The AI Vault project designs and develops new trusted execution environments (TEEs) tailored to run artificial intelligence (AI) and machine learning (ML) programs on modern AI platforms (e.g., cloud and embedded devices) while providing strong data confidentiality and high efficiency.

TEE technologies, such as Intel SGX and ARM TrustZone, provide strong security guarantees against powerful attacks. However, due to the data-intensive nature of AI/ML programs and the limitations of TEEs, it is challenging to protect them using TEE technologies without significantly sacrificing security and/or performance. The goal of this project is to overcome these challenges to practically enable confidential AI and ML execution on AI platforms in production.

Recent News

• Sep. 11, 2025: DLS code is publicly available
• Aug. 14, 2025: DLS paper is accepted to NDSS 2026
• Jap. 23, 2024: T-Slices code is publicly available
• Dec. 7, 2023: GEVisor code is publicly available (at Purdue Security Lab)
• Sep. 19, 2023: GEVisor paper is accepted to SOCC 2023
• Dec. 17, 2022: T-Slices paper is accepted to CODASPY 2023
• Oct. 21, 2020: Vessels conference talk at SOCC 2020
• Aug. 8, 2020: Vessels paper is accepted to SOCC 2020

Available Work

• DLS: an attack framework to extract DNN architectures from enclaves with single-stepping attacks (paper, code)
• GEVisor: a small hypervisor to build a trusted GPU execution environment (paper, code)
• T-Slices: trusted deep learning prediction with ARM TrustZone (paper, code)
• Vessels: a deep learning framework for confidential prediction using Intel SGX (paper)

Acknowledgments

This project is supported in part by the Texas A&M Engineering Experiment Station on behalf of its SecureAmerica Institute.