- Speaker: Ieva Daukantas
- Title: Towards AI Security: Formal Verification of Robust Mean Estimation.
- Abstract: Trimming datasets is used as a cleaning or processing technique in many AI systems. It serves the purpose of improving the robustness of AI algorithms, so that they become less vulnerable to data related attacks. Theory states that the outliers in a data set occur with low probability, and so it follows that they can be removed without causing loss of precision in the classification result. The talk is based on the published paper “Trimming Data Sets: a Verified Algorithm for Robust Mean Estimation” (Ieva Daukantas, Alessandro Bruni, Carsten Schürmann), where we introduce a mechanized proof of robustness of the trimmed mean algorithm. This algorithm has high applicability as a statistical technique and can be used in many complex applications of deep learning. We combine theoretical and practical approaches: the Coq proof assistant is used to formalize the robustness of the trimmed mean algorithm and Python Naïve Bayes experiments to illustrate the applicability in AI systems.

- Speaker: Patrick Baillot
- Title: Type-based complexity analysis for a parallel process calculus
- Abstract: Some type systems have been designed to analyse statically the time coplexity of functional languages. A natural question is whether this approach can be extended to parallel languages. We address this problem for the Pi-calculus, a paradigmatic calculus for parallel and concurrent computation. In Pi-calculus, processes communicate through channels that can carry values and channel names. We will define notions of sequential and parallel complexity for Pi-calculus, and present a type system that provides an upper bound on the time complexity of processes. Based on joint work with Alexis Ghyselen (ESOP 2021)

- Speaker: Christian Esposito
- Title: Blockchain-based Authentication and Trust management for the IoT-based Smart cities
- Abstract: The platforms supporting the smart city applications are rarely implemented from scratch by a municipality and/or totally owned by a single company but are more typically realized by integrating some existing ICT infrastructures thanks to a supporting platform, such as the well-known FIWARE platform. Such a multi-tenant deployment model is required to lower the initial investment costs to implement large-scale solutions for smart cities, but also imposes some key security obstacles. In fact, smart cities support critical applications demanding to protect the data and functionalities from malicious and unauthorized uses. Equipping the supporting platforms with proper means for access control is demanding, but these means are typically implemented according to a centralized approach, where a single server stores and makes available a set of identity attributes and authorization policies. Having a single root of trust is not suitable in a distributed and cooperating scenario of large-scale smart cities due to their multi-tenant deployment. In fact, each integrated system has its own set of security policies, and the other systems need to be aware of these policies, in order to allow seamless use of the same credentials across the overall infrastructure (realizing what is known as the single-sign-on). This imposes the problem of consistent and secure data replicas within a distributed system, which can be properly approached by using blockchain technology. Therefore, this seminar describes a novel solution for distributed management of identity and authorization policies by leveraging blockchain technology to hold a global view of the security policies within the system and integrating it into the FIWARE platform. In addition, IoT-based systems require trust management to implement effective authentication and authorization of nodes, as it is not possible to establish trusted connections, and/or the IoT nodes can be easily compromised. To cope with this issue, dynamic access control is required, where authorizations are granted considering security policies and node trustworthiness. However, decentralized trust management is a preferable solution, but it implies a considerable consumption of energy. Consumption is further exacerbated by the means needed to protect from attacks by the trust management entities themselves. This seminar also proposes suitable trust management for the IoT by exploiting the eventual consistency and security guarantees of blockchain.