Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Towards Secure Collaborative AI Service Chains
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science.ORCID iD: 0000-0002-0128-4127
2019 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

At present, Artificial Intelligence (AI) systems have been adopted in many different domains such as healthcare, robotics, automotive, telecommunication systems, security, and finance for integrating intelligence in their services and applications. The intelligent personal assistant such as Siri and Alexa are examples of AI systems making an impact on our daily lives. Since many AI systems are data-driven systems, they require large volumes of data for training and validation, advanced algorithms, computing power and storage in their development process. Collaboration in the AI development process (AI engineering process) will reduce cost and time for the AI applications in the market. However, collaboration introduces the concern of privacy and piracy of intellectual properties, which can be caused by the actors who collaborate in the engineering process.  This work investigates the non-functional requirements, such as privacy and security, for enabling collaboration in AI service chains. It proposes an architectural design approach for collaborative AI engineering and explores the concept of the pipeline (service chain) for chaining AI functions. In order to enable controlled collaboration between AI artefacts in a pipeline, this work makes use of virtualisation technology to define and implement Virtual Premises (VPs), which act as protection wrappers for AI pipelines. A VP is a virtual policy enforcement point for a pipeline and requires access permission and authenticity for each element in a pipeline before the pipeline can be used.  Furthermore, the proposed architecture is evaluated in use-case approach that enables quick detection of design flaw during the initial stage of implementation. To evaluate the security level and compliance with security requirements, threat modeling was used to identify potential threats and vulnerabilities of the system and analyses their possible effects. The output of threat modeling was used to define countermeasure to threats related to unauthorised access and execution of AI artefacts.

Place, publisher, year, edition, pages
Karlskrona: Blekinge Tekniska Högskola, 2019. , p. 146
Series
Blekinge Institute of Technology Licentiate Dissertation Series, ISSN 1650-2140 ; 11
National Category
Telecommunications
Identifiers
URN: urn:nbn:se:bth-18531ISBN: 978-91-7295-381-9 (print)OAI: oai:DiVA.org:bth-18531DiVA, id: diva2:1341533
Presentation
2019-09-10, J1620, Campus Gräsvik, Karlskrona, 12:30 (English)
Opponent
Supervisors
Available from: 2019-08-09 Created: 2019-08-09 Last updated: 2019-08-20Bibliographically approved
List of papers
1. On Resource Description Capabilities of On-Board Tools for Resource Management in Cloud Networking and NFV Infrastructures
Open this publication in new window or tab >>On Resource Description Capabilities of On-Board Tools for Resource Management in Cloud Networking and NFV Infrastructures
Show others...
2016 (English)In: 2016 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS WORKSHOPS (ICC), 2016, p. 442-447Conference paper, Published paper (Refereed)
Abstract [en]

The rapid adoption of networks that are based on "cloudification" and Network Function Virtualisation (NFV) comes from the anticipated high cost savings of up to 70% in their build and operation. The high savings are founded in the use of general standard servers, instead of single-purpose hardware, and by efficiency resource sharing through virtualisation concepts. In this paper, we discuss the capabilities of resource description of "on-board" tools, i.e. using standard Linux commands, to enable OPEX savings. We put a focus on monitoring resources on small time-scales and on the variation observed on such scales. We introduce a QoE-based comparative concept that relates guest and host views on "utilisation" and "load" for the analysis of the variations. We describe the order of variations in "utilisation" and "load" by measurement and by graphical analysis of the measurements. We do these evaluations for different host operating systems and monitoring tools.

Series
IEEE International Conference on Communications Workshops, ISSN 2164-7038
National Category
Communication Systems
Identifiers
urn:nbn:se:bth-11902 (URN)000386326800074 ()978-1-5090-0448-5 (ISBN)
Conference
IEEE International Conference on Communications (ICC), Kuala Lumpur
Note

Held in conjunction with the IEEE International Conference on Communications (ICC 2016)

Available from: 2016-05-21 Created: 2016-05-21 Last updated: 2019-08-09Bibliographically approved
2. Flexible Privacy and High Trust in the Next Generation Internet: The Use Case of a Cloud-based Marketplace for AI
Open this publication in new window or tab >>Flexible Privacy and High Trust in the Next Generation Internet: The Use Case of a Cloud-based Marketplace for AI
2017 (English)Conference paper, Published paper (Refereed)
Abstract [en]

Cloudified architectures facilitate resource ac-cess and sharing which is independent from physical lo-cations. They permit high availability of resources at lowoperational costs. These advantages, however, do not comefor free. End users might fear that they lose control overthe location of their data and, thus, of their autonomy indeciding to whom the data is communicate to. Thus, strongprivacy and trust concerns arise for end users.In this work we will review and investigate privacy andtrust requirements for Cloud systems in general and for acloud-based marketplace (CMP) for AI in particular. We willinvestigate whether and how the current privacy and trustdimensions can be applied to Clouds and for the design ofa CMP. We also propose the concept of a "virtual premise"for enabling "Privacy-by-Design" [1] in Clouds. The ideaof a "virtual premise" might probably not be a universalsolution for any privacy requirement. However, we expectthat it provides flexibility in designing privacy in Cloudsand thus leading to higher trust.

Place, publisher, year, edition, pages
Halmstad university, 2017
Keywords
marketplace, privacy, trust, cloud computing
National Category
Telecommunications
Identifiers
urn:nbn:se:bth-14963 (URN)
Conference
SNCNW - Swedish National Computer Networking Workshop, Halmstad
Projects
Horizon 2020 Bonseyes
Funder
EU, Horizon 2020, 732204
Available from: 2017-07-25 Created: 2017-07-25 Last updated: 2019-08-09Bibliographically approved
3. Privacy and DRM Requirements for Collaborative Development of AI Application
Open this publication in new window or tab >>Privacy and DRM Requirements for Collaborative Development of AI Application
2018 (English)In: ACM International Conference Proceeding Series, 2018, article id 3233268Conference paper, Published paper (Refereed)
Abstract [en]

The use of data is essential for the capabilities of Data-driven Artificial intelligence (AI), Deep Learning and Big Data analysis techniques. This data usage, however, raises intrinsically the concerns on data privacy. In addition, supporting collaborative development of AI applications across organisations has become a major need in AI system design. Digital Rights Management (DRM) is required to protect intellectual property in such collaboration. As a consequence of DRM, privacy threats and privacy-enforcing mechanisms will interact with each other.

This paper describes the privacy and DRM requirements in collaborative AI system design using AI pipelines. It describes the relationships between DRM and privacy and outlines the threats against these non-functional features. Finally, the paper provides first security architecture to protect against the threats on DRM and privacy in collaborative AI design using AI pipelines. 

Keywords
Privacy, DRM, AI, collaborative
National Category
Telecommunications
Identifiers
urn:nbn:se:bth-16867 (URN)10.1145/3230833.3233268 (DOI)978-1-4503-6448-5 (ISBN)
Conference
13th International Conference on Availability, Reliability and Security, ARES 2018; Hamburg; Germany; 27 August 2018 through 30 August
Projects
H2020 Bonseyes
Funder
EU, Horizon 2020, 732204
Available from: 2018-08-14 Created: 2018-08-14 Last updated: 2019-08-09Bibliographically approved
4. Designing a Secure IoT System Architecture from a Virtual Premise for a Collaborative AI Lab
Open this publication in new window or tab >>Designing a Secure IoT System Architecture from a Virtual Premise for a Collaborative AI Lab
2019 (English)Conference paper, Published paper (Refereed)
Abstract [en]

IoT systems are increasingly composed out of flexible, programmable, virtualised, and arbitrarily chained IoT elements and services using portable code. Moreover, they might be sliced, i.e. allowing multiple logical IoT systems (network + application) to run on top of a shared physical network and compute infrastructure. However, implementing and designing particularly security mechanisms for such IoT systems is challenging since a) promising technologies are still maturing, and b) the relationships among the many requirements, technologies and components are difficult to model a-priori.

The aim of the paper is to define design cues for the security architecture and mechanisms of future, virtualised, arbitrarily chained, and eventually sliced IoT systems. Hereby, our focus is laid on the authorisation and authentication of user, host, and code integrity in these virtualised systems. The design cues are derived from the design and implementation of a secure virtual environment for distributed and collaborative AI system engineering using so called AI pipelines. The pipelines apply chained virtual elements and services and facilitate the slicing of the system. The virtual environment is denoted for short as the virtual premise (VP). The use-case of the VP for AI design provides insight into the complex interactions in the architecture, leading us to believe that the VP concept can be generalised to the IoT systems mentioned above. In addition, the use-case permits to derive, implement, and test solutions. This paper describes the flexible architecture of the VP and the design and implementation of access and execution control in virtual and containerised environments. 

Keywords
IoT, AI, Security, Authentication, Collaboration
National Category
Telecommunications
Identifiers
urn:nbn:se:bth-17550 (URN)10.14722/diss.2019.23006 (DOI)1-891562-56-8 (ISBN)
Conference
Workshop on Decentralized IoT Systems and Security (DISS) 24 February 2019, San Diego, CA,
Funder
EU, Horizon 2020, 732204
Available from: 2019-01-30 Created: 2019-01-30 Last updated: 2019-08-09Bibliographically approved

Open Access in DiVA

fulltext(6387 kB)7 downloads
File information
File name FULLTEXT02.pdfFile size 6387 kBChecksum SHA-512
8e9774bb815d8d55770af8532ada132d76c47caececca33894524a8149facef91995d02171c9170f341b1d67728451cc6fbccf42fa68456d7abfada3171717cb
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Ahmadi Mehri, Vida
By organisation
Department of Computer Science
Telecommunications

Search outside of DiVA

GoogleGoogle Scholar
Total: 27 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 172 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf