[Colloquium] Tejas Kannan Candidacy Exam/May 26, 2023

Fri May 12 13:13:05 CDT 2023

This is an announcement of Tejas Kannan's Candidacy Exam.
===============================================
Candidate: Tejas Kannan

Date: Friday, May 26, 2023

Time:  1 pm CST

Location: JCL 298

Title: Privacy, Error, and Energy Tradeoffs in Adaptive Systems for Embedded Sensing Devices

Abstract: Battery-powered embedded sensing devices operate under energy constraints, and devices seek methods to manage their energy consumption. Adaptive algorithms are an emerging method to perform this management. Adaptive systems meet device constraints by optimizing the tradeoff between system performance (e.g., error) and energy. This thesis argues that this two-dimensional tradeoff space is insufficient, and embedded systems must also explicitly consider data privacy when using adaptive algorithms.
Adaptive systems rely on data-dependent behavior. That is, they determine when to conserve resources using the properties of the collected measurements. We highlight this design through a novel adaptive system that performs recurrent neural network (RNN) inference under dynamic energy budgets. This system, called Budget RNNs, uses a new hierarchical architecture where each level processes a subsequence. The system saves energy by subsampling and uses runtime feedback to alter the sampling behavior in a data-dependent manner. Under various energy constraints, Budget RNNs achieve a mean accuracy of 1.5 points higher than prior RNNs.
The data-dependent behavior of adaptive systems such as Budget RNNs creates a problem when viewing these systems from a new perspective: privacy. As adaptive systems tie their behavior to the collected measurements, an attacker observing the system's behavior through a side-channel can learn about the captured values. We demonstrate this problem by presenting two new side-channel attacks and defenses. The first attack uses the communication volume of embedded devices employing adaptive sampling to learn about the captured data. The second attack exploits the exit decisions of adaptive, multi-exit neural networks to expose the system's predictions. In both settings, we develop defenses that eliminate information leakage and incur negligible overhead, all while continuing to achieve better system performance (e.g., error) than non-adaptive algorithms. These properties make our security measures suitable under the constraints of low-power devices. With these techniques, privacy-conscious embedded sensing systems can safely benefit from adaptive behavior.

Advisors: Hank Hoffmann

Committee Members: Hank Hoffmann, Nick Feamster, and Sanjay Krishnan