SelTZ: Fine-Grained Data Protection for Edge Neural Networks Using Selective TrustZone Execution

This paper presents an approach to protecting deep neural network privacy on edge devices using ARM TrustZone. We propose a selective layer protection technique that balances performance and privacy. Rather than executing entire layers within the TrustZone secure environment, which leads to signific...

Full description

Saved in:
Bibliographic Details
Published in:Electronics (Basel) 2025-01, Vol.14 (1), p.123
Main Authors: Jeong, Sehyeon, Oh, Hyunyoung
Format: Article
Language:English
Subjects:
Accuracy
Artificial neural networks
Deep learning
Edge computing
Efficiency
Internet of Things
Machine learning
Memory devices
Neural networks
Parallel processing
Privacy
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:This paper presents an approach to protecting deep neural network privacy on edge devices using ARM TrustZone. We propose a selective layer protection technique that balances performance and privacy. Rather than executing entire layers within the TrustZone secure environment, which leads to significant performance and memory overhead, we selectively protect only the most sensitive subset of data from each layer. Our method strategically partitions layer computations between normal and secure worlds, optimizing TrustZone usage while providing robust defenses against privacy attacks. Through extensive experiments on standard datasets (CIFAR-100 and ImageNet-Tiny), we demonstrate that our approach reduces membership inference attack (MIA) success rates from over 90% to near random guess (50%) while achieving up to 7.3Ă— speedup and 71% memory reduction compared to state-of-the-art approaches. On resource-constrained edge devices with limited secure memory, our selective approach enables protection of significantly more layers than full layer protection methods while maintaining strong privacy guarantees through efficient data partitioning and parallel processing across security boundaries.
ISSN:2079-9292
2079-9292
DOI:10.3390/electronics14010123