Graph in the Vault: Protecting Edge GNN Inference with Trusted Execution Environment

Wide deployment of machine learning models on edge devices has rendered the model intellectual property (IP) and data privacy vulnerable. We propose GNNVault, the first secure Graph Neural Network (GNN) deployment strategy based on Trusted Execution Environment (TEE). GNNVault follows the design of 'partition-before-training' and includes a private GNN rectifier to complement with a public backbone model. This way, both critical GNN model parameters and the private graph used during inference are protected within secure TEE compartments. Real-world implementations with Intel SGX demonstrate that GNNVault safeguards GNN inference against state-of-the-art link stealing attacks with negligible accuracy degradation (<2%).

@article{ding2025_2502.15012,
  title={ Graph in the Vault: Protecting Edge GNN Inference with Trusted Execution Environment },
  author={ Ruyi Ding and Tianhong Xu and Aidong Adam Ding and Yunsi Fei },
  journal={arXiv preprint arXiv:2502.15012},
  year={ 2025 }
}