NSF Award
2419843
Scientific Cyberinfrastructure (CI) is evolving to become Internet of Things-driven, and relies on machine learning (ML) models for advanced data analysis and predictive modeling. These ML models handle serious societal responsibilities such as flood modeling and hurricane prediction. However, the leakage of these models can cause serious issues, ranging from national security and cybersecurity to intellectual property loss. This project implements a secure ML inference solution to prevent safety- and security-critical ML models from leaking to attackers. It raises awareness of ML model extraction attacks in device-driven scientific Cis. It also broadens the impacts of CI security by enabling new functionalities and having more mission-critical ML models safely and securely deployed in CIs. <br/><br/>This project aims to advance the security and privacy of on-device ML models tailored for scientific studies using Internet of Things-based CIs. It consists of two primary tasks. First, the project presents a novel runtime detection and prevention mechanism for ML model extraction attacks. It employs multi-level instrumentation techniques for CI applications and extracts patterns related to ML functions. It re-defines memory regions for various ML tasks and allows ML developers to customize security policies to control access to model-related data. Second, the project implements a comprehensive assessment mechanism for on-device ML model security. It measures the feasibility of a potential model extraction attack with a newly designed model extraction dependency graph, and dynamically runs penetration-based model extraction attacks against potentially vulnerable applications to confirm the existence of such attacks. This project integrates these techniques and tools into device-driven CIs across various existing scientific domains, and envisions to significantly reduce the attack surfaces of ML models deployed in these CIs.<br/><br/>This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
