The rise in IoT-driven distributed data analytics, coupled with increasing privacy concerns, has led to a demand for effective privacy-preserving and federated data collection/model training mechanisms. In response, approaches such as Federated Learning (FL) and Local Differential Privacy (LDP) have been proposed and attracted much attention over the past few years. However, they still share the common limitation of being vulnerable to poisoning attacks wherein adversaries compromising edge devices feed forged (a.k.a. poisoned) data to aggregation back-ends, undermining the integrity of FL/LDP results. In this work, we propose a system-level approach to remedy this issue based on a novel security notion of Proofs of Stateful Execution (PoSX) for IoT/embedded devices' software. To realize the PoSX concept, we design SLAPP: a System-Level Approach for Poisoning Prevention. SLAPP leverages commodity security features of embedded devices - in particular ARM TrustZoneM security extensions - to verifiably bind raw sensed data to their correct usage as part of FL/LDP edge device routines. As a consequence, it offers robust security guarantees against poisoning. Our evaluation, based on real-world prototypes featuring multiple cryptographic primitives and data collection schemes, showcases SLAPP's security and low overhead.

翻译：物联网驱动的分布式数据分析的兴起，伴随着日益增长的隐私关切，催生了对高效隐私保护与联邦数据收集/模型训练机制的需求。为此，联邦学习（FL）与本地差分隐私（LDP）等方法被提出，并在过去几年中备受关注。然而，它们仍存在一个共同的局限：易受中毒攻击的威胁。在这种攻击中，攻击者通过入侵边缘设备，向聚合后端提供伪造（即中毒）数据，从而破坏FL/LDP结果的完整性。在本工作中，我们提出一种系统级方法来解决这一问题，该方法基于一种新颖的安全概念——物联网/嵌入式设备软件的状态执行证明（PoSX）。为实现PoSX概念，我们设计了SLAPP：一种系统级的中毒攻击防御方法。SLAPP利用嵌入式设备的通用安全特性——特别是ARM TrustZone-M安全扩展——以可验证的方式将原始感知数据与其在FL/LDP边缘设备例程中的正确使用绑定起来。因此，它能够提供针对中毒攻击的强健安全保证。基于包含多种密码学原语和数据收集方案的真实原型评估，展示了SLAPP的安全性与低开销特性。