Combining Federated Learning (FL) with a Trusted Execution Environment (TEE) is a promising approach for realizing privacy-preserving FL, which has garnered significant academic attention in recent years. Implementing the TEE on the server side enables each round of FL to proceed without exposing the client's gradient information to untrusted servers. This addresses usability gaps in existing secure aggregation schemes as well as utility gaps in differentially private FL. However, to address the issue using a TEE, the vulnerabilities of server-side TEEs need to be considered -- this has not been sufficiently investigated in the context of FL. The main technical contribution of this study is the analysis of the vulnerabilities of TEE in FL and the defense. First, we theoretically analyze the leakage of memory access patterns, revealing the risk of sparsified gradients, which are commonly used in FL to enhance communication efficiency and model accuracy. Second, we devise an inference attack to link memory access patterns to sensitive information in the training dataset. Finally, we propose an oblivious yet efficient aggregation algorithm to prevent memory access pattern leakage. Our experiments on real-world data demonstrate that the proposed method functions efficiently in practical scales.

翻译：将联邦学习（FL）与可信执行环境（TEE）相结合，是实现隐私保护FL的一种有前景的方法，近年来在学术界引起了广泛关注。在服务端部署TEE，使得每一轮FL都可以在不向不可信服务器暴露客户端梯度信息的情况下进行，从而解决了现有安全聚合方案中的可用性缺陷以及差分隐私FL中的效用性问题。然而，在使用TEE解决该问题时，需要考量服务端TEE的脆弱性——这在FL背景下尚未得到充分研究。本研究的主要技术贡献在于分析了TEE在FL中的脆弱性，并提出了相应的防御措施。首先，我们从理论上分析了内存访问模式的泄漏问题，揭示了稀疏化梯度（常用于FL以提升通信效率与模型精度）存在的风险。其次，我们设计了一种推断攻击，将内存访问模式与训练数据集中的敏感信息相关联。最后，我们提出了一种 oblivious 且高效的聚合算法，以防止内存访问模式泄漏。在实际数据上的实验表明，所提方法能够在实际应用规模下高效运行。