SMILE4KMU: Secure Machine Learning for SMEs

Machine learning (ML) methods are increasingly finding their way into the development processes of small and medium-sized enterprises (SMEs). As a result, they complement their traditional software development and specific value chains. Under the keyword "Secure Software Lifecycle", significant advances have been made in recent years in the secure development of traditional software. This includes a structured approach in software development, aiming to optimize every single development phase concerning secure applications. However, it can be observed that there are so far few comprehensive security approaches for machine learning methods and their integration into development processes. Simultaneously, attacks against phases and methods of machine learning are increasingly being observed in practice and literature.

The goal must therefore be to enable SMEs in particular to:

• secure machine learning processes in a structured and transparent manner
• protect training data and especially their created models, and possibly license them
• implement the above with an economically feasible effort for SMEs.

To achieve these goals, the work of Wibu-Systems focuses on the protection and commercial licensing of the models, examining the phases of the ML lifecycle (MLL) for supportive security measures and appropriate developing solutions. Based on the results of the analysis of potential hazards and requirements from the industry and practical perspectives, options for protecting the integrity and intellectual property of trained models are developed and implemented in a demonstrator / proof of concept. This includes examining the licensing of models, such as (partial) access, selectable granularity, or restriction of access frequency. The model data should be protected with suitable cryptographic methods, both against manipulation and against theft or unauthorized access.

The central research question of "how deeply" security solutions can (and should) be integrated into the MLL is also addressed. Naturally, the file underlying the trained model could be protected with existing products (Wibu-Systems AxProtector for the file and Wibu-Systems CodeMeter for actual access). However, it would be more sensible to define access protection and usage conditions already during the training phase (i.e. before the time-consuming creation of the model) and integrate them into the model. Different options and solutions for this key topic will be explored in the activities undertaken by Wibu-Systems.