INVITED: AI Utopia or Dystopia - On Securing AI Platforms

Today we are witnessing the widespread deployment of AI algorithms on many computing platforms already to provide various services, thus driving the growing market for AI-based platforms. On the one end, AI support is demanded for resource-constrained embedded devices, e.g., integrated into smart homes and vehicles. On the other end, hi-tech giants and cloud services require AI platforms with increasing computational power to feed their data-hungry neural networks. Neglecting security and privacy aspects on both such low-end and high-end AI platforms can have devastating consequences for end users (privacy and safety) as well as for the AI service providers (IP theft). The utopia of a world where intelligent devices ease the human life can easily turn into a dystopia where the ownership of personal data is threatened.In recent years, tremendous effort has been invested in the development of security architectures that protect sensitive services in isolated execution contexts, called enclaves, which provide protection beyond that of commodity operating systems. In this paper, we elaborate on the most well-known enclave-based security architectures to protect AI services. We point out their shortcomings in providing the security guarantees needed for existing and emerging AI services and discuss new ideas and research directions.