Proceedings of the 21st International Conference on Information Systems Security (ICISS 2025) (ICISS 2025) pages TBD; Indore, India. December 16-20, 2025.
Machine Learning-as-a-Service (MLaaS) enables deep learning (DL) model owners to outsource inference tasks to a public cloud platform. A model owner trains a DL model in-house and uploads the trained AQ1 model to a MLaaS. For the uploaded model, the MLaaS platform exposes AQ2 an API to query the uploaded model with inputs and obtain predictions. However, uploading the trained model to public cloud platforms exposes the model owner to security and privacy risks, as the model is available in plaintext to the cloud provider during inference.
In this work, we present techniques to secure DL models with trusted execution environments and propose a secure outsourcing scheme to offload portions of the DL model computations during inference to faster untrusted processors. We implement the presented techniques in MazeNet, a framework to transform pretrained models into MazeNet models and deploy them on a public cloud platform to provide inference services.
We evaluate MazeNet on popular convolutional neural networks, and the results demonstrate that MazeNet improves the performance of DNN models as compared to a secure baseline model, where the model runs within a trusted environment. MazeNet increases the throughput of the inference task up to 30x and decreases the latency up to 5x for the benchmark models in our experimental evaluation.
Paper:
[
PDF
]