This work addresses the vulnerability of confidential federated computing platforms to insider threats that exploit side channels to circumvent differential privacy guarantees. It presents the first systematic analysis of the insider side-channel attack surface in this setting and proposes leveraging differential privacy as an active defense mechanism to mitigate two critical classes of attacks. One of the proposed defense strategies has been integrated into an open-source library and empirically validated for effectiveness. By innovatively combining differential privacy with confidential computing, this study offers a practical and deployable approach to mitigating side-channel risks in federated learning systems.

In this work, we identify a set of side-channels in our Confidential Federated Compute platform that a hypothetical insider could exploit to circumvent differential privacy (DP) guarantees. We show how DP can mitigate two of the side-channels, one of which has been implemented in our open-source library.