IBM and Technische Universität Dresden have designed and implemented Perun, a framework for confidential multi-stakeholder machine learning that allows users to make a trade-off between security and performance. The new architecture executes ML training on hardware accelerators (e.g., GPU) while providing security guarantees using trusted computing technologies, such as trusted platform module and integrity measurement architecture. Therefore, Perun overcomes the issue of state-of-the-art trusted execution environments that ensure performance in inference computations but suffer from low performance in training computations.

The research conducted has received funding from the European Union’s Horizon 2020 research and innovation program under the AI-SPRINT project.


Paper overview

  • Provides an overview of Perun, a framework for confidential multi-stakeholder machine learning.
  • Provides a general outlook on trusted computing technologies.



  • Wojciech Ozga, IBM, Switzerland.
  • Do Le Quoc, Technische Universität Dresden, Germany.



Multi-stakeholder computation, Machine learning, Confidential computing, Trusted computing, Trust management 


Read the full paper!