{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,8]],"date-time":"2026-04-08T08:54:02Z","timestamp":1775638442492,"version":"3.50.1"},"reference-count":24,"publisher":"Association for Computing Machinery (ACM)","issue":"9","license":[{"start":{"date-parts":[[2024,8,26]],"date-time":"2024-08-26T00:00:00Z","timestamp":1724630400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Commun. ACM"],"published-print":{"date-parts":[[2024,9]]},"abstract":"<jats:p>Federated learning and confidential computing are not competing technologies.<\/jats:p>","DOI":"10.1145\/3677390","type":"journal-article","created":{"date-parts":[[2024,8,15]],"date-time":"2024-08-15T12:40:31Z","timestamp":1723725631000},"page":"48-53","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Trustworthy AI Using Confidential Federated Learning"],"prefix":"10.1145","volume":"67","author":[{"given":"Jinnan","family":"Guo","sequence":"first","affiliation":[{"name":"Imperial College London, London, England, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6963-5640","authenticated-orcid":false,"given":"Peter","family":"Pietzuch","sequence":"additional","affiliation":[{"name":"Imperial College London, London, England, United Kingdom"}]},{"given":"Andrew","family":"Paverd","sequence":"additional","affiliation":[{"name":"Microsoft Security Response Center, Cambridge, England, USA"}]},{"given":"Kapil","family":"Vaswani","sequence":"additional","affiliation":[{"name":"Azure Research, Cambridge, England, USA"}]}],"member":"320","published-online":{"date-parts":[[2024,8,26]]},"reference":[{"key":"e_1_3_1_2_2","unstructured":"AMD. AMD SEV-SNP: Strengthening VM isolation with integrity protection and more. White Paper (2020); https:\/\/bit.ly\/3zE4vec."},{"key":"e_1_3_1_3_2","unstructured":"Anati I. Gueron S. Johnson S. and Scarlata V. Innovative technology for CPU based attestation and sealing. In Proceedings of the 2nd Intern. Workshop on Hardware and Architectural Support for Security and Privacy (2013); https:\/\/intel.ly\/3S1kpFC."},{"key":"e_1_3_1_4_2","unstructured":"Brasser F. et al. Trusted container extensions for container-based confidential computing. arXiv (2022): https:\/\/arxiv.org\/abs\/2205.05747."},{"key":"e_1_3_1_5_2","unstructured":"Cheng P.-C. et al. Intel TDX demystified: A top-down approach. arXiv (2023); https:\/\/arxiv.org\/abs\/2303.15540."},{"key":"e_1_3_1_6_2","unstructured":"Costan V. and Devadas S.. Intel SGX explained (2016); https:\/\/eprint.iacr.org\/2016\/086."},{"key":"e_1_3_1_7_2","doi-asserted-by":"publisher","DOI":"10.1145\/3623393.3623391"},{"key":"e_1_3_1_8_2","doi-asserted-by":"publisher","DOI":"10.1561\/0400000042"},{"key":"e_1_3_1_9_2","first-page":"1623","article-title":"Local model poisoning attacks to Byzantine-robust federated learning","volume":"92","author":"Fang M.","year":"2020","unstructured":"Fang, M., Cao, X., Jia, J., and Gong, N. Local model poisoning attacks to Byzantine-robust federated learning. In Proceedings of the 29th Usenix Security Symp., article 92 (2020), 1623\u20131640; https:\/\/bit.ly\/4f2t84z.","journal-title":"Proceedings of the 29th Usenix Security Symp."},{"key":"e_1_3_1_10_2","unstructured":"Hande K. Announcing Azure confidential VMs with NVIDIA H100 Tensor Core GPUs in preview. Azure Confidential Computing Blog (Nov. 15 2023); https:\/\/bit.ly\/3VXtnFf"},{"key":"e_1_3_1_11_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSEC.2020.3039941"},{"key":"e_1_3_1_12_2","unstructured":"Johnson M.A. et al. COCOAEXPO: Confidential containers via attested execution policies. arXiv (2023); https:\/\/arxiv.org\/abs\/2302.03976."},{"key":"e_1_3_1_13_2","doi-asserted-by":"crossref","unstructured":"Kocher P. et al. Spectre attacks: exploiting speculative execution. In Proceedings of the 40th IEEE Symp. on Security and Privacy (2019) 1\u201319; https:\/\/ieeexplore.ieee.org\/document\/8835233.","DOI":"10.1109\/SP.2019.00002"},{"key":"e_1_3_1_14_2","doi-asserted-by":"publisher","unstructured":"Krasanakis E. Spyromitros-Xioufis E. Papadopoulos S. and Kompatsiaris Y. Adaptive sensitive reweighting to mitigate bias in fairness-aware classification. In Proceedings of the 2018 World Wide Web Conf. 853\u2013862; 10.1145\/3178876.3186133.","DOI":"10.1145\/3178876.3186133"},{"key":"e_1_3_1_15_2","unstructured":"Li M. et al. CIPHERLEAKS: breaking constant-time cryptography on AMD SEV via the ciphertext side channel. In Proceedings of the 30th Usenix Security Symp. (2021) 717\u2013732."},{"key":"e_1_3_1_16_2","unstructured":"Li X. et al. Design and verification of the Arm confidential compute architecture. In Proceedings of the 16th Usenix Symp. on Operating Systems Design and Implementation (2022); https:\/\/bit.ly\/3zGvpSH"},{"key":"e_1_3_1_17_2","unstructured":"Lipp M. et al. Meltdown: reading kernel memory from user space. In Proceedings of the 27th Usenix Security Symp.; https:\/\/bit.ly\/45YQzr6."},{"key":"e_1_3_1_18_2","unstructured":"McMahan B. et al. Communication-efficient learning of deep networks from decentralized data. In Proceedings of the 20th Intern. Conf. on Artificial Intelligence and Statistics (2017) 1273\u20131282; https:\/\/bit.ly\/3XUaHZD"},{"key":"e_1_3_1_19_2","doi-asserted-by":"publisher","DOI":"10.1145\/3529706.3529715"},{"key":"e_1_3_1_20_2","unstructured":"Quoc D.L. and Fetzer C. SecFL: confidential federated learning using TEEs. arXiv 2110.00981 (2021); https:\/\/arxiv.org\/abs\/2110.00981."},{"key":"e_1_3_1_21_2","unstructured":"Roth H.R. et al. NVIDIA Flare: federated learning from simulation to real-world. arXiv (2022); https:\/\/arxiv.org\/abs\/2210.13291."},{"key":"e_1_3_1_22_2","doi-asserted-by":"publisher","DOI":"10.1145\/3453930"},{"key":"e_1_3_1_23_2","doi-asserted-by":"crossref","unstructured":"Tolpegin V. Truex S. Gursoy M.E. and Liu L. Data poisoning attacks against federated learning systems. In Proceedings of the 25th European Symp. on Research in Computer Security Part I 25 (2020) 480\u2013501; https:\/\/bit.ly\/3WgHaIq.","DOI":"10.1007\/978-3-030-58951-6_24"},{"key":"e_1_3_1_24_2","unstructured":"Van Bulck J. et al Foreshadow: extracting the keys to the Intel SGX kingdom with transient out-of-order execution. In Proceedings of the 27th Usenix Security Symp. (2018); https:\/\/bit.ly\/3LlwdPu"},{"key":"e_1_3_1_25_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2020.2988575"}],"container-title":["Communications of the ACM"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3677390","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3677390","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:19:07Z","timestamp":1750295947000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3677390"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,8,26]]},"references-count":24,"journal-issue":{"issue":"9","published-print":{"date-parts":[[2024,9]]}},"alternative-id":["10.1145\/3677390"],"URL":"https:\/\/doi.org\/10.1145\/3677390","relation":{},"ISSN":["0001-0782","1557-7317"],"issn-type":[{"value":"0001-0782","type":"print"},{"value":"1557-7317","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,8,26]]},"assertion":[{"value":"2024-08-26","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}