Abstract
Federated Learning (FL) opens new perspectives for training machine learningmodels while keeping personal data on the users premises. Specifically, in FL,models are trained on the users devices and only model updates (i.e.,gradients) are sent to a central server for aggregation purposes. However, thelong list of inference attacks that leak private data from gradients, publishedin the recent years, have emphasized the need of devising effective protectionmechanisms to incentivize the adoption of FL at scale. While there existsolutions to mitigate these attacks on the server side, little has been done toprotect users from attacks performed on the client side. In this context, theuse of Trusted Execution Environments (TEEs) on the client side are among themost proposing solutions. However, existing frameworks (e.g., DarkneTZ) requirestatically putting a large portion of the machine learning model into the TEEto effectively protect against complex attacks or a combination of attacks. Wepresent GradSec, a solution that allows protecting in a TEE only sensitivelayers of a machine learning model, either statically or dynamically, hencereducing both the TCB size and the overall training time by up to 30% and 56%,respectively compared to state-of-the-art competitors.