Trusted-DNN: A TrustZone-based Adaptive Isolation Strategy for Deep Neural Networks

Deep neural network (DNN) models have been widely deployed on embedded and mobile devices in lots of application fields such as health care, face recognition, driver assistance, etc. These applications usually require privacy or trusted computing protection. However, diverse hardware resources, various transport protocols, and limited computation and storage capacity make it challenging for traditional embedded systems to provide complex security protection mechanism oriented DNN models. To meet the challenges, we propose Trusted-DNN, a TrustZone-based adaptive isolation strategy for DNN models. We first design a normal pattern to exploit TrustZone technology to provide overall protection for running DNNs. To deploy arbitrary DNN models into TrustZone, we then develop a dynamic model partition method, which makes our strategy easily adaptive to various DNN models and devices. Finally, we employ several optimization techniques to reduce the inference latency of Trusted-DNN models. We perform AlexNet on OP-TEE, which is a TrustZone-based secure operating system, based on a Raspberry Pi 3B+ board. The extensive experimental results highlight that the optimized Trusted-DNN can reduce memory footprint by up to 98% compared with the ordinary program and Trusted-DNN only increase inference latency by 22.8%. Our code is available at https://gitee.com/PaintZero/alexnet-tee.