A zero-trust methodology for security of complex systems with machine learning components

Britta Hale, Douglas L. van Bossuyt, Nikolaos Papakonstantinou, Bryan O'Halloran

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

Abstract

Fuelled by recent technological advances, Machine Learning (ML) is being introduced to safety and security-critical applications like defence systems, financial systems, and autonomous machines. ML components can be used either for processing input data and/or for decision making. The response time and success rate demands are very high and this means that the deployed training algorithms often produce complex models that are not readable and verifiable by humans (like multi layer neural networks). Due to the complexity of these models, achieving complete testing coverage is in most cases not realistically possible. This raises security threats related to the ML components presenting unpredictable behavior due to malicious manipulation (backdoor attacks). This paper proposes a methodology based on established security principles like Zero-Trust and defence-in-depth to help prevent and mitigate the consequences of security threats including ones emerging from ML-based components. The methodology is demonstrated on a case study of an Unmanned Aerial Vehicle (UAV) with a sophisticated Intelligence, Surveillance, and Reconnaissance (ISR) module.

Original languageEnglish
Title of host publication41st Computers and Information in Engineering Conference (CIE)
PublisherAmerican Society of Mechanical Engineers (ASME)
Number of pages14
ISBN (Electronic)9780791885376
DOIs
Publication statusPublished - 17 Nov 2021
MoE publication typeA4 Article in a conference publication
Event41st Computers and Information in Engineering Conference, CIE 2021, Held as Part of the ASME 2021 International Design Engineering Technical Conferences and Computers and Information in Engineering Conference, IDETC-CIE 2021 - Virtual, Online
Duration: 17 Aug 202119 Aug 2021

Publication series

SeriesProceedings of the ASME Design Engineering Technical Conference
Volume2

Conference

Conference41st Computers and Information in Engineering Conference, CIE 2021, Held as Part of the ASME 2021 International Design Engineering Technical Conferences and Computers and Information in Engineering Conference, IDETC-CIE 2021
CityVirtual, Online
Period17/08/2119/08/21

Fingerprint

Dive into the research topics of 'A zero-trust methodology for security of complex systems with machine learning components'. Together they form a unique fingerprint.

Cite this