Secure AI Inference in the Cloud: Enabling Confidential Computing with Trusted Execution
DOI:
https://doi.org/10.15680/yyt91s95Keywords:
Secure AI inference, confidential computing, trusted execution environment, Intel SGX, AMD SEV, remote attestation, cloud security, privacy-preserving machine learningAbstract
Cloud-based AI inference offers scalable and flexible deployment of machine learning models, but raises critical concerns about the confidentiality and integrity of sensitive data and proprietary models. Traditional cloud environments expose AI workloads to risks from malicious insiders, compromised hosts, and untrusted administrators. This paper addresses these challenges by leveraging Confidential Computing technologies and Trusted Execution Environments (TEEs) to enable secure and privacy-preserving AI inference in the cloud. We propose a comprehensive framework that integrates hardware-based trusted execution, secure model deployment, and encrypted data handling to ensure confidentiality, integrity, and authenticity of AI inference processes. Our solution uses Intel SGX and AMD SEV-enabled processors to create isolated execution enclaves, protecting AI models and input data from unauthorized access during inference. Additionally, the framework supports remote attestation, enabling cloud clients to verify the integrity of the execution environment before provisioning their data and models. We design secure communication protocols to prevent data leakage and provide efficient key management techniques to safeguard encryption keys within the enclave.
Experimental evaluation on benchmark AI models demonstrates that our approach achieves strong security guarantees with acceptable performance overhead. Latency increases remain within 15-20%, which is reasonable given the enhanced privacy assurances. The system supports diverse AI workloads, including image recognition and natural language processing, demonstrating broad applicability. This research highlights the critical role of confidential computing in addressing security and privacy challenges in cloud AI inference. By combining trusted execution with cryptographic protections, our framework advances secure cloud AI deployment, enabling wider adoption in privacy-sensitive domains such as healthcare, finance, and government. Future work will focus on optimizing enclave performance and extending support to federated and distributed AI inference scenarios.
References
1. Ahmed, A., et al. (2019). "Security and Privacy of Encrypted Virtual Machines." ACM Computing Surveys.
2. Finn, C., Abbeel, P., & Levine, S. (2017). "Model-Agnostic Meta-Learning for Fast Adaptation of Deep Networks." ICML.
3. Gentry, C. (2009). "A Fully Homomorphic Encryption Scheme." Stanford University PhD Thesis.
4. McKeen, F., et al. (2013). "Innovative Instructions and Software Model for Isolated Execution." USENIX Security Symposium.
5. Ohrimenko, O., et al. (2016). "Oblivious Multi-Party Machine Learning on Trusted Processors." USENIX Security Symposium.
6. Yao, A. (1982). "Protocols for Secure Computations." FOCS.
7. Zhang, Y., et al. (2020). "Secure AI Inference on Encrypted Data with Trusted Execution Environments." IEEE Transactions on Cloud Computing.
