Abstract
Cross-institutional collaboration in privacy-sensitive domains such as healthcare and finance requires machine learning frameworks that balance model utility, privacy protection, and communication efficiency. Federated learning (FL) enables decentralized model training without direct data sharing, yet existing approaches inadequately address vulnerabilities in Trusted Execution Environments (TEEs), which are increasingly adopted to safeguard local computations. TEE side-channel attacks (e.g., cache-timing leaks, speculative execution exploits) can expose sensitive gradient information even when cryptographic defenses are deployed. Furthermore, traditional FL methods treat privacy and communication as independent objectives, leading to suboptimal tradeoffs when both constraints are active. This paper proposes Confidential Computing-Aware Projected Gradient Descent (CC-PGD), a constrained multi-objective optimization framework that jointly minimizes model loss, privacy leakage risk (incorporating TEE vulnerability modeling), and communication overhead. We formulate privacy risk as a combination of gradient entropy and a binary indicator function for TEE exploit susceptibility, while communication cost accounts for model size and network latency. We prove that CC-PGD achieves \(\varvec{O}(1/\sqrt{\varvec{T}})\)convergence under non-convex objectives with Lipschitz-continuous gradients. Experiments on MNIST and CIFAR-10 under IID and non-IID data partitioning demonstrate that CC-PGD reduces privacy leakage by 23–31% and communication cost by 18–27% compared to baselines (FedAvg, DP-FL, FedProx), while maintaining competitive accuracy (within 2% of centralized training). Our work provides the first optimization framework explicitly accounting for TEE side-channel risks in federated learning, with theoretical guarantees and empirical validation.
Data availability
The datasets generated and/or analysed during the current study are available in the MNIST repository, https://git-disl.github.io/GTDLBench/datasets/mnist_datasets/, Deng, L. (2012). The mnist database of handwritten digit images for machine learning research. IEEE Signal Processing Magazine, 29(6), 141–142. The datasets generated and/or analysed during the current study are available in the CIFAR-10 repository, https://www.cs.toronto.edu/~kriz/cifar.html. Alex Krizhevsky, (2009) Learning multiple layers of features from tiny images.
References
Al-Hawawreh, M., Aljuhani, A. & Yaser Jararweh Chatgpt for Cybersecurity: Practical Applications, Challenges, and Future Directions. Cluster Comput. 26 (6), 3421–3436 (2023).
Zhang, J. et al. When Llms Meet Cybersecurity: A Systematic Literature Review. Cybersecurity 8 (1), 1–41 (2025).
Lu, G., Ju, X., Chen, X., Pei, W. & Cai, Z. GRACE: Empowering LLM-Based Software Vulnerability Detection with Graph Structure and in-Context Learning. J. Syst. Softw. 212, 112031 (2024).
Mirtaheri, S., Leili & Pugliese, A. Leveraging Generative AI to Enhance Automated Vulnerability Scoring. 2024 IEEE Conference on Dependable, Autonomic and Secure Computing (DASC), 57–64. (2024).
Galadima, H., Sani, C., Doherty & Brennan, R. Towards LLM-Based Synthetic Dataset Generation of Cyber Incident Response Process Logs. 2024 Cyber Research Conference-Ireland (Cyber-RCI), 1–4. (2024).
Bethany, M. et al. Lateral Phishing with Large Language Models: A Large Organization Comparative Study. IEEE Access. https://doi.org/10.1016/j.jbi.2025.104512 (2025).
Huang, J. and Quanyan Zhu. Penheal: A Two-Stage Llm Framework for Automated Pentesting and Optimal Remediation. Proceedings of the Workshop on Autonomous Cybersecurity, 11–22. (2023).
Hussien, M., Cheriet, M., Nguyen, K. K., Larabi, A. & Baek, J. GenAI-Based Privacy-Preserving Transfer Learning. IEEE Trans. Industrial Cyber-Physical Syst. 3, 29–340 (2025).
Ye, M. et al. Position Paper: From Confidential Computing to Zero Trust, Come Along for the (Bumpy?) Ride. Proceedings of the International Workshop on Hardware and Architectural Support for Security and Privacy 2024, 19–27. (2024).
Guan, H., Yap, P. T. & Bozoki, A. Mingxia Liu. Federated Learning for Medical Image Analysis: A Survey. Pattern Recogn. 151, 110424 (2024).
Rieke, N. et al. The Future of Digital Health with Federated Learning. NPJ Digit. Med. 3 (1), 119 (2020).
Qi, P., Chiaro, D., Guzzo, A., Ianni, M., Fortino, G. & Francesco Piccialli Model Aggregation Techniques in Federated Learning: A Comprehensive Survey. Future Generation Comput. Syst. 150, 272–293 (2024).
Beltrán, E. T. et al. Mario Quiles Pérez, Pedro Miguel Sánchez Sánchez,. Decentralized Federated Learning: Fundamentals, State of the Art, Frameworks, Trends, and Challenges. IEEE Communications Surveys & Tutorials 25 (4): 2983–3013. (2023).
Sardar, M. U. & Christof Fetzer Confidential Computing and Related Technologies: A Critical Review. Cybersecurity 6 (1), 10 (2023).
Zobaed, S. M. and Mohsen Amini Salehi. Confidential Computing Across Edge-to-Cloud for Machine Learning: A Survey Study. Software: Practice and Experience. (2025).
15 et al. Survey of Research on Confidential Computing. IET Commun. 18 (9), 535–556 (2024).
Hayagreevan, H. and Souvik Khamaru. Security of and by Generative AI Platforms. arXiv Preprint arXiv:2410.13899. (2024).
Wang, F., Zhu, H., Liu, X., Zheng, Y., Li, H. & Jiafeng Hua Achieving Federated Logistic Regression Training Towards Model Confidentiality with Semi-Honest TEE. Inf. Sci. 679, 121115 (2024).
Chen, C. et al. Trustworthy Federated Learning: Privacy, Security, and Beyond. Knowl. Inf. Syst. 67 (3), 2321–2356 (2025).
Kang, Y. et al. Optimizing Privacy, Utility, and Efficiency in a Constrained Multi-Objective Federated Learning Framework. ACM Trans. Intell. Syst. Technol. 15 (6), 1–33 (2024).
Yang, H., Liu, Z., Liu, J., Dong, C. & Michinari Momma Federated Multi-Objective Learning. Adv. Neural. Inf. Process. Syst. 36, 39602–39625 (2023).
Liu, Q., Ligeti, Y. Y. P. & Jin, Y. A Secure Federated Data-Driven Evolutionary Multi-Objective Optimization Algorithm. IEEE Trans. Emerg. Top. Comput. Intell. 8 (1), 191–205 (2023).
Chougule, A., Chamola, V., Hassija, V., Gupta, P. & Yu, F. R. A Novel Framework for Traffic Congestion Management at Intersections Using Federated Learning and Vertical Partitioning. IEEE Trans. Consum. Electron. 70 (1), 1725–1735 (2023).
Niknam, S., Dhillon, H. S. & Reed, J. H. Federated Learning for Wireless Communications: Motivation, Opportunities, and Challenges. IEEE Commun. Mag. 58 (6), 46–51 (2020).
Warnat-Herresthal, S. et al. Swarm Learning for Decentralized and Confidential Clinical Machine Learning. Nature, ahead of print. (2021). https://doi.org/10.1038/s41586-021-03583-3
Wahab, A. W. A. et al. Federated Learning-Based Trustworthy Energy-Efficient System for Cold-Chain Monitoring in IoT. Computer Communications, ahead of print. (2022). https://doi.org/10.1016/j.comcom.2022.04.016
Wahab, A. W. A. et al. Confidential and Trust-Based Federated Reinforcement Learning in Cyber–Physical Environments. Eng. Appl. Artif. Intell. ahead of print https://doi.org/10.1016/j.engappai.2024.107322 (2024).
Kanagavelu, R. et al. CE-Fed: A Communication Efficient Collaborative Federated Learning Framework for IIoT. Future Generation Computer Systems, ahead of print. (2022). https://doi.org/10.1016/j.future.2022.03.004
Tang, T. et al. A Privacy-Aware Federated Deep Learning Approach for Collaborative Autonomous Driving Systems. Inf. Sci. ahead of print https://doi.org/10.1016/j.ins.2024.120519 (2024).
Deng, L. et al. Secure and Privacy-Preserving Outsourced SVM Under Trusted Execution Environment. Knowledge-Based Systems, ahead of print. (2025). https://doi.org/10.1016/j.knosys.2025.111002
Hoang, D. T. et al. Confidential Computing-Enabled Federated Learning for Biomedical Research Collaboration. Journal Biomedical Informatics (2025). ahead of print.
Reese Pathak, Martin, J. & Wainwright Fedsplit: An algorithmic framework for fast federated optimization. Adv. Neural. Inf. Process. Syst. 33, 7057–7066 (2020).
Jianyu Wang, Q., Liu, H., Liang, G., Joshi & Vincent Poor, H. Tackling the objective inconsistency problem in heterogeneous federated optimization. Adv. Neural. Inf. Process. Syst. 33, 7611–7623 (2020).
Bubeck, S. et al. Convex Optimization: Algorithms and Complexity. Found. Trends®Mach. Learn. 8 (3–4), 231–357 (2015).
Deng, L. The Mnist Database of Handwritten Digit Images for Machine Learning Research. IEEE. Signal. Process. Mag. 29 (6), 141–142 (2012).
Krizhevsky, A. Learning Multiple Layers of Features from Tiny Images. (2009).
McMahan, B., Moore, E., Ramage, D., Hampson, S. & Aguera, B. y Arcas. Communication-Efficient Learning of Deep Networks from Decentralized Data. Artificial Intelligence and Statistics, 1273–82. (2017).
Yue, G., Li, Y., Kang, L. & Shen, C. AdapLDP-FL: An Adaptive Local Differential Privacy for Federated Learning. IEEE Trans. Mob. Comput. 24 (6), 5569–5583 (2025).
Cui, J., Li, Y., Zhang, Q., He, Z. & Zhao, S. A Federated Learning Framework Using FedProx Algorithm for Privacy-Preserving Palmprint Recognition. Chinese Conference on Biometric Recognition, 187–96. (2024).
Funding
This work was supported by the Henan Provincial Department of Science and Technology, Henan Key Research and Development Program (Project No. 231111210500): Key Technologies and Industrialization of Intelligent Fusion of Multi-source Heterogeneous Sensors Based on New-generation Communication Technologies, and the Henan Provincial Health Commission.
Author information
Authors and Affiliations
Contributions
All authors contributed to the study conception and design. Material preparation, data collection and analysis were performed by Fengbo Xu, Xinle Wei, Zhiyuan Zhao and Peng Sun. The first draft of the manuscript was written by Fengbo Xu and all authors commented on previous versions of the manuscript. All authors read and approved the final manuscript.
Corresponding author
Ethics declarations
Competing interests
The authors declare no competing interests.
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License, which permits any non-commercial use, sharing, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if you modified the licensed material. You do not have permission under this licence to share adapted material derived from this article or parts of it. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by-nc-nd/4.0/.
About this article
Cite this article
Xu, F., Wei, X., Zhao, Z. et al. Optimization of cross-institutional medical federated learning framework driven by confidential computing. Sci Rep (2026). https://doi.org/10.1038/s41598-026-44843-4
Received:
Accepted:
Published:
DOI: https://doi.org/10.1038/s41598-026-44843-4
