S3ML: A Secure Serving System for Machine Learning Inference Article Swipe
Junming Ma
,
Chaofan Yu
,
Aihui Zhou
,
Bingzhe Wu
,
Xibin Wu
,
Xingyu Chen
,
Xiangqun Chen
,
Lei Wang
,
Donggang Cao
·
YOU?
·
· 2020
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2010.06212
YOU?
·
· 2020
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2010.06212
We present S3ML, a secure serving system for machine learning inference in this paper. S3ML runs machine learning models in Intel SGX enclaves to protect users' privacy. S3ML designs a secure key management service to construct flexible privacy-preserving server clusters and proposes novel SGX-aware load balancing and scaling methods to satisfy users' Service-Level Objectives. We have implemented S3ML based on Kubernetes as a low-overhead, high-available, and scalable system. We demonstrate the system performance and effectiveness of S3ML through extensive experiments on a series of widely-used models.
Related Topics
Metadata
- Type
- preprint
- Language
- en
- Landing Page
- http://arxiv.org/abs/2010.06212
- https://arxiv.org/pdf/2010.06212
- OA Status
- green
- Cited By
- 1
- References
- 28
- Related Works
- 10
- OpenAlex ID
- https://openalex.org/W3093179024
All OpenAlex metadata
Raw OpenAlex JSON
- OpenAlex ID
-
https://openalex.org/W3093179024Canonical identifier for this work in OpenAlex
- DOI
-
https://doi.org/10.48550/arxiv.2010.06212Digital Object Identifier
- Title
-
S3ML: A Secure Serving System for Machine Learning InferenceWork title
- Type
-
preprintOpenAlex work type
- Language
-
enPrimary language
- Publication year
-
2020Year of publication
- Publication date
-
2020-10-13Full publication date if available
- Authors
-
Junming Ma, Chaofan Yu, Aihui Zhou, Bingzhe Wu, Xibin Wu, Xingyu Chen, Xiangqun Chen, Lei Wang, Donggang CaoList of authors in order
- Landing page
-
https://arxiv.org/abs/2010.06212Publisher landing page
- PDF URL
-
https://arxiv.org/pdf/2010.06212Direct link to full text PDF
- Open access
-
YesWhether a free full text is available
- OA status
-
greenOpen access status per OpenAlex
- OA URL
-
https://arxiv.org/pdf/2010.06212Direct OA link when available
- Concepts
-
Inference, Computer science, Artificial intelligence, Machine learning, Computer securityTop concepts (fields/topics) attached by OpenAlex
- Cited by
-
1Total citation count in OpenAlex
- Citations by year (recent)
-
2021: 1Per-year citation counts (last 5 years)
- References (count)
-
28Number of works referenced by this work
- Related works (count)
-
10Other works algorithmically related by OpenAlex
Full payload
| id | https://openalex.org/W3093179024 |
|---|---|
| doi | https://doi.org/10.48550/arxiv.2010.06212 |
| ids.doi | https://doi.org/10.48550/arxiv.2010.06212 |
| ids.mag | 3093179024 |
| ids.openalex | https://openalex.org/W3093179024 |
| fwci | |
| type | preprint |
| title | S3ML: A Secure Serving System for Machine Learning Inference |
| biblio.issue | |
| biblio.volume | |
| biblio.last_page | |
| biblio.first_page | |
| topics[0].id | https://openalex.org/T11424 |
| topics[0].field.id | https://openalex.org/fields/17 |
| topics[0].field.display_name | Computer Science |
| topics[0].score | 0.9993000030517578 |
| topics[0].domain.id | https://openalex.org/domains/3 |
| topics[0].domain.display_name | Physical Sciences |
| topics[0].subfield.id | https://openalex.org/subfields/1702 |
| topics[0].subfield.display_name | Artificial Intelligence |
| topics[0].display_name | Security and Verification in Computing |
| topics[1].id | https://openalex.org/T11241 |
| topics[1].field.id | https://openalex.org/fields/17 |
| topics[1].field.display_name | Computer Science |
| topics[1].score | 0.9988999962806702 |
| topics[1].domain.id | https://openalex.org/domains/3 |
| topics[1].domain.display_name | Physical Sciences |
| topics[1].subfield.id | https://openalex.org/subfields/1711 |
| topics[1].subfield.display_name | Signal Processing |
| topics[1].display_name | Advanced Malware Detection Techniques |
| topics[2].id | https://openalex.org/T10400 |
| topics[2].field.id | https://openalex.org/fields/17 |
| topics[2].field.display_name | Computer Science |
| topics[2].score | 0.9976000189781189 |
| topics[2].domain.id | https://openalex.org/domains/3 |
| topics[2].domain.display_name | Physical Sciences |
| topics[2].subfield.id | https://openalex.org/subfields/1705 |
| topics[2].subfield.display_name | Computer Networks and Communications |
| topics[2].display_name | Network Security and Intrusion Detection |
| is_xpac | False |
| apc_list | |
| apc_paid | |
| concepts[0].id | https://openalex.org/C2776214188 |
| concepts[0].level | 2 |
| concepts[0].score | 0.6196454763412476 |
| concepts[0].wikidata | https://www.wikidata.org/wiki/Q408386 |
| concepts[0].display_name | Inference |
| concepts[1].id | https://openalex.org/C41008148 |
| concepts[1].level | 0 |
| concepts[1].score | 0.6161397099494934 |
| concepts[1].wikidata | https://www.wikidata.org/wiki/Q21198 |
| concepts[1].display_name | Computer science |
| concepts[2].id | https://openalex.org/C154945302 |
| concepts[2].level | 1 |
| concepts[2].score | 0.4820047914981842 |
| concepts[2].wikidata | https://www.wikidata.org/wiki/Q11660 |
| concepts[2].display_name | Artificial intelligence |
| concepts[3].id | https://openalex.org/C119857082 |
| concepts[3].level | 1 |
| concepts[3].score | 0.4460149109363556 |
| concepts[3].wikidata | https://www.wikidata.org/wiki/Q2539 |
| concepts[3].display_name | Machine learning |
| concepts[4].id | https://openalex.org/C38652104 |
| concepts[4].level | 1 |
| concepts[4].score | 0.36932575702667236 |
| concepts[4].wikidata | https://www.wikidata.org/wiki/Q3510521 |
| concepts[4].display_name | Computer security |
| keywords[0].id | https://openalex.org/keywords/inference |
| keywords[0].score | 0.6196454763412476 |
| keywords[0].display_name | Inference |
| keywords[1].id | https://openalex.org/keywords/computer-science |
| keywords[1].score | 0.6161397099494934 |
| keywords[1].display_name | Computer science |
| keywords[2].id | https://openalex.org/keywords/artificial-intelligence |
| keywords[2].score | 0.4820047914981842 |
| keywords[2].display_name | Artificial intelligence |
| keywords[3].id | https://openalex.org/keywords/machine-learning |
| keywords[3].score | 0.4460149109363556 |
| keywords[3].display_name | Machine learning |
| keywords[4].id | https://openalex.org/keywords/computer-security |
| keywords[4].score | 0.36932575702667236 |
| keywords[4].display_name | Computer security |
| language | en |
| locations[0].id | pmh:oai:arXiv.org:2010.06212 |
| locations[0].is_oa | True |
| locations[0].source.id | https://openalex.org/S4306400194 |
| locations[0].source.issn | |
| locations[0].source.type | repository |
| locations[0].source.is_oa | True |
| locations[0].source.issn_l | |
| locations[0].source.is_core | False |
| locations[0].source.is_in_doaj | False |
| locations[0].source.display_name | arXiv (Cornell University) |
| locations[0].source.host_organization | https://openalex.org/I205783295 |
| locations[0].source.host_organization_name | Cornell University |
| locations[0].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[0].license | |
| locations[0].pdf_url | https://arxiv.org/pdf/2010.06212 |
| locations[0].version | submittedVersion |
| locations[0].raw_type | |
| locations[0].license_id | |
| locations[0].is_accepted | False |
| locations[0].is_published | False |
| locations[0].raw_source_name | |
| locations[0].landing_page_url | http://arxiv.org/abs/2010.06212 |
| locations[1].id | doi:10.48550/arxiv.2010.06212 |
| locations[1].is_oa | True |
| locations[1].source.id | https://openalex.org/S4306400194 |
| locations[1].source.issn | |
| locations[1].source.type | repository |
| locations[1].source.is_oa | True |
| locations[1].source.issn_l | |
| locations[1].source.is_core | False |
| locations[1].source.is_in_doaj | False |
| locations[1].source.display_name | arXiv (Cornell University) |
| locations[1].source.host_organization | https://openalex.org/I205783295 |
| locations[1].source.host_organization_name | Cornell University |
| locations[1].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[1].license | |
| locations[1].pdf_url | |
| locations[1].version | |
| locations[1].raw_type | article |
| locations[1].license_id | |
| locations[1].is_accepted | False |
| locations[1].is_published | |
| locations[1].raw_source_name | |
| locations[1].landing_page_url | https://doi.org/10.48550/arxiv.2010.06212 |
| indexed_in | arxiv, datacite |
| authorships[0].author.id | https://openalex.org/A5028310493 |
| authorships[0].author.orcid | |
| authorships[0].author.display_name | Junming Ma |
| authorships[0].author_position | first |
| authorships[0].raw_author_name | Junming Ma |
| authorships[0].is_corresponding | False |
| authorships[1].author.id | https://openalex.org/A5001715939 |
| authorships[1].author.orcid | |
| authorships[1].author.display_name | Chaofan Yu |
| authorships[1].author_position | middle |
| authorships[1].raw_author_name | Chaofan Yu |
| authorships[1].is_corresponding | False |
| authorships[2].author.id | https://openalex.org/A5113202217 |
| authorships[2].author.orcid | |
| authorships[2].author.display_name | Aihui Zhou |
| authorships[2].author_position | middle |
| authorships[2].raw_author_name | Aihui Zhou |
| authorships[2].is_corresponding | False |
| authorships[3].author.id | https://openalex.org/A5040323946 |
| authorships[3].author.orcid | https://orcid.org/0000-0001-9598-7642 |
| authorships[3].author.display_name | Bingzhe Wu |
| authorships[3].author_position | middle |
| authorships[3].raw_author_name | Bingzhe Wu |
| authorships[3].is_corresponding | False |
| authorships[4].author.id | https://openalex.org/A5063756360 |
| authorships[4].author.orcid | |
| authorships[4].author.display_name | Xibin Wu |
| authorships[4].author_position | middle |
| authorships[4].raw_author_name | Xibin Wu |
| authorships[4].is_corresponding | False |
| authorships[5].author.id | https://openalex.org/A5108167803 |
| authorships[5].author.orcid | https://orcid.org/0000-0003-3627-0371 |
| authorships[5].author.display_name | Xingyu Chen |
| authorships[5].author_position | middle |
| authorships[5].raw_author_name | Xingyu Chen |
| authorships[5].is_corresponding | False |
| authorships[6].author.id | https://openalex.org/A5101636662 |
| authorships[6].author.orcid | https://orcid.org/0000-0002-7366-5906 |
| authorships[6].author.display_name | Xiangqun Chen |
| authorships[6].author_position | middle |
| authorships[6].raw_author_name | Xiangqun Chen |
| authorships[6].is_corresponding | False |
| authorships[7].author.id | https://openalex.org/A5100436059 |
| authorships[7].author.orcid | https://orcid.org/0000-0003-0184-307X |
| authorships[7].author.display_name | Lei Wang |
| authorships[7].author_position | middle |
| authorships[7].raw_author_name | Lei Wang |
| authorships[7].is_corresponding | False |
| authorships[8].author.id | https://openalex.org/A5037766137 |
| authorships[8].author.orcid | |
| authorships[8].author.display_name | Donggang Cao |
| authorships[8].author_position | last |
| authorships[8].raw_author_name | Donggang Cao |
| authorships[8].is_corresponding | False |
| has_content.pdf | False |
| has_content.grobid_xml | False |
| is_paratext | False |
| open_access.is_oa | True |
| open_access.oa_url | https://arxiv.org/pdf/2010.06212 |
| open_access.oa_status | green |
| open_access.any_repository_has_fulltext | False |
| created_date | 2025-10-10T00:00:00 |
| display_name | S3ML: A Secure Serving System for Machine Learning Inference |
| has_fulltext | False |
| is_retracted | False |
| updated_date | 2025-11-06T06:51:31.235846 |
| primary_topic.id | https://openalex.org/T11424 |
| primary_topic.field.id | https://openalex.org/fields/17 |
| primary_topic.field.display_name | Computer Science |
| primary_topic.score | 0.9993000030517578 |
| primary_topic.domain.id | https://openalex.org/domains/3 |
| primary_topic.domain.display_name | Physical Sciences |
| primary_topic.subfield.id | https://openalex.org/subfields/1702 |
| primary_topic.subfield.display_name | Artificial Intelligence |
| primary_topic.display_name | Security and Verification in Computing |
| related_works | https://openalex.org/W2961085424, https://openalex.org/W4306674287, https://openalex.org/W3046775127, https://openalex.org/W3107602296, https://openalex.org/W3170094116, https://openalex.org/W4386462264, https://openalex.org/W4364306694, https://openalex.org/W4312192474, https://openalex.org/W4283697347, https://openalex.org/W4210805261 |
| cited_by_count | 1 |
| counts_by_year[0].year | 2021 |
| counts_by_year[0].cited_by_count | 1 |
| locations_count | 2 |
| best_oa_location.id | pmh:oai:arXiv.org:2010.06212 |
| best_oa_location.is_oa | True |
| best_oa_location.source.id | https://openalex.org/S4306400194 |
| best_oa_location.source.issn | |
| best_oa_location.source.type | repository |
| best_oa_location.source.is_oa | True |
| best_oa_location.source.issn_l | |
| best_oa_location.source.is_core | False |
| best_oa_location.source.is_in_doaj | False |
| best_oa_location.source.display_name | arXiv (Cornell University) |
| best_oa_location.source.host_organization | https://openalex.org/I205783295 |
| best_oa_location.source.host_organization_name | Cornell University |
| best_oa_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| best_oa_location.license | |
| best_oa_location.pdf_url | https://arxiv.org/pdf/2010.06212 |
| best_oa_location.version | submittedVersion |
| best_oa_location.raw_type | |
| best_oa_location.license_id | |
| best_oa_location.is_accepted | False |
| best_oa_location.is_published | False |
| best_oa_location.raw_source_name | |
| best_oa_location.landing_page_url | http://arxiv.org/abs/2010.06212 |
| primary_location.id | pmh:oai:arXiv.org:2010.06212 |
| primary_location.is_oa | True |
| primary_location.source.id | https://openalex.org/S4306400194 |
| primary_location.source.issn | |
| primary_location.source.type | repository |
| primary_location.source.is_oa | True |
| primary_location.source.issn_l | |
| primary_location.source.is_core | False |
| primary_location.source.is_in_doaj | False |
| primary_location.source.display_name | arXiv (Cornell University) |
| primary_location.source.host_organization | https://openalex.org/I205783295 |
| primary_location.source.host_organization_name | Cornell University |
| primary_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| primary_location.license | |
| primary_location.pdf_url | https://arxiv.org/pdf/2010.06212 |
| primary_location.version | submittedVersion |
| primary_location.raw_type | |
| primary_location.license_id | |
| primary_location.is_accepted | False |
| primary_location.is_published | False |
| primary_location.raw_source_name | |
| primary_location.landing_page_url | http://arxiv.org/abs/2010.06212 |
| publication_date | 2020-10-13 |
| publication_year | 2020 |
| referenced_works | https://openalex.org/W1852007091, https://openalex.org/W2266218113, https://openalex.org/W2612012086, https://openalex.org/W2397423248, https://openalex.org/W2005137712, https://openalex.org/W3105315351, https://openalex.org/W1569778844, https://openalex.org/W2963750162, https://openalex.org/W2561955909, https://openalex.org/W2024758283, https://openalex.org/W2741593962, https://openalex.org/W2788385473, https://openalex.org/W2888798936, https://openalex.org/W2604861932, https://openalex.org/W2915352631, https://openalex.org/W2911433949, https://openalex.org/W2612445135, https://openalex.org/W1577469378, https://openalex.org/W2085407655, https://openalex.org/W2616901112, https://openalex.org/W2962746093, https://openalex.org/W2955425717, https://openalex.org/W2963122961, https://openalex.org/W2956461999, https://openalex.org/W2807403537, https://openalex.org/W2117539524, https://openalex.org/W2131975293, https://openalex.org/W2122960384 |
| referenced_works_count | 28 |
| abstract_inverted_index.a | 3, 29, 62, 81 |
| abstract_inverted_index.We | 0, 54, 68 |
| abstract_inverted_index.as | 61 |
| abstract_inverted_index.in | 11, 19 |
| abstract_inverted_index.of | 75, 83 |
| abstract_inverted_index.on | 59, 80 |
| abstract_inverted_index.to | 23, 34, 49 |
| abstract_inverted_index.SGX | 21 |
| abstract_inverted_index.and | 40, 46, 65, 73 |
| abstract_inverted_index.for | 7 |
| abstract_inverted_index.key | 31 |
| abstract_inverted_index.the | 70 |
| abstract_inverted_index.S3ML | 14, 27, 57, 76 |
| abstract_inverted_index.have | 55 |
| abstract_inverted_index.load | 44 |
| abstract_inverted_index.runs | 15 |
| abstract_inverted_index.this | 12 |
| abstract_inverted_index.Intel | 20 |
| abstract_inverted_index.S3ML, | 2 |
| abstract_inverted_index.based | 58 |
| abstract_inverted_index.novel | 42 |
| abstract_inverted_index.models | 18 |
| abstract_inverted_index.paper. | 13 |
| abstract_inverted_index.secure | 4, 30 |
| abstract_inverted_index.series | 82 |
| abstract_inverted_index.server | 38 |
| abstract_inverted_index.system | 6, 71 |
| abstract_inverted_index.users' | 25, 51 |
| abstract_inverted_index.designs | 28 |
| abstract_inverted_index.machine | 8, 16 |
| abstract_inverted_index.methods | 48 |
| abstract_inverted_index.models. | 85 |
| abstract_inverted_index.present | 1 |
| abstract_inverted_index.protect | 24 |
| abstract_inverted_index.satisfy | 50 |
| abstract_inverted_index.scaling | 47 |
| abstract_inverted_index.service | 33 |
| abstract_inverted_index.serving | 5 |
| abstract_inverted_index.system. | 67 |
| abstract_inverted_index.through | 77 |
| abstract_inverted_index.clusters | 39 |
| abstract_inverted_index.enclaves | 22 |
| abstract_inverted_index.flexible | 36 |
| abstract_inverted_index.learning | 9, 17 |
| abstract_inverted_index.privacy. | 26 |
| abstract_inverted_index.proposes | 41 |
| abstract_inverted_index.scalable | 66 |
| abstract_inverted_index.SGX-aware | 43 |
| abstract_inverted_index.balancing | 45 |
| abstract_inverted_index.construct | 35 |
| abstract_inverted_index.extensive | 78 |
| abstract_inverted_index.inference | 10 |
| abstract_inverted_index.Kubernetes | 60 |
| abstract_inverted_index.management | 32 |
| abstract_inverted_index.Objectives. | 53 |
| abstract_inverted_index.demonstrate | 69 |
| abstract_inverted_index.experiments | 79 |
| abstract_inverted_index.implemented | 56 |
| abstract_inverted_index.performance | 72 |
| abstract_inverted_index.widely-used | 84 |
| abstract_inverted_index.Service-Level | 52 |
| abstract_inverted_index.effectiveness | 74 |
| abstract_inverted_index.low-overhead, | 63 |
| abstract_inverted_index.high-available, | 64 |
| abstract_inverted_index.privacy-preserving | 37 |
| cited_by_percentile_year | |
| countries_distinct_count | 0 |
| institutions_distinct_count | 9 |
| citation_normalized_percentile |