By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Secure source code/data in client AWS accounts

0

Hi Team,

We have below requirement appreciate if you could recommend the best approach for the below problem. We have multiple (minimum two) AWS accounts, 1 for each client and one as a service/data provider common for all clients. We have a ML model(That we run on client accounts), and we do not want to expose weight parameters+ml architecture+source code to the client. The most voted approach is to provide an encrypted model to the client, decrypt the model when executing at the client side, use an encryption key is stored in the common account and control access to the key based on IAM and obfuscate the source code.

We have below questions: Can someone sniff packets pass through AWS network get access to the encryption key? When the model is loaded into the RAM can we prevent client from accessing kernal resources of the code running(Eg: EC2 instance)?

Note: We do not want to expose trade secrets and clients do no intend to share client data outside its trusted network, hence multiple accounts.

Any input on this is highly appreciated.

Thanks in advance, Imaran

Topics
Security, Identity, & ComplianceManagement & Governance
Tags
Security, Identity, & ComplianceAWS Account Management
Language
English
Imaran
asked a year ago229 views
2 Answers
1

Hello Imaran,

I would caution you to really think through this model.

The entire ability for you to protect your IP is based on the ability to obfuscate the source and protect your model. However both of these are going to reside in your clients account, and based on the description above, the model will likely be decrypted in memory of a host somewhere to run.

The real way to architect this, would be to run the software and model in your AWS account and provide an API that your customers can use to interact with the model that you host. You can even use services like PrivateLink to ensure that the customer access to the API is completely private and secure.

Please let me know if I can answer any more questions. Best Craig

profile pictureAWS
Craig Simon
answered a year ago
  • Imaran
    a year ago

    Hi Craig, Thank you very much for your feedback, we have few questions regarding the approach you suggested. Clients we are dealing with do not wish to share their data. If we expose functionalities as API endpoints, they have to send the data for processing. The approach you suggested breaks this requirement in my opinion, please correct me if I'm wrong? That is the only reason why we decided to run our code in client side. Is there any better way to achieve this in AWS?

    We found this article, however; we tried to architect the system in FHE (Fully Homomorphic Encryption) manner but the approach is not yet fully developed and current FHE libraries do not support even most popular AI models, yet alone our own models. https://aws.amazon.com/blogs/machine-learning/enable-fully-homomorphic-encryption-with-amazon-sagemaker-endpoints-for-secure-real-time-inferencing/

0

Hi Imaran,

Might this, solve your problems? https://aws.amazon.com/clean-rooms/features/

Best Craig

profile pictureAWS
Craig Simon
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content