Search

Your search keyword '"Asokan, A"' showing total 15,483 results
Start Over Author "Asokan, A"
15,483 results on '"Asokan, A"'

2. Combining Machine Learning Defenses without Conflicts

Author

Duddu, Vasisht, Zhang, Rui, and Asokan, N.

Subjects
Computer Science - Cryptography and Security, Computer Science - Machine Learning
Abstract

Machine learning (ML) defenses protect against various risks to security, privacy, and fairness. Real-life models need simultaneous protection against multiple different risks which necessitates combining multiple defenses. But combining defenses with conflicting interactions in an ML model can be ineffective, incurring a significant drop in the effectiveness of one or more defenses being combined. Practitioners need a way to determine if a given combination can be effective. Experimentally identifying effective combinations can be time-consuming and expensive, particularly when multiple defenses need to be combined. We need an inexpensive, easy-to-use combination technique to identify effective combinations. Ideally, a combination technique should be (a) accurate (correctly identifies whether a combination is effective or not), (b) scalable (allows combining multiple defenses), (c) non-invasive (requires no change to the defenses being combined), and (d) general (is applicable to different types of defenses). Prior works have identified several ad-hoc techniques but none satisfy all the requirements above. We propose a principled combination technique, Def\Con, to identify effective defense combinations. Def\Con meets all requirements, achieving 90% accuracy on eight combinations explored in prior work and 81% in 30 previously unexplored combinations that we empirically evaluate in this paper.

Published
2024

3. FedRISE: Rating Induced Sign Election of Gradients for Byzantine Tolerant Federated Aggregation

Author

Benjamin, Joseph Geo, Asokan, Mothilal, Yaqub, Mohammad, and Nandakumar, Karthik

Subjects
Computer Science - Computer Vision and Pattern Recognition, Computer Science - Cryptography and Security
Abstract

One of the most common defense strategies against model poisoning in federated learning is to employ a robust aggregator mechanism that makes the training more resilient. Many of the existing Byzantine robust aggregators provide theoretical guarantees and are empirically effective against certain categories of attacks. However, we observe that certain high-strength attacks can subvert the aggregator and collapse the training. In addition, most aggregators require identifying tolerant settings to converge. Impact of attacks becomes more pronounced when the number of Byzantines is near-majority, and becomes harder to evade if the attacker is omniscient with access to data, honest updates and aggregation methods. Motivated by these observations, we develop a robust aggregator called FedRISE for cross-silo FL that is consistent and less susceptible to poisoning updates by an omniscient attacker. The proposed method explicitly determines the optimal direction of each gradient through a sign-voting strategy that uses variance-reduced sparse gradients. We argue that vote weighting based on the cosine similarity of raw gradients is misleading, and we introduce a sign-based gradient valuation function that ignores the gradient magnitude. We compare our method against 8 robust aggregators under 6 poisoning attacks on 3 datasets and architectures. Our results show that existing robust aggregators collapse for at least some attacks under severe settings, while FedRISE demonstrates better robustness because of a stringent gradient inclusion formulation., Comment: This is a work under submission/review process

Published
2024

4. CROSS-JEM: Accurate and Efficient Cross-encoders for Short-text Ranking Tasks

Author

Paliwal, Bhawna, Saini, Deepak, Dhawan, Mudit, Asokan, Siddarth, Natarajan, Nagarajan, Aggarwal, Surbhi, Malhotra, Pankaj, Jiao, Jian, and Varma, Manik

Subjects
Computer Science - Information Retrieval
Abstract

Ranking a set of items based on their relevance to a given query is a core problem in search and recommendation. Transformer-based ranking models are the state-of-the-art approaches for such tasks, but they score each query-item independently, ignoring the joint context of other relevant items. This leads to sub-optimal ranking accuracy and high computational costs. In response, we propose Cross-encoders with Joint Efficient Modeling (CROSS-JEM), a novel ranking approach that enables transformer-based models to jointly score multiple items for a query, maximizing parameter utilization. CROSS-JEM leverages (a) redundancies and token overlaps to jointly score multiple items, that are typically short-text phrases arising in search and recommendations, and (b) a novel training objective that models ranking probabilities. CROSS-JEM achieves state-of-the-art accuracy and over 4x lower ranking latency over standard cross-encoders. Our contributions are threefold: (i) we highlight the gap between the ranking application's need for scoring thousands of items per query and the limited capabilities of current cross-encoders; (ii) we introduce CROSS-JEM for joint efficient scoring of multiple items per query; and (iii) we demonstrate state-of-the-art accuracy on standard public datasets and a proprietary dataset. CROSS-JEM opens up new directions for designing tailored early-attention-based ranking models that incorporate strict production constraints such as item multiplicity and latency.

Published
2024

5. Leveraging Self-Supervised Learning for Fetal Cardiac Planes Classification using Ultrasound Scan Videos

Author

Benjamin, Joseph Geo, Asokan, Mothilal, Alhosani, Amna, Alasmawi, Hussain, Diehl, Werner Gerhard, Bricker, Leanne, Nandakumar, Karthik, and Yaqub, Mohammad

Subjects
Electrical Engineering and Systems Science - Image and Video Processing, Computer Science - Artificial Intelligence, Computer Science - Computer Vision and Pattern Recognition, Computer Science - Machine Learning
Abstract

Self-supervised learning (SSL) methods are popular since they can address situations with limited annotated data by directly utilising the underlying data distribution. However, the adoption of such methods is not explored enough in ultrasound (US) imaging, especially for fetal assessment. We investigate the potential of dual-encoder SSL in utilizing unlabelled US video data to improve the performance of challenging downstream Standard Fetal Cardiac Planes (SFCP) classification using limited labelled 2D US images. We study 7 SSL approaches based on reconstruction, contrastive loss, distillation, and information theory and evaluate them extensively on a large private US dataset. Our observations and findings are consolidated from more than 500 downstream training experiments under different settings. Our primary observation shows that for SSL training, the variance of the dataset is more crucial than its size because it allows the model to learn generalisable representations, which improve the performance of downstream tasks. Overall, the BarlowTwins method shows robust performance, irrespective of the training settings and data variations, when used as an initialisation for downstream tasks. Notably, full fine-tuning with 1% of labelled data outperforms ImageNet initialisation by 12% in F1-score and outperforms other SSL initialisations by at least 4% in F1-score, thus making it a promising candidate for transfer learning from US video to image data., Comment: Simplifying Medical Ultrasound: 4th International Workshop, ASMUS 2023, Held in Conjunction with MICCAI 2023, Vancouver, BC, Canada, October 8, 2023, Proceedings

Published
2024
Full Text
View/download PDF

6. A Federated Learning-Friendly Approach for Parameter-Efficient Fine-Tuning of SAM in 3D Segmentation

Author

Asokan, Mothilal, Benjamin, Joseph Geo, Yaqub, Mohammad, and Nandakumar, Karthik

Subjects
Computer Science - Computer Vision and Pattern Recognition, Computer Science - Artificial Intelligence, Computer Science - Machine Learning, Electrical Engineering and Systems Science - Image and Video Processing
Abstract

Adapting foundation models for medical image analysis requires finetuning them on a considerable amount of data because of extreme distribution shifts between natural (source) data used for pretraining and medical (target) data. However, collecting task-specific medical data for such finetuning at a central location raises many privacy concerns. Although Federated learning (FL) provides an effective means for training on private decentralized data, communication costs in federating large foundation models can quickly become a significant bottleneck, impacting the solution's scalability. In this work, we address this problem of efficient communication while ensuring effective learning in FL by combining the strengths of Parameter-Efficient Fine-tuning (PEFT) with FL. Specifically, we study plug-and-play Low-Rank Adapters (LoRA) in a federated manner to adapt the Segment Anything Model (SAM) for 3D medical image segmentation. Unlike prior works that utilize LoRA and finetune the entire decoder, we critically analyze the contribution of each granular component of SAM on finetuning performance. Thus, we identify specific layers to be federated that are very efficient in terms of communication cost while producing on-par accuracy. Our experiments show that retaining the parameters of the SAM model (including most of the decoder) in their original state during adaptation is beneficial because fine-tuning on small datasets tends to distort the inherent capabilities of the underlying foundation model. On Fed-KiTS, our approach decreases communication cost (~48x) compared to full fine-tuning while increasing performance (~6% Dice score) in 3D segmentation tasks. Our approach performs similar to SAMed while achieving ~2.8x reduction in communication and parameters to be finetuned. We further validate our approach with experiments on Fed-IXI and Prostate MRI datasets.

Published
2024

7. Laminator: Verifiable ML Property Cards using Hardware-assisted Attestations

Author

Duddu, Vasisht, Järvinen, Oskari, Gunn, Lachlan J, and Asokan, N

Subjects
Computer Science - Cryptography and Security
Abstract

Regulations increasingly call for various assurances from machine learning (ML) model providers about their training data, training process, and the behavior of resulting models during inference. For better transparency, companies (e.g., Huggingface and Google) have adopted model cards and datasheets which describe different properties of the training datasets and models. In the same vein, we introduce the notion of an inference card to describe the properties of a given inference (e.g., binding output to the model and its corresponding input). We collectively refer to these as ML property cards. A malicious model provider can include false information in ML property cards, raising a need for verifiable ML property cards. We show how to realized them using property attestation, technical mechanisms by which a prover (e.g., a model provider) can attest different ML properties during training and inference to a verifier (e.g., an auditor). However, prior attestation mechanisms based purely on cryptography are often narrowly focused (lacking versatility) and inefficient. There is a need to efficiently attest different types properties across the ML model training and inference pipeline. Recent developments make it possible to run and even train models inside hardware-assisted trusted execution environments (TEEs), which can provide highly efficient attestation. We propose Laminator, the first framework for verifiable ML property cards using hardware-assisted ML property attestations to efficiently furnish attestations for various ML properties for training and inference. It scales to multiple verifiers, and is independent of the model configuration.

Published
2024

8. BliMe Linter

Author

ElAtali, Hossam, Duan, Xiaohe, Liljestrand, Hans, Xu, Meng, and Asokan, N.

Subjects
Computer Science - Cryptography and Security
Abstract

Outsourced computation presents a risk to the confidentiality of clients' sensitive data since they have to trust that the service providers will not mishandle this data. Blinded Memory (BliMe) is a set of hardware extensions that addresses this problem by using hardware-based taint tracking to keep track of sensitive client data and enforce a security policy that prevents software from leaking this data, either directly or through side channels. Since programs can leak sensitive data through timing channels and memory access patterns when this data is used in control-flow or memory access instructions, BliMe prohibits such unsafe operations and only allows constant-time code to operate on sensitive data. The question is how a developer can confirm that their code will run correctly on BliMe. While a program can be manually checked to see if it is constant-time, this process is tedious and error-prone. In this paper, we introduce the BliMe linter, a set of compiler extensions built on top of SVF that analyze LLVM bitcode to identify possible BliMe violations. We evaluate the BliMe linter analytically and empirically and show that it is sound.

Published
2024

9. Cancellable Memory Requests: A transparent, lightweight Spectre mitigation

Author

ElAtali, Hossam and Asokan, N.

Subjects
Computer Science - Cryptography and Security, Computer Science - Hardware Architecture
Abstract

Speculation is fundamental to achieving high CPU performance, yet it enables vulnerabilities such as Spectre attacks, which remain a significant challenge to mitigate without incurring substantial performance overheads. These attacks typically unfold in three steps: they speculatively access sensitive data (access), alter the cache state (transmit), and then utilize a cache timing attack (e.g., Flush+Reload) to extract the secret (receive). Most Spectre attacks exploit a cache timing side channel during the transmit and receive steps. Our key observation is that Spectre attacks do not require the transmit instruction to complete before mis-prediction is detected and mis-speculated instructions are squashed. Instead, it suffices for the instruction to execute and dispatch a request to the memory hierarchy. Responses from memory that arrive after squashing occurs still alter the cache state, including those related to mis-speculated memory accesses. We therefore propose a novel mitigation technique, Cancellable Memory Requests (CMR), that cancels mis-speculated memory requests. Immediately upon squashing, a cancellation is sent to the cache hierarchy, propagating downstream and preventing any changes to caches that have not yet received a response. This reduces the likelihood of cache state changes, thereby reducing the likelihood of Spectre attacks succeeding. We implement CMR on gem5 and show that it thwarts practical Spectre attacks, and has near-zero performance overheads. We show that CMR can completely thwart Spectre attacks in four real-world processors with realistic system configurations.

Published
2024

10. Unveiling Highly Sensitive Active Site in Atomically Dispersed Gold Catalysts for Enhanced Ethanol Dehydrogenation

Author

Yang, Ji, Zheng, Juan, Dun, Chaochao, Falling, Lorenz J, Zheng, Qi, Chen, Jeng‐Lung, Zhang, Miao, Jaegers, Nicholas R, Asokan, Chithra, Guo, Jinghua, Salmeron, Miquel, Prendergast, David, Urban, Jeffrey J, Somorjai, Gabor A, Guo, Yanbing, and Su, Ji

Subjects
Chemical Sciences, Physical Chemistry, Affordable and Clean Energy, Organic Chemistry, Chemical sciences
Abstract

Abstract: Developing a desirable ethanol dehydrogenation process necessitates a highly efficient and selective catalyst with low cost. Herein, we show that the “complex active site” consisting of atomically dispersed Au atoms with the neighboring oxygen vacancies (Vo) and undercoordinated cation on oxide supports can be prepared and display unique catalytic properties for ethanol dehydrogenation. The “complex active site” Au−Vo−Zr3+ on Au1/ZrO2 exhibits the highest H2 production rate, with above 37,964 mol H2 per mol Au per hour (385 g H2  h−1) at 350 °C, which is 3.32, 2.94 and 15.0 times higher than Au1/CeO2, Au1/TiO2, and Au1/Al2O3, respectively. Combining experimental and theoretical studies, we demonstrate the structural sensitivity of these complex sites by assessing their selectivity and activity in ethanol dehydrogenation. Our study sheds new light on the design and development of cost‐effective and highly efficient catalysts for ethanol dehydrogenation. Fundamentally, atomic‐level catalyst design by colocalizing catalytically active metal atoms forming a structure‐sensitive “complex site”, is a crucial way to advance from heterogeneous catalysis to molecular catalysis. Our study advanced the understanding of the structure sensitivity of the active site in atomically dispersed catalysts.

Published
2024

11. Myocardial infarction causes sex-dependent dysfunction in vagal sensory glutamatergic neurotransmission that is mitigated by 17β-estradiol.

Author

Devarajan, Asokan, Wang, Kerry, Lokhandwala, Zulfiqar, Emamimeybodi, Maryam, Shannon, Kassandra, Tompkins, John, Hevener, Andrea, Lusis, Aldons, Abel, E, and Vaseghi, Marmar

Subjects
Arrhythmias, Cardiology, Cardiovascular disease, Innervation, Animals, Myocardial Infarction, Male, Female, Mice, Estradiol, Vagus Nerve, Synaptic Transmission, Glutamic Acid, Sex Factors, Disease Models, Animal, Oxidative Stress, Mice, Inbred C57BL
Abstract

Parasympathetic dysfunction after chronic myocardial infarction (MI) is known to predispose ventricular tachyarrhythmias (ventricular tachycardia/ventricular fibrillation [VT/VF]). VT/VF after MI is more common in males than females. The mechanisms underlying the decreased vagal tone and the associated sex difference in the occurrence of VT/VF after MI remain elusive. In this study, using optogenetic approaches, we found that responses of glutamatergic vagal afferent neurons were impaired following chronic MI in male mice, leading to reduced reflex efferent parasympathetic function. Molecular analyses of vagal ganglia demonstrated reduced glutamate levels, accompanied by decreased mitochondrial function and impaired redox status in infarcted males versus sham animals. Interestingly, infarcted females demonstrated reduced vagal sensory impairment, associated with greater vagal ganglia glutamate levels and decreased vagal mitochondrial dysfunction and oxidative stress compared with infarcted males. Treatment with 17β-estradiol mitigated this pathological remodeling and improved vagal neurotransmission in infarcted male mice. These data suggest that a decrease in efferent vagal tone following MI results from reduced glutamatergic afferent vagal signaling that may be due to impaired redox homeostasis in the vagal ganglia, which subsequently leads to pathological remodeling in a sex-dependent manner. Importantly, estrogen prevents pathological remodeling and improves parasympathetic function following MI.

Published
2024

12. Espresso: Robust Concept Filtering in Text-to-Image Models

Author

Das, Anudeep, Duddu, Vasisht, Zhang, Rui, and Asokan, N.

Subjects
Computer Science - Computer Vision and Pattern Recognition, Computer Science - Cryptography and Security
Abstract

Diffusion based text-to-image models are trained on large datasets scraped from the Internet, potentially containing unacceptable concepts (e.g., copyright infringing or unsafe). We need concept removal techniques (CRTs) which are effective in preventing the generation of images with unacceptable concepts, utility-preserving on acceptable concepts, and robust against evasion with adversarial prompts. None of the prior CRTs satisfy all these requirements simultaneously. We introduce Espresso, the first robust concept filter based on Contrastive Language-Image Pre-Training (CLIP). We configure CLIP to identify unacceptable concepts in generated images using the distance of their embeddings to the text embeddings of both unacceptable and acceptable concepts. This lets us fine-tune for robustness by separating the text embeddings of unacceptable and acceptable concepts while preserving their pairing with image embeddings for utility. We present a pipeline to evaluate various CRTs, attacks against them, and show that Espresso, is more effective and robust than prior CRTs, while retaining utility.

Published
2024

13. DeiT-LT Distillation Strikes Back for Vision Transformer Training on Long-Tailed Datasets

Author

Rangwani, Harsh, Mondal, Pradipto, Mishra, Mayank, Asokan, Ashish Ramayee, and Babu, R. Venkatesh

Subjects
Computer Science - Computer Vision and Pattern Recognition, Computer Science - Artificial Intelligence, Computer Science - Machine Learning
Abstract

Vision Transformer (ViT) has emerged as a prominent architecture for various computer vision tasks. In ViT, we divide the input image into patch tokens and process them through a stack of self attention blocks. However, unlike Convolutional Neural Networks (CNN), ViTs simple architecture has no informative inductive bias (e.g., locality,etc. ). Due to this, ViT requires a large amount of data for pre-training. Various data efficient approaches (DeiT) have been proposed to train ViT on balanced datasets effectively. However, limited literature discusses the use of ViT for datasets with long-tailed imbalances. In this work, we introduce DeiT-LT to tackle the problem of training ViTs from scratch on long-tailed datasets. In DeiT-LT, we introduce an efficient and effective way of distillation from CNN via distillation DIST token by using out-of-distribution images and re-weighting the distillation loss to enhance focus on tail classes. This leads to the learning of local CNN-like features in early ViT blocks, improving generalization for tail classes. Further, to mitigate overfitting, we propose distilling from a flat CNN teacher, which leads to learning low-rank generalizable features for DIST tokens across all ViT blocks. With the proposed DeiT-LT scheme, the distillation DIST token becomes an expert on the tail classes, and the classifier CLS token becomes an expert on the head classes. The experts help to effectively learn features corresponding to both the majority and minority classes using a distinct set of tokens within the same ViT architecture. We show the effectiveness of DeiT-LT for training ViT from scratch on datasets ranging from small-scale CIFAR-10 LT to large-scale iNaturalist-2018., Comment: CVPR 2024. Project Page: https://rangwani-harsh.github.io/DeiT-LT

Published
2024

14. Experimental realization of universal quantum gates and six-qubit state using photonic quantum walk

Author

Sengupta, Kanad, Shafi, K. Muhammed, Dinesh, S. P., Asokan, Soumya, and Chandrashekar, C. M.

Subjects
Quantum Physics
Abstract

Controlled quantum walk forms the basis for various quantum algorithm and quantum simulation schemes. Though theoretical proposals are also available to realize universal quantum computation using quantum walks, no experimental demonstration of universal set of gates has been reported. Here we report the experimental realize of universal set of quantum gates using photonic quantum walk. Taking cue from the discrete-time quantum walk formalism, we encode multiple qubits using polarization and paths degree of freedom for photon and demonstrate realization of universal set of gates with 100\% success probability and high fidelity, as characterised by quantum state tomography. For a 3-qubit system we encode first qubit with $H$ and $V-$polarization of photon and path information for the second and third qubit, closely resembling a Mach-Zehnder interference setup. To generate a 6-qubit system and demonstrate 6-qubit GHZ state, entangled photon pairs are used as source to two 3-qubit systems. We also provide insights into the mapping of quantum circuits to quantum walk operations on photons and way to resourcefully scale. This work marks a significant progress towards using photonic quantum walk for quantum computing. It also provides a framework for photonic quantum computing using lesser number of photons in combination with path degree of freedom to increase the success rate of multi-qubit gate operations., Comment: 13 pages, 8 figures. Tomography figures for all gate operations are available upon request

Published
2024

20. SeMalloc: Semantics-Informed Memory Allocator

Author

Wang, Ruizhe, Xu, Meng, and Asokan, N.

Subjects
Computer Science - Cryptography and Security
Abstract

Use-after-free (UAF) is a critical and prevalent problem in memory unsafe languages. While many solutions have been proposed, balancing security, run-time cost, and memory overhead (an impossible trinity) is hard. In this paper, we show one way to balance the trinity by passing more semantics about the heap object to the allocator for it to make informed allocation decisions. More specifically, we propose a new notion of thread-, context-, and flow-sensitive "type", SemaType, to capture the semantics and prototype a SemaType-based allocator that aims for the best trade-off amongst the impossible trinity. In SeMalloc, only heap objects allocated from the same call site and via the same function call stack can possibly share a virtual memory address, which effectively stops type-confusion attacks and makes UAF vulnerabilities harder to exploit. Through extensive empirical evaluation, we show that SeMalloc is realistic: (a) SeMalloc is effective in thwarting all real-world vulnerabilities we tested; (b) benchmark programs run even slightly faster with SeMalloc than the default heap allocator, at a memory overhead averaged from 41% to 84%; and (c) SeMalloc balances security and overhead strictly better than other closely related works., Comment: Accepted to ACM CCS 2024, camera-ready version under preparation

Published
2024

21. S2malloc: Statistically Secure Allocator for Use-After-Free Protection And More

Author

Wang, Ruizhe, Xu, Meng, and Asokan, N.

Subjects
Computer Science - Cryptography and Security
Abstract

Attacks on heap memory, encompassing memory overflow, double and invalid free, use-after-free (UAF), and various heap spraying techniques are ever-increasing. Existing entropy-based secure memory allocators provide statistical defenses against virtually all of these attack vectors. Although they claim protections against UAF attacks, their designs are not tailored to detect (failed) attempts. Consequently, to beat this entropy-based protection, an attacker can simply launch the same attack repeatedly with the potential use of heap spraying to further improve their chance of success. We introduce S2malloc, aiming to enhance UAF-attempt detection without compromising other security guarantees or introducing significant performance overhead. To achieve this, we use three innovative constructs in secure allocator design: free block canaries (FBC) to detect UAF attempts, random in-block offset (RIO) to stop the attacker from accurately overwriting the victim object, and random bag layout (RBL) to impede attackers from estimating the block size based on its address. We show that (a) by reserving 25% of the object size for the RIO offset, an 8-byte canary offers a 69% protection rate if the attacker reuses the same pointer and 96% protection rate if the attacker does not, against UAF exploitation attempts targeting a 64 bytes object, with equal or higher security guarantees against all other attacks; and (b) S2malloc is practical, with only a 2.8% run-time overhead on PARSEC and an 11.5% overhead on SPEC. Compared to state-of-the-art entropy-based allocators, S2malloc improves UAF-protection without incurring additional performance overhead. Compared to UAF-mitigating allocators, S2malloc trades off a minuscule probability of failed protection for significantly lower overhead., Comment: Accepted at DIMVA 2024, this is the extended version

Published
2024

22. Data-Oblivious ML Accelerators using Hardware Security Extensions

Author

ElAtali, Hossam, Jekel, John Z., Gunn, Lachlan J., and Asokan, N.

Subjects
Computer Science - Cryptography and Security
Abstract

Outsourced computation can put client data confidentiality at risk. Existing solutions are either inefficient or insufficiently secure: cryptographic techniques like fully-homomorphic encryption incur significant overheads, even with hardware assistance, while the complexity of hardware-assisted trusted execution environments has been exploited to leak secret data. Recent proposals such as BliMe and OISA show how dynamic information flow tracking (DIFT) enforced in hardware can protect client data efficiently. They are designed to protect CPU-only workloads. However, many outsourced computing applications, like machine learning, make extensive use of accelerators. We address this gap with Dolma, which applies DIFT to the Gemmini matrix multiplication accelerator, efficiently guaranteeing client data confidentiality, even in the presence of malicious/vulnerable software and side channel attacks on the server. We show that accelerators can allow DIFT logic optimizations that significantly reduce area overhead compared with general-purpose processor architectures. Dolma is integrated with the BliMe framework to achieve end-to-end security guarantees. We evaluate Dolma on an FPGA using a ResNet-50 DNN model and show that it incurs low overheads for large configurations ($4.4\%$, $16.7\%$, $16.5\%$ for performance, resource usage and power, respectively, with a 32x32 configuration).

Published
2024
Full Text
View/download PDF

23. The Spectre of Surveillance and Censorship in Future Internet Architectures

Author

Wrana, Michael, Barradas, Diogo, and Asokan, N.

Subjects
Computer Science - Cryptography and Security, Computer Science - Networking and Internet Architecture
Abstract

Recent initiatives known as Future Internet Architectures (FIAs) seek to redesign the Internet to improve performance, scalability, and security. However, some governments perceive Internet access as a threat to their political standing and engage in widespread network surveillance and censorship. In this paper, we provide an in-depth analysis into the designs of prominent FIAs, to help understand of how FIAs impact surveillance and censorship abilities. Then, we survey the applicability of privacy-enhancing technologies to FIAs. We conclude by providing guidelines for future research into novel FIA-based privacy-enhancing technologies, and recommendations to guide the evaluation of these technologies.

Published
2024

24. Quantum illumination using polarization-entangled photon pairs for enhanced object detection

Author

Sengupta, Kanad, Shafi, K. Muhammed, Asokan, Soumya, and Chandrashekar, C. M.

Subjects
Quantum Physics
Abstract

Entangled light sources for illuminating objects offer advantages over conventional illumination methods by enhancing the detection sensitivity of reflecting objects. The core of the quantum advantage lies in effectively exploiting quantum correlations to isolate noise and detect objects with low reflectivity. This work experimentally demonstrates the benefits of using polarization-entangled photon pairs for quantum illumination and shows that the quantum correlation measure, using CHSH value and normalized CHSH value, is robust against losses, noise, and depolarization. We report the detection of objects with reflectivity ($\eta$) as low as 0.05 and an object submerged in noise with a signal-to-noise ratio of 0.003 using quantum correlation and residual quantum correlation measures, surpassing previous results. Additionally, we demonstrate that the normalized CHSH value aids in estimating the reflectivity of the detected object. Furthermore, we analyze the robustness of the correlation measure under photon attenuation in atmospheric conditions to show the practical feasibility of real-time applications., Comment: 10 Pages, 8 Figures

Published
2024
Full Text
View/download PDF

25. Employing Approximate Symmetries for Hidden Pole Extraction

Author

Asokan, Anuvind

Subjects
High Energy Physics - Phenomenology, High Energy Physics - Experiment, High Energy Physics - Lattice
Abstract

Recent lattice analyses of the $D\pi$ scattering by Hadron Spectrum Collaboration(HadSpec) report only one pole in the $D_0^*$ channel. This is in odds with the unitarised chiral perturbation theory analyses, which predict the $D_0^*(2300)$ as the interplay of two poles. We provide an explanation for this contradiction $-$ the exsistence of a hidden pole. We further show that the hidden pole can be better extracted from the lattice data by imposing SU(3) flavour constraints on the fitting amplitudes., Comment: The article is submitted for inclusion in the proceedings of the 20th International Conference on Hadron Spectroscopy and Structure (HADRON 2023) held in Genova, Italy, from June 5th to 9th 2023

Published
2023

26. SoK: Unintended Interactions among Machine Learning Defenses and Risks

Author

Duddu, Vasisht, Szyller, Sebastian, and Asokan, N.

Subjects
Computer Science - Cryptography and Security, Computer Science - Machine Learning
Abstract

Machine learning (ML) models cannot neglect risks to security, privacy, and fairness. Several defenses have been proposed to mitigate such risks. When a defense is effective in mitigating one risk, it may correspond to increased or decreased susceptibility to other risks. Existing research lacks an effective framework to recognize and explain these unintended interactions. We present such a framework, based on the conjecture that overfitting and memorization underlie unintended interactions. We survey existing literature on unintended interactions, accommodating them within our framework. We use our framework to conjecture on two previously unexplored interactions, and empirically validate our conjectures., Comment: IEEE Symposium on Security and Privacy (S&P) 2024

Published
2023

28. Occupational Hazards, Associated Ocular Morbidities and Impact of Refractive Safety Eyewear among Agriculture Workers in India - A Two State Study

Author

Janani, Suresh, Krithica, Srinivasan, Saranya, Sachi B., Lakshmi, Shinde, Nivethikka, Ram M. R., Shefali, Jathanna J., Saravanan, Subramaniyam, Eshwari, K., Ve, Ramesh S., and Rashima, Asokan

Subjects
United States. Department of Agriculture -- Analysis, Protective clothing -- Analysis, Agricultural industry -- Analysis, Agriculture -- Analysis, Eyewear industry -- Analysis, Eye -- Medical examination, Environmental issues, Health
Abstract

Context: Agriculture is one of the occupations with the highest risk of injuries and fatalities but the farmers are ignorant about eye care and eye safety. Aim: The current study aims at understanding the occupational hazard and ocular morbidities associated with agriculture and the effect of safety eyewear. Settings and Design: Multicenteric, cross-sectional, observational study was conducted in two states of India: Tamil Nadu and Karnataka. Subjects were agriculture workers recruited by convenience sampling. Methods and Material: The study was done in three phases: Phase 1: Visual task analysis (VTA), Phase 2: Comprehensive eye examination, and Phase 3: Spectacle compliance assessment. The Standard of Living Index scale was administered to assess the socioeconomic status of the participants. Statistical Analysis Used: Descriptive statistics and logistic regression. Results: A study involving 276 workers (39.4% male, 65.2% female) found that VTA agricultural tasks were visually less demanding but hazardous, carrying the risk of ocular and nonocular injuries. Ocular injuries accounted for 9.4% (26 cases), while nonocular injuries accounted for 9.8% (27 cases). Spectacle compliance assessment revealed that 91.8% (157 out of 171 workers) reported improved visual comfort, reduced dust exposure, and enhanced safety with safety eyewear. Conclusions: This study illustrates numerous types of hazards associated with the occupation of farming. The study population had a 9.4% prevalence of ocular injuries. Refractive safety eyewear was reported to improve worker visual comfort. Keywords: Farmers, hazard, ocular injury, ocular morbidities, safety eyewear, Author(s): Suresh Janani [1,2]; Srinivasan Krithica [3]; Sachi B. Saranya [4]; Shinde Lakshmi [5]; Ram M. R. Nivethikka [1]; Jathanna J. Shefali [3]; Subramaniyam Saravanan [4]; K. Eshwari [6]; Ramesh [...]

Published
2024
Full Text
View/download PDF

36. Leveraging Vision-Language Models for Improving Domain Generalization in Image Classification

Author

Addepalli, Sravanti, Asokan, Ashish Ramayee, Sharma, Lakshay, and Babu, R. Venkatesh

Subjects
Computer Science - Computer Vision and Pattern Recognition
Abstract

Vision-Language Models (VLMs) such as CLIP are trained on large amounts of image-text pairs, resulting in remarkable generalization across several data distributions. However, in several cases, their expensive training and data collection/curation costs do not justify the end application. This motivates a vendor-client paradigm, where a vendor trains a large-scale VLM and grants only input-output access to clients on a pay-per-query basis in a black-box setting. The client aims to minimize inference cost by distilling the VLM to a student model using the limited available task-specific data, and further deploying this student model in the downstream application. While naive distillation largely improves the In-Domain (ID) accuracy of the student, it fails to transfer the superior out-of-distribution (OOD) generalization of the VLM teacher using the limited available labeled images. To mitigate this, we propose Vision-Language to Vision - Align, Distill, Predict (VL2V-ADiP), which first aligns the vision and language modalities of the teacher model with the vision modality of a pre-trained student model, and further distills the aligned VLM representations to the student. This maximally retains the pre-trained features of the student, while also incorporating the rich representations of the VLM image encoder and the superior generalization of the text embeddings. The proposed approach achieves state-of-the-art results on the standard Domain Generalization benchmarks in a black-box teacher setting as well as a white-box setting where the weights of the VLM are accessible., Comment: Project page: http://val.cds.iisc.ac.in/VL2V-ADiP/

Published
2023

40. Influence of maternal attention-deficit hyperactive disorder on child dental neglect – An analytical cross-sectional study

Author

Yazhini Selvaraj, P. R. Geethapriya, Sharath Asokan, Yogesh Kumar Thoppe-Dhamodharan, and Sudhandra Viswanath

Subjects
attention-deficit hyperactivity disorder, dental care for children, adhd, Dentistry, RK1-715
Abstract

Background: Attention-deficit hyperactivity disorder (ADHD) is a condition that is characterized by symptoms such as inattentiveness, hyperactivity, and impulsivity. The influence of mothers with ADHD and their attitude towards their wards’ oral health has not been explored in the Indian scenario. AIM: The aim of this study was to assess the prevalence of ADHD in mother–child dyads in western Tamil Nadu and the mothers’ dental neglect toward their children. Methodology: The prevalence of ADHD in mothers and children was assessed using the Adult ADHD Self-report Scale screener and ADHD Rating Scale, respectively. The Child Dental Neglect Scale (CDNS) was used to assess dental neglect in children. The responses were recorded on a Likert scale and statistical analyses were done. Results: The prevalence of ADHD in mothers and children was 10.65% and 10.57%, respectively. The impulsivity and hyperactivity type of ADHD was commonly seen in both the mothers and their children. Mothers without ADHD felt that their children maintained their oral health well. Mothers with ADHD deferred the needed dental treatment for their children. Conclusion: Mothers with ADHD have four times more risk of having children with ADHD. Maternal ADHD influences their child’s oral health. Child dental neglect was more prevalent among mothers with ADHD.

Published
2024
Full Text
View/download PDF

41. Influence of maternal attention-deficit hyperactive disorder on child dental neglect - An analytical cross-sectional study

Author

Selvaraj, Yazhini, Geethapriya, P. R., Asokan, Sharath, Thoppe-Dhamodharan, Yogesh Kumar, and Viswanath, Sudhandra

Subjects
Toothbrushing -- Analysis, Attention-deficit hyperactivity disorder -- Analysis, Children -- Health aspects
Abstract

ABSTRACT Background: Attention-deficit hyperactivity disorder (ADHD) is a condition that is characterized by symptoms such as inattentiveness, hyperactivity, and impulsivity. The influence of mothers with ADHD and their attitude towards their wards' oral health has not been explored in the Indian scenario. Aim: The aim of this study was to assess the prevalence of ADHD in mother-child dyads in western Tamil Nadu and the mothers' dental neglect toward their children. Methodology: The prevalence of ADHD in mothers and children was assessed using the Adult ADHD Self-report Scale screener and ADHD Rating Scale, respectively. The Child Dental Neglect Scale (CDNS) was used to assess dental neglect in children. The responses were recorded on a Likert scale and statistical analyses were done. Results: The prevalence of ADHD in mothers and children was 10.65 and 10.57, respectively. The impulsivity and hyperactivity type of ADHD was commonly seen in both the mothers and their children. Mothers without ADHD felt that their children maintained their oral health well. Mothers with ADHD deferred the needed dental treatment for their children. Conclusion: Mothers with ADHD have four times more risk of having children with ADHD. Maternal ADHD influences their child's oral health. Child dental neglect was more prevalent among mothers with ADHD. Keywords: Attention-deficit hyperactivity disorder, dental care for children, ADHD, Author(s): Yazhini Selvaraj [1]; P. R. Geethapriya (corresponding author) [1]; Sharath Asokan [1]; Yogesh Kumar Thoppe-Dhamodharan [1]; Sudhandra Viswanath [1] Introduction Attention-deficit hyperactivity disorder (ADHD) is a neurodevelopmental disorder that [...]

Published
2024
Full Text
View/download PDF

42. Domain-Specificity Inducing Transformers for Source-Free Domain Adaptation

Author

Sanyal, Sunandini, Asokan, Ashish Ramayee, Bhambri, Suvaansh, Kulkarni, Akshay, Kundu, Jogendra Nath, and Babu, R. Venkatesh

Subjects
Computer Science - Computer Vision and Pattern Recognition
Abstract

Conventional Domain Adaptation (DA) methods aim to learn domain-invariant feature representations to improve the target adaptation performance. However, we motivate that domain-specificity is equally important since in-domain trained models hold crucial domain-specific properties that are beneficial for adaptation. Hence, we propose to build a framework that supports disentanglement and learning of domain-specific factors and task-specific factors in a unified model. Motivated by the success of vision transformers in several multi-modal vision problems, we find that queries could be leveraged to extract the domain-specific factors. Hence, we propose a novel Domain-specificity-inducing Transformer (DSiT) framework for disentangling and learning both domain-specific and task-specific factors. To achieve disentanglement, we propose to construct novel Domain-Representative Inputs (DRI) with domain-specific information to train a domain classifier with a novel domain token. We are the first to utilize vision transformers for domain adaptation in a privacy-oriented source-free setting, and our approach achieves state-of-the-art performance on single-source, multi-source, and multi-target benchmarks, Comment: ICCV 2023. Project page: http://val.cds.iisc.ac.in/DSiT-SFDA

Published
2023

43. Attesting Distributional Properties of Training Data for Machine Learning

Author

Duddu, Vasisht, Das, Anudeep, Khayata, Nora, Yalame, Hossein, Schneider, Thomas, and Asokan, N.

Subjects
Computer Science - Cryptography and Security, Computer Science - Machine Learning
Abstract

The success of machine learning (ML) has been accompanied by increased concerns about its trustworthiness. Several jurisdictions are preparing ML regulatory frameworks. One such concern is ensuring that model training data has desirable distributional properties for certain sensitive attributes. For example, draft regulations indicate that model trainers are required to show that training datasets have specific distributional properties, such as reflecting diversity of the population. We propose the notion of property attestation allowing a prover (e.g., model trainer) to demonstrate relevant distributional properties of training data to a verifier (e.g., a customer) without revealing the data. We present an effective hybrid property attestation combining property inference with cryptographic mechanisms., Comment: European Symposium on Research in Computer Security (ESORICS), 2024

Published
2023

44. A User-centered Security Evaluation of Copilot

Author

Asare, Owura, Nagappan, Meiyappan, and Asokan, N.

Subjects
Computer Science - Software Engineering, Computer Science - Cryptography and Security
Abstract

Code generation tools driven by artificial intelligence have recently become more popular due to advancements in deep learning and natural language processing that have increased their capabilities. The proliferation of these tools may be a double-edged sword because while they can increase developer productivity by making it easier to write code, research has shown that they can also generate insecure code. In this paper, we perform a user-centered evaluation GitHub's Copilot to better understand its strengths and weaknesses with respect to code security. We conduct a user study where participants solve programming problems (with and without Copilot assistance) that have potentially vulnerable solutions. The main goal of the user study is to determine how the use of Copilot affects participants' security performance. In our set of participants (n=25), we find that access to Copilot accompanies a more secure solution when tackling harder problems. For the easier problem, we observe no effect of Copilot access on the security of solutions. We also observe no disproportionate impact of Copilot use on particular kinds of vulnerabilities. Our results indicate that there are potential security benefits to using Copilot, but more research is warranted on the effects of the use of code generation tools on technically complex problems with security requirements., Comment: To be published in ICSE 2024 Research Track

Published
2023
Full Text
View/download PDF

45. FLARE: Fingerprinting Deep Reinforcement Learning Agents using Universal Adversarial Masks

Author

Tekgul, Buse G. A. and Asokan, N.

Subjects
Computer Science - Machine Learning, Computer Science - Cryptography and Security
Abstract

We propose FLARE, the first fingerprinting mechanism to verify whether a suspected Deep Reinforcement Learning (DRL) policy is an illegitimate copy of another (victim) policy. We first show that it is possible to find non-transferable, universal adversarial masks, i.e., perturbations, to generate adversarial examples that can successfully transfer from a victim policy to its modified versions but not to independently trained policies. FLARE employs these masks as fingerprints to verify the true ownership of stolen DRL policies by measuring an action agreement value over states perturbed by such masks. Our empirical evaluations show that FLARE is effective (100% action agreement on stolen copies) and does not falsely accuse independent policies (no false positives). FLARE is also robust to model modification attacks and cannot be easily evaded by more informed adversaries without negatively impacting agent performance. We also show that not all universal adversarial masks are suitable candidates for fingerprints due to the inherent characteristics of DRL policies. The spatio-temporal dynamics of DRL problems and sequential decision-making process make characterizing the decision boundary of DRL policies more difficult, as well as searching for universal masks that capture the geometry of it., Comment: Will appear in the proceedings of ACSAC 2023; 14 pages, 6 figures, 8 tables

Published
2023

46. Parallel and Asynchronous Smart Contract Execution

Author

Liu, Jian, Li, Peilun, Raymond~Cheng, Asokan, N., and Song, Dawn

Subjects
Computer Science - Cryptography and Security
Abstract

Today's blockchains suffer from low throughput and high latency, which impedes their widespread adoption of more complex applications like smart contracts. In this paper, we propose a novel paradigm for smart contract execution. It distinguishes between consensus nodes and execution nodes: different groups of execution nodes can execute transactions in parallel; meanwhile, consensus nodes can asynchronously order transactions and process execution results. Moreover, it requires no coordination among execution nodes and can effectively prevent livelocks. We show two ways of applying this paradigm to blockchains. First, we show how we can make Ethereum support parallel and asynchronous contract execution \emph{without hard-forks}. Then, we propose a new public, permissionless blockchain. Our benchmark shows that, with a fast consensus layer, it can provide a high throughput even for complex transactions like Cryptokitties gene mixing. It can also protect simple transactions from being starved by complex transactions.

Published
2023

47. GANs Settle Scores!

Author

Asokan, Siddarth, Shetty, Nishanth, Srikanth, Aadithya, and Seelamantula, Chandra Sekhar

Subjects
Computer Science - Machine Learning, Computer Science - Computer Vision and Pattern Recognition, Statistics - Machine Learning
Abstract

Generative adversarial networks (GANs) comprise a generator, trained to learn the underlying distribution of the desired data, and a discriminator, trained to distinguish real samples from those output by the generator. A majority of GAN literature focuses on understanding the optimality of the discriminator through integral probability metric (IPM) or divergence based analysis. In this paper, we propose a unified approach to analyzing the generator optimization through variational approach. In $f$-divergence-minimizing GANs, we show that the optimal generator is the one that matches the score of its output distribution with that of the data distribution, while in IPM GANs, we show that this optimal generator matches score-like functions, involving the flow-field of the kernel associated with a chosen IPM constraint space. Further, the IPM-GAN optimization can be seen as one of smoothed score-matching, where the scores of the data and the generator distributions are convolved with the kernel associated with the constraint. The proposed approach serves to unify score-based training and existing GAN flavors, leveraging results from normalizing flows, while also providing explanations for empirical phenomena such as the stability of non-saturating GAN losses. Based on these results, we propose novel alternatives to $f$-GAN and IPM-GAN training based on score and flow matching, and discriminator-guided Langevin sampling.

Published
2023

48. Data Interpolants -- That's What Discriminators in Higher-order Gradient-regularized GANs Are

Author

Asokan, Siddarth and Seelamantula, Chandra Sekhar

Subjects
Statistics - Machine Learning, Computer Science - Machine Learning
Abstract

We consider the problem of optimizing the discriminator in generative adversarial networks (GANs) subject to higher-order gradient regularization. We show analytically, via the least-squares (LSGAN) and Wasserstein (WGAN) GAN variants, that the discriminator optimization problem is one of interpolation in $n$-dimensions. The optimal discriminator, derived using variational Calculus, turns out to be the solution to a partial differential equation involving the iterated Laplacian or the polyharmonic operator. The solution is implementable in closed-form via polyharmonic radial basis function (RBF) interpolation. In view of the polyharmonic connection, we refer to the corresponding GANs as Poly-LSGAN and Poly-WGAN. Through experimental validation on multivariate Gaussians, we show that implementing the optimal RBF discriminator in closed-form, with penalty orders $m \approx\lceil \frac{n}{2} \rceil $, results in superior performance, compared to training GAN with arbitrarily chosen discriminator architectures. We employ the Poly-WGAN discriminator to model the latent space distribution of the data with encoder-decoder-based GAN flavors such as Wasserstein autoencoders.

Published
2023

49. Epidermolysis Bullosa Simplex – Dowling-Meara Type: A Case Report in a 10-year-old Boy

Author

Linza P. Zachariah, Betsy Ambooken, Raghavendra Rao, and Neelakandhan Asokan

Subjects
epidermolysis bullosa simplex, dowling-meara, keratin, Dermatology, RL1-803, Pediatrics, RJ1-570
Abstract

Epidermolysis bullosa simplex – Dowling-Meara type (EBS-DM) is characterized by the presence of bullae and vesicles with arcuate borders in a herpetiform manner at the trauma-prone areas of the body since birth. Here we report the clinical course of EBS-DM in a 10-year-old boy. We confirmed the diagnosis by antigen mapping which showed clumping of keratin 14 with decreased staining in few areas.

Published
2024
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results