This event is for a huge and indispensable task: an educational, inclusive, innovative and cultural IberoAmerican project towards which we want to move forward together, for a better future. The digital transformation is changing from everyday and social life, so far not only has technology and the world of work changed, but education is also changing. That is why incorporating technology into education brings a number of benefits that help improve efficiency and productivity in the classroom, as well as increase the interest of children and adolescents in academic activities.
{"title":"Message from the General Chair","authors":"Contie","doi":"10.1109/dsn.2019.00005","DOIUrl":"https://doi.org/10.1109/dsn.2019.00005","url":null,"abstract":"This event is for a huge and indispensable task: an educational, inclusive, innovative and cultural IberoAmerican project towards which we want to move forward together, for a better future. The digital transformation is changing from everyday and social life, so far not only has technology and the world of work changed, but education is also changing. That is why incorporating technology into education brings a number of benefits that help improve efficiency and productivity in the classroom, as well as increase the interest of children and adolescents in academic activities.","PeriodicalId":271955,"journal":{"name":"2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"113 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115368402","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Minesh Patel, Jeremie S. Kim, Hasan Hassan, O. Mutlu
Experimental characterization of DRAM errors is a powerful technique for understanding DRAM behavior and provides valuable insights for improving overall system performance, energy efficiency, and reliability. Unfortunately, recent DRAM technology scaling issues are forcing manufacturers to adopt on-die error-correction codes (ECC), which pose a significant challenge for DRAM error characterization studies by obfuscating raw error distributions using undocumented, proprietary, and opaque error-correction hardware. As we show in this work, errors observed in devices with on-die ECC no longer follow expected, well-studied distributions (e.g., lognormal retention times) but rather depend on the particular ECC scheme used.
{"title":"Understanding and Modeling On-Die Error Correction in Modern DRAM: An Experimental Study Using Real Devices","authors":"Minesh Patel, Jeremie S. Kim, Hasan Hassan, O. Mutlu","doi":"10.1109/DSN.2019.00017","DOIUrl":"https://doi.org/10.1109/DSN.2019.00017","url":null,"abstract":"Experimental characterization of DRAM errors is a powerful technique for understanding DRAM behavior and provides valuable insights for improving overall system performance, energy efficiency, and reliability. Unfortunately, recent DRAM technology scaling issues are forcing manufacturers to adopt on-die error-correction codes (ECC), which pose a significant challenge for DRAM error characterization studies by obfuscating raw error distributions using undocumented, proprietary, and opaque error-correction hardware. As we show in this work, errors observed in devices with on-die ECC no longer follow expected, well-studied distributions (e.g., lognormal retention times) but rather depend on the particular ECC scheme used.","PeriodicalId":271955,"journal":{"name":"2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124211873","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
P. Ramalhete, Andreia Correia, P. Felber, Nachshon Cohen
A persistent transactional memory (PTM) library provides an easy-to-use interface to programmers for using byte-addressable non-volatile memory (NVM). Previously proposed PTMs have, so far, been blocking. We present OneFile, the first wait-free PTM with integrated wait-free memory reclamation. We have designed and implemented two variants of the OneFile, one with lock-free progress and the other with bounded wait-free progress. We additionally present software transactional memory (STM) implementations of the lock-free and wait-free algorithms targeting volatile memory. Each of our PTMs and STMs is implemented as a single C++ file with ~1,000 lines of code, making them versatile to use. Equipped with these PTMs and STMs, non-expert developers can design and implement their own lock-free and wait-free data structures on NVM, thus making lock-free programming accessible to common software developers.
{"title":"OneFile: A Wait-Free Persistent Transactional Memory","authors":"P. Ramalhete, Andreia Correia, P. Felber, Nachshon Cohen","doi":"10.1109/DSN.2019.00028","DOIUrl":"https://doi.org/10.1109/DSN.2019.00028","url":null,"abstract":"A persistent transactional memory (PTM) library provides an easy-to-use interface to programmers for using byte-addressable non-volatile memory (NVM). Previously proposed PTMs have, so far, been blocking. We present OneFile, the first wait-free PTM with integrated wait-free memory reclamation. We have designed and implemented two variants of the OneFile, one with lock-free progress and the other with bounded wait-free progress. We additionally present software transactional memory (STM) implementations of the lock-free and wait-free algorithms targeting volatile memory. Each of our PTMs and STMs is implemented as a single C++ file with ~1,000 lines of code, making them versatile to use. Equipped with these PTMs and STMs, non-expert developers can design and implement their own lock-free and wait-free data structures on NVM, thus making lock-free programming accessible to common software developers.","PeriodicalId":271955,"journal":{"name":"2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129869355","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Publisher's Information","authors":"","doi":"10.1109/dsn.2019.00071","DOIUrl":"https://doi.org/10.1109/dsn.2019.00071","url":null,"abstract":"","PeriodicalId":271955,"journal":{"name":"2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124298028","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Giuliano Antoniol, Polytechnique Montréal, Montréal, Canada Venera Arnaoudova, Washington State University, Pullman, USA Alberto Bacchelli, University of Zurich, Zürich, Switzerland Gabriele Bavota, Università della Svizzera Italiana, Lugano, Switzerland Andrew Begel, Microsoft, Redmond, USA John Businge, Mbarara University of Science and Technology, Mbarara, Uganda Tse-Hsun Pete Chen, Concordia University, Montréal, Canada Eun-jong Choi, Nara Institute of Science and Technology, Ikoma, Japan Andrea De Lucia, University of Salerno, Fisciano, Italy Anne Etien, University of Lille, Lille, France Dror Feitelson, Hebrew University, Jerusalem, Israel Thomas Fritz, University of Zurich, Zürich, Switzerland Carmine Gravino, University of Salerno, Fisciano, Italy Shinpei Hayashi, Tokyo Institute of Technology, Tokyo, Japan Lingxiao Jiang, Singapore Management University, Singapore Huzefa Kagdi, Wichita State University, Wichita, USA Maria Kechagia, Delft University of Technology, Delft, Netherlands Raula Gaikovina Kula, Nara Institute of Science and Technology Shinji Kusumoto, Osaka University, Osaka, Japan Li Li, Monash University, Melbourne, Australia Shane Mcintosh, McGill University, Montréal, Canada Leon Moonen, Simula Research Laboratory, Oslo, Norway Rodrigo Morales, Concordia University, Montréal, Canada Maleknaz Nayebi, Polytechnique Montréal, Montréal, Canada Christian Newman, Rochester Institute of Technology, Rochester, USA Matheus Paixao, University College London, London, UK Fabio Palomba, University of Zurich, Zürich, Switzerland Mike Papadakis, University of Luxembourg, Luxembourg City, Luxembourg Chris Parnin, North Carolina State University, Raleigh, USA Fabio Petrillo, Université du Québec à Chicoutimi, Chicoutimi, Canada Sebastian Proksch, University of Zurich, Zürich, Switzerland Chaiyong Ragkhitwetsagul, Mahidol University, Salaya, Nakhon Pathom, Thailand Paige Rodeghero, Clemson University, Clemson, USA Chanchal K. Roy, University of Saskatchewan, Saskatoon, USA Hitesh Sajnani, Microsoft, Redmond, USA Giuseppe Scanniello, University of Basilicata, Potenza, Italy Alexander Serebrenik, Eindhoven University of Technology, Eindhoven, Netherlands Janet Siegmund, University of Passau, Passau, Germany Mark Syer, Facebook, California, USA Nikolaos Tsantalis, Concordia University, Montréal, Canada Burak Turhan, Monash University, Melbourne, Australia Yan Wang, The Ohio State University, Columbus, USA Shaowei Wang, Queen’s University, Kingston, Canada Xin Xia, Monash University, Melbourne, Australia Zhenchang Xing, Australian National University, Canberra, Australia
{"title":"Research Track Program Committee","authors":"Alberto Bacchelli, Andrew Begel","doi":"10.1109/issre.2008.5","DOIUrl":"https://doi.org/10.1109/issre.2008.5","url":null,"abstract":"Giuliano Antoniol, Polytechnique Montréal, Montréal, Canada Venera Arnaoudova, Washington State University, Pullman, USA Alberto Bacchelli, University of Zurich, Zürich, Switzerland Gabriele Bavota, Università della Svizzera Italiana, Lugano, Switzerland Andrew Begel, Microsoft, Redmond, USA John Businge, Mbarara University of Science and Technology, Mbarara, Uganda Tse-Hsun Pete Chen, Concordia University, Montréal, Canada Eun-jong Choi, Nara Institute of Science and Technology, Ikoma, Japan Andrea De Lucia, University of Salerno, Fisciano, Italy Anne Etien, University of Lille, Lille, France Dror Feitelson, Hebrew University, Jerusalem, Israel Thomas Fritz, University of Zurich, Zürich, Switzerland Carmine Gravino, University of Salerno, Fisciano, Italy Shinpei Hayashi, Tokyo Institute of Technology, Tokyo, Japan Lingxiao Jiang, Singapore Management University, Singapore Huzefa Kagdi, Wichita State University, Wichita, USA Maria Kechagia, Delft University of Technology, Delft, Netherlands Raula Gaikovina Kula, Nara Institute of Science and Technology Shinji Kusumoto, Osaka University, Osaka, Japan Li Li, Monash University, Melbourne, Australia Shane Mcintosh, McGill University, Montréal, Canada Leon Moonen, Simula Research Laboratory, Oslo, Norway Rodrigo Morales, Concordia University, Montréal, Canada Maleknaz Nayebi, Polytechnique Montréal, Montréal, Canada Christian Newman, Rochester Institute of Technology, Rochester, USA Matheus Paixao, University College London, London, UK Fabio Palomba, University of Zurich, Zürich, Switzerland Mike Papadakis, University of Luxembourg, Luxembourg City, Luxembourg Chris Parnin, North Carolina State University, Raleigh, USA Fabio Petrillo, Université du Québec à Chicoutimi, Chicoutimi, Canada Sebastian Proksch, University of Zurich, Zürich, Switzerland Chaiyong Ragkhitwetsagul, Mahidol University, Salaya, Nakhon Pathom, Thailand Paige Rodeghero, Clemson University, Clemson, USA Chanchal K. Roy, University of Saskatchewan, Saskatoon, USA Hitesh Sajnani, Microsoft, Redmond, USA Giuseppe Scanniello, University of Basilicata, Potenza, Italy Alexander Serebrenik, Eindhoven University of Technology, Eindhoven, Netherlands Janet Siegmund, University of Passau, Passau, Germany Mark Syer, Facebook, California, USA Nikolaos Tsantalis, Concordia University, Montréal, Canada Burak Turhan, Monash University, Melbourne, Australia Yan Wang, The Ohio State University, Columbus, USA Shaowei Wang, Queen’s University, Kingston, Canada Xin Xia, Monash University, Melbourne, Australia Zhenchang Xing, Australian National University, Canberra, Australia","PeriodicalId":271955,"journal":{"name":"2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"95 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126684404","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Neural Network classifiers have been used successfully in a wide range of applications. However, their underlying assumption of attack free environment has been defied by adversarial examples. Researchers tried to develop defenses; however, existing approaches are still far from providing effective solutions to this evolving problem. In this paper, we design a generative adversarial net (GAN) based zero knowledge adversarial training defense, dubbed ZK-GanDef, which does not consume adversarial examples during training. Therefore, ZK-GanDef is not only efficient in training but also adaptive to new adversarial examples. This advantage comes at the cost of small degradation in test accuracy compared to full knowledge approaches. Our experiments show that ZK-GanDef enhances test accuracy on adversarial examples by up-to 49.17% compared to zero knowledge approaches. More importantly, its test accuracy is close to that of the state-of-the-art full knowledge approaches (maximum degradation of 8.46%), while taking much less training time.
{"title":"ZK-GanDef: A GAN Based Zero Knowledge Adversarial Training Defense for Neural Networks","authors":"Guanxiong Liu, Issa M. Khalil, Abdallah Khreishah","doi":"10.1109/DSN.2019.00021","DOIUrl":"https://doi.org/10.1109/DSN.2019.00021","url":null,"abstract":"Neural Network classifiers have been used successfully in a wide range of applications. However, their underlying assumption of attack free environment has been defied by adversarial examples. Researchers tried to develop defenses; however, existing approaches are still far from providing effective solutions to this evolving problem. In this paper, we design a generative adversarial net (GAN) based zero knowledge adversarial training defense, dubbed ZK-GanDef, which does not consume adversarial examples during training. Therefore, ZK-GanDef is not only efficient in training but also adaptive to new adversarial examples. This advantage comes at the cost of small degradation in test accuracy compared to full knowledge approaches. Our experiments show that ZK-GanDef enhances test accuracy on adversarial examples by up-to 49.17% compared to zero knowledge approaches. More importantly, its test accuracy is close to that of the state-of-the-art full knowledge approaches (maximum degradation of 8.46%), while taking much less training time.","PeriodicalId":271955,"journal":{"name":"2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"128 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-04-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114597962","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Atomic multicast is a communication primitive that delivers messages to multiple groups of processes according to some total order, with each group receiving the projection of the total order onto messages addressed to it. To be scalable, atomic multicast needs to be genuine, meaning that only the destination processes of a message should participate in ordering it. In this paper we propose a novel genuine atomic multicast protocol that in the absence of failures takes as low as 3 message delays to deliver a message when no other messages are multicast concurrently to its destination groups, and 5 message delays in the presence of concurrency. This improves the latencies of both the fault-tolerant version of classical Skeen's multicast protocol (6 or 12 message delays, depending on concurrency) and its recent improvement by Coelho et al. (4 or 8 message delays). To achieve such low latencies, we depart from the typical way of guaranteeing fault-tolerance by replicating each group with Paxos. Instead, we weave Paxos and Skeen's protocol together into a single coherent protocol, exploiting opportunities for white-box optimisations. We experimentally demonstrate that the superior theoretical characteristics of our protocol are reflected in practical performance pay-offs.
{"title":"White-Box Atomic Multicast","authors":"Alexey Gotsman, Anatole Lefort, G. Chockler","doi":"10.1109/DSN.2019.00030","DOIUrl":"https://doi.org/10.1109/DSN.2019.00030","url":null,"abstract":"Atomic multicast is a communication primitive that delivers messages to multiple groups of processes according to some total order, with each group receiving the projection of the total order onto messages addressed to it. To be scalable, atomic multicast needs to be genuine, meaning that only the destination processes of a message should participate in ordering it. In this paper we propose a novel genuine atomic multicast protocol that in the absence of failures takes as low as 3 message delays to deliver a message when no other messages are multicast concurrently to its destination groups, and 5 message delays in the presence of concurrency. This improves the latencies of both the fault-tolerant version of classical Skeen's multicast protocol (6 or 12 message delays, depending on concurrency) and its recent improvement by Coelho et al. (4 or 8 message delays). To achieve such low latencies, we depart from the typical way of guaranteeing fault-tolerance by replicating each group with Paxos. Instead, we weave Paxos and Skeen's protocol together into a single coherent protocol, exploiting opportunities for white-box optimisations. We experimentally demonstrate that the superior theoretical characteristics of our protocol are reflected in practical performance pay-offs.","PeriodicalId":271955,"journal":{"name":"2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"80 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121170529","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Qiang Zeng, Jianhai Su, Chenglong Fu, Golam Kayas, Lannan Luo
Adversarial examples (AEs) are crafted by adding human-imperceptible perturbations to inputs such that a machine-learning based classifier incorrectly labels them. They have become a severe threat to the trustworthiness of machine learning. While AEs in the image domain have been well studied, audio AEs are less investigated. Recently, multiple techniques are proposed to generate audio AEs, which makes countermeasures against them urgent. Our experiments show that, given an audio AE, the transcription results by Automatic Speech Recognition (ASR) systems differ significantly (that is, poor transferability), as different ASR systems use different architectures, parameters, and training datasets. Based on this fact and inspired by Multiversion Programming, we propose a novel audio AE detection approach MVP-Ears, which utilizes the diverse off-the-shelf ASRs to determine whether an audio is an AE. We build the largest audio AE dataset to our knowledge, and the evaluation shows that the detection accuracy reaches 99.88%. While transferable audio AEs are difficult to generate at this moment, they may become a reality in future. We further adapt the idea above to proactively train the detection system for coping with transferable audio AEs. Thus, the proactive detection system is one giant step ahead of attackers working on transferable AEs.
{"title":"A Multiversion Programming Inspired Approach to Detecting Audio Adversarial Examples","authors":"Qiang Zeng, Jianhai Su, Chenglong Fu, Golam Kayas, Lannan Luo","doi":"10.1109/DSN.2019.00019","DOIUrl":"https://doi.org/10.1109/DSN.2019.00019","url":null,"abstract":"Adversarial examples (AEs) are crafted by adding human-imperceptible perturbations to inputs such that a machine-learning based classifier incorrectly labels them. They have become a severe threat to the trustworthiness of machine learning. While AEs in the image domain have been well studied, audio AEs are less investigated. Recently, multiple techniques are proposed to generate audio AEs, which makes countermeasures against them urgent. Our experiments show that, given an audio AE, the transcription results by Automatic Speech Recognition (ASR) systems differ significantly (that is, poor transferability), as different ASR systems use different architectures, parameters, and training datasets. Based on this fact and inspired by Multiversion Programming, we propose a novel audio AE detection approach MVP-Ears, which utilizes the diverse off-the-shelf ASRs to determine whether an audio is an AE. We build the largest audio AE dataset to our knowledge, and the evaluation shows that the detection accuracy reaches 99.88%. While transferable audio AEs are difficult to generate at this moment, they may become a reality in future. We further adapt the idea above to proactively train the detection system for coping with transferable audio AEs. Thus, the proactive detection system is one giant step ahead of attackers working on transferable AEs.","PeriodicalId":271955,"journal":{"name":"2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"384 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-12-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123355732","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Zhongshu Gu, H. Jamjoom, D. Su, Heqing Huang, Jialong Zhang, Tengfei Ma, D. Pendarakis, Ian Molloy
Distributed collaborative learning (DCL) paradigms enable building joint machine learning models from distrusted multi-party participants. Data confidentiality is guaranteed by retaining private training data on each participant's local infrastructure. However, this approach makes today's DCL design fundamentally vulnerable to data poisoning and backdoor attacks. It limits DCL's model accountability, which is key to backtracking problematic training data instances and their responsible contributors. In this paper, we introduce CALTRAIN, a centralized collaborative learning system that simultaneously achieves data confidentiality and model accountability. CALTRAIN enforces isolated computation via secure enclaves on centrally aggregated training data to guarantee data confidentiality. To support building accountable learning models, we securely maintain the links between training instances and their contributors. Our evaluation shows that the models generated by CALTRAIN can achieve the same prediction accuracy when compared to the models trained in non-protected environments. We also demonstrate that when malicious training participants tend to implant backdoors during model training, CALTRAIN can accurately and precisely discover the poisoned or mislabeled training data that lead to the runtime mispredictions.
{"title":"Reaching Data Confidentiality and Model Accountability on the CalTrain","authors":"Zhongshu Gu, H. Jamjoom, D. Su, Heqing Huang, Jialong Zhang, Tengfei Ma, D. Pendarakis, Ian Molloy","doi":"10.1109/DSN.2019.00044","DOIUrl":"https://doi.org/10.1109/DSN.2019.00044","url":null,"abstract":"Distributed collaborative learning (DCL) paradigms enable building joint machine learning models from distrusted multi-party participants. Data confidentiality is guaranteed by retaining private training data on each participant's local infrastructure. However, this approach makes today's DCL design fundamentally vulnerable to data poisoning and backdoor attacks. It limits DCL's model accountability, which is key to backtracking problematic training data instances and their responsible contributors. In this paper, we introduce CALTRAIN, a centralized collaborative learning system that simultaneously achieves data confidentiality and model accountability. CALTRAIN enforces isolated computation via secure enclaves on centrally aggregated training data to guarantee data confidentiality. To support building accountable learning models, we securely maintain the links between training instances and their contributors. Our evaluation shows that the models generated by CALTRAIN can achieve the same prediction accuracy when compared to the models trained in non-protected environments. We also demonstrate that when malicious training participants tend to implant backdoors during model training, CALTRAIN can accurately and precisely discover the poisoned or mislabeled training data that lead to the runtime mispredictions.","PeriodicalId":271955,"journal":{"name":"2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130955523","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Ankush Desai, Shromona Ghosh, S. Seshia, N. Shankar, A. Tiwari
The recent drive towards achieving greater autonomy and intelligence in robotics has led to high levels of complexity. Autonomous robots increasingly depend on third-party off-the-shelf components and complex machine-learning techniques. This trend makes it challenging to provide strong design-time certification of correct operation. To address these challenges, we present SOTER, a robotics programming framework with two key components: (1) a programming language for implementing and testing high-level reactive robotics software, and (2) an integrated runtime assurance (RTA) system that helps enable the use of uncertified components, while still providing safety guarantees. SOTER provides language primitives to declaratively construct a RTA module consisting of an advanced, high-performance controller (uncertified), a safe, lower-performance controller (certified), and the desired safety specification. The framework provides a formal guarantee that a well-formed RTA module always satisfies the safety specification, without completely sacrificing performance by using higher performance uncertified components whenever safe. SOTER allows the complex robotics software stack to be constructed as a composition of RTA modules, where each uncertified component is protected using a RTA module. To demonstrate the efficacy of our framework, we consider a real-world case-study of building a safe drone surveillance system. Our experiments both in simulation and on actual drones show that the SOTER-enabled RTA ensures the safety of the system, including when untrusted third-party components have bugs or deviate from the desired behavior.
{"title":"SOTER: A Runtime Assurance Framework for Programming Safe Robotics Systems","authors":"Ankush Desai, Shromona Ghosh, S. Seshia, N. Shankar, A. Tiwari","doi":"10.1109/DSN.2019.00027","DOIUrl":"https://doi.org/10.1109/DSN.2019.00027","url":null,"abstract":"The recent drive towards achieving greater autonomy and intelligence in robotics has led to high levels of complexity. Autonomous robots increasingly depend on third-party off-the-shelf components and complex machine-learning techniques. This trend makes it challenging to provide strong design-time certification of correct operation. To address these challenges, we present SOTER, a robotics programming framework with two key components: (1) a programming language for implementing and testing high-level reactive robotics software, and (2) an integrated runtime assurance (RTA) system that helps enable the use of uncertified components, while still providing safety guarantees. SOTER provides language primitives to declaratively construct a RTA module consisting of an advanced, high-performance controller (uncertified), a safe, lower-performance controller (certified), and the desired safety specification. The framework provides a formal guarantee that a well-formed RTA module always satisfies the safety specification, without completely sacrificing performance by using higher performance uncertified components whenever safe. SOTER allows the complex robotics software stack to be constructed as a composition of RTA modules, where each uncertified component is protected using a RTA module. To demonstrate the efficacy of our framework, we consider a real-world case-study of building a safe drone surveillance system. Our experiments both in simulation and on actual drones show that the SOTER-enabled RTA ensures the safety of the system, including when untrusted third-party components have bugs or deviate from the desired behavior.","PeriodicalId":271955,"journal":{"name":"2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115616444","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: