Giters

Moschn / tensorflow-lite-sgx

A port of the tensorflow-lite for microcontrollers framework to Intel's SGX Framework. Designed to simplify research of privacy preserving machine learning in the context of trusted execution environments (TEEs).

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Tensorflow Lite For Intel SGX

A minimal port of the Tensorflow Lite for Microcontrollers on Intel SGX

Table of Contents

Description

This repository contains a port of TensorFlow Lite for Microcontrollers library for Intel SGX. It is intended to be easy to understand and follows the same source code structure as Intel's sample enclave code. Furthermore, it does not require an a priori installation of Tensorflow or complex build systems and toolchains (except the Intel SGX SDK & tools).

This port supports non-quantized float32 models and compatible float32 inputs. The port is model and input agnostic and should work on any TF light flatbuffer model and input.

The sole restriction is that the model must be compromised of operators supported by the TensorFlow Lite for Microcontrollers library, a full list of supported operators can be found here.

The library can only be used to perform inference tasks, this limitation is due to the Tensorflow lite library and not the SGX environment.

Disclaimer

This port is designed to facilitate research on privacy preserving ML in the context of Intel SGX Enclaves. As such, it is not intended to be used in production and should not be used to protect model or data confidentiality.

Requirements

Requires a platform with Intel SGX support, an installed SGX driver and the Intel SGX SDK. If you are able to compile and run the sample Enclave after installing the SGX driver & SDK, you should have no problems building and running this project.

Usage

After compiling the project (make clean && make -j4), the application can be launched with

./tf-sgx-infer <model path> <input path>

Any TF light flatbuffer model (non quantized, in float32 format) is compatible, up to the list of supported operators. Model inputs should also be saved in a float32 format, which can be done for example in the following manner:

nparr.astype('float32').tofile('input.bin')

Loading large models from disk might require increasing the default stack size on linux. If you run into segmentation faults, try increasing the stack size as follows:

ulimit -S -s 131072

This will temporarly increase the stack size from 8MB to 128MB.

About

A port of the tensorflow-lite for microcontrollers framework to Intel's SGX Framework. Designed to simplify research of privacy preserving machine learning in the context of trusted execution environments (TEEs).

License:Apache License 2.0

Languages

Language:C++ 95.6%Language:C 3.6%Language:Makefile 0.7%