Overview of Research Areas and Projects

The rapid progress of deep-learning techniques has enabled many emerging artificial intelligence applications, and there is a tremendous demand for running these applications on mobile devices. However, deep-learning models are by nature computationally intensive, making them challenging to deploy on battery-powered mobile devices. This research investigates the fundamental and challenging issues for running deep-learning applications on mobile devices by leveraging Neural Processing Units (NPUs). An NPU is a microprocessor that specializes in the acceleration of deep-learning algorithms; however, it incurs accuracy loss, and it is a challenge to address this problem. The goal of this research is to support deep learning on mobile devices with NPU by addressing the following issues: i) investigating model-partitioning techniques to decompose the deep-learning model into different layers running on heterogeneous processors to minimize processing time or maximize accuracy based on the application requirements; ii) designing energy- and thermal-aware techniques to address the performance limitations of the current mobile system; iii) exploring the collaborative intelligence between edge server and NPU-based mobile device to optimize performance by investigating how and where to run the computation.

This project presents a system mmSpy that shows the feasibility of eavesdropping phone calls remotely. Towards this end, mmSpy performs sensing of earpiece vibrations using an off-the-shelf radar device that operates in the mmWave spectrum (77 GHz, and 60 GHz). Given that mmWave radars are becoming popular in a number of autonomous driving, remote sensing, and other IoT applications, we believe this is a critical privacy concern. In contrast to prior works that show the feasibility of detecting loudspeaker vibrations with larger amplitudes, mmSpy exploits smaller wavelengths of mmWave radar signals to detect subtle vibrations in the earpiece devices used in phonecalls. Towards designing this attack, mmSpy solves a number of challenges related to non-availability of large scale radar datasets, systematic correction of various sources of noises, as well as domain adaptation problems in harvesting training data. Extensive measurement-based validation achieves an end- to-end accuracy of 83 − 44% in classifying digits and keywords over a range of 1-6 ft, thereby compromising the privacy in applications such as exchange of credit card information. In addition, mmSpy shows the feasibility of reconstruction of the audio signals from the radar data, using which more sensitive information can be potentially leaked.

Wireless collaborative mixed reality (WCMR) provides an interactive and immersive experience for a group of people that can move freely in an open space and will potentially revolutionize existing collaborative mission-critical training, such as firefighter drills and disaster response training. In order to provide the best immersive experience, WCMR differs drastically from traditional wireless applications in that they demand not only coordinated information to be transferred to collaborating agents in real-time but also fast computations in mobile mixed reality devices. Hence, WCMR requires fundamentally different designs than existing approaches that mainly focus on communication demands and predominantly assume that they are independently generated at different network agents. This project aims to develop joint communication, computation, and learning algorithms that explicitly exploit unique characteristics of WCMR and support emerging WCMR applications.

An overlay network is a layered network, where the overlay layer makes use of the underlay layer in order to deliver data to its destinations. Overlay networks arise in many application scenarios such as content distribution networks that are used to distribute content over the Internet (e.g., movies, music, etc.), and are often used to deploy new technology that is incompatible with legacy devices and protocols. A key challenge in such systems is that the overlay cannot observe the innerworkings of the underlay, making it difficult to use the underlay efficiently. This project develops mechanisms to learn the network topology and congestion of the underlay, and network algorithms for routing messages efficiently across overlay networks. Existing overlay systems mostly rely on simple models of the underlay network, and may fail to achieve good performance when the underlay nodes cannot be fully observed and controlled. This project aims at developing fundamental limits and practical algorithms for monitoring and controlling partially observable/controllable overlay-underlay networks. This is accomplished through two interdependent thrusts: Thrust 1 develops techniques that utilize measurements and side information observable to the overlay in order to infer the underlay network structure and state, and Thrust 2 develops algorithms that utilize the inferred information to control the operation of overlay nodes so as to optimize the performance for overlay services.

  Pieces: Pieces is a highly programmable language-agnostic automatic program compartmentalization framework. Pieces can be programmed to partition programs based on various criteria, including methods of isolation between compartments.

Multi-party computing (MPC) for machine learning (ML) allows offloading ML workloads (training and inference) to untrusted parties without sharing one’s secrets. However, existing MPC-based ML systems often introduce MPC-specific accuracy bugs that are hard to debug and significantly degrade the latency/throughput. This project takes a compiler-centric approach to tackle both problems. We build a multi-stage compiler for MPC-based ML and co-optimize performance and accuracy at different stages through MPC-specific compiler optimizations and approximations.

Cyber-Physical Systems (CPS) provide the foundation for our critical infrastructure systems, such as energy, transportation, and manufacturing, to name a few. Although CPS are already ubiquitous in our society, their security aspects were only recently incorporated into their design process, mainly in response to catastrophic incidents caused by cyber-attacks. One common class of attacks on CPS is called deception attacks, which involve an attacker hijacking the CPS sensors and actuators. We focus on (1) How can we model and analyze CPS under deception attacks? (2) Can we automatically find and address vulnerabilities of a given CPS to deception attacks? This project aims to provide a general control framework to help engineers detect and address deception attack vulnerabilities in CPS.

Securing a complex system/network is a non-trivial task and requires analyzing the design-specifications/standards because vulnerabilities in the design are likely to trickle down to implementations/deployments. One key observation is that a systematic analysis of a system’s specification, albeit the basic building block, is currently missing and not streamlined from the ground up. In this project, we design and implement frameworks for systematically investigating the design specifications of different systems/protocols in the context of security (e.g., secrecy and authenticity) and user privacy (observational equivalence, side-channel analysis). For this project, we develop new formal security analysis techniques based on model checking, cryptographic verifier and natural language processing.

While a variety of companies are streamlining their business processes by adopting machine learning technologies and leveraging commercial ML-as-a-service APIs, it is equally important to understand if these technologies are introducing attack vectors against the privacy of the data on which the models were trained. This is because, in many cases, the datasets used for training such models are proprietary and confidential. This project addresses and evaluates the vulnerabilities of model inversion attacks that turn the one-way journey from training data to model into a two-way one. This project also aims to develop defenses against such attacks by identifying and mitigating the root causes.

In this project, we focus on binary-level reverse engineering. Before we are able to perform analysis and transformation on a piece of binary, we must reverse engineer it to get its basic information, including its instructions, its control-flow graph, and basic dataflow information. Previous reverseengineering techniques are often ad hoc and do not have a formal basis. There is also no evaluation about what would be the best reverse-engineering algorithms in terms of precision and performance. We plan to construct a reverse-engineering tool that makes it easy for principled exploration of the design space of reverse-engineering algorithms.

Optimally configuring a wireless network to fit its specific deployment environment has long been a difficult task. On one hand, wireless technology advances have provided more flexibility to the operators, as more “knobs” are enabled in the operation and maintenance (OAM) interface so that the operators have deeper control of their networks. On the other hand, the increased flexibility has not translated to improved network optimization, as the complexity of cellular networks has grown significantly over the years thanks to new bands, radios, deployment, and use cases. Optimal configurations are generally impossible to determine by conventional methodologies, due to the large parameter space, coupling behaviors, and non-convexity of the problems.

In recent years, there is a growing interest in applying RL methods to adaptively configure the wireless network to match the deployment environment on the fly. Despite the promising early results and the philosophical match, majority of the existing approaches do not develop and tailor the RL methods to fit the unique characteristics of wireless networks. In particular, one prominent feature of wireless research is that past success has proved the value of physical-law based modeling. This cannot be easily captured by the current model-free (which has no modeling) or model-based (which is in the representation space) RL design. The goal of this project is to develop a novel domain knowledge enriched RL framework for wireless network optimization that seamlessly integrates a physical-law based wireless network modeling into the RL process. 

Advanced information and communications technologies (ICT) are increasingly permeating through our world. The technological advances are stimulating the rapid emergence of new-generation large-scale cyber-physical systems (CPS), including the smart grid, smart buildings, intelligent transportation systems, medical device networks and mobile robotic networks. CPS consists of a large number of geographically dispersed entities and thus distributed data sharing is necessary to achieve network-wide goals. However, distributed data sharing also raises the significant concern that the private or confidential information of legitimate entities could be leaked to unauthorized entities. Privacy has become an issue of high priority to address before certain CPS can be widely deployed. Existing techniques to protect the data privacy of ICT systems are not sufficient to ensure CPS privacy. This project aims to develop new control-theoretic schemes to assure the successful completion of control tasks for large-scale CPS and simultaneously preserve the privacy of legitimate entities. The outcomes of this project will provide engineering guidelines to build trustworthy CPS in adversarial operating environments.

Federated Learning (FL) is designed to protect the data privacy of each client during the training process by transmitting only models instead of the original data. However, the trained model may memorize certain information about the training data. With the recent legislation on the right to be forgotten, it is crucially essential for the FL model to possess the ability to forget what it has learned from each client. On the other hand, the privacy-preserving nature of FL opens doors for backdoor attacks by malicious clients who train local neural network models secretly with certain patterns in the training data that will later cause the global model to misclassify any data carrying such patterns. In our research, we aim at pruning the backdoored models or removing the injected backdoors from trained models, as well as designing privacy-preserving machine unlearning algorithms to support the right to be forgotten.