Graduate Student Talks - Ottawa Room (2nd Floor)
2:00 - 2:50 PM Saturday October 22nd
Approximate Time
Session Title
Speaker
2:00
Secure Namespaced Kernel Audit for Containers​
Despite the wide usage of container-based cloud computing, container auditing for security analysis relies mostly on built-in host audit systems, which often lack the ability to capture high-fidelity container logs. State-of-the-art reference-monitor-based audit techniques greatly improve the quality of audit logs, but their system-wide architecture is too costly to be adapted for individual containers. Moreover, these techniques typically require extensive kernel modifications, making it difficult to deploy in practical settings. We present saBPF (secure audit BPF), an extension of the eBPF framework capable of deploying secure system-level audit mechanisms at the container granularity. We demonstrate the practicality of saBPF in Kubernetes by designing an audit framework, an intrusion detection system, and a lightweight access control mechanism. We evaluate saBPF and show that it is comparable in performance and security guarantees to audit systems from the literature that are implemented directly in the kernel.
Soo Yee
University of British Columbia
2:10
Black Box Auditing of Machine Learning Models
With the large-scale deployment of complex machine learning models in high-stake domains, it becomes increasingly essential to have practical guarantees in place for the degree of training data privacy these models offer while handling sensitive data. Differential privacy provides an upper bound to the privacy guarantees offered by such ML models. On the converse side, auditing makes use of various attack methods to investigate lower bounds to the privacy provided by these models in practice. However, recent work shows that these auditing techniques
require the retraining of the ML models to be audited in order to assess the privacy guarantees they offer. This poses an upfront cost of deployment, or in certain cases alteration in the training pipeline of the ML model. We follow a quantitative and empirical approach to assess the privacy guarantees provided by ML models, and present a black-box privacy auditing mechanism that removes the need to retrain machine learning models as well as the need to know the entire dataset the model was trained on. By this we hope to contribute towards more practical and easy to deploy auditing infrastructures in existing industry based machine learning systems, especially those in a federated learning setting, where various clients may have different constraints in terms of data privacy management laws and/or infrastructural constraints for model retraining.
Mishaal Kazmi
University of British Columbia
2:20
Intrusion Detection System for Self-Driving Laboratories
Self-driving laboratories are at the core of Industry 4.0 that make autonomous discoveries cost and time effective through experiments using robotic arms and cyber-physical system (CPS) devices. Those CPS devices can be connected over the internet or remotely configured by users. Due to the dependence of the CPS devices on networked communication, the attackers are able to carry out security attacks leading to catastrophic outcomes. They can misconfigure the robot arms to break expensive equipment in the lab or misuse the hazardous materials inside the lab to cause explosions. As the first step towards evading these security attacks, we are designing and developing a rule-based intrusion detection system (IDS). Our rule-based IDS encodes human understanding of the behavioral protocols in accordance with the lab workflows to run correct and safe automated experiments. This IDS will flag a state as abnormal if it does not comply with a set of preconfigured rules. Consequently, this allows the system inside the self-driving laboratory to follow the normal behavioral patterns leading to a safe and secure environment for the researchers running the experiments in self-driving laboratories.
Zainab Saeed Wattoo
University of British Columbia
2:30
Deep learning on genetic data with Diet Network and its application to a complex phenotype
The Diet Networks (DN) is a deep learning approach proposed to accommodate the large number of genetic variants (Single Nucleotide Polymorphisms, SNPs) used as input features in prediction problems in genomics. The DN architecture is designed to considerably reduce the
number of free parameters arising from the high number of genetic variants in the first layer of the main network by using an auxiliary network, trained jointly with the main network on a meaningful representation of each SNP, to learn and predict the parameters of the main network’s first layer. The DN architecture, tested on the dataset 1000 Genomes Project, has proven to be effective at determining individuals' population using their SNPs, without overfitting using the SNP frequencies across populations as input in the auxiliary network. We evaluated the generalization capability of the DN, which is crucial given the heterogeneity of genomic data collection protocols and the high number of missing data in genomic datasets, on an independent dataset, the biobank of Quebec CARTaGENE, and showed that the DN can generalize its prediction to a new population never seen during training, the French-Canadian population. We used the Integrated Gradients (IG) attribution method to assess the impact of each SNP on the model’s predictions and showed that removing SNPs with high IG attribution scores leads to a higher loss of accuracy than removing SNPs at random, which indicates that IG identifies SNPs leveraged by the network. The DN was trained to predict the complex phenotype of obesity in a classification task, using ~408K SNPs of ~197K White British individuals from the UKbiobank divided into normal weight and obese classes. SNPs frequencies in normal weight and obese classes were given as input features to the auxiliary network. Our results show that the DN reaches an accuracy on the test set comparable to what
is achieved with current polygenic risk scores based on linear models. We also trained the DN in a regression task to predict human height using White British individuals from the UKBiobank. In this task, we used different SNP representations to train the auxiliary network and to date, using SNPs effects derived from genome wide association studies (GWAS) seems to give the best results for this difficult task. The results obtained on genetic ancestry generalization, obesity and height prediction are promising for predicting other complex phenotypes. The DN needs to be further fine-tuned for complex phenotype prediction, and several improvements to achieve the best possible results will be discussed.
Camille Rochefort-Boulanger1
 Montreal Heart Institute/Mila/Université de Montréal
2:40
Simulation of Covid-19 Propagation on a Multi-layers Social Network Model

The covid-19 pandemic impacted human society during the past few years. Topics on how to eliminate these negative impacts are discussed. In this research, we studied the different factors of a large society with the size of 160000 population to simulate propagation in a country.
We used a multi-layers social network to simulate the covid-19 propagation and discussed different factors to eliminate covid-19 active cases and the loss of labor force. We discussed the impact of different vaccination strategies. We used the Barabasi-Albert graph and relaxed-caveman graph to model the social network, in favor of representing different social connections.
In the research, we discovered that strategically vaccinating priory population groups affect the propagation of the virus. Different lockdown policies do not cause a significant difference in terms of loss of labor force (0.005% to 0.5%). But the total numbers of active cases are different with lockdown rates on an unvaccinated population. Research can suggest the government lockdown and vaccination policy for a better outcome during different periods. This model can also adapt to new studies of the virus on a large population in the future.  
Jojo Duan
Carleton University