Laminator: Verifiable ML Property Cards using Hardware-assisted Attestations

• URL: http://arxiv.org/abs/2406.17548v1
• Date: Tue, 25 Jun 2024 13:36:53 GMT
• Title: Laminator: Verifiable ML Property Cards using Hardware-assisted Attestations
• Authors: Vasisht Duddu, Oskari Järvinen, Lachlan J Gunn, N Asokan,
• Abstract summary: A malicious model provider can include false information in ML property cards, raising a need for ML property cards. We show how to realized them using property attestation, technical mechanisms by which a prover (e.g., a model provider) can attest different ML properties during training and inference to a verifier (e.g., an auditor)
• Score: 10.278905067763686
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Regulations increasingly call for various assurances from machine learning (ML) model providers about their training data, training process, and the behavior of resulting models during inference. For better transparency, companies (e.g., Huggingface and Google) have adopted model cards and datasheets which describe different properties of the training datasets and models. In the same vein, we introduce the notion of an inference card to describe the properties of a given inference (e.g., binding output to the model and its corresponding input). We collectively refer to these as ML property cards. A malicious model provider can include false information in ML property cards, raising a need for verifiable ML property cards. We show how to realized them using property attestation, technical mechanisms by which a prover (e.g., a model provider) can attest different ML properties during training and inference to a verifier (e.g., an auditor). However, prior attestation mechanisms based purely on cryptography are often narrowly focused (lacking versatility) and inefficient. There is a need to efficiently attest different types properties across the ML model training and inference pipeline. Recent developments make it possible to run and even train models inside hardware-assisted trusted execution environments (TEEs), which can provide highly efficient attestation. We propose Laminator, the first framework for verifiable ML property cards using hardware-assisted ML property attestations to efficiently furnish attestations for various ML properties for training and inference. It scales to multiple verifiers, and is independent of the model configuration.

Related papers

• DETAIL: Task DEmonsTration Attribution for Interpretable In-context Learning [75.68193159293425]
  In-context learning (ICL) allows transformer-based language models to learn a specific task with a few "task demonstrations" without updating their parameters. We propose an influence function-based attribution technique, DETAIL, that addresses the specific characteristics of ICL. We experimentally prove the wide applicability of DETAIL by showing our attribution scores obtained on white-box models are transferable to black-box models in improving model performance.
  arXiv  Detail & Related papers  (2024-05-22T15:52:52Z)
• Attesting Distributional Properties of Training Data for Machine Learning [15.2927830843089]
  Several jurisdictions are preparing machine learning regulatory frameworks. Draft regulations indicate that model trainers are required to show that training datasets have specific distributional properties. We propose the notion of property attestation allowing a prover to demonstrate relevant distributional properties of training data to a verifier without revealing the data.
  arXiv  Detail & Related papers  (2023-08-18T13:33:02Z)
• AI Model Disgorgement: Methods and Choices [127.54319351058167]
  We introduce a taxonomy of possible disgorgement methods that are applicable to modern machine learning systems. We investigate the meaning of "removing the effects" of data in the trained model in a way that does not require retraining from scratch.
  arXiv  Detail & Related papers  (2023-04-07T08:50:18Z)
• Predicting is not Understanding: Recognizing and Addressing Underspecification in Machine Learning [47.651130958272155]
  Underspecification refers to the existence of multiple models that are indistinguishable in their in-domain accuracy. We formalize the concept of underspecification and propose a method to identify and partially address it.
  arXiv  Detail & Related papers  (2022-07-06T11:20:40Z)
• Specifying and Testing $k$-Safety Properties for Machine-Learning Models [20.24045879238586]
  We take inspiration from specifications used in formal methods, expressing $k$ different executions, so-called $k$-safety properties. Here, we show the wide applicability of $k$-safety properties for machine-learning models and present the first specification language for expressing them. Our framework is effective in identifying property violations, and that detected bugs could be used to train better models.
  arXiv  Detail & Related papers  (2022-06-13T11:35:55Z)
• MACE: An Efficient Model-Agnostic Framework for Counterfactual Explanation [132.77005365032468]
  We propose a novel framework of Model-Agnostic Counterfactual Explanation (MACE) In our MACE approach, we propose a novel RL-based method for finding good counterfactual examples and a gradient-less descent method for improving proximity. Experiments on public datasets validate the effectiveness with better validity, sparsity and proximity.
  arXiv  Detail & Related papers  (2022-05-31T04:57:06Z)
• MoEBERT: from BERT to Mixture-of-Experts via Importance-Guided Adaptation [68.30497162547768]
  We propose MoEBERT, which uses a Mixture-of-Experts structure to increase model capacity and inference speed. We validate the efficiency and effectiveness of MoEBERT on natural language understanding and question answering tasks.
  arXiv  Detail & Related papers  (2022-04-15T23:19:37Z)
• The Care Label Concept: A Certification Suite for Trustworthy and Resource-Aware Machine Learning [5.684803689061448]
  Machine learning applications have become ubiquitous. This has led to an increased effort of making machine learning trustworthy. For those who do not want to invest time into understanding the method or the learned model, we offer care labels. Care labels are the result of a certification suite that tests whether stated guarantees hold.
  arXiv  Detail & Related papers  (2021-06-01T14:16:41Z)
• Proof-of-Learning: Definitions and Practice [15.585184189361486]
  Training machine learning (ML) models typically involves expensive iterative optimization. There is currently no mechanism for the entity which trained the model to prove that these parameters were indeed the result of this optimization procedure. This paper introduces the concept of proof-of-learning in ML.
  arXiv  Detail & Related papers  (2021-03-09T18:59:54Z)
• Transfer Learning without Knowing: Reprogramming Black-box Machine Learning Models with Scarce Data and Limited Resources [78.72922528736011]
  We propose a novel approach, black-box adversarial reprogramming (BAR), that repurposes a well-trained black-box machine learning model. Using zeroth order optimization and multi-label mapping techniques, BAR can reprogram a black-box ML model solely based on its input-output responses. BAR outperforms state-of-the-art methods and yields comparable performance to the vanilla adversarial reprogramming method.
  arXiv  Detail & Related papers  (2020-07-17T01:52:34Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.