News
Next Seminar on 1.9.2021
Written on 20.08.2021 13:49 by Stella Wohnig
Dear All,
As all slots for the next seminar are already booked and I will be on vacation here is the announcement for the next seminar on 1.9. If you need any changes to this make sure to only contact bamaseminar@cispa.saarland.
Update 2021-08-23: Update information on talk 2.
Session A
Atul Anand Jha - Tejumade Afonja - An Vinh Nguyen Dinh
https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09
Meeting-ID: 967 8620 5841
Kenncode: BT!u5=
Session A:
14:00-14:30
Speaker: Atul Anand Jha
Type of talk: MAster Thesis presentation
Advisor: Dr. Sven Bugiel, Prof. Dr. Cas Cremers
Title: Device Identification and Mutual Attestation
Research Area: Secure and Trusted Computing
Abstract:
In this thesis we propose Device Identification and Mutual Attestation,
DIMA- a hardware-software co-design with minimalist trust
anchor and elaborate key derivation and attestation scheme to prove device identity and
firmware integrity. We perform detailed requirement analysis for implementing DIMA on
generic embedded device and realize a PoC implementation. Along with point-to-point
implementation, we also propose DIMA for device networks with peer-to-peer distributed
attestation models which is the first of it’s kind to the best of our knowledge.
14:30-15:00
Speaker: Tejumade Afonja
Type of talk: Master Intro
Supervisor: Prof. Mario Fritz
Advisor: Dingfan Chen
Title: Learning Generative Models for Tabular Data based on Small Samples
Research Area: Trustworthy Information Processing
Abstract:
Data sharing is vital for the development of machine learning applications in numerous domains but is often hindered by privacy concerns. In many sensitive domains such as banking and healthcare, data is not allowed to be shared in its original form due to privacy regulations. Recent advances in generative modeling have shown promising results in capturing statistical characteristics and generating high-fidelity samples of real-world tabular datasets, presenting a compelling solution to the data privacy challenges – sharing a synthetic dataset instead of the original one. However, existing approaches typically lose their effectiveness in terms of both privacy and utility when dealing with a small-size dataset. It becomes even more problematic when the dataset contains missing values. To this end, a hybrid approach that naturally handles missing values is adopted to leverage external datasets from related but different sources. In this thesis, recent literature on tabular data generation is reviewed. Moreover, a systematic evaluation of state-of-the-art approaches is conducted.
15:00-15:30
Speaker: An Vinh Nguyen Dinh
Type of talk: Master Final
Advisor: Prof. Mario Fritz
Title: Certification of Neural Network Reinforcement Learning Policies based on Randomized Smoothing
Research Area: Trustworthy information processing
Abstract: Although neural networks perform remarkably well on many machine learning tasks, they are shown to be highly vulnerable to adversarial inputs, which are made to fool them while staying natural to humans. Against the attacks, comes the notion of defense: fortifying networks with properties to repel the attacks or to improve their overall robustness to all attacks. This motivates the notion of certification, which is to bound the effect of all attacks against a given network and to help enhance its robustness. Among various certification methods, Randomized Smoothing with its theoretical richness and practical simplicity has arisen as one of the most efficient methods.
While adversarial competition takes place in the field of supervised learning, the domain of Reinforcement Learning has extensively adapted neural networks to its policies. Once more, neural network advantages come with the burden of adversarial competition, as proven by many attacks and defenses on policies emerging in recent years. Unfortunately, robustness certification on policies is still lacking in the literature. With that motivation, we propose several techniques to apply and adapt the Randomized Smoothing method to Reinforcement Learning policies, firstly in a simple environment. We validate our techniques with the robustness of the resulting policies, also in comparison with a standard certification technique. In addition, we discuss several trade-offs and problems we have encountered during adaptation and evaluation.