Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Props for Machine-Learning Security

Ari Juels, Farinaz Koushanfar

Abstract

We propose protected pipelines or props for short, a new approach for authenticated, privacy-preserving access to deep-web data for machine learning (ML). By permitting secure use of vast sources of deep-web data, props address the systemic bottleneck of limited high-quality training data in ML development. Props also enable privacy-preserving and trustworthy forms of inference, allowing for safe use of sensitive data in ML applications. Props are practically realizable today by leveraging privacy-preserving oracle systems initially developed for blockchain applications.

Props for Machine-Learning Security

Abstract

We propose protected pipelines or props for short, a new approach for authenticated, privacy-preserving access to deep-web data for machine learning (ML). By permitting secure use of vast sources of deep-web data, props address the systemic bottleneck of limited high-quality training data in ML development. Props also enable privacy-preserving and trustworthy forms of inference, allowing for safe use of sensitive data in ML applications. Props are practically realizable today by leveraging privacy-preserving oracle systems initially developed for blockchain applications.

Paper Structure

This paper contains 15 sections, 2 figures.

Table of Contents

  1. Introduction
  2. What Are Props?
  3. Props for model training
  4. Props for inference
  5. Note (Remote execution):
  6. Constraining adversarial inputs
  7. Data control, monetization, and decentralization
  8. Note (Ownership rights):
  9. How Can Props Be Built?
  10. Secure data sourcing
  11. Approach 1: Infrastructure Modification.
  12. Approach 2: Privacy-Preserving Oracles.
  13. Pinned models
  14. Approaches for realizing pinned models
  15. Conclusion

Figures (2)

  • Figure 1: Illustration of Example 1. Alice obtains her EHR $X$ from BigHospital and relays it to MediModels. A prop proof shows that $X$ is authentic, the result of Alice querying BigHospital's web portal for her EHR.
  • Figure 2: Illustration of Example 2. Bob obtains a financial document $X$ from BigBank. He runs model $M$ on it and sends the output $Y$ to PrivaLoan. A prop proof shows that $Y = M(X)$ for an authentic document $X$.

Theorems & Definitions (2)

  • Example 1: Training: Health data
  • Example 2: Inference: Privacy-preserving loan decision