Ph.D. ResearchProposal Exam: Omid Aramoon

Wednesday, December 15, 2021
10:00 a.m.
AVW 2328
Maria Hoo
301 405 3681
mch@umd.edu

ANNOUNCEMENT: Ph.D. ResearchProposal Exam

 

Name: Omid Aramoon

 

Committee:

Professor Gang Qu (Chair)

Professor Behtash Babadi

Professor Joseph JaJa


Date/Time: Wednesday, December 15, 2021 at 10 am 

 

Location: AVW 2328

 

Title: Intellectual Property Protection: From Integrated Circuits to Machine Learning Models


Abstract:

Due to IT consumerization and emerging convergence applications, there has been an increasing demand for more and more complex functionalities in microelectronics. While the exponential increase in silicon capacity has supported this aspiration, the design productivity offered by automation tools has failed to fully utilize the offered capacity and cope with the increased product complexity. This has created a widening gap between what can be built (silicon capacity) and what can be designed. To make the matter worse, time-to-market for electronics continues to decrease, leaving system designers with less time to develop complex systems.  To shorten system development time and close the design productivity gap, the Intellectual Property (IP) based or IP-reuse design methodology has been proposed and is prevailing. This methodology involves building complex systems from smaller design blocks often obtained from third-party providers.

 

Recently, the Artificial Intelligence (AI) industry has begun embracing a similar methodology to tackle the increasing complexities in the design of cutting-edge AI solutions. Today's AI systems are highly sophisticated artifacts comprised of various Machine Learning (ML) models, each tackling a complex real-world task. Designing and training such advanced models often require significant investment in terms of time, expertise, training data, and computing resources, which may be beyond the capabilities of a company alone. With the scale of AI solutions increasing, ML developers are no longer able to design systems from scratch and thus, have no choice but to rely on proprietary machine learning models - Machine Learning IPs - from third-party providers. As a result, model-reuse is starting to become a common practice in the AI industry.

 

In many respects, model-reuse and IP-reuse are similar; Both aim to reduce the costs and effort involved in designing large-scale systems, and both promote a market environment for sharing design among entities. It should come as no surprise that these paradigms share the same downsides as well. Sharing IPs with other entities in a market environment leaves vendors more vulnerable than ever to infringement activities such as IP theft and copyright violations. Legitimate buyers may reuse a purchased design in unlicensed applications without paying the additional licensing fees. They may illegally re-sell the acquired IP to other entities, or slightly modify the purchased design and redistribute it over the market under a different brand. IP infringements erode the revenue of legitimate vendors which would at the very least disincentivize them to pursue more innovations or worse, even drive them out of business. 

 

Furthermore, lack of transparency in the design process of commercial IPs allows untrusted vendors to embed adversarial content, such as backdoors, into their designs. Backdoors pose a major threat to the security and trust of systems and can cause severe real-world consequences, especially in security- and safety-critical sectors. Unfortunately, such malicious modifications to IPs are not limited to their design phase. An adversary may attempt to tamper with IPs deployed in live systems to make them malfunction.  

Therefore, it is vital that IP users be able to verify and assert the integrity of acquired IPs before and after integration into systems.

 

The primary objective of this proposal is to foster a secure and reliable transaction environment for both proprietary semiconductor and machine learning IPs. I present novel technological methods to protect IP vendors from infringement activities and help IP buyers establish trust in the integrity of purchased IPs. In particular, there are three facets to my research, namely identification of IP owners, tracking IP users, and asserting the integrity of IPs. To this end, IP watermarking techniques are proposed in which the vendor's signature is embedded into the content of IP as proof of authorship. The proposed methods enable vendors to detect the occurrence of infringement and establish ownership over pirated IPs. 

Fingerprinting techniques are proposed to distinguish each IP instance and their corresponding buyer, which would help with identifying the source of violations (dishonest buyers) in case of infringements. Finally, verification and restoration of the integrity of IPs will be investigated.

 

Audience: Graduate  Faculty 

remind we with google calendar

 

March 2024

SU MO TU WE TH FR SA
25 26 27 28 29 1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31 1 2 3 4 5 6
Submit an Event