Secure Systems Group
Menu×

Machine Learning Property Attestations

Background

Providers of machine-learning (ML)-based services make various claims about their models, e.g., accuracy, fairness, or the provenance and representativeness of the data used to train it. Regulators and potential clients must convince themselves that these claims are accurate. Prior works have used purely ML approaches or cryptographic primitives to prove certain properties, such as distributional properties or proof of training. There is a need to efficiently furnish attestations for different types properties across the ML model training and inference pipeline. We explore different technical mechanisms such as trusted execution environments to furnish such attestations.

Conference/journal paper publications

  • Vasisht Duddu, Oskari Järvinen, Lachlan J. Gunn, N. Asokan. Laminator: Verifiable ML Property Cards using Hardware-assisted Attestations. ACM CODASPY 2025. arXiV preprint arXiv:2406.17548

  • Vasisht Duddu, Anudeep Das, Nora Khayata, Hossein Yalame, Thomas Schneider, N. Asokan: Attesting Distributional Properties of Training Data for Machine Learning. ESORICS 2024. arXiv preprint arXiv:2308.09552

Technical reports

  • Prach Chantasantitam, Adam Ilyas Caulfield, Vasisht Duddu, Lachlan J. Gunn, N. Asokan: PAL*M: Property Attestation for Large Generative Models arXiv preprint arXiv:2601.16199

Posters

  • Vasisht Duddu, Oskari Jarvinen, Lachlan J. Gunn, N. Asokan. Machine Learning Property Attestations using TEEs. pdf. IEEE S&P’24.

Source code