Information Flow Control For Secure Machine Learning

Trishita Tiwari

Information flow control allows us to implement strict security properties for any algorithm in terms of which input affects which output. Unfortunately, traditional ML pipelines today are devoid of any such information flow control guarantees—any part of the training corpus can affect any given output, which often leads to inadvertent leakage of sensitive data. This is a major deterrent for training models on sensitive information such as paywalled text, licensed art, etc. We provide a formal definition of security through the lens of non-interference, and then apply our definition in the context of natural language processing to engineer a modified version of Mixture of Experts (MoE) language model as a candidate solution. We then evaluate our candidate solution on a large corpus of text data, demonstrating that our methods yield a median perplexity of 37.3, only 5.9 points worse than the perplexity of a traditional transformer without security properties.

Bio: Trishita is a PhD candidate at Cornell University, working on blending cyber security with Machine Learning under Prof. Edward Suh as part of the Trusted Systems Group in CSL. Her other interests include systems security, web security, hardware security, digital forensics and side channel attacks.