Trusted Execution Environment

Trusted Execution Environment (TEE) creates an isolated environment ensuring code authentication, runtime state integrity, and data confidentiality. Intel SGX is one of the most studied TEE solutions, providing a trusted hardware mechanism to create protected containers called enclaves. However, current TEE solutions have limitations for deep learning models, including significant overhead for memory-intensive tasks, limited memory capacity (e.g., 128MB default in Intel SGX), and support for limited CPU instructions without GPU leverage. Efforts have been made to offload computationally intensive layers of deep learning models to the GPU while maintaining integrity and confidentiality within an enclave. Despite these efforts, complicated implementations have led to discovered attacks to TEE.