Search

CN-114764501-B - Data processing method, device and system

CN114764501BCN 114764501 BCN114764501 BCN 114764501BCN-114764501-B

Abstract

The invention discloses a data processing method, a device and a system. The method comprises the steps of splitting a preset data processing module from a machine learning model to generate a safety application module, wherein the safety application module is used for conducting encryption calculation on data input into the machine learning model, taking an output value of an operation layer in the split machine learning model as an input value of the input safety application module through a preset operator, inputting the input value into the safety application module, conducting sub-graph calculation in an isolated operation environment according to the input value through the safety application module to obtain a calculation result, and returning the calculation result to the preset operator. The invention solves the technical problem of pressure difference operation of the TEE model caused by the fact that different reasoning frames are required to be adapted according to different customer demands in the TEE model in the related art.

Inventors

  • WU CAIDI
  • Wei Lufei
  • CHENG LIANG

Assignees

  • 阿里巴巴集团控股有限公司

Dates

Publication Date
20260512
Application Date
20210115

Claims (13)

  1. 1. A data processing method, comprising: Splitting a preset data processing module from a machine learning model to generate a security application module, wherein the preset data processing module is used for representing a part used for calculating secret or sensitivity in the machine learning model, and the security application module is used for carrying out encryption calculation on data input into the machine learning model; the split output value of the operation layer in the machine learning model is used as an input value for inputting the safety application module through a preset operator, and the input value is input to the safety application module, wherein the preset operator is used for representing a custom operator configured in a rich execution environment; Carrying out sub-graph calculation in an isolated operation environment according to the input value by the security application module to obtain a calculation result; and returning the calculation result to the preset operator.
  2. 2. The method of claim 1, wherein the splitting the preset data processing module from the machine learning model, generating the secure application module comprises: splitting the preset data processing module from the machine learning model through a preset tool; and generating the security application module according to the preset data processing module.
  3. 3. The method of claim 2, wherein the generating the secure application module from the preset data processing module comprises: And optimizing and encrypting the preset data processing module through a heterogeneous acceleration variant to obtain the safety application module.
  4. 4. The method of claim 3, wherein the optimizing and encrypting the preset data processing module by the heterogeneous acceleration mutator to obtain the secure application module comprises: configuring a network structure in the machine learning model at a designated location of the secure application module; And encrypting the appointed position of the security application module to obtain the encrypted security application module.
  5. 5. The method of claim 1, wherein the inputting the split output value of the operation layer in the machine learning model as the input value of the security application module by the preset operator and inputting the input value to the security application module comprises: Under the condition that the operation layer comprises a first operation layer, obtaining an output value of the first operation layer in the split machine learning model through the preset operator; taking the output value as an input value for inputting the security application module; And inputting the input value to the security application module.
  6. 6. The method of claim 5, wherein the performing, by the secure application module, the sub-graph computation in the isolated computing environment according to the input value, the computation result comprising: detecting whether the split machine learning model has use authorization or not according to the input value; when the machine learning model after splitting is detected to have the use authorization or the machine learning model after splitting is detected to be not authorized, carrying out sub-graph calculation in an isolated operation environment according to the input value by the safety application module to obtain the calculation result; stopping calculation when the machine learning model after the splitting is detected to have no use authorization.
  7. 7. The method of claim 6, wherein the performing, by the secure application module, sub-graph calculations in an isolated computing environment according to the input values, the calculation results comprising: And distributing corresponding application program interfaces according to the input values, and performing sub-graph calculation in an isolated operation environment according to the input values to obtain the calculation result.
  8. 8. The method of claim 7, wherein the returning the calculation result to the preset operator comprises: And under the condition that the operation layers further comprise second operation layers, inputting the calculation result into the second operation layers in the machine learning model after splitting through the preset operator, wherein the first operation layers are positioned in front of the preset operator, and the second operation layers are positioned behind the preset operator.
  9. 9. A data processing method is applied to an artificial intelligent chip and comprises the following steps: The artificial intelligent chip splits a preset data processing module from a machine learning model to generate a safety application module, wherein the preset data processing module is used for representing a part used for calculating secret or sensitivity in the machine learning model; The artificial intelligent chip obtains an output value of an operation layer in the machine learning model after being split through a preset operator as an input value for inputting the safety application module, and inputs the input value to the safety application module, wherein the preset operator is used for representing a custom operator configured in a rich execution environment; And the artificial intelligent chip performs encryption calculation on the input value through the security application module to obtain a calculation result, and returns the calculation result to the preset operator.
  10. 10. A data processing system, comprising: a machine learning model, a preset tool, a first execution environment, and a second execution environment, wherein, The machine learning model comprises a preset data processing module, wherein the preset data processing module is obtained by splitting the machine learning model through the preset tool, the preset data processing module is configured in the first execution environment to generate a safety application module, and the split machine learning model is configured in the second execution environment, wherein the preset data processing module is used for representing a part used for calculating secret or sensitive in the machine learning model; the second execution environment is configured to collect data, take the collected data as an input value input into the security application module in the first execution environment, input the input value into the security application module through a preset operator, and receive a calculation result obtained by encrypting and calculating the input value by the security application module in the first execution environment through the preset operator, where the preset operator is used to represent a custom operator configured in the second execution environment.
  11. 11. A data processing apparatus comprising: The splitting module is used for splitting a preset data processing module from the machine learning model to generate a safety application module, wherein the preset data processing module is used for representing a part used for calculating secret or sensitivity in the machine learning model, and the safety application module is used for carrying out encryption calculation on data input into the machine learning model; The input module is used for taking the output value of the operation layer in the split machine learning model as the input value for inputting the safety application module through a preset operator and inputting the input value to the safety application module, wherein the preset operator is used for representing a custom operator configured in a rich execution environment; the acquisition module is used for carrying out sub-graph calculation in an isolated operation environment according to the input value through the safety application module to obtain a calculation result; And the interaction module is used for returning the calculation result to the preset operator.
  12. 12. A non-volatile storage medium, wherein the non-volatile storage medium comprises a stored program, wherein the program, when run, controls a device in which the non-volatile storage medium resides to perform the method of claim 1.
  13. 13. A processor, wherein the processor is configured to run a program, wherein the program when run performs the method of claim 1.

Description

Data processing method, device and system Technical Field The present invention relates to the field of internet technologies, and in particular, to a data processing method, device, and system. Background The trusted execution environment (Trusted Execution Environment, TEE for short), the trusted execution environment, and the independent operating system, through isolation of hardware, can ensure that sensitive data is stored, processed, and protected in an isolated, trusted environment, and is widely used for various security applications, such as payment, fingerprint, and digital rights protection (DIGITAL RIGHTS MANAGEMENT, DRM for short). Machine learning (ARTIFICIAL INTELLIGENCE, AI for short) is training with a large amount of data, and then using the result of learning to make decisions/predictions of subsequent data, and is widely used in various scenarios such as pattern recognition, computer vision, automatic driving, etc. With the wide application of AI, AI fields face more and more security problems, such as model stealing, misleading reasoning results, leakage of sensitive data, etc. In an actual AI application, in order to ensure security, for example, model security and privacy security, encryption, decryption and reasoning of a model are required to be completed in a trusted execution environment, and meanwhile, performance of running reasoning in a TEE and influence on an original application on a rich execution environment (Rich Execution Environment, referred to as a re) side are considered, wherein the re corresponds to the TEE. In the related technology, as different client requirements adopt different reasoning frameworks, the REE side acquires the requirements of different clients, and then different reasoning frameworks are adapted in the TEE, so that the development workload of the TEE is increased. Aiming at the problem that the operation pressure of the TEE model is high because different reasoning frames are needed to be adapted according to different client requirements in the TEE model in the related technology, no effective solution is proposed at present. Disclosure of Invention The embodiment of the invention provides a data processing method, a data processing device and a data processing system, which at least solve the technical problem that the TEE model calculates pressure difference because different reasoning frames are required to be adapted according to different client requirements in the TEE model in the related technology. According to one aspect of the embodiment of the invention, a data processing method is provided, which comprises the steps of splitting a preset data processing module from a machine learning model to generate a safety application module, wherein the safety application module is used for conducting encryption calculation on data input into the machine learning model, taking an output value of an operation layer in the split machine learning model as an input value of the input safety application module through a preset operator, inputting the input value into the safety application module, conducting sub-graph calculation in an isolated operation environment according to the input value through the safety application module to obtain a calculation result, and returning the calculation result to the preset operator. Optionally, the method comprises the steps of splitting a preset data processing module from the machine learning model, and generating the security application module comprises the steps of splitting the preset data processing module from the machine learning model through a preset tool, and generating the security application module according to the preset data processing module. Further, optionally, generating the security application module according to the preset data processing module includes optimizing and encrypting the preset data processing module through the heterogeneous acceleration mutator to obtain the security application module. Optionally, optimizing and encrypting the preset data processing module through the heterogeneous acceleration mutagen to obtain the security application module comprises configuring a network structure in the machine learning model at a designated position of the security application module, and encrypting the designated position of the security application module to obtain the encrypted security application module. Optionally, taking the output value of the operation layer in the split machine learning model as the input value of the security application module through a preset operator, and inputting the input value into the security application module comprises the steps of acquiring the output value of the first operation layer in the split machine learning model through the preset operator when the operation layer comprises the first operation layer, taking the output value as the input value of the security application module, and inputting the input value into the security applic