Search for a command to run...
While adversarial robustness and differential privacy are recognized as vital for trustworthy machine learning, the systems-level costs of these features remain unsystematized and poorly understood. The performance-centric paradigm of ML systems, exemplified by benchmarks like MLPerf, has been structurally blind to the unique computational patterns of trustworthy workloads, creating a significant knowledge gap for practitioners and hardware designers. This paper presents the cross-domain, energy-aware measurement study of the hidden“trust tax”in deep learning. We evaluate three representative tasks: vision (ResNet-18), NLP (DistilBERT), and tabular (MLP). We quantify the cost of standard privacy (DP-SGD) and robustness (PGD) defenses. On a single NVIDIA V100 GPU, we find this tax is steep: PGD adversarial training increases wall-time and energy by <tex xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">$4.07 \times$</tex>, while DP-SGD <tex xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">$(\epsilon=8)$</tex> raises the cost by <tex xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">$3.55 \times$</tex> and slashes clean accuracy from <tex xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">$\text{8 7 \%}$</tex> to <tex xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">$\approx \text{56\%}$</tex> . Our micro-architectural profiling reveals the root cause of this tax: trust algorithms like per-example gradient clipping and iterative attacks under-utilize specialized hardware like tensor cores, creating memory-bound bottlenecks. By providing the cross-domain systematization of these costs, our work serves as a foundational reference and public dataset, laying the empirical groundwork for the next generation of trust-aware compilers, schedulers, and hardware.