{"id":"https://openalex.org/W4416549511","doi":"https://doi.org/10.1145/3719027.3744798","title":"TensorShield: Safeguarding On-Device Inference by Shielding Critical DNN Tensors with TEE","display_name":"TensorShield: Safeguarding On-Device Inference by Shielding Critical DNN Tensors with TEE","publication_year":2025,"publication_date":"2025-11-19","ids":{"openalex":"https://openalex.org/W4416549511","doi":"https://doi.org/10.1145/3719027.3744798"},"language":null,"primary_location":{"id":"doi:10.1145/3719027.3744798","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3719027.3744798","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5076816136","display_name":"Tong Sun","orcid":"https://orcid.org/0009-0000-9398-6216"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Tong Sun","raw_affiliation_strings":["The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou, China"],"raw_orcid":"https://orcid.org/0009-0000-9398-6216","affiliations":[{"raw_affiliation_string":"The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103066543","display_name":"Bowen Jiang","orcid":"https://orcid.org/0009-0005-9528-9832"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Bowen Jiang","raw_affiliation_strings":["The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou, China"],"raw_orcid":"https://orcid.org/0009-0005-9528-9832","affiliations":[{"raw_affiliation_string":"The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5113330493","display_name":"Hailong Lin","orcid":"https://orcid.org/0009-0005-8358-3065"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Hailong Lin","raw_affiliation_strings":["The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou, China"],"raw_orcid":"https://orcid.org/0009-0005-8358-3065","affiliations":[{"raw_affiliation_string":"The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5017989132","display_name":"Borui Li","orcid":"https://orcid.org/0000-0001-5262-2483"},"institutions":[{"id":"https://openalex.org/I76569877","display_name":"Southeast University","ror":"https://ror.org/04ct4d772","country_code":"CN","type":"education","lineage":["https://openalex.org/I76569877"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Borui Li","raw_affiliation_strings":["School of Computer Science and Engineering, Southeast University, Nanjing, China"],"raw_orcid":"https://orcid.org/0000-0001-5262-2483","affiliations":[{"raw_affiliation_string":"School of Computer Science and Engineering, Southeast University, Nanjing, China","institution_ids":["https://openalex.org/I76569877"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101391852","display_name":"Yixiao Teng","orcid":"https://orcid.org/0009-0009-6671-6734"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yixiao Teng","raw_affiliation_strings":["The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou, China"],"raw_orcid":"https://orcid.org/0009-0009-6671-6734","affiliations":[{"raw_affiliation_string":"The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Yi Gao","orcid":"https://orcid.org/0000-0001-7897-5965"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yi Gao","raw_affiliation_strings":["The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0001-7897-5965","affiliations":[{"raw_affiliation_string":"The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5074340955","display_name":"Wei Dong","orcid":"https://orcid.org/0000-0003-0498-1494"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wei Dong","raw_affiliation_strings":["The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0003-0498-1494","affiliations":[{"raw_affiliation_string":"The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":5.2763,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.95720718,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"1008","last_page":"1022"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.8299999833106995,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.8299999833106995,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.0142000000923872,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.01360000018030405,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.8061000108718872},{"id":"https://openalex.org/keywords/inference-engine","display_name":"Inference engine","score":0.4921000003814697},{"id":"https://openalex.org/keywords/safeguard","display_name":"Safeguard","score":0.4471000134944916},{"id":"https://openalex.org/keywords/mobile-device","display_name":"Mobile device","score":0.43950000405311584},{"id":"https://openalex.org/keywords/computer-security-model","display_name":"Computer security model","score":0.4311999976634979},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.41100001335144043},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.4004000127315521},{"id":"https://openalex.org/keywords/safeguarding","display_name":"Safeguarding","score":0.39410001039505005}],"concepts":[{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.8061000108718872},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.690500020980835},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6406999826431274},{"id":"https://openalex.org/C46743427","wikidata":"https://www.wikidata.org/wiki/Q1341685","display_name":"Inference engine","level":3,"score":0.4921000003814697},{"id":"https://openalex.org/C2780771206","wikidata":"https://www.wikidata.org/wiki/Q3271761","display_name":"Safeguard","level":2,"score":0.4471000134944916},{"id":"https://openalex.org/C186967261","wikidata":"https://www.wikidata.org/wiki/Q5082128","display_name":"Mobile device","level":2,"score":0.43950000405311584},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.4311999976634979},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.41100001335144043},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.4004000127315521},{"id":"https://openalex.org/C2776743756","wikidata":"https://www.wikidata.org/wiki/Q5097921","display_name":"Safeguarding","level":2,"score":0.39410001039505005},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.3910999894142151},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.3465000092983246},{"id":"https://openalex.org/C129916263","wikidata":"https://www.wikidata.org/wiki/Q1141183","display_name":"Backward chaining","level":4,"score":0.3305000066757202},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.32749998569488525},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.31279999017715454},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.31119999289512634},{"id":"https://openalex.org/C10511746","wikidata":"https://www.wikidata.org/wiki/Q899388","display_name":"Data security","level":3,"score":0.30640000104904175},{"id":"https://openalex.org/C23224414","wikidata":"https://www.wikidata.org/wiki/Q176769","display_name":"Hidden Markov model","level":2,"score":0.2678000032901764},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.2653999924659729},{"id":"https://openalex.org/C28719098","wikidata":"https://www.wikidata.org/wiki/Q44946","display_name":"Point (geometry)","level":2,"score":0.2651999890804291},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.26089999079704285},{"id":"https://openalex.org/C2777472644","wikidata":"https://www.wikidata.org/wiki/Q16968992","display_name":"Approximate inference","level":3,"score":0.25850000977516174},{"id":"https://openalex.org/C2983583741","wikidata":"https://www.wikidata.org/wiki/Q16785388","display_name":"Third party","level":2,"score":0.2538999915122986},{"id":"https://openalex.org/C3746660","wikidata":"https://www.wikidata.org/wiki/Q1068763","display_name":"Rule of inference","level":2,"score":0.2522999942302704},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.2502000033855438}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3719027.3744798","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3719027.3744798","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":44,"referenced_works":["https://openalex.org/W2160301756","https://openalex.org/W2194775991","https://openalex.org/W2603766943","https://openalex.org/W2897268228","https://openalex.org/W2903650079","https://openalex.org/W2913096406","https://openalex.org/W2962858109","https://openalex.org/W2963163009","https://openalex.org/W2963303354","https://openalex.org/W2963378725","https://openalex.org/W2969695741","https://openalex.org/W2973232880","https://openalex.org/W2979832172","https://openalex.org/W2983140679","https://openalex.org/W2985527074","https://openalex.org/W2986666149","https://openalex.org/W3016075089","https://openalex.org/W3042794281","https://openalex.org/W3113709932","https://openalex.org/W3138815606","https://openalex.org/W3144271226","https://openalex.org/W3178659068","https://openalex.org/W3202467566","https://openalex.org/W3213975728","https://openalex.org/W4220890574","https://openalex.org/W4221155126","https://openalex.org/W4282970339","https://openalex.org/W4293024088","https://openalex.org/W4306178465","https://openalex.org/W4306178486","https://openalex.org/W4308641861","https://openalex.org/W4312809370","https://openalex.org/W4360898063","https://openalex.org/W4361986437","https://openalex.org/W4372260654","https://openalex.org/W4380925616","https://openalex.org/W4385679786","https://openalex.org/W4387212208","https://openalex.org/W4388858468","https://openalex.org/W4400277235","https://openalex.org/W4402264420","https://openalex.org/W4405182188","https://openalex.org/W4405183109","https://openalex.org/W4411337374"],"related_works":[],"abstract_inverted_index":{"To":[0,58],"safeguard":[1],"user":[2],"data":[3],"privacy,":[4],"on-device":[5],"inference":[6,37,55,96],"has":[7],"emerged":[8],"as":[9],"a":[10,25,29,73],"prominent":[11],"paradigm":[12,22],"on":[13,32],"mobile":[14],"and":[15,53],"Internet":[16],"of":[17],"Things":[18],"(IoT)":[19],"devices.":[20],"This":[21],"involves":[23],"deploying":[24],"model":[26,44,50,92],"provided":[27],"by":[28],"third":[30],"party":[31],"local":[33],"devices":[34],"to":[35,45,89],"perform":[36],"tasks.":[38],"However,":[39],"it":[40,87],"exposes":[41],"the":[42,79],"private":[43],"two":[46],"primary":[47],"security":[48,93],"threats:":[49],"stealing":[51],"(MS)":[52],"membership":[54],"attacks":[56],"(MIA).":[57],"mitigate":[59],"these":[60],"risks,":[61],"existing":[62],"wisdom":[63],"deploys":[64],"models":[65],"within":[66],"Trusted":[67],"Execution":[68],"Environments":[69],"(TEEs),":[70],"which":[71],"is":[72],"secure":[74,81],"isolated":[75],"execution":[76],"space.":[77],"Nonetheless,":[78],"constrained":[80],"memory":[82],"capacity":[83],"in":[84],"TEEs":[85],"makes":[86],"challenging":[88],"achieve":[90],"full":[91],"with":[94],"low":[95],"latency.":[97]},"counts_by_year":[{"year":2025,"cited_by_count":3}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-11-23T00:00:00"}