MesaTEE Powers the Future Trusted and Secure AI Applications

Cybersecurity needs have been continuously advancing as the frontline battles intensify. Last year, we witnessed more than 6,500 data breaches involving 5 billion leaked privacy records around the world*. Since attackers could potentially crash an autonomous vehicle or bypass a face recognition lock once they know the AI model details behind it, there is a need to not only carefully protect the data but also the AI models themselves. MesaTEE makes an improved secure AI computing framework possible by combining Baidu’s advanced Hybrid Memory Safety (HMS) model with Intel® Software Guard Extensions (Intel® SGX).

Baidu announced a preview of its coming Intel SGX-enabled MesaTEE release that will deliver new artificial intelligence algorithm protections for cloud and edge compute devices. Helping prevent attackers from spoofing artificial intelligence is fundamental to market adoption and public safety. During the RSA Conference, Baidu and Intel are collaborating to demonstrate MesaTEE’s strong protections over private data and AI models even in hostile environments like public clouds and blockchains.

A normal object recognizer (e.g., detecting a cat from an image) will be shown in the demo. This kind of neural network application is widely used in many scenarios such as autonomous driving, security, and health care. At the start of the demo, all of the target’s secrets can be stolen by the attacker. After obtaining the AI model, the attacker is able to further generate adversarial inputs to fool the object recognizer (e.g., generating a cat image detected as a dog by the victim AI application).

However, if we perform the same attack with the AI application executed inside MesaTEE, the attacker fails to get through. By leveraging the hardware-assisted Trusted Execution Environment (TEE) enabled by Intel SGX, MesaTEE effectively helps protect private data and AI models against even the most privileged attackers from the kernel and hypervisor. Unlike other heavy security solutions, MesaTEE does not incur significant performance or functionality degradation. It also allows users to remotely attest and measure the environment, ensuring that the execution runs as designed. More importantly, MesaTEE is equipped with Hybrid Memory Safety (HMS), making it capable of fending off most exploits.

MesaTEE provides many other unique advantages to future AI applications. It allows users to establish more secure, end-to-end channels between clients and clouds, or even across clouds. It supports both training and inference of common AI computations (e.g., convolutional neural networks). MesaTEE’s superior security properties, together with its full-fledged functionalities and extraordinary computing performance, turn trusted and secure AI applications into reality.

Below is the demo video: