Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix some grammar issues in the description #2

Merged
merged 1 commit into from
Jul 12, 2024
Merged

Fix some grammar issues in the description #2

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 9 additions & 9 deletions community/rfcs/24-07-05-Confidential Model Loader.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ Under Review
# Objective

This RFC aims to introduce the design of "confidential model loader" addressing challenges of the integrity and confidentiality
protection with no/low code for GenAI microservice. It is not only designed to prevent the model's theft and poisoning in
development-time and runtime, but also can prevent disclosure of the sensitive enterprise knowledge fused in fine-tuned
protection with no/low code for GenAI microservice. It is designed not only to prevent the model's theft and poisoning in
development-time and runtime, but also to prevent disclosure of the sensitive enterprise knowledge fused in fine-tuned
model.

# Motivation
Expand All @@ -28,22 +28,22 @@ The overall designs are as follows:

The workflows is as follow:

- Model-in-store phase: Model need to encrypted for the threat of model theft via the following steps:
- Model-in-store phase: Models need to be encrypted to protect against the threat of model theft via the following steps:

In a trusted environment (may be enhanced by confidential TEE or TPM):
In a trusted execution environment (may be enhanced by confidential TEE or TPM):

1. Creates a model key with a key transfer policy, register model key to Key Broker Server/Key Management Server.
2. Encrypts the model via model key.
1. Create a model key with a key transfer policy, register model key to Key Broker Server/Key Management Server.
2. Encrypt the model via model key.
3. Publish the encrypted model into model registry.

- Model-in-use phase: the GenAI microservice need run within a TEE environment, the "confidential model loader"
is designed as initContainer to decrypt the model via the following steps:

1. Calculate the evidence of runtime measurement at Node/Container level and launch time measurement from configFS or vTPM.
1. Calculate the evidence of both launch time and runtime measurement at Node/Container level from configFS or vTPM.
2. Get model key via attestation service based on the evidences.
3. Decrypt the model and put into RAM disk or the data disk with "Full Disk Encryption".
3. Decrypt the model and put it into RAM disk or the data disk with "Full Disk Encryption".

With this design, the existing GenAI microservices themselves do not need to change the code, thereby reducing the complexity
With this design, the existing GenAI microservices do not need to change their code, thereby reducing the complexity
of protecting the model through confidential computing technology.

# Alternatives Considered
Expand Down