Laminator: Verifiable ML Property Cards using Hardware-assisted Attestations
- URL: http://arxiv.org/abs/2406.17548v1
- Date: Tue, 25 Jun 2024 13:36:53 GMT
- Title: Laminator: Verifiable ML Property Cards using Hardware-assisted Attestations
- Authors: Vasisht Duddu, Oskari Järvinen, Lachlan J Gunn, N Asokan,
- Abstract summary: A malicious model provider can include false information in ML property cards, raising a need for ML property cards.
We show how to realized them using property attestation, technical mechanisms by which a prover (e.g., a model provider) can attest different ML properties during training and inference to a verifier (e.g., an auditor)
- Score: 10.278905067763686
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Regulations increasingly call for various assurances from machine learning (ML) model providers about their training data, training process, and the behavior of resulting models during inference. For better transparency, companies (e.g., Huggingface and Google) have adopted model cards and datasheets which describe different properties of the training datasets and models. In the same vein, we introduce the notion of an inference card to describe the properties of a given inference (e.g., binding output to the model and its corresponding input). We collectively refer to these as ML property cards. A malicious model provider can include false information in ML property cards, raising a need for verifiable ML property cards. We show how to realized them using property attestation, technical mechanisms by which a prover (e.g., a model provider) can attest different ML properties during training and inference to a verifier (e.g., an auditor). However, prior attestation mechanisms based purely on cryptography are often narrowly focused (lacking versatility) and inefficient. There is a need to efficiently attest different types properties across the ML model training and inference pipeline. Recent developments make it possible to run and even train models inside hardware-assisted trusted execution environments (TEEs), which can provide highly efficient attestation. We propose Laminator, the first framework for verifiable ML property cards using hardware-assisted ML property attestations to efficiently furnish attestations for various ML properties for training and inference. It scales to multiple verifiers, and is independent of the model configuration.
Related papers
- Predicting the Performance of Black-box LLMs through Self-Queries [60.87193950962585]
Large language models (LLMs) are increasingly relied on in AI systems, predicting when they make mistakes is crucial.
In this paper, we extract features of LLMs in a black-box manner by using follow-up prompts and taking the probabilities of different responses as representations.
We demonstrate that training a linear model on these low-dimensional representations produces reliable predictors of model performance at the instance level.
arXiv Detail & Related papers (2025-01-02T22:26:54Z) - Understanding Information Storage and Transfer in Multi-modal Large Language Models [51.20840103605018]
We study how Multi-modal Large Language Models process information in a factual visual question answering task.
Key findings show that these MLLMs rely on self-attention blocks in much earlier layers for information storage.
We introduce MultEdit, a model-editing algorithm that can correct errors and insert new long-tailed information into MLLMs.
arXiv Detail & Related papers (2024-06-06T16:35:36Z) - DETAIL: Task DEmonsTration Attribution for Interpretable In-context Learning [75.68193159293425]
In-context learning (ICL) allows transformer-based language models to learn a specific task with a few "task demonstrations" without updating their parameters.
We propose an influence function-based attribution technique, DETAIL, that addresses the specific characteristics of ICL.
We experimentally prove the wide applicability of DETAIL by showing our attribution scores obtained on white-box models are transferable to black-box models in improving model performance.
arXiv Detail & Related papers (2024-05-22T15:52:52Z) - Attesting Distributional Properties of Training Data for Machine Learning [15.2927830843089]
Several jurisdictions are preparing machine learning regulatory frameworks.
Draft regulations indicate that model trainers are required to show that training datasets have specific distributional properties.
We propose the notion of property attestation allowing a prover to demonstrate relevant distributional properties of training data to a verifier without revealing the data.
arXiv Detail & Related papers (2023-08-18T13:33:02Z) - Predicting is not Understanding: Recognizing and Addressing
Underspecification in Machine Learning [47.651130958272155]
Underspecification refers to the existence of multiple models that are indistinguishable in their in-domain accuracy.
We formalize the concept of underspecification and propose a method to identify and partially address it.
arXiv Detail & Related papers (2022-07-06T11:20:40Z) - Specifying and Testing $k$-Safety Properties for Machine-Learning Models [20.24045879238586]
We take inspiration from specifications used in formal methods, expressing $k$ different executions, so-called $k$-safety properties.
Here, we show the wide applicability of $k$-safety properties for machine-learning models and present the first specification language for expressing them.
Our framework is effective in identifying property violations, and that detected bugs could be used to train better models.
arXiv Detail & Related papers (2022-06-13T11:35:55Z) - MACE: An Efficient Model-Agnostic Framework for Counterfactual
Explanation [132.77005365032468]
We propose a novel framework of Model-Agnostic Counterfactual Explanation (MACE)
In our MACE approach, we propose a novel RL-based method for finding good counterfactual examples and a gradient-less descent method for improving proximity.
Experiments on public datasets validate the effectiveness with better validity, sparsity and proximity.
arXiv Detail & Related papers (2022-05-31T04:57:06Z) - The Care Label Concept: A Certification Suite for Trustworthy and
Resource-Aware Machine Learning [5.684803689061448]
Machine learning applications have become ubiquitous. This has led to an increased effort of making machine learning trustworthy.
For those who do not want to invest time into understanding the method or the learned model, we offer care labels.
Care labels are the result of a certification suite that tests whether stated guarantees hold.
arXiv Detail & Related papers (2021-06-01T14:16:41Z) - Proof-of-Learning: Definitions and Practice [15.585184189361486]
Training machine learning (ML) models typically involves expensive iterative optimization.
There is currently no mechanism for the entity which trained the model to prove that these parameters were indeed the result of this optimization procedure.
This paper introduces the concept of proof-of-learning in ML.
arXiv Detail & Related papers (2021-03-09T18:59:54Z) - Transfer Learning without Knowing: Reprogramming Black-box Machine
Learning Models with Scarce Data and Limited Resources [78.72922528736011]
We propose a novel approach, black-box adversarial reprogramming (BAR), that repurposes a well-trained black-box machine learning model.
Using zeroth order optimization and multi-label mapping techniques, BAR can reprogram a black-box ML model solely based on its input-output responses.
BAR outperforms state-of-the-art methods and yields comparable performance to the vanilla adversarial reprogramming method.
arXiv Detail & Related papers (2020-07-17T01:52:34Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.