Search

US-12621142-B2 - System and method for privately hosting machine learning models and collaborative computations

US12621142B2US 12621142 B2US12621142 B2US 12621142B2US-12621142-B2

Abstract

Systems and methods are disclosed for offering a secure model as a service. A system can be configured to implement, via a trusted execution environment comprising an enclave virtual machine and a customer key host, a distributed privacy policy in which a master decryption key is split-shared between the trusted execution environment the customer key host; perform a decryption of the master decryption key according to the distributed privacy policy to obtain a decrypted master key; and, based on the decrypted master key, perform, in the trusted execution environment, a private collaborative computation using one or more of customer data and a customer model. Secure multiparty computation can be used to perform the decryption of the master decryption key.

Inventors

  • Andrew Rademacher
  • Gharib GHARIBI
  • Craig Gentry
  • Riddhiman Das

Assignees

  • IDEEM, INC.

Dates

Publication Date
20260505
Application Date
20240927

Claims (20)

  1. 1 . A method of managing an artificial intelligence model lifecycle, the method comprising: initializing, by a service provider and in a secure virtual machine compute enclave, a model host from an image that has secure software preinstalled and configured to start on boot; connecting the model host to block storage volumes that are mounted with an encrypted file system; providing a key host to the secure virtual machine compute enclave, the key host providing an implementation of a component that ensures that encryption and decryption operations require participation both by a first party and a second party; providing a customer key host to a customer computer system; running, by the encrypted file system, a hardware attestation report comprising a cryptographically signed statement validating that the model host is running on a genuine processor manufactured by an enclave manufacturer with a secure compute element enabled and that guest measurements were taken of the secure virtual machine compute enclave to obtain a report; transmitting, from the encrypted file system and to the key host, the report to signal that participation in decryption of the encrypted file system used by the model host is safe; and initiating a trusted execution environment on the secure virtual machine compute enclave by implementing distributed access policy enforcement between the first party and the second party, for data access or computation authorization in which both the first party and the second party exchange data to unlock a master decryption key.
  2. 2 . The method of claim 1 , wherein the image only comprises the secure software for networking and has all other networking software removed including an open secure shell server.
  3. 3 . The method of claim 1 , wherein the image comprises the guest measurements as defined by a hardware secure compute element.
  4. 4 . The method of claim 1 , wherein the secure software comprises a white list of allowable operations.
  5. 5 . The method of claim 1 , wherein the model host is configured to run machine learning models on behalf of one of the first party or the second party.
  6. 6 . The method of claim 1 , wherein the distributed access policy enforcement between the first party and the second party comprises using secure multiparty computations between the first party and the second party exchange data to unlock the master decryption key.
  7. 7 . The method of claim 6 , wherein the secure multiparty computations cause the first party having data X 1 and the second party having data X 2 to learn a computing result C(X 1 , X 2 ) without the first party revealing X 1 to the second party or the second party revealing X 2 to the first party.
  8. 8 . The method of claim 6 , wherein X 1 and X 2 represent respective outputs from respective encryption algorithms operated by the first party or the second party.
  9. 9 . A system for managing an artificial intelligence model lifecycle, the system comprising: at least one memory; and at least one processor coupled to the at least one memory and configured to: initialize, by a service provider and in a secure virtual machine compute enclave, a model host from an image that has secure software preinstalled and configured to start on boot; connect the model host to block storage volumes that are mounted with an encrypted file system; provide a key host to the secure virtual machine compute enclave, the key host providing an implementation of a component that ensures that encryption and decryption operations require participation both by a first party and a second party; provide a customer key host to a customer computer system; run, by the encrypted file system, a hardware attestation report comprising a cryptographically signed statement validating that the model host is running on a genuine processor manufactured by an enclave manufacturer with a secure compute element enabled and that guest measurements were taken of the secure virtual machine compute enclave to obtain a report; transmit, from the encrypted file system and to the key host, the report to signal that participation in decryption of the encrypted file system used by the model host is safe; and initiate a trusted execution environment on the secure virtual machine compute enclave by implementing distributed access policy enforcement between the first party and the second party, for data access or computation authorization in which both the first party and the second party exchange data to unlock a master decryption key.
  10. 10 . The system of claim 9 , wherein the image only comprises the secure software for networking and has all other networking software removed including an open secure shell server.
  11. 11 . The system of claim 9 , wherein the image comprises the guest measurements as defined by a hardware secure compute element.
  12. 12 . The system of claim 9 , wherein the secure software comprises a white list of allowable operations.
  13. 13 . The system of claim 9 , wherein the model host is configured to run machine learning models on behalf of one of the first party or the second party.
  14. 14 . The system of claim 9 , wherein the distributed access policy enforcement between the first party and the second party comprises using secure multiparty computations between the first party and the second party exchange data to unlock the master decryption key.
  15. 15 . The system of claim 14 , wherein the secure multiparty computations cause the first party having data X 1 and the second party having data X 2 to learn a computing result C(X 1 , X 2 ) without the first party revealing X 1 to the second party or the second party revealing X 2 to the first party.
  16. 16 . The system of claim 14 , wherein X 1 and X 2 represent respective outputs from respective encryption algorithms operated by the first party or the second party.
  17. 17 . A non-transitory computer-readable medium having stored thereon instructions that, when executed by one or more processors, cause the one or more processors to: initialize, by a service provider and in a secure virtual machine compute enclave, a model host from an image that has secure software preinstalled and configured to start on boot; connect the model host to block storage volumes that are mounted with an encrypted file system; provide a key host to the secure virtual machine compute enclave, the key host providing an implementation of a component that ensures that encryption and decryption operations require participation both by a first party and a second party; provide a customer key host to a customer computer system; run, by the encrypted file system, a hardware attestation report comprising a cryptographically signed statement validating that the model host is running on a genuine processor manufactured by an enclave manufacturer with a secure compute element enabled and that guest measurements were taken of the secure virtual machine compute enclave to obtain a report; transmit, from the encrypted file system and to the key host, the report to signal that participation in decryption of the encrypted file system used by the model host is safe; and initiate a trusted execution environment on the secure virtual machine compute enclave by implementing distributed access policy enforcement between the first party and the second party, for data access or computation authorization in which both the first party and the second party exchange data to unlock a master decryption key.
  18. 18 . The non-transitory computer-readable medium of claim 17 , wherein the distributed access policy enforcement between the first party and the second party comprises using secure multiparty computations between the first party and the second party exchange data to unlock the master decryption key.
  19. 19 . The non-transitory computer-readable medium of claim 18 , wherein the secure multiparty computations cause the first party having data X 1 and the second party having data X 2 to learn a computing result C(X 1 , X 2 ) without the first party revealing X 1 to the second party or the second party revealing X 2 to the first party.
  20. 20 . The non-transitory computer-readable medium of claim 18 , wherein X 1 and X 2 represent respective outputs from respective encryption algorithms operated by the first party or the second party.

Description

PRIORITY CLAIM The present application claims priority to U.S. Provisional Patent Application No. 63/540,787, filed on Sep. 27, 2023, the contents of which are incorporated herein by reference. TECHNICAL FIELD The present disclosure relates to privately hosting machine learning models and the use of secure collaborative computations to provide a “secure model as a service”. BACKGROUND Many enterprises are not sufficiently technically sophisticated to manage their own machine learning models and thus they desire to outsource the task. This can lead to issues with hacking or loss of privacy with respect to their machine learning models. The surprising pace of advancement in the development of large language models (LLMs) and, more generally, Generative artificial intelligence (GenAI), have led many industries to consider how they ought to adapt and adopt these new technologies. It is clear that AI will play many new roles, across multiple industries, but the specifics are still being determined in real time. While many are rushing to gain a competitive edge, others are waiting to see what happens. A large and immediate concern for those still on the sidelines is privacy. Many companies are hesitant to send sensitive, even proprietary data and prompts to large providers like OpenAI or Microsoft. Such concerns can be addressed by leveraging open-sourced LLMs and hosting them on premise. There are multiple open-source foundation models available, such as Llama 2 by Meta AI. However, many companies do not have the required expertise to locally fine-tune and host their own models, build front-ends for their users, employ semantic search to reduce hallucinations, or to address any other number of technical challenges and privacy concerns that arise when deploying GenAI solutions in an enterprise environment. BRIEF SUMMARY Disclose is a system and method for providing one or more of a secure approach to hosting machine learning models and a secure collaborative computation strategy. The disclosed approach enables an ability to offer “secure models as a service” to parties which can simply the management of models for companies without an enterprise needing to trust a service provider. The present disclosed approach relates to a system and method for securely hosting computations and/or securing collaborative computations inside a trusted execution environment (TEE), such as a secure enclave or trusted domain like AMD SEV-SNP or Intel TDX. As a motivating use case, many enterprises are not technically sophisticated to manage their own machine learning models, and would like to outsource that task. In private collaborative computations, several parties have inputs to a computation. For example, one party may have a private machine learning model (e.g., large language models (LLM)) and the other party a private input for the model. All parties want to keep their inputs private despite performing the computation using either other's data or model. TEEs are typically implemented as isolated regions of memory within a computer system that allow code to run while protected from external threats, including untrusted host platforms. However, current TEEs are not well-equipped to deal with a setting where mutually untrusting parties wish to co-manage a TEE or use a TEE to perform a collaborative computation. TEEs are designed to protect a guest computation from the host machine. In practice, this is used to protect the owner of a virtual machine from the owner of a physical machine. It cannot protect the virtual machine from itself, which in turn means that it cannot protect co-owners of the same virtual machine from each other. This disclosure introduces a system and method for using a TEE in combination with cryptographic techniques to securely distribute TEE management across several parties, and thereby allow secure outsourcing of model management and private collaborative computations. In one example, secure multi-party computation can be used to enable decryption of a master key to enable the parties to co-manage the TEE. In some aspects, the techniques described herein relate to a method of managing an artificial intelligence model lifecycle, the method including: initializing, by a service provider and in a secure virtual machine compute enclave, a model host from an image that has secure software preinstalled and configured to start on boot; connecting the model host to block storage volumes that are mounted with an encrypted file system; providing a key host to the secure virtual machine compute enclave, the key host providing an implementation of a component that ensures that encryption and decryption operations require participation both by a first party and a second party; providing a customer key host to a customer computer system; running, by the encrypted file system, a hardware attestation report including a cryptographically signed statement validating that the model host is running on a genuine processor ma