Skip to content
/ SeSeMI Public

SeSeMI: Secure Serverless Model Inference on Sensitive Data

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

nusdbsystem/SeSeMI

BranchesTags

Repository files navigation

SeSeMI

SeSeMI: Secure Serverless Model Inference on Sensitive Data

Prepare SGX machines

The project has been tested with Ubuntu 20.04 with kernel 5.13.0.41-generic. Intel SGX: SDK/PSW 2.14 - other libraries 1.11 (matching library version is important).

The machines should be installed with Intel SGX AESM service and the Intel DCAP-ECDSA attestation infrastructure setup. refer to Intel's online documentation to setup the SGX environment.

After the setup:

  • Kernel driver /dev/sgx_enclave and /sgx_provision should be present which will be mounted to KeyService and SeMIRT containers.
  • SGX aesm service launched, which will be mounted to KeyService and SeMIRT containers. Check with systemctl status aesmd.
  • The machine should have been registered with the Intel PCCS setup in your cluster. Confirm with the DCAP sample quote generation and verfication codes.

Build SeSeMI components

  1. Clone this repository locally and run make preparation to initialize all external dependencies.
  2. refer to the README under docker folder to build respective dockers (client, KeyService, SeMIRT).
  3. the FnPacker can be launched with main.go.

Sample codes

We provide a sample tvm mobilenent model and all the requests in example. It includes the encrypted model, inference request and all requests to update the access info in KeyService.

Please change the KeyService address to access the KeyService you deployed in the client configuration and inference request.

Setup OpenWhisk

Please follow this guide to setup openwhisk cluster.

Setup KeyService

Deploy the built key server image following the instruction in the docker folder.

Then update the access information with client.

# register the user
./client register_req.json client_config.json
# specify the model decryption key
./client up_model_key_req.json client_config.json
# grant the user and worker access to the model 
./client grant_model_access_req.json client_config.json
# specify the input decryption key for the worker to use
./client add_request_key_req.json client_config.json

Please find the sample requests and the model in examples

Deploy a SeMIRT for a model

Once the container is build following instructions under the docker folder of this repo. You can deploy the action directly with openwhisk client for testing.

wsk -i action create <action-name> -m <memory-budget> --docker <the SeMIRT image>

You can now invoke this function with the sample request.

To create a Fnpool and manage its invocation through FnPacker, please refer to the FnPacker client sample codes under fnpacker/fpcli/example.go.

About

SeSeMI: Secure Serverless Model Inference on Sensitive Data

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

7 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages