私定义、高效机器学习的分区执行、用于机器学习的专用 TEE 辅助设计、TEE 感知机器学习和机器学习全流程保证。通过在我们的知识系统化中提供这些潜在的解决方案，我们的目标是建立一座桥梁，帮助实现更强大的支持 TEE 的 ML，以保证隐私，而无需引入计算和系统成本。