MS
About
IBM is proud to sponsor the 34th USENIX Security Symposium in Seattle, WA, USA.
The symposium brings together researchers, practitioners, system programmers, and others interested in the latest advances in the security and privacy of computer systems and networks.
Visit us at the IBM Research table in the exhibitor area to meet with IBM Researchers to speak about our work and future job opportunities.
- Explore all current IBM Research job openings
- Sign up to be notified of future openings by joining our Talent Network.
Keep up with emerging research and scientific developments from IBM Research. Subscribe to the Future Forward Newsletter.
- Description:
Data forging attacks provide counterfactual proof that a model was trained on a given dataset, when in fact, it was trained on another. These attacks work by forging (replacing) mini-batches with ones containing distinct training examples that produce nearly identical gradients. Data forging appears to break any potential avenues for data governance, as adversarial model owners may forge their training set from a dataset that is not compliant to one that is. Given these serious implications on data auditing and compliance, we critically analyse data forging from both a practical and theoretical point of view, finding that a key practical limitation of current attack methods makes them easily detectable by a verifier; namely that they cannot produce sufficiently identical gradients. Theoretically, we analyse the question of whether two distinct mini-batches can produce the same gradient. Generally, we find that while there may exist an infinite number of distinct mini-batches with real-valued training examples and labels that produce the same gradient, finding those that are within the allowed domain e.g. pixel values between 0-255 and one hot labels is a non trivial task. Our results call for the reevaluation of the strength of existing attacks, and for additional research into successful data forging, given the serious consequences it may have on machine learning and privacy.
Authors:AHSKNAManager of AI Security and Privacy Solutions - Senior Research Scientist - Master Inventor, Ph.D.IBMDLDouglas LeithNON-IBM - Description:
Instruction set architectures (ISAs) are complex, with hundreds of registers and instructions that can modify dozens of them during execution, variably on each instance. Prose style ISA specifications struggle to capture these intricacies of the ISAs, where often the important details about a single register are spread out across hundreds of pages of documentation. Ensuring that all ISA-state is swapped in context switch implementations of privileged software requires meticulous examination of these pages. This manual process is tedious and error-prone.
We propose a tool called Sailor that leverages machine-readable ISA specifications written in Sail to automate this task. Sailor determines the ISA-state necessary to swap during the context switch using the data collected from Sail and a novel algorithm to classify ISA-state as security-sensitive.
We use Sailor to assess the context switch code of multiple systems: from regular user process context switching code in the RISC-V Linux kernel, to the enclave context switching code in confidential computing frameworks, Keystone and Komodo. We identify multiple mishandled security-sensitive ISA-state. This research exposes an often overlooked attack surface that stems from mishandled ISA-state, enabling unprivileged adversaries to exploit system vulnerabilities.
Authors:NKNeelu Shivprakash KalaniIBMTBThomas BourgeatNON-IBMGHGuerney HuntIBMWO
Upcoming events
- —
QSim 2025
- New York, USA
- —
IBM at ACS Fall 2025
- Washington, DC, USA and virtual
- —
IBM at KDD 2025
- Toronto, Canada
